Group 59

Botnet Threat Update

Spamhaus tracks both Internet Protocol (IP) addresses and domain names used by threat actors for hosting botnet command & control (C&C) servers.

This data enables us to identify associated elements, which this report provides insight into, including the geolocation of the botnet C&Cs, the malware associated with them, the top-level domains used when registering a domain for a botnet C&C, and the sponsoring registrars and the network hosting the botnet C&C infrastructure.

Q3 2022

Published 13 October 2022

It was a busy quarter for Q3! No rest up over the vacation period with a 38% increase in botnet C&Cs detected by the research team - so there's a lot for you to catch up on. This quarter, we saw a vast amount of botnet C&Cs out of China - download the report to find all the updates.

Frame 23

Published 19 July 2022

From the number of newly registered domains, to the domain abuse our researchers are observing, this update highlights trends, provides insights into the poor reputation of domains, and champions providers where positive improvements are seen.


Published 20 April 2022

It might've been a modest increase in new botnet C&Cs this quarter, but the offering of freebie services are attracting a load of badness and the LatAm region continues to struggle with abuse. Get all the latest insights in this quarter's report.


Published 20 January 2022

Q4 update on the botnet command and controllers our researchers are observing, including geolocation and who is hosting them.


Published 14 October 2021

Q3 has seen a massive 82% rise in the number of new botnet command and controllers (C&Cs) identified by our research team. They have observed an explosion in the use of backdoor malware with nefarious operators hiding behind FastFlux.


Published 13 July 2021

Researchers may have observed a 12%reduction in botnet command and controllers (C&Cs), however, more than one industry-leading provider is struggling to keep on top of botnet activity.