The Kelihos botnet is the latest attempt to “kill” a botnet. CrowdStrike listed a list of “backup C&C domains” that were serviced by Fast Flux hosting. Some of the domains were returning three IP addresses that were serving up the domain name. At least 1600 other domain names are also hosted on this group of three. The domains are either clearly “registered for abuse” names, in a variety of fraud categories from counterfeit luxury goods (cheap-watch.org) to pornography domains (thaisextalk.com)”]
Source: https://garwarner.blogspot.com/2013/08/when-parked-domains-still-infect.html