Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-09-06 20:34Payment SiteCerber
4kqd3hmqgptupi3p.eventeach.gdn
AlpNames Limited (n/a)
2016-09-06 19:00Payment SiteCerber
4kqd3hmqgptupi3p.pairsraw.loan
Alpnames Limited (n/a)
2016-09-06 18:17Botnet C&CLocky
158.255.6.109
158.255.6.109 (- Russian Federation)
2016-09-06 12:51Distribution SiteLocky
bookinghotworld.ws
PDR Ltd. d/b/a PublicDomainRegis[...] (n/a)
2016-09-06 12:49Distribution SiteLocky
iesjaumei.edu.gva.es
193.145.207.93 (- Spain) +1 A record(s) 195.77.17.32 (AS766, - Spain)
2016-09-06 09:52Distribution SiteLocky
canonsupervideo4k.ws
Eranet International Limited (n/a)
2016-09-06 09:17Distribution SiteLocky
www.dondana.com
TUCOWS DOMAINS INC.195.78.215.76 (- Italy)
2016-09-06 09:17Distribution SiteLocky
www.csm94.org
Ascio Technologies, Inc. Danmark[...]213.205.40.169 (- Italy)
2016-09-06 09:16Distribution SiteLocky
www.vanhoenacker.net
TUCOWS DOMAINS INC.195.238.0.64 (- Belgium)
2016-09-06 09:15Distribution SiteLocky
www.saumi.jazztel.es
62.14.3.195 (- Spain)
2016-09-06 09:15Distribution SiteLocky
www.leprimodels.it
TISCALIDOMAIN-REG31.11.34.87 (- Italy)
2016-09-06 09:15Distribution SiteLocky
propaganda.nichost.ru
RU-CENTER-RU195.208.1.109 (- Russian Federation)
2016-09-06 09:15Distribution SiteLocky
www.mussystems.net
TUCOWS DOMAINS INC.195.238.0.64 (- Belgium)
2016-09-06 09:15Distribution SiteLocky
www.lagottoromagnolo.be
Telenet BVBA195.130.132.84 (- Belgium)
2016-09-06 09:14Distribution SiteLocky
daedalus.dommel.be
SCHEDOM NV / DOMMEL.COM193.109.184.81 (- Belgium)
2016-09-06 09:13Distribution SiteLocky
jamesm.co.uk
Native Logic Ltd. t/a nativespac[...]212.53.86.59 (- United Kingdom)
2016-09-06 09:12Distribution SiteLocky
knochem.samsu.ru
RU-CENTER-RU195.209.65.5 (- Russian Federation)
2016-09-06 09:12Distribution SiteLocky
www.commentaborderunefille.fr
ONLINE SAS213.186.33.4 (- France)
2016-09-06 09:11Distribution SiteLocky
berufe.web.fc2.com
INSTRA CORPORATION PTY, LTD.208.71.106.45 (- United States)
2016-09-06 09:11Distribution SiteLocky
www.ussanlorenzo.it
TISCALIDOMAIN-REG213.205.40.169 (- Italy)
2016-09-06 09:11Distribution SiteLocky
www.francogatta.it
MCLINK-REG195.78.215.76 (- Italy)
2016-09-06 09:10Distribution SiteLocky
www.assonet.org
Tucows Inc.195.78.215.76 (- Italy)
2016-09-06 09:09Distribution SiteLocky
www.carloabati.com
ASCIO TECHNOLOGIES, INC. DANMARK[...]213.205.40.169 (- Italy)
2016-09-06 09:08Distribution SiteLocky
conserpa.vtrbandaancha.net
REGISTER.COM, INC.200.83.4.62 (- Chile)
2016-09-06 09:08Distribution SiteLocky
www.hotelancorariviera.com
REGISTER.IT SPA80.91.55.42 (- Italy)
2016-09-06 09:06Distribution SiteLocky
www.ieslamerced.es
62.42.230.17 (- Spain)
2016-09-06 09:05Distribution SiteLocky
immobilien1000.de
217.22.207.207 (- Germany)
2016-09-06 09:04Distribution SiteLocky
abcbureautique.abc.perso.neuf.fr
Société Française du Radioté[...]86.65.123.70 (- France)
2016-09-06 09:03Distribution SiteLocky
www.apmmc.it
BETAM-REG80.73.225.20 (- Italy)
2016-09-06 09:03Distribution SiteLocky
parlament.monar.org
PDR Ltd. d/b/a PublicDomainRegis[...]176.32.162.200 (- Poland)
2016-09-06 09:03Distribution SiteLocky
www.qualityacoustic.comcastbiz.net
CSC CORPORATE DOMAINS, INC.216.87.186.101 (- United States)
2016-09-06 05:16Payment SiteCerber
4kqd3hmqgptupi3p.tieslaws.link
