Blog for hpHosts, and whatever else I feel like writing about ....

Saturday, 16 January 2010

Crimeware friendly ISP's: AS8206 JUNIK-RIGA-LV JUNIKNET Autonomous System JUNIK ISP Network Riga, Latvia

And in todays firing line, competing with the rest for the title of worlds most crimeware friendly ISP, we have AS8206, Latvian based ISP, Junik-Riga-LV.

Junik is being listed for 2 very specific reasons, they're providing connectivity for;

AS29106 VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
AS49314 NEVAL PE Nevedomskiy Alexey Alexeevich

Oh dear, this isn't going to end well is it?

Neval has been home to a plethora of malicious content over the years, and like a few others, I've not yet seen a single legit domain hosted over there. Criminals they DO however host include the miscreants responsible for the YES exploit pack who are housed at (

Not exactly hiding what they're offering are they? (hat tip to SysAdMini for the heads up)

Then of course, there's the usual selection of rogues such as, which is housed at, or this piece of malicious goodness (sadly, only one vendor is detecting this at the time of writing this), which is housed at which was living on and has now moved to another criminal network, (AS24826 KHARKOV-TERMINALS-AS PE Viktor Nastechenko, see here).

Indeed, I'll tell you what, just pick ANY domain within the Neval network, and you'll find it's involved in malicious activity of one description or another.

And then we get to VolgaHost, which is yet another network whose connectivity is provided by Junik, that doesn't contain a single legit domain. Every single one is involved in either exploits or malware of one description or another (ZeUs and Fragus exploits primarily). For example;

One can't help wondering why Junik are allowing this to continue, especially given neither VolgaHost nor Neval are exactly trying to hide it. Well Junik - care to explain yourselves?

Until they do bother to boot these criminals, I'd personally recommend everyone blackhole their ranges. Sadly, this seems to be the only way these ISP's are going to learn.


Zaphod said...

Keep the good data coming dude. Every time you give me a new nasty AS record as bad, I incorporate.

Query, if you want credit, what should I credit, you, or one of your sites?

Zap :)

MysteryFCM said...

No credit required, just happy to help :o)