76.191.97.100 (Multiple http botnets hosted by sentris.com)

Andromeda
Server:   76.191.97.100
Gate file:  /andro/image.php
Plugins
Rootkit:  http://76.191.97.100/andro/r.pack
Socks:  http://76.191.97.100/andro/s.pack
Formgrabber:  http://76.191.97.100/andro/f.pack
  Gate file:  /andro/fg.php

Smoke loader
Server:   76.191.97.100
Gate file:  /smoke/index.php

Pony
Server:  76.191.97.100
Gate file:  /p/gate.php

POE stealer
Server:  76.191.97.100
Gate file /poe/index.php
Login details are admin:admin

Hosting infos: http://whois.domaintools.com/76.191.97.100

EDIT: I see he’s trying bitcoin mining
Mining infos: http://zilovich:zilovich1@pool.bitclockers.com:8332

Categories: Uncategorized

1 Comment

Anonymous - December 28, 2012 at 10:45 am

Comments are closed