Botnet Hosts
Active C2 infrastructure from Abuse.ch FeodoTracker, past 24 hrs
Attribution. Botnet C2 data from Abuse.ch FeodoTracker (CC0). FeodoTracker specifically tracks command-and-control servers used by major banking-trojan and ransomware-loader botnets (Emotet, Dridex, TrickBot, Qakbot, IcedID, BazarLoader, etc.). IP→province geolocation by ip-api.com.
World map of active botnet C2s
Malware family breakdown
Online vs offline
FeodoTracker labels each tracked C2 as online (currently reachable) or offline (recently seen but not currently responding).