Salesforce released a tool called JARM that allows you to fingerprint C2 servers:
python jarm.py salesforce.com
