Resolved painadiction.biz to 188.8.131.52
I found this bot running as an update on a few of the barracuda http nets that I had already posted. I would imagine someone has found a vulnerability in the panel.
Gate file: /moneymaker/image.php
There are a few other domains with the same registration email (firstname.lastname@example.org) on the ip
Hosting infos: http://whois.domaintools.com/184.108.40.206
Edit: Discovered a POE stealer panel on the same ip.
Gate file: /poe/index.php