Please update your browser.

Our site no longer supports this browser. Using another one will help provide a better experience.



We’re defenders of a clean internet, proactively taking down ~63 C2s per month.

Read the 2019 Threat Report

Black Lotus Labs reveals the current state of the threat landscape to help you defend your network.

We see more, 

so we can stop more.

Black Lotus Labs’ mission is to leverage our network visibility to both help protect your business and keep the internet clean. Follow us on Twitter @BlackLotusLabs.


  • ~190B NetFlow sessions monitored daily
  •  680+ new C2s discovered per month
  • ~28,000 C2s monitored daily



A Look Inside the TickBot Botnet

Bolstered by contributions from Black Lotus Labs and others, Microsoft and FS-ISAC recently took court action to disrupt a particularly insidious botnet called TrickBot – a significant source of ransomware and banking credential theft.

Alina Point of Sale Malware Still Lurking in DNS

Black Lotus Labs monitors global DNS traffic for anomalous behavior that may be malicious.

New Mozi Malware Family Quietly Amasses IoT Bots

The explosion of IoT devices has long served as a breeding ground for malware distribution.

Ismdoor Malware Continues to Make Use of DNS Tunneling

Despite the ubiquity of DNS, many security teams today do not prioritize it as a focus for monitoring.

Emotet Illuminated: Mapping a Tiered Botnet Using Global Network Forensics

Emotet is a pervasive and continually evolving threat, morphing from a prominent banking trojan to a modular spam and malware-as-a-service botnet.

Black Lotus Labs Blog Archive

Read our full archive of blogs to learn more about the threat landscape.