Mirai-scanner data feed has stopped since 2017-06-29. We do that because more and more code campain use the same syn scan trick mirai adopted, and the noise in this data feed keeps going stronger day by day. This page will remain as it is, and all previous data is always available for api users to trace back.
This page displays daily Mirai statistics, which includes daily new, daily active, and total counts of all devices that infected with Mirai (how we confirm if an IP is infected?).
We also provide a activated mirai C2 data feed here.
Visitor can also download a sample of the infected bot IPs (active bot IPs between 08/01 and 08/08), and full list of IPs can be accessed by sending an email to netlab@360.cn.
| 2017-06-29 : |
End of mirai-scanner data feed update |
|
| 2017-02-08 : |
Support for port 32 and 19058 mirai variants added |
|
| 2017-02-07 : |
Support for port 22 and 2222 mirai variants added Two million mirai bot ip recored |
|
| 2016-12-19 : |
Support for port 6789 mirai variants added |
|
| 2016-12-12 : |
Support for port 23231 and 37777 mirai variants added |
|
| 2016-11-29 : |
Support for port 7547 and 5555 mirai variants added |
|
| 2016-11-09 : |
One million mirai bot ip recorded |
|
| 2016-10-27 : |
With the help of the security community, we get a little part of the dyn/twitter attacking pcap. All previous conclusions confirmed. A mirai c2 analysis posted on blog.netlab.360.com |
|
| 2016-10-23 : |
An event report and mirai review posted on blog.netlab.360.com |
|
| 2016-10-21 : |
Dyn/twitter attacked by mirai, public media focus attracted |
|
| 2016-10-15 : |
Mirai activity traced back to 2016.08.01 A quick stat of Mirai botnet posted on blog.netlab.360.com |
|
| 2016-09-30 : |
Mirais's souce code leaked |
|
| 2016-09-23 : |
krebsonsecurity.com sieged by massive DDoS attack |
|
| 2016-09-06 : |
Port 2323 massive scanner noticed by netlab@360.cn |
|
| 2016-08-01 : |
Honeypot hit by unknown scanner |
|
| ... |