Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-07-11 13:09Botnet C&CPadCrypt
nehvc5m3fs57dyrz.onion.link
103.198.0.2 (- Singapore)
2016-02-26 07:41Payment SitePadCrypt
gnkltbsaeq35rejl.tor2web.org
Tucows Inc.185.100.85.150 (- Romania) +5 A record(s) 192.36.27.5 (AS60729, - Sweden)
194.150.168.70 (AS250, - Germany)
217.197.83.197 (AS29670, - Germany)
38.229.70.4 (AS23028, - United States)
65.112.221.20 (AS209, - United States)
2016-02-26 07:40Payment SitePadCrypt
gnkltbsaeq35rejl.onion.cab
InterNetworX Ltd. & Co. KG62.138.11.6 (- Germany) +1 A record(s) 85.25.214.50 (AS8972, - Germany)
2016-02-26 07:12Botnet C&CPadCrypt
gnkltbsaeq35rejl.onion.to
217.197.83.197 (- Germany)

# of rows displayed: 4
# of entries in database: 12'877