Active Botnet C2 IPs — Last 24 Hours
Botnet command and control (C2) servers coordinate networks of compromised devices to carry out distributed attacks, steal data, or send spam. The IP addresses below have been identified as active botnet C2 infrastructure in the past 24 hours. Blocking these IPs at the network level can prevent infected devices on your network from communicating with their controllers, effectively neutralizing the botnet's ability to issue commands.
No botnet C2 activity detected in the last 24 hours from our threat intelligence feeds.
Understanding Botnet C2 Infrastructure
Botnet command and control servers are the central coordination points for botnets. When a device is infected with botnet malware, it connects to a C2 server to receive instructions. By blocking C2 IP addresses, you can disrupt the attacker's ability to control compromised machines on your network.
Common indicators of botnet C2 traffic include unusual outbound connections to unfamiliar IP addresses, periodic beacon traffic, and encrypted communications on non-standard ports. For a deeper understanding, see our Botnet C2 Explainer.