top of page

Anomali Controller Feed




The Most Comprehensive C2 Feed Available…


​The Controller Feed contains all of our botnet controller data from the Botnet Analysis and Reporting System (BARS), a unique system that enables visibility into botnets that normally evade monitoring, plus other sources for our most comprehensive view of Command and Control (C2) for IRC-based, HTTP-based, and P2P-based botnets. This feed provides the full URL, malware hash, and DNS resource record of the controllers enabling you to cross reference, monitor, or block connections.


Feed Details…


  • Near-real-time identification of botnet command and control (C&C) IP addresses (IRC, http, and P2P) built for DDoS, warez, and underground economy to include bot types, passwords, channels, and our insight.

  • Contains all confirmed, active botnet, warez, underground economy and other malware distribution command points.

  • Use this data to automatically block access to C&C IP addresses.

  • The report is updated every 60 minutes.


Controller Feed Entries Include


  • Multiple IP addresses for a single botnet

  • Domain name and HTTP URL

  • First seen time

  • Last checked time

  • Recent up and down times

  • Family, sub-family and version details

  • Protocol and port

  • Whether currently resolves or active in DNS

  • Confidence value

  • SHA1 and MD5 for malware samples

  • SSL and request type for HTTP C2s

  • Password, channel and key for IRC servers



bottom of page