Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-02-29 09:32Botnet C&CTeslaCrypt
imagescroll.com
1&1 INTERNET SE62.210.141.228 (- France)
2016-02-28 21:57Botnet C&CCryptoWall
lazymoosestamping.com
ENOM, INC.173.225.189.5 (- United States)
2016-02-28 21:37Botnet C&CCryptoWall
maternalserenity.co.uk
eNom, Inc.69.10.56.10 (- United States)
2016-02-28 08:50Botnet C&CTeslaCrypt
hongsi.com
GABIA, INC.110.45.144.173 (- Korea)
2016-02-27 13:46Botnet C&CTeslaCrypt
biocarbon.com.ec
NIC.EC Registrar (n/a)
2016-02-27 11:53Botnet C&CCryptoWall
www.vishvagujarat.com
GODADDY.COM, LLC104.27.142.99 (- United States)
2016-02-27 11:53Botnet C&CCryptoWall
igatha.com
GODADDY.COM, LLC217.23.12.215 (- Netherlands)
2016-02-27 11:53Botnet C&CCryptoWall
cursos.feyda.net
NETWORK SOLUTIONS, LLC.198.154.228.128 (- United States)
2016-02-27 09:21Payment SiteTeslaCrypt
tes543berda73i48fsdfsd.keratadze.at
(n/a)
2016-02-27 09:21Payment SiteTeslaCrypt
gwe32fdr74bhfsyujb34gfszfv.zatcurr.com
BIZCN.COM, INC.184.105.192.2 (- United States)
2016-02-27 07:47Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.onion.cab
InterNetworX Ltd. & Co. KG85.25.214.50 (- Germany)
2016-02-27 05:29Botnet C&CTeslaCrypt
heizhuangym.com
WEST263 INTERNATIONAL LIMITED103.254.148.129 (- Hong Kong)
2016-02-27 00:21Botnet C&CCryptoWall
best-service.jp
203.145.230.194 (- Japan)
2016-02-26 18:21Botnet C&CTeslaCrypt
surrogacyandadoption.com
GODADDY.COM, LLC185.26.122.59 (- Russian Federation)
2016-02-26 07:41Payment SitePadCrypt
gnkltbsaeq35rejl.tor2web.org
Tucows Inc.185.100.85.150 (- Romania) +1 A record(s) 192.36.27.5 (AS60729, - Sweden)
2016-02-26 07:40Payment SitePadCrypt
gnkltbsaeq35rejl.onion.cab
InterNetworX Ltd. & Co. KG62.138.11.6 (- Germany)
2016-02-26 07:12Botnet C&CPadCrypt
gnkltbsaeq35rejl.onion.to
217.197.83.197 (- Germany)
2016-02-26 06:49Botnet C&CTeslaCrypt
jessforkicks.com
GODADDY.COM, LLC96.226.119.251 (- United States)
2016-02-26 00:23Botnet C&CCryptoWall
viralcrazies.com
ENOM, INC. (n/a)
2016-02-25 21:44Botnet C&CCryptoWall
eatside.es
(n/a)
2016-02-25 21:44Botnet C&CCryptoWall
double-wing.de
217.119.54.152 (- Germany)
2016-02-25 21:44Botnet C&CCryptoWall
domaine-cassillac.com
OVH213.186.33.87 (- France)
2016-02-25 20:31Botnet C&CLocky
185.22.67.27
185.22.67.27 (- Kazakhstan)
2016-02-25 20:02Payment SiteTeslaCrypt
kkd47eh4hdjshb5t.angortra.at
(n/a)
2016-02-25 20:02Payment SiteTeslaCrypt
tt54rfdjhb34rfbnknaerg.milerteddy.com
BIZCN.COM, INC.184.105.192.2 (- United States)
2016-02-25 18:20Botnet C&CLocky
91.121.97.170
91.121.97.170 (- France)
2016-02-25 16:30Botnet C&CCryptoWall
recaswine.ro
ICI - ROTLD93.118.36.235 (- Romania)
2016-02-25 16:30Botnet C&CCryptoWall
ecocalsots.com
TECNOCRATICA CENTRO DE DATOS, S.[...]37.247.125.42 (- Spain)
2016-02-25 16:30Botnet C&CCryptoWall
definitionen.de
136.243.69.220 (- Germany)
2016-02-25 14:35Botnet C&CCryptoWall
nupleta.com.br
186.202.127.236 (- Brazil)
2016-02-25 14:30Botnet C&CLocky
odgtnkmq.pw
Gandi SAS98.143.148.173 (- United States)
2016-02-25 14:30Botnet C&CLocky
jxqdry.ru
101DOMAIN-RU195.22.28.199 (- Portugal)
2016-02-25 14:30Botnet C&CLocky
bnjhx.eu
Key-Systems GmbH195.22.28.197 (- Portugal)
2016-02-25 11:25Botnet C&CTeslaCrypt
lutheranph.com
1&1 INTERNET SE107.180.41.49 (- United States)
