Mirai-scanner data feed has stopped since 2017-06-29. We do that because more and more code campain use the same syn scan trick mirai adopted, and the noise in this data feed keeps going stronger day by day. This page will remain as it is, and all previous data is always available for api users to trace back.
This page displays daily Mirai statistics, which includes daily new, daily active, and total counts of all devices that infected with Mirai (how we confirm if an IP is infected?).
We also provide a activated mirai C2 data feed here.
Visitor can also download a sample of the infected bot IPs (active bot IPs between 08/01 and 08/08), and full list of IPs can be accessed by sending an email to email@example.com.
End of mirai-scanner data feed update
Support for port 32 and 19058 mirai variants added
Support for port 22 and 2222 mirai variants added
Two million mirai bot ip recored
Support for port 6789 mirai variants added
Support for port 23231 and 37777 mirai variants added
Support for port 7547 and 5555 mirai variants added
One million mirai bot ip recorded
With the help of the security community, we get a little part of the dyn/twitter attacking pcap. All previous conclusions confirmed.
A mirai c2 analysis posted on blog.netlab.360.com
An event report and mirai review posted on blog.netlab.360.com
Dyn/twitter attacked by mirai, public media focus attracted
Mirai activity traced back to 2016.08.01
A quick stat of Mirai botnet posted on blog.netlab.360.com
Mirais's souce code leaked
krebsonsecurity.com sieged by massive DDoS attack
Port 2323 massive scanner noticed by firstname.lastname@example.org
Honeypot hit by unknown scanner