By While online privacy is a fundamental right, legitimate service providers must ensure user confidentiality without neglecting their obligation to maintain oversight and accountability. This includes responding to repeated abuse reports, investigating and acting on abusive accounts, cooperating with law enforcement through clear legal channels when appropriate, and regularly releasing transparency reports to build trust.
Astrill VPN is a virtual private network (VPN) provider that has been in operation since 2009. The company is legally registered in Liechtenstein, and Pakistan. AstrillVPN offers a range of services, including military-grade encryption (AES-256), no-logs policy, multiple VPN protocols (such as OpenVPN, WireGuard, StealthVPN, and Shadowsocks), and features tailored for bypassing internet censorship, particularly in countries like China. They also provide dedicated IPs, port forwarding, and router-level VPN solutions.
According to their website, Astrill.com, the company is privately owned and incorporated in Liechtenstein. They also state that the Astrill VPN server network operates offshore and is not subject to any laws requiring them to retain customer logs.
We have analysed publicly available data from Spur.com, which identified 2,400 active IP addresses connected with Astrill VPN as of 19 December 2024, along with data from SilentPush.com, and leveraged IoT datasets from Shodan.io and Fofa.info. Our investigation uncovered that Astrill VPN services have been used by the North Korean Lazarus Group for hacking operations, as well as by online piracy groups.
Companies Linked to Astrill VPN
The following companies were identified to be connected with Astrill VPN.
| Company Name | Registration Number | Registration Date | Address / Jurisdiction |
| VELOXEE CORP. | FL-0002.673.059-6 | 9 December 2021 | Städtle 36 9490 Vaduz, Liechtenstein |
| VELOXEE CORP. (inactive) | 105379 | N/A | Oliaji Trade Centre Mahe, 10000, Seychelles |
| ASTRILL SYSTEMS CORP. (SMC-PVT.) LIMITED | 0095892 | 28 October 2015 | 159-A, Main Muslim Twon Mor, Lahore, Punjab, 54000, Pakistan |
| MIZDRAK JOVICA (Individual/Sole Trader) Trading name: Astrill | 87036239621 | 02 February 2010 – 06 March 2023 (Cancelled) | Casula, Casula Mall & Chipping Norton, New South Wales, NSW 2170, Australia |
Executives / Key Officials
The below key officials associated with Astrill VPN were identified during the investigation.
| Company Name | Jurisdiction | Director(s) |
| VELOXEE CORP. | Liechtenstein | Tomas Navara (Prague, Czech Republic), Christoph Pichler-Ackermann (Vilters, Switzerland) |
| VELOXEE CORP. (likely inactive) | Seychelles | Tomas Navara |
| Jovica Mizdrak / Astrill | Australia | Jovica Mizdrak |
The articles of association dated 10 December 2021 for VELOXEE CORP., a company registered in Liechtenstein, indicate that the company relocated from Seychelles to Vaduz, Liechtenstein.
According to his LinkedIn profile, Tomas Navara is listed as a Programmer at Astrill VPN and is based in Prague, Czech Republic. OSINT investigations have attributed the email address michnovka@gmail.com to him, which was found to be registered on the following platforms.
| Platform | Username / ID | Notes |
| michnovka | Display Name: Tomáš Navara Registered Phone Number: +420******243 Profile Url: facebook.com/michnovka Friends: 91 | |
| YouTube | michnovka | Display Name: Tomas Navara Registration: 6th February 2007 Video about Skydur Application DEMO (VPN) Profile Url: youtube.com/user/michnovka |
| michnovka | Display Name: Tomas Navara Google+: plus.google.com/110370296393056657644 | |
| GitHub | Michnovka / 16553087 | 59 repos Additional Registered Email: tomas@astrill.com |
| Stripe | N/A | Phone Number: +420******243 |
| ID: 110370296393056657644 | Display Name: Tomas Navara | |
| X.com | Tomas36853768 | Registration: February 2017 Registered Phone Number: +420******243 |
| VK | id13137790 | Display Name: Tomas Navara Profile Url: vk.com/id13137790 |
| Samsung | N/A | Phone Number: +420******243 |
| Apple | N/A | Phone Number: +420******243 |
| PayPal | N/A | Phone Number: +420******243 |
| Ledger (Crypto Wallet) | N/A | Phone Number: +420******243 Location: Prague, Czech Republic |
| BlackHatWorld | michnovka | N/A |
Tomas Navara (michnovka) uploaded a YouTube video in October 2009 showcasing a demo of the Skydur VPN application. Skydur was also linked to Jovica Mizdrak through a Flickr account, “j3dworks”, which featured images of the Skydur VPN application in 2009. In addition, Skydur had an old Facebook account, “Skydur Vpn (Skydur Proxy)”, under the username “skydur.vpn”, associated with the historical domain skydur.com. Activity on this Facebook account was recorded between 2009 and 2011.
