"The IP address 195.211.190[.]189 was hosted on infrastructure from Railnet LLC — a legal front for the Russia-based bulletproof hosting provider Virtualine, as reported by Intrinsec."

In this Lynx ransomware case, the threat actor leveraged infrastructure tied to a known bulletproof hosting provider.

Report: https://thedfirreport.com/2025/12/17/cats-got-your-files-lynx-ransomware/
Services: https://thedfirreport.com/services/
Contact Us for pricing or a demo: https://thedfirreport.com/contact/