76.191.97.100 (Multiple http botnets hosted by sentris.com)

By I_Post_Ur_Info, December 27, 2012

Andromeda
Server: 76.191.97.100
Gate file: /andro/image.php
Plugins
Rootkit: http://76.191.97.100/andro/r.pack
Socks: http://76.191.97.100/andro/s.pack
Formgrabber: http://76.191.97.100/andro/f.pack
Gate file: /andro/fg.php

Smoke loader
Server: 76.191.97.100
Gate file: /smoke/index.php

Pony
Server: 76.191.97.100
Gate file: /p/gate.php

POE stealer
Server: 76.191.97.100
Gate file /poe/index.php
Login details are admin:admin

Hosting infos: http://whois.domaintools.com/76.191.97.100

EDIT: I see he’s trying bitcoin mining
Mining infos: http://zilovich:zilovich1@pool.bitclockers.com:8332

Categories: Uncategorized

Tags: Andromeda BotPonysmokeloaderstealer

Previous post95.58.254.79(Pony hosted in Kazakhstan Almaty Jsc Kazakhtelecom)

Next postuokmate.info (Insomnia irc botnet hosted by volumedrive.com)

1 Comment

Anonymous - December 28, 2012 at 10:45 am

http://directxex.com/uploads/1243013998.di_build.exe Di botnet http link

http://gwassnet.com/admin231/control.php
Smoke loader?

185.121.139.214 (Pony Hosted in United Kingdom London Hydra Communications Ltd)

bookwormsbiorhythm.top(Smoke Loader + TeamViewer Rat)

flipcoin.co(Pony hosted in United States Piscataway Shock Hosting Llc)

1 Comment

Anonymous - December 28, 2012 at 10:45 am

Comments are closed