Derp.ca

Malware Tracker

Tracking active malware infrastructure: C2 servers that malware phones home to, and distribution hosts that deliver payloads. Updated daily from sandbox analysis and community threat intel.

206
Families Tracked (7d)
2,617
Active C2 Hosts (7d)
1,070
Active Distribution Hosts (7d)

C2 Infrastructure Type (7d)

Hosting 89% (2,339)
ISP 10% (249)
Business 1% (17)
Unknown 0% (10)
Education 0% (2)

Distribution Infrastructure Type (7d)

ISP 80% (860)
Hosting 19% (208)
Business 0% (2)

C2 Hosting Countries (7d)

Country Hosts
  1. 1 🇺🇸 US 1,764
  2. 2 🇨🇳 CN 115
  3. 3 🇩🇪 DE 96
  4. 4 🇬🇧 GB 75
  5. 5 🇭🇰 HK 64
  6. 6 🇫🇷 FR 44
  7. 7 🇸🇨 SC 42
  8. 8 🇸🇬 SG 30
  9. 9 🇷🇺 RU 27
  10. 10 🇨🇦 CA 26
  11. 11 Other 334

C2 Hosting Providers (7d)

Provider Hosts
  1. 1 Cloudflare, Inc. 1,040
  2. 2 GNET INC. 182
  3. 3 DigitalOcean, LLC 55
  4. 4 Hangzhou Alibaba Advertising Co.,Ltd. 41
  5. 5 Omegatech LTD 40
  6. 6 Amazon.com, Inc. 37
  7. 7 Shenzhen Tencent Computer Systems Company Limited 35
  8. 8 The Constant Company, LLC 35
  9. 9 HostPapa 34
  10. 10 Hetzner Online GmbH 30
  11. 11 Other providers 1,088

Distribution Countries (7d)

Country Hosts
  1. 1 🇨🇳 CN 739
  2. 2 🇺🇸 US 118
  3. 3 🇵🇰 PK 40
  4. 4 🇩🇪 DE 19
  5. 5 🇬🇧 GB 19
  6. 6 🇮🇳 IN 18
  7. 7 🇭🇰 HK 14
  8. 8 🇷🇺 RU 13
  9. 9 🇮🇩 ID 8
  10. 10 🇰🇳 KN 8
  11. 11 Other 74

Distribution Providers (7d)

Provider Hosts
  1. 1 CHINA UNICOM China169 Backbone 667
  2. 2 Cloudflare, Inc. 55
  3. 3 CHINANET BACKBONE 37
  4. 4 China Unicom IP network China169 Guangdong province 30
  5. 5 National WiMAX/IMS environment 20
  6. 6 National Internet Backbone 12
  7. 7 Cyber Internet Services (Pvt) Ltd. 11
  8. 8 Ghosty Networks LLC 8
  9. 9 Pfcloud UG 8
  10. 10 SKN Subnet & Telecom Ltd 8
  11. 11 Other providers 214

Top Malware by Unique C2 (7d)

Family Trend Hosts
  1. 1 ClearFake stable 516
  2. 2 AsyncRAT trending down 366
  3. 3 VShell trending down 289
  4. 4 Cobalt Strike trending down 240
  5. 5 xmrig trending down 188
  6. 6 Latrodectus trending down 186
  7. 7 Ghost RAT trending up 164
  8. 8 Meterpreter trending up 158
  9. 9 PurpleFox trending up 156
  10. 10 StealC trending down 154

Top Malware by Unique C2 (24h)

Family Trend Hosts
  1. 1 ClearFake stable 82
  2. 2 AsyncRAT trending down 53
  3. 3 Vidar trending up 34
  4. 4 Remcos stable 27
  5. 5 Nanocore RAT trending down 15
  6. 6 Cobalt Strike trending down 10
  7. 7 VShell trending down 9
  8. 8 Meshagent trending up 6
  9. 9 Quasar RAT trending down 5
  10. 10 XWorm trending down 5

All Tracked Malware (7d)

1–25 of 206 families
ClearFake 516 C2 · Jun 9, 2026 AsyncRAT 366 C2 · Jun 9, 2026 VShell 289 C2 · Jun 9, 2026 Cobalt Strike 240 C2 · Jun 9, 2026 xmrig 188 C2 · Jun 8, 2026 Latrodectus 186 C2 · Jun 8, 2026 Ghost RAT 164 C2 · Jun 7, 2026 Meterpreter 158 C2 · Jun 7, 2026 PurpleFox 156 C2 · Jun 7, 2026 StealC 154 C2 · Jun 9, 2026 MimiKatz 151 C2 · Jun 5, 2026 BitRAT 145 C2 · Jun 7, 2026 Gafgyt 145 C2 · Jun 5, 2026 Pony 145 C2 · Jun 6, 2026 NetWire RC 144 C2 · Jun 8, 2026 SystemBC 143 C2 · Jun 5, 2026 BlackMatter 142 C2 · Jun 5, 2026 BPFDoor 142 C2 · Jun 5, 2026 brute_ratel 142 C2 · Jun 5, 2026 DarkComet 142 C2 · Jun 5, 2026 Dharma 142 C2 · Jun 5, 2026 Egregor 142 C2 · Jun 5, 2026 Gozi 142 C2 · Jun 5, 2026 Kpot 142 C2 · Jun 5, 2026 Meduza Stealer 142 C2 · Jun 5, 2026

Recent Research

· 13 min read

AI-Powered Cheats & Stolen Secrets: Teardown of the Yuta/Solara Roblox Stealer
· 10 min read

PoisonX WindowsTelemetry: BYOVD-Assisted RAT With a Plugin Loader
· 11 min read

CrystalX: unpacking a Go RAT through three encrypted layers
All research