Although we have ways to differentiate between regular and bot visits, this can only be done during data export, therefore graph data became less accurate as the sinkhole domain was posted around the internet. Data sent out for purpose of victim notification has already been filtered to ensure best accuracy possible, whereas graph data is unfiltered. As a result the graph data will show a slightly higher count than actual until the graph can be regenerated (this was supposed to be done immediately, but we have been busy dealing with attacks against our sinkhole infrastructure).
Until data can be exported, processed, then re imported; below is an accurate count of total non-browser connections to our sinkhole (these are almost all infections which have been stopped by our ‘kill-switch’ domain).
[Last Updated 2017-05-19 09:00 UTC]