Products
Threat Intelligence Solution
Pure Signal ReconPure Signal Scout
Threat Feeds
Use Cases
Supply Chain and Risk ThreatsRansomwareNation-State Threat ActorsPhishingFinancial Sector
Community Services
Request Service
Bogon SignupDDOS Mitigation UTRS SignupNimbus SignupMHR - API SignupCSIRT Assistance Program Signup
Service Overview
Bogon NetworksDDOS Mitigation UTRSNimbus Threat MonitorMHR - API CSIRT Assistance Program
Network ServicesNews Bytes SubscriptionRISE & UE
Customers
Resources
BlogPodcastEvents & WebinarsResources LibraryIntelligence Terms
Partners
Resellers, MSPs & SIs
Technology Alliance Partners
GoogleMicrosoftPalo AltoSplunkTinesThreatQuotientCyware
API IntegrationBecome a Partner
Company
About UsNewsPress ReleasesCareersContact Us
Talk To an expert
Heading 6

The Most Comprehensive C2 Feed Available

The Most Comprehensive C2 Feed Available…

​The Controller Feed contains all of our botnet controller data from the Botnet Analysis and Reporting System (BARS), a unique system that enables visibility into botnets that normally evade monitoring, plus other sources for our most comprehensive view of Command and Control (C2) for IRC-based, HTTP-based, and P2P-based botnets. This feed provides the full URL, malware hash, and DNS resource record of the controllers enabling you to cross reference, monitor, or block connections.

Feed Details…

  • Near-real-time identification of botnet command and control (C&C) IP addresses (IRC, http, and P2P) built for DDoS, warez, and underground economy to include bot types, passwords, channels, and our insight.
  • Contains all confirmed, active botnet, warez, underground economy and other malware distribution command points.
  • Use this data to automatically block access to C&C IP addresses.
  • The report is updated every 60 minutes.

Controller Feed Entries Include

  • Multiple IP addresses for a single botnet
  • Domain name and HTTP URL
  • First seen time
  • Last checked time
  • Recent up and down times
  • Family, sub-family and version details
  • Protocol and port
  • Whether currently resolves or active in DNS
  • Confidence value
  • SHA1 and MD5 for malware samples
  • SSL and request type for HTTP C2s
  • Password, channel and key for IRC servers

‍

Products
Pure Signal™ ReconPure Signal™ ScoutIP Reputation FeedController FeedBotnet Analysis & Reporting
Community Services
Nimbus Threat MonitorUTRSBOGON ReferenceCSIRT Assistance Program
Contact us
tel: +1 847-378-3300
Follow Us
Support
0900-1700 ET1400-2200 UTCsupport@cymru.comPGP KeyEmergencies: +1 847-378-3301
© 2025 Team Cymru. All Rights Reserved.
GDPRPrivacy PolicyModern Slavery Act