2016-02-25 10:02Botnet C&CLocky
5.34.183.136
5.34.183.136 (- Ukraine)
2016-02-25 08:45Botnet C&CLocky
51.254.19.227
51.254.19.227 (- France)
2016-02-25 08:39Payment SiteLocky
twbers4hmi6dc65f.onion.cab
InterNetworX Ltd. & Co. KG62.138.11.6 (- Germany)
2016-02-25 08:38Payment SiteLocky
twbers4hmi6dc65f.onion.to
185.100.85.150 (- Romania) +1 A record(s) 192.36.27.5 (AS60729, - Sweden)
2016-02-25 08:38Payment SiteLocky
twbers4hmi6dc65f.tor2web.org
Tucows Inc.185.100.85.150 (- Romania) +1 A record(s) 192.36.27.5 (AS60729, - Sweden)
2016-02-25 08:13Botnet C&CLocky
31.184.197.119
31.184.197.119 (- Russian Federation)
2016-02-25 07:38Payment SiteTeslaCrypt
nnrtsdf34dsjhb23rsdf.spannflow.com
PAKNIC (PRIVATE) LIMITED216.218.135.114 (- United States)
2016-02-25 07:06Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.tor2web.fi
194.150.168.74 (- Germany)
2016-02-25 07:00Botnet C&CTeslaCrypt
snibi.se
www.NameSRS.com212.16.182.196 (- Sweden)
2016-02-24 18:36Botnet C&CCryptoWall
haarsaloncindy.nl
Mijn InternetOplossing B.V.5.178.65.43 (- Netherlands)
2016-02-24 07:44Payment SiteTeslaCrypt
ytrest84y5i456hghadefdsd.pontogrot.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-02-24 05:50Botnet C&CTeslaCrypt
www.big-cola.com
GODADDY.COM, LLC (n/a)
2016-02-23 13:55Botnet C&CTeslaCrypt
salesandmarketing101.net
GODADDY.COM, LLC23.229.172.137 (- United States)
2016-02-23 13:24Botnet C&CTeslaCrypt
ikstrade.co.kr
110.45.144.173 (- Korea)
2016-02-23 11:57Payment SiteTeslaCrypt
nn54djhfnrnm4dnjnerfsd.replylaten.at
(n/a)
2016-02-23 11:45Botnet C&CLocky
185.46.11.239
185.46.11.239 (- Russian Federation)
2016-02-23 11:26Botnet C&CCryptoWall
feuerwehr-stadt-riesa.de
178.254.50.156 (- Germany)
2016-02-23 11:26Botnet C&CCryptoWall
www.rippedknees.co.uk
123-Reg Limited t/a 123-reg212.48.68.63 (- United Kingdom)
2016-02-23 11:26Botnet C&CCryptoWall
www.hanoiguidedtours.com
NHAN HOA SOFTWARE COMPANY LTD104.131.43.146 (- United States)
2016-02-23 11:26Botnet C&CCryptoWall
takatei.com
GMO INTERNET, INC. DBA ONAMAE.CO[...]203.189.109.240 (- Japan)
2016-02-23 11:26Botnet C&CCryptoWall
paintituppottery.com
IN2NET NETWORK, INC.208.117.38.143 (- United States)
2016-02-23 06:07Botnet C&CTeslaCrypt
salaeigroup.com
GODADDY.COM, LLC107.180.2.115 (- United States)
2016-02-22 23:43Botnet C&CCryptoWall
ecolux-comfort.com
DOMAINCONTEXT, INC.188.127.249.243 (- Russian Federation)
2016-02-22 23:34Botnet C&CPayCrypt
vonee.com
LIQUIDNET LTD.198.23.48.58 (- United States)
2016-02-22 21:39Botnet C&CCryptoWall
building.msu.ac.th
T.H.NIC Co., Ltd.202.28.32.20 (- Thailand)
2016-02-22 21:39Botnet C&CCryptoWall
www.granmarquise.com.br
187.18.184.70 (- Brazil)
2016-02-22 21:39Botnet C&CCryptoWall
konyavakfi.nl
RAPIDE Internet91.208.60.158 (- Netherlands)
2016-02-22 21:39Botnet C&CCryptoWall
abdal.com.ua
ua.ukraine185.68.16.196 (- Ukraine)
2016-02-22 08:01Payment SiteTeslaCrypt
dd7bsndhr45nfksdnkferfer.javakale.at
(n/a)
2016-02-22 08:01Payment SiteTeslaCrypt
k4restportgonst34d23r.oftpony.at
(n/a)
2016-02-22 07:49Payment SiteLocky
6dtxgqam4crv6rr6.onion.cab
InterNetworX Ltd. & Co. KG62.138.11.6 (- Germany)
2016-02-21 15:23Botnet C&CLocky
188.138.88.184
188.138.88.184 (- Germany)
2016-02-21 13:37Botnet C&CLocky
31.184.233.106
31.184.233.106 (- Russian Federation)
