Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-05-05 06:53Distribution SiteLocky
stadiumwebshop.com
TLD REGISTRAR SOLUTIONS LTD94.177.168.91 (- Romania)
2016-05-05 06:53Distribution SiteLocky
web.smadwiwarna.net
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]103.228.119.245 (- Indonesia)
2016-05-05 06:53Distribution SiteLocky
jambe.in
GoDaddy.com, LLC (R101-AFIN)216.239.32.21 (- United States) +3 A record(s) 216.239.34.21 (AS15169, - United States)
216.239.36.21 (AS15169, - United States)
216.239.38.21 (AS15169, - United States)
2016-05-05 06:52Distribution SiteLocky
cwsnet.com.au
Web Address Registration216.224.174.137 (- United States)
2016-05-05 06:52Botnet C&CLocky
91.234.33.215
91.234.33.215 (- Ukraine)
2016-05-05 05:51Payment SiteTeslaCrypt
h54dc.leverdaze.at
(n/a)
2016-05-04 22:34Botnet C&CPayCrypt
dnibsan.com
ENOM, INC.67.225.220.95 (- United States)
2016-05-04 18:30Botnet C&CLocky
138.201.95.72
138.201.95.72 (- Germany)
2016-05-04 16:15Botnet C&CTeslaCrypt
random-shots.com
GODADDY.COM, LLC192.185.5.148 (- United States)
2016-05-04 07:41Botnet C&CLocky
31.184.197.126
31.184.197.126 (- Russian Federation)
2016-05-03 15:34Botnet C&CLocky
91.226.93.113
91.226.93.113 (- Russian Federation)
2016-05-03 15:33Botnet C&CLocky
91.219.29.64
91.219.29.64 (- Ukraine)
2016-05-03 13:49Distribution SiteLocky
badu.sk
37.46.80.248 (- Czech Republic)
2016-05-03 13:28Distribution SiteLocky
niagara.vn.ua
ua.ukraine185.68.16.6 (- Ukraine)
2016-05-02 19:59Botnet C&CTeslaCrypt
www.maniffatoretraiteur.com
GANDI SAS217.70.180.151 (- France)
2016-05-02 06:06Payment SiteTeslaCrypt
k234s.ascotsprue.com
KEY-SYSTEMS GMBH184.105.192.2 (- United States)
2016-05-02 06:05Payment SiteTeslaCrypt
l123d.feustude.at
(n/a)
2016-05-02 06:05Payment SiteTeslaCrypt
u24er.ovaarmor.com
KEY-SYSTEMS GMBH184.105.192.2 (- United States)
2016-05-02 02:48Botnet C&CLocky
ycvcjbhgkmsiyhdd.info
Regtime Ltd.91.230.211.26 (- Russian Federation)
2016-05-01 23:05Botnet C&CTeslaCrypt
site7.aiglecom.com
GANDI SAS217.70.180.151 (- France)
2016-05-01 19:25Botnet C&CLocky
rrcspgfghsjnklts.pw
Namecheap208.100.26.234 (- United States)
2016-05-01 15:39Botnet C&CLocky
abvtqhwodwjmi.work
Regtime91.230.211.26 (- Russian Federation)
2016-05-01 08:38Payment SiteTorrentLocker
stgg5jv6mqiibmax.toradmin.li
(n/a)
2016-05-01 08:34Payment SiteTorrentLocker
stgg5jv6mqiibmax.torclever.li
(n/a)
2016-04-29 19:56Botnet C&CLocky
cwprfpjtmjb.biz
DYNADOT LLC69.195.129.70 (- United States)
2016-04-29 17:21Botnet C&CLocky
83.217.8.155
83.217.8.155 (- Russian Federation)
2016-04-29 14:44Distribution SiteLocky
listelo.com.br
177.234.151.130 (- Brazil)
2016-04-29 12:39Botnet C&CLocky
89.108.84.155
89.108.84.155 (- Russian Federation)
2016-04-29 12:31Distribution SiteLocky
dveri-ivanovo.ru
R01-RU (n/a)
2016-04-29 10:59Distribution SiteLocky
avcilarinpazari.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]209.99.40.223 (- United States)
2016-04-29 10:59Distribution SiteLocky
zona-sezona.com.ua
ua.adresa91.223.223.159 (- Ukraine)
2016-04-29 10:59Distribution SiteLocky
amatic.in
GoDaddy.com, LLC (R101-AFIN)103.247.96.21 (- India)
2016-04-29 10:59Distribution SiteLocky
cafeaparis.eu
