This has occurred on the back of the recent de-peering of several major bulletproof hosts - so called for their support of known centers of cybercrime.
VolgaHost is well known to HostExploit. It topped our ranking of ‘Bad Hosts’ for the 4th quarter of 2010, having been ranked #3 in the two previous quarters.
As the following chart shows, it earned its placing due to the number of botnet Command & Control (C&C) servers it was hosting, as well as significant levels of malicious URLs, Zeus and exploit servers:
The following graph of historical data shows activity on the server stopped on January 17, having been consistently active for many months before:
This was also related to community efforts with regard to AS39150 Vline Telecom (#6 Bad Host in the 2010 Q4 report), which was de-peered from its upstream provider AS3267 RUNNet.ru - the Russian State Institute of Information Technologies and Telecommunications.
|ASN||AS name||Offline since||Prefix||SiteVet||Spamhaus||Abuse.ch|
|AS20564||INFORMEX-MNT Informex||2011/01/11||184.108.40.206/24||AS20564 report||SBL97792||Zeus domains|
|AS31445||TTC-AS Naukanet (TopNET) UA||2010/07/01||220.127.116.11/23||AS31445 report||SBL92406||Zeus domains|
|AS31478||PMN-AS PROMIRANET multihomed network||2011/01/11||18.104.22.168/22||AS31478 report||SBL98807||Zeus domains|
|AS31506||ASN-YS-IX Yuzhno-Sakhalinsk Internet eXchange||2010/12/29||22.214.171.124/24||AS31506 report||SBL98806||Zeus domains|
|AS43181||K2K-AS Contel 2000 Ltd.||2011/01/11||126.96.36.199/23||AS43181 report||SBL96584||Zeus domains|
|AS48280||IT-OUTSOURCE-AS||2011/01/11||188.8.131.52/24||AS48280 report||SBL98806||Zeus domains|
Currently AS39150 Vline Telecom is tenuously connected to the Internet by the following upstream:
- AS31500 GLOBALNET-AS Global Network Managment Ltd
- AS29648 COMLINE-AS ComLine Ltd, an Chelyabinsk ISP
- AS29053 TELENET-JSC-AS JSC Telenet
The following are still currently downstream and of questionable reputation:
- AS48159 - STREAMLINE LLC "Stream Line"
- AS29234 - ASN-WESTLUCKY Zahidna Merezha Uspihu ISP
- AS24912 - BILIM-AS JSC BiLiM Systems Ltd
- AS49158 - NICE-AS Nice LTD
- AS44016 - PACSERVICE-AS PVKP PacService
- AS44001 - EPYGI Epygi Technologies
This is a major step in the ongoing fight against botnet hosting and cybercrime as world’s worst host VolgaHost, and other associated crime servers, have disappeared. The situation can be monitored here on HostExploit, you can also use live checks of any AS via SiteVet (updated daily) and via abuse.ch.
Recent Articles by Jart Armin :
World Hosts Report - March 2013HostExploit is pleased to present the March 2013 World Hosts Report, in collaboration...
White Paper: The New gTLDs – Security by DesignCyberDefcon has released a new white paper, The New gTLDs – Security...
Familiar Hosts & Open ResolversHostExploit is pleased to present the Q3 2012 World Hosts Report, in collaboration...