This IP address has been reported a total of
32
times from
20 distinct
sources.
94.198.130.211 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
Part of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promo ...
show morePart of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promoting illicitly modified B-CAS cards. The associated landing pages are intentionally using Cloudflareโs protection to conceal their activities (Cloaking). This is a verified malicious actor involved in long-term fraud and victim tracking.
[Illegally modified B-CAS card sales site: https://ref.az/XDyMF -> https://ydcpwnrmkhjn.xyz/]
show less
Received: from 94.198.130.211 (EHLO host-94.198.130.211.vernet.su)
by 124.83.239.30 with SMTPs
( ...
show moreReceived: from 94.198.130.211 (EHLO host-94.198.130.211.vernet.su)
by 124.83.239.30 with SMTPs
(version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
Mon, 15 Jun 2026 14:52:14 +0900
Received: from by 94.198.130.211; Mon, 15 Jun 2026 06:51:11 +0100
From: "=?ISO-2022-JP?B?GyRCM3lFRBsoQg==?=" <[email protected]>
Reply-To: "=?ISO-2022-JP?B?GyRCJC0kTyRBGyhC?=" <[email protected]>
To: [email protected]
Subject: =?ISO-2022-JP?B?W0JDQVNdMTgbJEJGfDBKOV8kSyRkJEMkRiQvJGsbKEIuLi5YGyRCJUchPDRWNmEhKhsoQg==?=
Date: Mon, 15 Jun 2026 03:51:11 -0200
X-Mailer:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--7915592655466178"
show less
Email Spam
Anonymous
Part of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promo ...
show morePart of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promoting illicitly modified B-CAS cards. The associated landing pages are intentionally using Cloudflareโs protection to conceal their activities (Cloaking). This is a verified malicious actor involved in long-term fraud and victim tracking. [Illegally modified B-CAS card sales site: https://bom.so/Fhq7yZ -> https://rpkxskubzuyi.xyz/]
show less
[14/Jun/2026 21:35:00] IP address 94.198.130.211 found in DNS blacklist SpamCop, mail from <uiftoij@ ...
show more[14/Jun/2026 21:35:00] IP address 94.198.130.211 found in DNS blacklist SpamCop, mail from <[email protected]> to <[email protected]>
[14/Jun/2026 21:35:00] IP address 94.198.130.211 found in DNS blacklist SpamHaus SBL-XBL, mail from <[email protected]> to <[email protected]>
[14/Jun/2026 21:35:02] IP address 94.198.130.211 found in DNS blacklist SpamHaus SBL-XBL, mail from <[email protected]> to <[email protected]>
...
show less
Received: from 94.198.130.211 (EHLO host-94.198.130.211.vernet.su)
by 124.83.239.10 with SMTPs
( ...
show moreReceived: from 94.198.130.211 (EHLO host-94.198.130.211.vernet.su)
by 124.83.239.10 with SMTPs
(version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
Sun, 14 Jun 2026 23:33:44 +0900
Received: from 152.46.181.50 by 94.198.130.211; Sun, 14 Jun 2026 19:24:38 +0500
From: "=?ISO-2022-JP?B?GyRCJF4kZiRfGyhC?=" <[email protected]>
Reply-To: "=?ISO-2022-JP?B?GyRCJCskOiRIGyhC?=" <[email protected]>
To: [email protected]
Subject: =?ISO-2022-JP?B?GyRCJTklKyVRITwbKEJXT1dPVxskQiQsJDohPCRDJEhMNU5BO2tEMBsoQg==?=
Date: Sun, 14 Jun 2026 16:24:38 +0200
X-Mailer:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--"
show less
Email account brute force: 1 attempts were recorded from 94.198.130.211
2026-06-13T20:20:23+02:00 wa ...
show moreEmail account brute force: 1 attempts were recorded from 94.198.130.211
2026-06-13T20:20:23+02:00 warning: unknown[94.198.130.211]: SASL PLAIN authentication failed: authentication failure, [email protected]show less
2026-06-13T19:25:20.130432 mail-honeypot postfix/submission/smtpd[3036]: warning: unknown[94.198.130 ...
show more2026-06-13T19:25:20.130432 mail-honeypot postfix/submission/smtpd[3036]: warning: unknown[94.198.130.211]: SASL PLAIN authentication failed: authentication failure
...
show less
Brute-Force
Anonymous
Part of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promo ...
show morePart of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promoting illicitly modified B-CAS cards. The associated landing pages are intentionally using Cloudflareโs protection to conceal their activities (Cloaking). This is a verified malicious actor involved in long-term fraud and victim tracking. [Illegally modified B-CAS card sales site: https://bom.so/w9CtEH -> https://fzntzactnuyb.top/]
show less
Received: from 94.198.130.211 (EHLO host-94.198.130.211.vernet.su)
by 124.83.239.119 with SMTPs
...
show moreReceived: from 94.198.130.211 (EHLO host-94.198.130.211.vernet.su)
by 124.83.239.119 with SMTPs
(version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
Sat, 13 Jun 2026 07:32:51 +0900
Received: from 104.154.46.70 by 94.198.130.211; Sat, 13 Jun 2026 04:27:47 +0600
From: "=?ISO-2022-JP?B?GyRCJFUkLyROJFYbKEI=?=" <[email protected]>
Reply-To: "=?ISO-2022-JP?B?GyRCJEokXxsoQg==?=" <[email protected]>
To: [email protected]
Subject: =?ISO-2022-JP?B?GyRCOzI2UDhyQmUkTiQqQ04kaSQ7GyhC?=
Date: Fri, 12 Jun 2026 21:26:47 -0100
X-Mailer: The Bat! (v1.52f) Business
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--173963119567431987"
show less