irc.tskiller.com (Athena irc botnet hosted by scopehosts.com)

Resolved irc.tskiller.com to 91.109.17.227

Server:  irc.tskiller.com
Port:  6667
There are 1 users and 207 invisible on 1 servers

Channels:
 #kurdish         5       
 #ddos            13       asf123
 #deus            8       
 #eser            4       
 #DyntaiLegion    12      
 #kebab           6       
 #stud            6       
 #Kavin           3       [+sntVCT]
 #opers           1       
 #deneme          12      
 #hack0si         7       
 #LoL             2       
 #USA             1       
 #TizenX          2       
 #unwrittenlaw    4       
 #winyle          5       
 #nirjhar         54    

Oper:
[asf123] (asf123@i.hate.microsefrs.com): …
[asf123] #ddos @#opers
[asf123] irc.foonet.com :FooNet Server
[asf123] is an IRC Operator
[asf123] is available for help.
[asf123] idle 04:00:13, signon: Mon Aug 26 06:26:11
[asf123] End of WHOIS list.

This server has a ton of channels, each with a few bots. I assume it must be a shared server or something.

Hosting infos: http://whois.domaintools.com/91.109.17.227

Related md5s (Search on malwr.com to download samples)
Athena: fb8ef87b42412200234be27dee493190

Edit: hxxp://tskiller.com/file/unrealircd.conf

loadmodule "src/modules/commands.so";
loadmodule "src/modules/cloak.so";

include "aliases/anope.conf"; 
include "help.conf";
include "badwords.channel.conf";
include "badwords.message.conf";
include "badwords.quit.conf";
include "spamfilter.conf";

me
{
    name "ircd.tskiller.com";
    info "Earn Cash";
    numeric 1;
};


admin {
    "earn";
};


class           clients
{
    pingfreq 90;
    maxclients 500;
    sendq 100000;
    recvq 8000;
};

class           servers
{
    pingfreq 90;
    maxclients 10;        
    sendq 1000000;
    connfreq 100; 
};

allow {
    ip             *@*;
    hostname       *@*;
    class           clients;
    maxperip 5000;
};




oper cash {
    class        clients;
    from {
        userhost *@*;
    };
    password "983200";
        flags
        {
                netadmin;
                can_rehash;
                can_localkill;
                can_globalkill;
                local;
                can_globalroute;
                can_localroute;
                can_zline;
                can_gzline;
                can_gkline;
                global;
                can_kline;
                can_unkline;
                can_localnotice;
                can_globalnotice;
                get_umodew;
                can_override;
                can_addline;
                get_umodew;
                get_host;
                can_dccdeny;
        };
};

listen         66.23.230.132:6660-6669;


ulines {
    ircd.tskiller.com;
};


drpass {
    restart "983200";
    die "983200";
};


log "ircd.log" {
    maxsize 2097152;
    flags {
        oper;
        kline;
        connects;
        server-connects;
        kills;
        errors;
        sadmin-commands;
        chg-commands;
        oper-override;
        spamfilter;
    };
};

alias NickServ { type services; };
alias ChanServ { type services; };
alias OperServ { type services; };
alias HelpServ { type services; };
alias StatServ { type stats; };


alias "identify" {
    format "^#" {
        target "chanserv";
        type services;
        parameters "IDENTIFY %1-";
    };
    format "^[^#]" {
        target "nickserv";
        type services;
        parameters "IDENTIFY %1-";
    };
    type command;
};



alias "services" {
    format "^#" {
        target "chanserv";
        type services;
        parameters "%1-";
    };
    format "^[^#]" {
        target "nickserv";
        type services;
        parameters "%1-";
    };
    type command;
};

alias "identify" {
    format "^#" {
        target "chanserv";
        type services;
        parameters "IDENTIFY %1-";
    };
    format "^[^#]" {
        target "nickserv";
        type services;
        parameters "IDENTIFY %1-";
    };
    type command;
};


alias "glinebot" {    
    format ".+" {    
        command "gline";    
        type real;    
        parameters "%1 2d Bots are not allowed on this server, please read the faq at http://www.example.com/faq/123";    
    };    
    type command;    
};

tld {
    mask *@*;
    motd "ircd.motd";
    rules "ircd.motd";
};

 
ban nick {
    mask "*C*h*a*n*S*e*r*v*";
    reason "Reserved for Services";
};


ban realname {
    mask "Swat Team";
    reason "mIRKFORCE";
};

ban realname {
    mask "sub7server";
    reason "sub7";
};



deny dcc {
    filename "*sub7*";
    reason "Possible Sub7 Virus";
};


set {
    network-name         "ircd.tskiller.com";
    default-server         "ircd.tskiller.com";
    services-server     "Services.ircd.tskiller.com";
    help-channel         "#Help";
    hiddenhost-prefix    "en";

    cloak-keys {
        "xOkxFyB1i3YjK0tac9er7zNLJZOHPo";
        "8J5XDYiZsEIHU5Yutkt5a4iepoZdDz";
        "5MxPiXsy87cIQyMbT7kFBxp9elXqb4";
    };
    hosts {
        local        "LocalOp.ircd.tskiller.com";
        global        "IrcOp.ircd.tskiller.com";
        coadmin        "CoAdmin.ircd.tskiller.com";
        admin        "Admin.ircd.tskiller.com";
        servicesadmin     "ServicesAdmin.ircd.tskiller.com";
        netadmin     "NetAdmin.ircd.tskiller.com";
        host-on-oper-up "yes";

    };
};



set {
    kline-address "cash@tskiller.com";
    modes-on-connect "+ixw";
    modes-on-oper     "+xwgs";
    modes-on-join   "+nt";
    dns {
        nameserver 127.0.0.1;
        timeout 2s;
        retries 2;
    };
    options {
        hide-ulines;
        show-connect-info;
    };

    maxchannelsperuser 15;
    anti-spam-quit-message-time 30s;

    oper-only-stats "okfGsMRUEelLCXzdD";

    throttle {
        connections 5;
        period 60s;
    };
    anti-flood {
        nick-flood 3:60;
    };


    spamfilter {
        ban-time 1d; 
        ban-reason "Spam/Advertising"; 
        virus-help-channel "#help"; 
    };
};