The domain skydur.com had a historic registrant country of Australia as of 7 July 2015, according to whoxy.com. An archived version of the website on Web.archive.org listed New South Wales, Australia, in its “Terms and Conditions” section. This jurisdiction aligns with the business location of the “Astrill” trade name, which was registered by Jovica Mizdrak from February 2010 to 6 March 2023.
The email address michnovka@gmail.com was also found to have been used for registering three (3) domain names listed in the table below.
| Domain Name | Notes |
| ultraway.biz | Registrar: GoDaddy.com LLC Historic Registrant Name: Jovica Mizdrak Historic Registrant Country: Australia |
| janajezdinska.com | Registrar: Realtime Register B.V. Historic Registrant Name: Tomas Navara Registrant Country: Czech Republic |
| talkinsta.net | Registrar: NameCheap Historic Registrant Name: Tomas Navara Registrant Country: Czech Republic |
Technical Team
According to an analysis of LinkedIn page “astrillvpn”, the technical team of Astrill VPN is located in Pakistan.
Domains Infrastructure
The following active domains have been found to be associated with Astrill VPN.
| Domain Name | Notes | IP address / geolocation / ISP |
| veloxee.com (active) | Registrar: Namecheap Registered date: 21 April 2016 | 172.105.88.49, Germany, Linode |
| astrill.com (active) | Registrar: Namecheap Registered date: 3 December 2009 Historical Registrant: Astrill Systems Corporation Registrant email: admin@astrill.com (15 registered domains) Registrant Country: Seychelles | 45.33.33.195, United States, Linode |
| astrillservices.com (inactive) | Registrant: Namecheap Registered date: 20 January 2015 Historical Registrant: Jovica Mizdrak (26 registered domains) Registrant Company: Astrill Systems Corp. (17 registered domains) Registrant email: Email: team@astrill.com (8 registered domains) Registrant Country: Australia | 45.33.33.195, United States, Linode |
| astrill4u.com (redirects to astrill.com) | Registrar: Namecheap Registration date: 29 October 2015 Historical Registrant: Astrill Systems Corporation Registrant email: admin@astrill.com (15 registered domains) Registrant Country: Seychelles | 192.64.119.254, United States, Namecheap |
| astrillaff.com (redirects to astrill.com) | Registrar: Namecheap Registration date: 29 October 2015 Historical Registrant: Astrill Systems Corporation Registrant email: admin@astrill.com (15 registered domains) Registrant Country: Seychelles | 192.64.119.254, United States, Namecheap |
Social Media Presence
The online accounts associated with Astrill VPN are listed in the table below.
| Platform | Username / ID | Notes |
| X.com | Astrill / 95002499 | Registration: December 2009 5,574 Followers Website: astrill.com Registered email: admin@astrill.com |
| X.com | astrill_com / 941977350 | Registration: November 2012 145 Followers Website: astrill.com |
| astrillvpn | Registration: 18 January 2011 Email: support@astrill.com Website: astrill.com Country for people who manage the Facebook page: Pakistan (3) Czech Republic (1) | |
| astrillvpn | 7K followers 21 associated members Company Name: Astrill Systems Corp. Location: Oliaji Trade Centre, 1st floor, Victoria, Mahe SC |
The following accounts were identified to be registered with the email admin@astrill.com.
| Platform | Username / ID | Notes |
| Microsoft | 2D0846E13EDA9A26 | Registration: 1 June 2016 |
| PayPal | N/A | Phone Number: +61******510 |
The phone number +61******510 was found to be registered on the below platforms.
| Platform | Notes |
| Registered email: facebook@astrill.com Additional registered email hint: j*****a@a*******.com Facebook ID: 100000575327928 Profile Url: www.facebook.com/astrill.corp/ | |
| PayPal | N/A |
| N/A | |
| Microsoft | Registered email: j3d_jovica@hotmail.com ID: D0821E36348BCEB2 Name: Jovo M Registration Date: 12 December 2005 Last Seen: 8/5/2024 Country: Australia |
The email address j3d_jovica@hotmail.com was found to be linked to a Flickr account, “j3dworks”, where the user showcased the Skydur VPN application in 2009.
