Please update your browser.

Our site no longer supports this browser. Using another one will help provide a better experience.



We are defenders of a clean internet, proactively taking down ~63 C2s per month.

We see more, 

so we can stop more.

Black Lotus Labs’ mission is to leverage our network visibility to both help protect your business and keep the internet clean. Follow us on Twitter @BlackLotusLabs.


  • ~190B NetFlow sessions monitored daily
  •  680+ new C2s discovered per month
  • ~28,000 C2s monitored daily



Newly Discovered Watering Hole Attack Targets Ukrainian, Canadian Organisations

Black Lotus Labs’ analysis has uncovered a cluster of compromised websites previously used in a series of watering hole attacks.

The Reemergence Of Ransom-Based Distributed Denial Of Service (RDDoS) Attacks

Since the second half of 2020, Lumen Black Lotus Labs® has observed an unsettling number of entities receiving emails containing a threat of sustained DDoS attack unless a Bitcoin ransom was paid.

A Look Inside the TrickBot Botnet

Bolstered by contributions from Black Lotus Labs and others, Microsoft and FS-ISAC recently took court action to disrupt a particularly insidious botnet called TrickBot – a significant source of ransomware and banking credential theft.

Alina Point of Sale Malware Still Lurking in DNS

Black Lotus Labs monitors global DNS traffic for anomalous behaviour that may be malicious.

New Mozi Malware Family Quietly Amasses IoT Bots

The explosion of IoT devices has long served as a breeding ground for malware distribution.

Black Lotus Labs Blog Archive

Read our full archive of blogs to learn more about the threat landscape. 

Powered by GlobalLink OneLink SoftwarePowered By OneLink