DonDominio.com / Soluciones Corp[...] (n/a)
2016-04-29 08:50Distribution SiteLocky
64.207.144.148
(n/a)
2016-04-29 08:50Distribution SiteLocky
easytravelvault.com
CRAZY DOMAINS FZ-LLC101.0.117.102 (- Australia)
2016-04-29 08:49Distribution SiteLocky
kizilirmakdeltasi.net
FBS INC.5.250.244.186 (- Turkey)
2016-04-29 08:49Distribution SiteLocky
emcartaz.net.br
(n/a)
2016-04-29 04:28Botnet C&CTeslaCrypt
gmtuae.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...] (n/a)
2016-04-28 20:51Botnet C&CTeslaCrypt
faenzabike.makkie.com
DNC HOLDINGS, INC.213.26.174.81 (- Italy)
2016-04-28 18:00Botnet C&CLocky
51.254.240.60
51.254.240.60 (- France)
2016-04-28 16:51Botnet C&CLocky
axnemuevqnstqyflb.work
Regtime31.148.99.188 (- Czech Republic)
2016-04-28 15:10Botnet C&CLocky
83.217.26.168
83.217.26.168 (- Russian Federation)
2016-04-28 12:38Botnet C&CTeslaCrypt
bestinghana.com
GODADDY.COM, LLC184.168.51.1 (- United States)
2016-04-28 12:03Distribution SiteLocky
minisupergame.ru
REGRU-RU (n/a)
2016-04-28 12:03Distribution SiteLocky
cafe-vintage68.ru
R01-RU (n/a)
2016-04-28 12:03Distribution SiteLocky
switchright.com
123-REG LIMITED80.160.49.212 (- Denmark)
2016-04-28 12:02Distribution SiteLocky
3dphoto-rotate.ru
AGAVA-RU81.177.141.211 (- Russian Federation)
2016-04-28 12:02Distribution SiteLocky
banketcentr.ru
R01-RU (n/a)
2016-04-28 12:01Distribution SiteLocky
tribalsnedkeren.dk
92.61.149.78 (- Europe)
2016-04-28 12:01Distribution SiteLocky
rabitaforex.com
GODADDY.COM, LLC (n/a)
2016-04-28 06:10Botnet C&CTeslaCrypt
coolcases.info
Wild West Domains, LLC72.167.232.144 (- United States)
2016-04-28 05:00Botnet C&CLocky
htankds.info
Regtime Ltd.91.219.31.18 (- Ukraine)
2016-04-27 20:19Botnet C&CLocky
107.170.20.33
107.170.20.33 (- United States)
2016-04-27 16:51Botnet C&CTeslaCrypt
runescape-autominer.info
eNom, Inc.192.185.46.61 (- United States)
2016-04-27 15:42Botnet C&CTeslaCrypt
www.teacherassist.info
NameWeb BVBA94.124.120.61 (- Netherlands)
2016-04-27 12:48Distribution SiteLocky
warcraft-lich-king.ru
REGRU-RU87.236.19.13 (- Russian Federation)
2016-04-27 12:48Distribution SiteLocky
soccerinsider.net
TLD REGISTRAR SOLUTIONS LTD (n/a)
2016-04-27 12:47Distribution SiteLocky
pediatriayvacunas.com
DOMAIN.COM, LLC192.185.13.169 (- United States)
2016-04-27 12:47Distribution SiteLocky
onlinecrockpotrecipes.com
GODADDY.COM, LLC (n/a)
2016-04-27 12:46Distribution SiteLocky
lbbc.pt
130.185.84.57 (- Portugal)
2016-04-27 12:46Distribution SiteLocky
jurang.tk
Freedom Registry, Inc. (n/a)
2016-04-27 12:46Distribution SiteLocky
directenergy.tv
NAME.COM, INC.67.225.176.90 (- United States)
2016-04-27 12:45Distribution SiteLocky
adamauto.nl
TransIP BV5.61.252.121 (- Netherlands)
2016-04-27 12:44Distribution SiteLocky
aaacollectionsjewelry.com
ENOM, INC. (n/a)
2016-04-27 10:13Botnet C&CPayCrypt
parasolesdecolombia.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]198.1.80.79 (- United States)
2016-04-26 18:06Botnet C&CTeslaCrypt
kortingcodes.be
AXC108.167.181.253 (- United States)
2016-04-26 06:08Botnet C&CTeslaCrypt
custommerchandisingservices.com
TUCOWS DOMAINS INC.45.79.161.27 (- United States)
2016-04-23 21:18Botnet C&CTeslaCrypt
bonjourtablier.com
