Wednesday, October 01, 2014
   
Text Size

VolgaHost – World’s #1 Bad Host & Other Crime Servers Taken Down

Monday, 24 January 2011 15:11 in Blogs, Current Events by Jart Armin

Blog Image

We are pleased to report that the #1 Bad Host and crime server from last quarter's report - AS29106 VolgaHost, has been taken off-line, as from January 17th 2011.

This has occurred on the back of the recent de-peering of several major bulletproof hosts - so called for their support of known centers of cybercrime.

VolgaHost is well known to HostExploit. It topped our ranking of ‘Bad Hosts’ for the 4th quarter of 2010, having been ranked #3 in the two previous quarters.

As the following chart shows, it earned its placing due to the number of botnet Command & Control (C&C) servers it was hosting, as well as significant levels of malicious URLs, Zeus and exploit servers:

VolgaHost vs the rest of the Top 10

Click image to view full size.

The following graph of historical data shows activity on the server stopped on January 17, having been consistently active for many months before:

VolgaHost historical badness

Click image to view full size.

This was also related to community efforts with regard to AS39150 Vline Telecom (#6 Bad Host in the 2010 Q4 report), which was de-peered from its upstream provider AS3267 RUNNet.ru - the Russian State Institute of Information Technologies and Telecommunications.

As a result, the table below shows currently disconnected crime servers & bullet proof hosts for a variety of botnets. Also see links to Spamhaus and abuse.ch.

ASN AS name Offline since Prefix SiteVet Spamhaus Abuse.ch
AS20564 INFORMEX-MNT Informex 2011/01/11 193.178.172.0/24 AS20564 report SBL97792 Zeus domains
AS31445 TTC-AS Naukanet (TopNET) UA 2010/07/01 195.128.226.0/23 AS31445 report SBL92406 Zeus domains
AS31478 PMN-AS PROMIRANET multihomed network 2011/01/11 194.63.144.0/22 AS31478 report SBL98807 Zeus domains
AS31506 ASN-YS-IX Yuzhno-Sakhalinsk Internet eXchange 2010/12/29 194.88.11.0/24 AS31506 report SBL98806 Zeus domains
AS43181 K2K-AS Contel 2000 Ltd. 2011/01/11 193.27.232.0/23 AS43181 report SBL96584 Zeus domains
AS48280 IT-OUTSOURCE-AS 2011/01/11 194.88.11.0/24 AS48280 report SBL98806 Zeus domains

Currently AS39150 Vline Telecom is tenuously connected to the Internet by the following upstream:

  • AS31500 GLOBALNET-AS Global Network Managment Ltd
  • AS29648 COMLINE-AS ComLine Ltd, an Chelyabinsk ISP
  • AS29053 TELENET-JSC-AS JSC Telenet

The following are still currently downstream and of questionable reputation:

  • AS48159 - STREAMLINE LLC "Stream Line"
  • AS29234 - ASN-WESTLUCKY Zahidna Merezha Uspihu ISP
  • AS24912 - BILIM-AS JSC BiLiM Systems Ltd
  • AS49158 - NICE-AS Nice LTD
  • AS44016 - PACSERVICE-AS PVKP PacService
  • AS44001 - EPYGI Epygi Technologies

This is a major step in the ongoing fight against botnet hosting and cybercrime as world’s worst host VolgaHost, and other associated crime servers, have disappeared. The situation can be monitored here on HostExploit, you can also use live checks of any AS via SiteVet (updated daily) and via abuse.ch.

Comments  

 
0 # nadia 2012-04-16 12:21
is it the same russian company?
http://volga-host.ru/
Reply | Reply with quote | Quote
 

Latest Blogs

  • 1
  • 2
  • 3

Newsletter

Sign up to the HostExploit newsletter to receive the latest news on HostExploit reports and other developments.
Receive

Login