A recent investigation by virtualization company Bromium has discovered that US-based web servers were being used by cybercriminals to host and distribute banking trojans, information stealers and ransomware.
The firm analyzed its own threat data as well as public data between May 2018 and March 2019 to reveal that malicious threats were originating from web servers in Las Vegas, Nevada registered under the name PONYNET and hosted on BuyVM data centers.
BuyVM is actually owned by FranTech solutions which is a hosting provider that has previously been found to have links to far-right websites.
Source: TechRadar