Resolved painadiction.biz to 220.127.116.11
I found this bot running as an update on a few of the barracuda http nets that I had already posted. I would imagine someone has found a vulnerability in the panel.
Gate file: /moneymaker/image.php
There are a few other domains with the same registration email (email@example.com) on the ip
Hosting infos: http://whois.domaintools.com/18.104.22.168
Edit: Discovered a POE stealer panel on the same ip.
Gate file: /poe/index.php