Alpnames Limited (n/a)
2016-09-05 22:21Botnet C&CLocky
91.211.119.71
91.211.119.71 (- Ukraine)
2016-09-05 18:59Payment SiteCerber
wjtqjleommc4z46i.n8ln0w.bid
Eranet International Limited (n/a)
2016-09-05 18:36Payment SiteCerber
wjtqjleommc4z46i.5n5y6v.bid
Eranet International Limited (n/a)
2016-09-05 18:18Distribution SiteLocky
darkestzone2.wang
Todaynic com Inc (n/a)
2016-09-05 18:13Distribution SiteLocky
canonsupervideo4k.ws
Eranet International Limited (n/a)
2016-09-05 18:11Distribution SiteLocky
maxshoppppsr.biz
ERANET INTERNATIONAL LIMITED (n/a)
2016-09-05 18:11Distribution SiteLocky
bookinghotworld.ws
PDR Ltd. d/b/a PublicDomainRegis[...] (n/a)
2016-09-05 16:58Distribution SiteLocky
www.rossorelli.ru
DOMENUS-RU78.110.50.113 (- Russian Federation)
2016-09-05 16:57Distribution SiteLocky
www.madonnaceleste.com
REGISTER.IT SPA185.2.4.49 (- Italy)
2016-09-05 16:57Distribution SiteLocky
foto.hasimehrou.cz
REG-IGNUM78.24.9.81 (- Czech Republic)
2016-09-05 16:57Distribution SiteLocky
lcc.vtrbandaancha.net
REGISTER.COM, INC.200.83.4.62 (- Chile)
2016-09-05 16:57Distribution SiteLocky
www.yacht-market.eu
DotRoll Kft.91.195.240.70 (- Germany)
2016-09-05 16:56Distribution SiteLocky
rakutenka.tuzikaze.com
GMO INTERNET, INC. DBA ONAMAE.CO[...]112.140.42.29 (- Japan)
2016-09-05 16:56Distribution SiteLocky
amii.50webs.com
GODADDY.COM, LLC162.210.101.7 (- United States)
2016-09-05 16:56Distribution SiteLocky
www.officinaomc.com
ASCIO TECHNOLOGIES, INC. DANMARK[...]62.149.189.71 (- Italy)
2016-09-05 16:55Distribution SiteLocky
gregor-weiss.business.t-online.de
80.150.6.138 (- Germany)
2016-09-05 16:54Distribution SiteLocky
bbruo.edurm.ru
RU-CENTER-RU85.95.169.19 (- Russian Federation)
2016-09-05 16:54Distribution SiteLocky
jvelizg.vtrbandaancha.net
REGISTER.COM, INC.200.83.4.62 (- Chile)
2016-09-05 16:54Distribution SiteLocky
tensai.wallst.ru
RU-CENTER-RU212.46.196.141 (- Russian Federation)
2016-09-05 16:54Distribution SiteLocky
kakeekoda.web.fc2.com
INSTRA CORPORATION PTY, LTD.208.71.106.48 (- United States)
2016-09-05 16:53Distribution SiteLocky
deemc.homepage.t-online.de
80.150.6.138 (- Germany)
2016-09-05 16:53Distribution SiteLocky
seikeiradioclub.web.fc2.com
INSTRA CORPORATION PTY, LTD.208.71.106.61 (- United States)
2016-09-05 16:53Distribution SiteLocky
www.fabriziolovino.com
ASCIO TECHNOLOGIES, INC. DANMARK[...]213.205.40.169 (- Italy)
2016-09-05 16:52Distribution SiteLocky
mojejeze.republika.pl
Domeny.pl sp. z o.o.213.180.150.17 (- Poland)
2016-09-05 16:51Distribution SiteLocky
yggithuq.utawebhost.at
195.248.63.109 (- Austria)
2016-09-05 16:50Distribution SiteLocky
tvcm.com.br
177.66.162.183 (- Brazil)
2016-09-05 16:49Distribution SiteLocky
frumuseanudaniela.go.ro
ICI - ROTLD81.196.20.134 (- Romania)
2016-09-05 16:49Distribution SiteLocky
miyufortuneteller.web.fc2.com
INSTRA CORPORATION PTY, LTD.208.71.106.62 (- United States)
2016-09-05 16:49Distribution SiteLocky
52433865.fn.freenet-hosting.de
81.169.145.153 (- Germany)
2016-09-05 16:48Distribution SiteLocky
lanjaron.es.mialias.net
10DENCEHISPAHARD, S.L (n/a)
2016-09-05 16:48Distribution SiteLocky
monkeeey.web.fc2.com
INSTRA CORPORATION PTY, LTD.208.71.106.37 (- United States)
2016-09-05 16:48Distribution SiteLocky
www.birthmark.go.ro
ICI - ROTLD81.196.20.134 (- Romania)
2016-09-05 16:47Distribution SiteLocky
