C2 Infrastructure Tracker

Aggregated live C2 server infrastructure deduped across six independent feeds: C2IntelFeeds (drb-ra), ThreatFox (abuse.ch), CriticalPathSecurity Public-Intelligence-Feeds, CriminalIP C2-Daily-Feed, and TweetFeed (#C2-tagged tweets). Each framework family is fairly sampled so filters like asyncrat or havoc show real entries even when cobaltstrike dominates the total. Cross-check individual IPs via the IOC Checker.