Virus Tracker is a global botnet monitoring system. It is based on "sinkholes" - sensors that listen on the Internet for virus infections 24 hours a day, 7 days a week. Today, it has more than 2 billion infection records since 2012. For any questions please send us an email to: virustracker@lookingglasscyber.com!

Use Cases

The data we provide has the following use cases:
  1. Detect virus infections in your network communicating with our sinkholes.
  2. Make a historical check to see how many viruses you had in your network dating back to 2012.
  3. Generate threat intelligence:
    1. How big are certain botnets?
    2. Where (region/countries) are they active?
  4. Use our dataset to generate scores associated with active malware.
  5. Detect infections at your partners, clients, or 3rd party supply chain; make a quick check if IPs connecting to your network are known to be infected.

Who is using our data?

  • Security companies
  • Governments
  • IT administrators
  • Datacenters
  • Telecommunication providers, ISPs

Professional Access?

We provide an API to access our database containing all infection records. You can download the raw data in different formats and integrate it into your solutions. We also have a real-time alerting system that alerts you via SMS and email in case a new infection occurs on a monitored IP range. Customers also receive access to our custom analytics software "KAMS". Access to Virus Tracker is based on a monthly subscription that depends on the monitored access range (whether just IP ranges, a country or global monitoring). Please contact us to receive your free full-featured trial access!

What makes Virus Tracker different to regular antivirus programs?
You don't need to install anything! We detect the virus infections on our servers. We are the "last resort" of virus infections - if your antivirus program, firewall or proxy fails to detect and block the infection, then it might be caught by our sensor network. While we do not provide 100% protection, we provide an additional layer of security. Our data shows that everyone from private individuals to governments still have active infections.

How accurate is the data and what makes it better than other sinkhole data providers?
We are the first ones to do it on a large for-profit level scale. The data is highly accurate as we analyze trojans and apply false-positive detection algorithms on any incoming infection to ensure the highest data quality and accuracy.


The project started in 2012 originally to monitor banking trojans, however we quickly added many more to our monitoring system - including APTs such as Stuxnet, Flame and Red October. Today, our database has more than 1.5 billion infection records dating back to 2012 and is being used by multiple governments and security organizations to identify infections, report them to the affected users and help in making the Internet a safer place.