An hourly XML feed of every IP address that is part of over 3,000 botnets we are tracking (controllers and infected clients) plus five further categories of malicious activity
An hourly XML feed of every IP address that is part of over 3,000 botnets we are tracking (controllers and infected clients) plus five further categories of malicious activity. Along with every Command and Control IP address (C2) for IRC-based, HTTP-based, and P2P-based botnets, there is also a full list of IP addresses known to have communicated with the C2 in the last 60 minutes.
Other categories of potentially compromised devices like routers, darknet visitors, and abused proxies are also provided, forming the most comprehensive feed we have ever provided. The Reputation Feed contains botnet controller and infection data from the Botnet Analysis and Reporting System (BARS), a unique system that enables visibility into botnets that normally evade monitoring.
And finally, we also operate a number of sinkhole efforts that contribute additional bot families like Conficker to the feed.
Entries included that indicate the type of malicious behavior observed:
As part of the XML schema for this report, each controller and bot has been assigned a “confidence” value, which is a range of 0-100, with 100 being the highest confidence rating. The data in this feed is derived from one or more methods.
The confidence value entry depends on the method of collection and analysis. The intention is that partners determine what issues are most important to them and adapt their policy accordingly. At Team Cymru, we understand that no one can make that determination for you better than you. To facilitate that decision making capability we prefer to give you a confidence value to assist you. You may decide that some threats are important, and others are not. This score will help you along the way.