Saw this IP listed on Catinello 213.111.72.108 → read: https://otx.alienvault.com/browse/pulses/?q=tag:Ursnif
Also look here: https://ransomwaretracker.abuse.ch/ip/213.111.72.108/
In deep technical on this Data Theft Malware-> http://www.seculert.com/blogs/ursnif-deep-technical-dive
And now one can imagine why polonus is a fan of firehol → https://github.com/firehol/blocklist-ipsets/blob/master/esentire_inleet_ru.ipset
polonus