starhf.com (Andromeda http botnet proxied by cloudflare)

By I_Post_Ur_Info, December 11, 2012

Resolved starhf.com to 108.162.193.86, 108.162.193.186

Server: starhf.com
Gate file: /andro/image.php

This is the second andromeda net I’ve seen hosted on cloudflare. They wouldn’t take down the first one for want of evidence. I guess their bot detection technology has some trouble if it can’t even detect when cloudflare is acting as a C&C proxy. I’ve included a packet capture with this report so hopefully some action can be taken.

Categories: Uncategorized

Tags: Andromeda Botcloudflare

Previous postafkm.in(irc bot spreading through skype hosted in Germany Karlsruhe 1&1 Internet Ag)

Next postrat-forums.net (Ice 9 banking malware proxied by cloudflare)

freegamebox.ru (Betabot http botnet proxied by cloudflare.com)

gemers9.ru (Betabot http botnet proxied by cloudflare.com)

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)