(Andromeda http botnet hosted by Ukraine Ukrainian Internet Names Center Ltd)

Resolved to

I found this bot running as an update on a few of the barracuda http nets that I had already posted. I would imagine someone has found a vulnerability in the panel.

Gate file:  /moneymaker/image.php

There are a few other domains with the same registration email ( on the ip

Hosting infos:

Edit:  Discovered a POE stealer panel on the same ip.
Gate file:  /poe/index.php

Categories: Uncategorized