According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address.
Malware botnet controller located at 95.213.216.226 443 TCP:
$ telnet 95.213.216.226 443
Trying 95.213.216.226…
Connected to 95.213.216.226.
Escape character is ‘^]’
Malicious domains hosted observed on this IP address:
365-boiappauth.net. 600 IN A 95.213.216.226
activate-my-wallet.com. 600 IN A 95.213.216.226
adjourn-post.com. 600 IN A 95.213.216.226
app-transactions-reject-help.com. 600 IN A 95.213.216.226
applycovid-pass.com. 600 IN A 95.213.216.226
applyfor-pass.com. 600 IN A 95.213.216.226
authdankselogin.com. 600 IN A 95.213.216.226
hse-testkit.com. 600 IN A 95.213.216.226
local-branch-offices.com. 600 IN A 95.213.216.226
my-nhscovid-pass.com. 600 IN A 95.213.216.226
online-banking-aib.com. 600 IN A 95.213.216.226
online-bankingreviewsecurity.com. 600 IN A 95.213.216.226
onlinebankingmanage-portal.com. 600 IN A 95.213.216.226
ordertest-052.com. 600 IN A 95.213.216.226
packaging-delaying.com. 600 IN A 95.213.216.226
packs-postpone.com. 600 IN A 95.213.216.226
postoffice-local-schedule.com. 600 IN A 95.213.216.226
postofficeschedule-redelivery.com. 600 IN A 95.213.216.226
potransit-update.com. 600 IN A 95.213.216.226
relocated-post.com. 600 IN A 95.213.216.226
reschedule-missed-items.com. 600 IN A 95.213.216.226
ukpost-office-track-status.com. 600 IN A 95.213.216.226