1&1 INTERNET SE212.227.247.229 (- Germany)
2016-04-23 01:18Botnet C&CTeslaCrypt
blackroom.club
OnlineNIC, Inc. d/b/a China-chan[...]81.177.135.232 (- Russian Federation)
2016-04-21 22:35Botnet C&CTeslaCrypt
blessingshealthuk.com
GODADDY.COM, LLC107.180.50.165 (- United States)
2016-04-21 22:35Botnet C&CTeslaCrypt
artsabc.com
NAME.COM, INC.204.12.208.74 (- United States)
2016-04-21 15:47Distribution SiteTeslaCrypt
yomanarmycc.asia
PDR Ltd. d/b/a PublicDomainRegis[...]n/a
2016-04-21 06:04Distribution SiteLocky
gogocalldrivers.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]209.99.40.222 (- United States)
2016-04-20 20:24Botnet C&CTeslaCrypt
anybug.net
OVH78.217.205.113 (- France)
2016-04-20 16:12Distribution SiteLocky
hstfood.com
REALTIME REGISTER BV176.9.121.221 (- Germany)
2016-04-20 16:12Distribution SiteLocky
crackersinchennai.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]209.99.40.223 (- United States)
2016-04-20 16:12Distribution SiteLocky
pinakfoods.com
GODADDY.COM, LLC160.153.35.5 (- United States)
2016-04-20 13:04Distribution SiteLocky
vegaindia.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]103.21.59.168 (- India)
2016-04-20 13:03Distribution SiteLocky
sapionusa.com
LAUNCHPAD.COM, INC.208.91.197.13 (- Virgin Islands)
2016-04-20 07:23Payment SiteTeslaCrypt
wor4d.slewirk.at
(n/a)
2016-04-20 07:14Payment SiteTeslaCrypt
kbv5s.kylepasse.at
(n/a)
2016-04-20 07:10Payment SiteTeslaCrypt
k47d3.proporr.com
KEY-SYSTEMS GMBH184.105.192.2 (- United States)
2016-04-20 06:42Botnet C&CTeslaCrypt
alushtadom.com
ONLINENIC, INC.81.177.140.186 (- Russian Federation)
2016-04-20 05:26Distribution SiteTeslaCrypt
thereissomegoodqq.com
KEY-SYSTEMS GMBH (n/a)
2016-04-20 05:25Distribution SiteTeslaCrypt
thereissomegoodqq.com
KEY-SYSTEMS GMBH (n/a)
2016-04-19 15:29Botnet C&CLocky
blxbymhjva.info
Dynadot, LLC69.195.129.70 (- United States)
2016-04-19 07:49Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.torclassik.li
(n/a)
2016-04-19 04:25Botnet C&CLocky
ahsqbeospcdrngfv.info
101domain, Inc195.22.28.198 (- Portugal)
2016-04-19 04:24Botnet C&CLocky
cxlgwofgrjfoaa.info
101domain, Inc195.22.28.197 (- Portugal)
2016-04-18 10:00Botnet C&CLocky
91.234.35.243
91.234.35.243 (- Ukraine)
2016-04-18 05:26Botnet C&CTeslaCrypt
4turka.com
FBS INC.185.12.108.138 (- Turkey)
2016-04-17 15:06Botnet C&CLocky
185.14.28.30
185.14.28.30 (- Netherlands)
2016-04-17 06:49Botnet C&CLocky
91.230.211.103
91.230.211.103 (- Russian Federation)
2016-04-17 06:49Botnet C&CLocky
31.184.196.74
31.184.196.74 (- Russian Federation)
2016-04-17 05:07Botnet C&CLocky
91.219.29.81
91.219.29.81 (- Ukraine)
2016-04-16 16:42Botnet C&CLocky
jghbktqepe.pw
101Domain, Inc.195.22.28.198 (- Portugal)
2016-04-16 14:31Botnet C&CPayCrypt
jfheubdh.cc
KEY-SYSTEMS GMBH85.25.194.97 (- Germany)
2016-04-16 14:31Botnet C&CPayCrypt
jfheubdh.cc
KEY-SYSTEMS GMBH85.25.194.97 (- Germany)
2016-04-15 18:53Botnet C&CTeslaCrypt
lorangeriedelareine.fr
ONLINE SAS62.210.116.247 (- France)
2016-04-15 10:39Botnet C&CLocky
uhhvhjqowpgopq.xyz
Namecheap208.100.26.234 (- United States)

# of rows displayed: 100
# of entries in database: 12'863

Page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 >