painadiction.biz (Andromeda http botnet hosted by Ukraine Ukrainian Internet Names Center Ltd)

By I_Post_Ur_Info, December 4, 2012

Resolved painadiction.biz to 91.231.85.228

I found this bot running as an update on a few of the barracuda http nets that I had already posted. I would imagine someone has found a vulnerability in the panel.

Server: painadiction.biz
Gate file: /moneymaker/image.php

There are a few other domains with the same registration email (soyperlman@live.com) on the ip
dreadmar.pro
dreadmari.biz
dreadmarall.biz
painadiction.com
painadiction.net

Hosting infos: http://whois.domaintools.com/91.231.85.228

Edit: Discovered a POE stealer panel on the same ip.
Server: 91.231.85.228
Gate file: /poe/index.php

Categories: Uncategorized

Tags: Andromeda Botstealer

Previous postgenhagroup.com (Andromeda http botnet hosted by United States Provo Unified Layer)

Next posttechmanagement.info (Aryan irc botnet hosted by vpzzo.com)

188.138.40.39(Password Stealer Hosted In Germany ASN: 8972 intergenia AG)

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)