Being dangerous threats and attacks in this cyber era, botnets require proper handling. Nevertheless, some bot detection models that have been proposed are centralized and can only detect at one point of attack, even though there are two known types of botnet activity: single and bot group. In fact, attacks from grouped bots can have a series of attacks with the same pattern at several different attack targets. So, it requires a distributed detection model that can detect bot attacks on some detection sensors and assemble them in the form of correlation analysis. This paper proposes a prototype distributed botnet detection model that can synchronize detection in each detection sensor and analyze a series of bot attack activities. It aims to obtain information on the series of attacks that occur at several attack points and state as a correlated botnet attack scenario. With the existence of a distributed botnet activity detection prototype, it will be able to facilitate the analysis and anticipation process from the system and network security administrators.