This is a guest post witten by mongoose
Server: 212.7.194.240
Port: 6667
Channel: #nirjhar
Current local users: 47 Max: 472
Current global users: 47 Max: 472
This file was downloaded from this botnet.
Whois on host IP: http://whois.domaintools.com/212.7.194.240
Anonymous - September 21, 2013 at 5:30 pm
Large botnet running on 85.17.139.12 irc.private-life.biz (Leaseweb)
A /list shows one room. This room had 2,300 users in it at one point. Also in use are #attackroom1 #attackroom2 #attackroom3
Appears to be using the Athena bot.
Commands issued " madd3 : !ddos.layer4.udp 91.234.32.229 21 150"
The botmaster. Using a VPN service in the Ukraine.
madd3@rox-90564AD2.sat.poltava.ua
* [madd3] (madd3@private-life.biz): John Smith
* [madd3] #chatroom
* [madd3] irc.private-life.biz :Life Server
* [madd3] is a Network Administrator
* [madd3] is available for help.
* [madd3] idle 00:00:28, signon: Tue Sep 17 15:58:59
* [madd3] End of WHOIS list.
Pig - September 22, 2013 at 2:24 pm
nice find 🙂