Qwins Ltd: Bulletproof Hosting Provider Powering Global Malware Campaigns

Security researchers may have discovered a reliable hosting company run by Qwins Ltd. that supports a broad range of international malware operations in a recent analysis resulting from standard follow-up on Lumma infostealer infections.

Lumma, consistently ranking among the top five malware families according to platforms like abuse.ch and ANY.RUN, provided an abundant source of samples for analysis.

By querying the abuse.ch API for samples from July 15-22, researchers retrieved 100 recent hashes, which were then scrutinized using VirusTotal’s API to extract 292 communicating IP addresses.

Uncovering Malicious Infrastructure

To focus on actionable leads, IPs hidden behind content delivery networks such as Cloudflare and Akamai were filtered out, leaving 10 unique IPs across distinct autonomous system numbers (ASNs).

Among these, IP 141.98.6.34 within AS213702, owned by Qwins Ltd, emerged as a focal point due to its associations with infostealers, trojans, and impersonation ...