2016-02-20 15:45Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.nu
WorldNames, Inc188.213.49.65 (- Romania) +1 A record(s) 46.36.37.82 (AS47381, - Czech Republic)
2016-02-20 15:44Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.link
103.198.0.2 (- Singapore)
2016-02-20 15:43Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.to
185.100.85.150 (- Romania) +1 A record(s) 192.36.27.5 (AS60729, - Sweden)
2016-02-20 15:29Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.onion.lt
Gandi Sas82.94.251.220 (- Netherlands)
2016-02-20 15:29Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.onion.gq
192.42.118.104 (- Netherlands)
2016-02-20 13:37Botnet C&CCryptoWall
frame3d.de
178.254.10.169 (- Germany)
2016-02-20 11:21Botnet C&CCryptoWall
autohaus-seevetal.com
CRONON AG81.169.145.162 (- Germany)
2016-02-20 11:21Botnet C&CCryptoWall
www.healthstafftravel.com.au
GoDaddy.com, LLC64.207.186.229 (- United States)
2016-02-20 11:21Botnet C&CCryptoWall
bisofit.com
ONLINENIC, INC.185.68.16.111 (- Ukraine)
2016-02-20 10:39Botnet C&CLocky
gitybdjgbxd.nl
Gandi98.143.148.173 (- United States)
2016-02-20 10:39Botnet C&CLocky
31.41.47.37
31.41.47.37 (- Russian Federation)
2016-02-20 10:39Botnet C&CLocky
svkjhguk.ru
101DOMAIN-RU195.22.28.199 (- Portugal)
2016-02-20 10:27Payment SiteTeslaCrypt
5rport45vcdef345adfkksawe.bematvocal.at
(n/a)
2016-02-20 10:27Payment SiteTeslaCrypt
b4youfred5485jgsa3453f.italazudda.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-02-20 10:27Payment SiteTeslaCrypt
prest54538hnksjn4kjfwdbhwere.hotchunman.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-02-19 18:19Botnet C&CLocky
pvwinlrmwvccuo.eu
OnlineNIC Inc185.46.11.239 (- Russian Federation)
2016-02-19 17:19Botnet C&CTeslaCrypt
iglesiaelrenacer.com
GODADDY.COM, LLC160.153.76.161 (- United States)
2016-02-19 16:13Botnet C&CCryptoWall
aditaborai.com.br
108.179.192.88 (- United States)
2016-02-19 14:03Botnet C&CLocky
85.25.138.187
85.25.138.187 (- Germany)
2016-02-19 05:13Botnet C&CCryptoWall
theassemblyguy.co.nz
103.40.81.47 (- New Zealand)
2016-02-19 05:13Botnet C&CCryptoWall
www.001edizioni.com
TUCOWS DOMAINS INC.95.110.230.190 (- Italy)
2016-02-18 18:33Botnet C&CLocky
94.242.57.45
94.242.57.45 (- Russian Federation)
2016-02-18 13:48Botnet C&CLocky
46.4.239.76
46.4.239.76 (- Germany)
2016-02-18 13:37Botnet C&CLocky
185.14.30.97
185.14.30.97 (- Netherlands)
2016-02-18 12:32Botnet C&CLocky
uxvvm.us
DYNADOT LLC69.195.129.70 (- United States)
2016-02-18 12:32Botnet C&CLocky
dltvwp.it
ITDOMAINS-REG104.238.173.18 (- United Kingdom)
2016-02-18 11:31Botnet C&CTeslaCrypt
dongxinh.com
ONLINENIC, INC.103.27.60.14 (- Vietnam)
2016-02-18 10:44Botnet C&CTeslaCrypt
dustywinslow.com
ENOM, INC.108.174.112.194 (- United States)
2016-02-18 10:44Botnet C&CLocky
kqlxtqptsmys.in
101domain, Inc. (R115-AFIN)195.22.28.198 (- Portugal)
2016-02-18 10:44Botnet C&CLocky
95.181.171.58
95.181.171.58 (- Russian Federation)
2016-02-18 02:36Botnet C&CLocky
195.154.241.208
195.154.241.208 (- France)
2016-02-17 17:57Botnet C&CLocky
sdwempsovemtr.yt
EURODNS S.A.45.56.77.175 (- United States)
2016-02-17 17:57Botnet C&CLocky
fnarsipfqe.pw
Namecheap45.56.77.175 (- United States)

# of rows displayed: 100
# of entries in database: 12'877

Page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 >