IP Infrastructure
A Shodan query for “Veloxee Corp.” has uncovered 6,468 IP addresses as of 30 March 2025. A summary report detailing the distribution of these IP addresses by country is provided below.
The number of IP addresses associated with “Veloxee Corp.” began to rise in October 2022. A summary graph from Shodan is provided below.
According to Hurricane Electric Internet Services’ BGP tool, “Astrill Systems Corp.” holds the IPv4 prefix 79.124.1.0/24, which is hosted in Bulgaria through the transit provider Clouvider Limited (AS62240). WHOIS records for the IPv4 prefix show that the responsible contact is Jovica Mizdrakski, associated with Astrill Systems Corp., located in Casula, New South Wales, 2170, Australia.
A search for “Astrill” on bgp.he.net revealed the entity “Astrill” with ASN 58546, based in Australia. However, ASN 58546 has not been visible in the global routing table since 1 May 2013.
The WHOIS records display the following details:
- Organization: Astrill
- Address: 20 Aintree Close, Casula, NSW, Australia
- Phone: 61-403210510
- Email: admin@astrill.com
Three additional IPv4 prefixes or subnets were identified for “Astrill”:
- 252.90.0/24 – Astrill (C05588014), United States; transit provider: Datacamp Limited (AS212238)
- 165.82.0/24 – Astrill (C05418560), United States, transit provider: Wave Broadband (AS11404)
- 6.216.0/22 – Astrill, Australia, transit provider: Hurricane Electric LLC (AS6939)
The IoT search engine Fofa.info shows 210 results for the query “AstrillVPN”. Notable results are linked to Hong Kong (18) and China (9). A summary of the relevant results for Hong Kong is provided in the table below.
| IP Address | Associated Domain | Notes |
| 47.52.76.72 | getastr.com | ISP: Alibaba US Technology Co., Ltd |
| 47.75.129.64 | getastr.com | ISP: Alibaba US Technology Co., Ltd |
| 47.52.33.113 | astrillcn.com | ISP: Alibaba US Technology Co., Ltd |
A summary of relevant results for China are displayed in the below table.
| IP Address | Associated Information |
| 218.25.129.39 | ISP: CHINA UNICOM China169 Backbone Information: DD-WRT v24-sp2 std (c) 2014 NewMedia-NET GmbH Operating System: Linux |
| 223.166.66.15 | ISP: China Unicom Shanghai network Title: 影喵大世界 | 影喵大叔的导航页 (Shadow Cat World | Uncle Shadow Cat’s navigation page) Operating System: Synology DiskStation Manager (DSM) 7.2.2-72806 |
| 223.166.66.74 | ISP: China Unicom Shanghai network Title: 影喵大世界 | 影喵大叔的导航页 (Shadow Cat World | Uncle Shadow Cat’s navigation page) |
| 223.166.66.167 | ISP: China Unicom Shanghai network Title: 影喵大世界 | 影喵大叔的导航页 (Shadow Cat World | Uncle Shadow Cat’s navigation page) |
| 223.166.67.145
| ISP: China Unicom Shanghai network Title: 影喵大世界 | 影喵大叔的导航页 (Shadow Cat World | Uncle Shadow Cat’s navigation page) |
Spur.com, a provider of tools and data for detecting VPNs, residential proxies, and bots, conducted an investigation into AstrillVPN’s infrastructure and identified 2,400 active IP addresses as of 19 December 2024. Their findings revealed that North Korea’s DPRK has frequently used Astrill VPN to conceal their digital presence while applying for remote jobs.
We conducted a detailed analysis of the 2,400 IP addresses based on Internet Service Provider (ISP) and geolocation (country). Below is a summary table highlighting the top 10 ISPs and their corresponding number of Astrill VPN IP addresses.
| ISP | ASN | Jurisdiction | Number of IP addresses |
| Clouvider Limited | AS62240 | United Kingdom | 539 |
| 24SHELLS | AS55081 | United Kingdom | 298 |
| Eonix Corporation | AS62904 | United States | 275 |
| OVH SAS | AS16276 | France | 95 |
| The Constant Company, LLC | AS20473 | United States | 80 |
| HostPapa | AS36352 | United States | 75 |
| SoftLayer Technologies Inc | AS36351 | United States | 61 |
| Hurricane Electric LLC | AS6939 | United States | 53 |
| QuadraNet Enterprises LLC | AS8100 | United States | 50 |
| Sharktech | AS46844 | United States | 37 |
Notably, Clouvider Limited (Company Number: 08750969) is a UK-registered company managed by Marcin Andrzej Osinski and Dominik Jan Nowacki, both residing in the United Kingdom. Dominik Jan Nowacki has previously served as an officer in at least 18 dissolved companies in the UK.
