Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-02-20 15:45Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.nu
WorldNames, Inc185.112.157.26 (- Hungary) +6 A record(s) 185.112.157.7 (AS47381, - Hungary)
188.213.49.65 (AS44220, - Romania)
46.36.37.106 (AS51731, - Czech Republic)
46.36.37.82 (AS51731, - Czech Republic)
86.107.110.114 (AS8708, - Romania)
89.46.102.10 (AS9009, - Romania)
2016-02-20 15:44Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.link
103.198.0.2 (- Singapore)
2016-02-20 15:43Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.to
185.100.85.150 (- Romania) +2 A record(s) 192.36.27.5 (AS60729, - Sweden)
217.197.83.197 (AS29670, - Germany)

# of rows displayed: 3
# of entries in database: 12'974