(Andromeda http botnet proxied by cloudflare)

Resolved to,

Gate file:   /andro/image.php

This is the second andromeda net I’ve seen hosted on cloudflare. They wouldn’t take down the first one for want of evidence. I guess their bot detection technology has some trouble if it can’t even detect when cloudflare is acting as a C&C proxy. I’ve included a packet capture with this report so hopefully some action can be taken.

Categories: Uncategorized