Skip to main content
Each day malware infections and service vulnerabilities are reported to AISI members. Related AISI statistics are provided below.

Data is based on Coordinated Universal Time (UTC).

To compare between types, simply ‘de-select’ one or all types that you do not wish to see. The dataset can also be downloaded as a .csv file - (open services).

The related datasets can also be downloaded as a .csv file - (Spam) or (Hosted).

How to interpret the AISI data

There are a number of caveats to note when interpreting this data:

  • Often there are multiple observations for an individual IP address, including multiple observations under different categories. This data has been largely removed from the charts.
  • If there are observations relating to multiple categories on a given day for an IP address, that IP address will be represented once in each category i.e. if an IP address has been observed as an 'other' cyber security observation as well as malware, this address will be reported in both report categories.
  • Services utilising a ‘dynamic’ IP address, such as a home router, may be represented more than once in the data over a 24-hour period if that address has changed during that period.

A note about data variability

Caution should be applied when interpreting the charts, as they contain constantly changing variables. In particular, the absence of data for a given day or week does not necessarily indicate a compromise or cyber threat has diminished, as other factors may have led to data becoming unavailable.

Other cyber security threats


This relates to content or services hosted at the reported IP address that represent a threat to other internet users, such as web browser exploit kits, phishing web forms, botnet command-and-control (CC or C2) systems, open proxy services, etc. The threat is symptomatic of prior malicious activity, for example, a website that has been hacked to host phishing content.


Normally IP addresses are reported under this type as they have connected to a spamtrap and submitted mail to it, with the spamtrap configured so that only botnet generated spam is captured. Occasionally this type indicates symptomatic observations, such as a mailserver misconfiguration characteristic of spam relays.


The appropriate action to mitigate the threat will depend on the type of threat. For further information on how to protect yourself online, browse

We welcome any feedback on these charts, contact us at