starhf.com (Andromeda http botnet proxied by cloudflare)

Resolved starhf.com to 108.162.193.86, 108.162.193.186

Server:  starhf.com
Gate file:   /andro/image.php

This is the second andromeda net I’ve seen hosted on cloudflare. They wouldn’t take down the first one for want of evidence. I guess their bot detection technology has some trouble if it can’t even detect when cloudflare is acting as a C&C proxy. I’ve included a packet capture with this report so hopefully some action can be taken.

Categories: Uncategorized