Access to insight on over 3,000 active botnet command and control IPs using a single XML feed that contains all of our known botnet controllers, across all known protocols (HTTP, IRC, P2P, etc.)
The Controller Feed contains all of our botnet controller data from the Botnet Analysis and Reporting System (BARS), a unique system that enables visibility into botnets that normally evade monitoring, plus other sources for our most comprehensive view of Command and Control (C2) for IRC-based, HTTP-based, and P2P-based botnets. This feed provides the full URL, malware hash, and DNS resource record of the controllers enabling you to cross reference, monitor, or block connections.
The full Controller Feed XML Schema is available and documented with entries varying based on the type of botnet and the insight we have been able to obtain. All times are UTC.
Our data allows for near real-time identification of botnet command and control (C&C) IP addresses (IRC, http, and P2P) built for DDoS, warez, and underground economy to include bot types, passwords, channels, and our insight.
Contains all confirmed, active botnet, warez, underground economy and other malware distribution command points.
Recipients of this report can use data to automatically filter access to C&C IP addresses, thus preventing client hosts contributing to the purpose of the malware.
The report is updated every 60 minutes with manual reverification of each entry after seven days, and removal of those entries that no longer respond on given IP and port.