Command and Control Report

These reports focus on the IRC C&Cs, but they may also include information on HTTP, P2P, and hybrid servers in use, as well as on leaf nodes.

Command and Control servers are the criminal’s point of control for their botnets. While our reports focus on the IRC C&Cs, there are also HTTP, P2P, and hybrid servers in use. Many times, a C&C will have leaf nodes to extend its reliability; these will all be listed for each C&C, and you may have more information per single botnet.

Fields

  • IP Address
    The IP address(es) of the Command and Control
  • Port
    The port being to service IRC
  • Channel
    The channel this botnet is residing on
  • Country
    The country or countries the C&C resides in (same order as the IP addresses if several are listed)
  • Region
    This usually is represented by the city that the C&C resides within
  • State
    The state or province that the C&C resides within — this usually only has data for the US
  • Domain
    The domain name being used for the IP
  • ASN
    Which ASN the C&C resides within
  • AS Name
    Name of the ASN
  • As Description
    Description of the ASN

Sample

"IP Address","Port","Channel","Country","Region","State","Domain","ASN","AS Name","AS Description"
"81.211.7.122 69.18.206.194",3267,"#B#t[r2]N#t","RU US","MOSCOW | COMMACK","MOSKVA | NEW YORK","GLDN.NET INVISION.COM","3216 12251","SOVAM INVISION","AS Golden Telecom, Moscow, Russia | Invision.com, Inc."
"81.211.7.122 69.18.206.194",3267,"#B#tN#t[r3]","RU US","MOSCOW | COMMACK","MOSKVA | NEW YORK","GLDN.NET INVISION.COM","3216 12251","SOVAM INVISION","AS Golden Telecom, Moscow, Russia | Invision.com, Inc."
"81.211.7.122 69.18.206.194",3267,"#B�t[r2]N�t","RU US","MOSCOW | COMMACK","MOSKVA | NEW YORK","GLDN.NET INVISION.COM","3216 12251","SOVAM INVISION","AS Golden Telecom, Moscow, Russia | Invision.com, Inc."
"81.211.7.122 69.18.206.194",3267,"#B.tN.t[r3]","RU US","MOSCOW | COMMACK","MOSKVA | NEW YORK","GLDN.NET INVISION.COM","3216 12251","SOVAM INVISION","AS Golden Telecom, Moscow, Russia | Invision.com, Inc."
"213.234.193.74 85.21.82.55",6667,"#secured","RU RU","MOSCOW | MOSCOW","MOSKVA | MOSKVA","NET.RU -","39442 8402","UNICO CORBINA","AS JSC UNICO | AS Corbina Telecom"

Our 73 Report Types