Below is a chart displaying the distribution of IP addresses by country, focusing on the top 20 countries.
SilentPush.com has identified at least 12 Astrill VPN IP addresses previously used by the North Korean Lazarus Group in hacking operations. However, only two (2) of these IP addresses were present in the list of 2,400 released by Spur.com.
Our analysis of the 2,400 IP addresses released by Spur.com uncovered links to online piracy, with three IP addresses hosted by Magna Capax Finland Oy in Finland and another three hosted by Shinjiru Technology Sdn Bhd in Malaysia.
Astrill VPN Application – Google Play and Apple Store
Astrill VPN has applications on Google Play and the Apple Store, developed by Veloxee Corp., with the following details:
- Address: Städtle 36 9490 Vaduz, Liechtenstein
- Phone: +4233758000 (landline)
- Email: android@astrill.com
US-based Registered Trademarks
Astrill VPN has the following registered trademarks in the United States:
| Trademark Name | Registration Details | Owner |
| ASTRILL | Registration Number: 5338998 Filling Date: 2017-04-16 Class Status Code: Active | VELOXEE CORP. |
| STEALTHVPN | Pseudo Mark: STEALTH VIRTUAL PRIVATE NETWORK Registration Number: 5468623 Filling Date: 2017-10-05 Class Status Code: Active | VELOXEE CORP. |
| OPENWEB | Serial Number: 87635858 Filling Date: 2017-10-05 Status: | ASTRILL SYSTEMS CORP. |
Notably, the trademark name “Shadowsocks” (Registration Number: 4807789) was registered by Zhu Botao on 28 January 2015.
Astrill VPN Payment Providers
AstrillVPN accepts payments via PayPal, credit/debit cards, Bitcoin, Monero, and UnionPay (China). Their banking details are registered under VELOXEE CORP. (VAT Number: 62526) at Städtle 36, 9490 Vaduz, Liechtenstein. PayPal transactions are processed through Verifone Payments B.V., while Bitcoin payments are facilitated by the BitPay cryptocurrency payment service provider.
Blockchain analysis
Using AMLBot.com, a blockchain analysis tool, investigators have identified the following Bitcoin (BTC) address related to Astrill VPN:
- bc1qy640lkt48j6fnna2zq35umjcnzrqp7v60cpg4r (57.2% Risk score)
A summary table of the relevant high-risk incoming transactions is provided below.
| Name | Source | Risk Score | Amount BTC | Amount USD |
| HitBTC | Exchange unlicensed | 60% | 0.0180581 | $1,506.96 |
| FixedFloat | Exchange unlicensed | 60% | 0.01046855 | $873.12 |
| KuCoin | Exchange unlicensed | 60% | 0.00582978 | $485.97 |
| THORChain | Mixer | 100% | 0.00581165 | $484.52 |
| Wasabi Wallet | Mixer | 100% | 0.00319438 | $266.57 |
| ChangeHero | Exchange unlicensed | 60% | 0.00253038 | $211.16 |
| SafelyChange (prev. NetEx24.net) | Sanctions | 100% | 0.00054384 | $45.37 |
| Bitget | Exchange unlicensed | 60% | 0.00045 | $37.53 |
| Noones | P2P exchange unlicensed | 60% | 0.00042946 | $35.83 |
The funds from bc1qy640lkt48j6fnna2zq35umjcnzrqp7v60cpg4r were transferred to bc1pglarn03uy7ejgznu3z9evq47dxz43vl3s87gkkaq9xzxylssvwus4jxysl which has a current balance of $51,309.34 USD (as of 5 March 2025).
Key Takeaways & Suggestions
- Increase Transparency: VPN providers like Astrill should publish regular transparency reports outlining how they handle abuse complaints and law enforcement requests.
- Implement Proactive Monitoring: Identify and restrict malicious usage patterns while protecting user privacy.
- Enhance Accountability: Strengthen procedures for responding to repeated abuse reports and illegal activity.
- Encourage Industry Standards: Promote a baseline framework for ethical VPN operations, especially in high-risk jurisdictions.