roadstercrew-nw.homepage.t-online.de
80.150.6.138 (- Germany)
2016-09-05 16:47Distribution SiteLocky
www.equipe4.net
TUCOWS DOMAINS INC.195.238.0.64 (- Belgium)
2016-09-05 16:47Payment SiteCerber
52uo5k3t73ypjije.pfija1.bid
Eranet International Limited (n/a)
2016-09-05 16:46Distribution SiteLocky
quietvain.nobody.jp
112.140.42.29 (- Japan)
2016-09-05 16:46Distribution SiteLocky
www.poli-mec.it
TISCALIDOMAIN-REG213.205.40.169 (- Italy)
2016-09-05 16:46Distribution SiteLocky
www.bals.nichost.ru
RU-CENTER-RU195.208.1.100 (- Russian Federation)
2016-09-05 16:45Distribution SiteLocky
www.masamaru.net
GMO INTERNET, INC. DBA ONAMAE.CO[...] (n/a)
2016-09-05 12:34Botnet C&CLocky
qsbfwgtedexirbyoq.pw
Namecheap95.211.174.92 (- Netherlands)
2016-09-05 12:34Botnet C&CLocky
cdxbbpngq.pw
Registrar of Domain Names REG.RU[...]n/a
2016-09-05 11:55Payment SiteCerber
wjtqjleommc4z46i.fw1bwy.bid
Eranet International Limited (n/a)
2016-09-05 11:44Payment SiteCerber
52uo5k3t73ypjije.35u068.bid
Eranet International Limited (n/a)
2016-09-05 11:01Distribution SiteLocky
canonsupervideo4k.ws
Eranet International Limited (n/a)
2016-09-05 09:29Distribution SiteLocky
darkestzone2.wang
Todaynic com Inc (n/a)
2016-09-05 05:40Payment SiteCerber
52uo5k3t73ypjije.z97f9v.bid
Eranet International Limited (n/a)
2016-09-04 21:32Payment SiteCerber
52uo5k3t73ypjije.ojx58b.bid
Eranet International Limited (n/a)
2016-09-04 18:48Payment SiteCerber
52uo5k3t73ypjije.wl52rt.bid
Eranet International Limited (n/a)
2016-09-04 18:43Payment SiteCerber
wjtqjleommc4z46i.w3r6a4.bid
Eranet International Limited (n/a)
2016-09-04 18:32Payment SiteCerber
52uo5k3t73ypjije.80yabh.bid
Eranet International Limited (n/a)
2016-09-04 15:55Payment SiteCerber
4kqd3hmqgptupi3p.barberryshin.casa
Alpnames (n/a)
2016-09-04 15:11Payment SiteCerber
4kqd3hmqgptupi3p.clockhate.loan
Alpnames Limited (n/a)
2016-09-04 14:51Payment SiteCerber
4kqd3hmqgptupi3p.athere.in
Endurance Domains Technology Pvt[...] (n/a)
2016-09-04 14:46Payment SiteCerber
unocl45trpuoefft.igrj6t.bid
Eranet International Limited (n/a)
2016-09-04 13:23Payment SiteCerber
52uo5k3t73ypjije.ih9te2.bid
Eranet International Limited (n/a)
2016-09-04 11:36Payment SiteCerber
unocl45trpuoefft.6w3rkc.bid
Eranet International Limited (n/a)
2016-09-04 07:51Payment SiteCerber
unocl45trpuoefft.p1gneb.bid
Eranet International Limited (n/a)
2016-09-04 07:04Payment SiteCerber
wjtqjleommc4z46i.8a9r2h.bid
Eranet International Limited (n/a)
2016-09-04 06:38Payment SiteCerber
52uo5k3t73ypjije.cfu46r.bid
Eranet International Limited (n/a)
2016-09-04 06:35Payment SiteCerber
52uo5k3t73ypjije.uv39h5.bid
Eranet International Limited (n/a)
2016-09-04 03:09Payment SiteCerber
wjtqjleommc4z46i.f0jlbj.bid
Eranet International Limited (n/a)
2016-09-04 01:03Payment SiteCerber
unocl45trpuoefft.x9kjcn.bid
Eranet International Limited (n/a)
2016-09-03 22:37Payment SiteCerber
4kqd3hmqgptupi3p.boxsame.kim
Alpnames Limited (n/a)
2016-09-03 20:39Payment SiteCerber
4kqd3hmqgptupi3p.wallluck.date
Alpnames Limited (n/a)
2016-09-03 17:57Payment SiteCerber
4kqd3hmqgptupi3p.metmet.win
Alpnames Limited (n/a)
2016-09-03 16:28Payment SiteCerber
wjtqjleommc4z46i.efyh72.bid
Eranet International Limited (n/a)
2016-09-03 15:34Payment SiteCerber
4kqd3hmqgptupi3p.itdrink.club
Alpnames Limited (n/a)
2016-09-03 14:55Payment SiteCerber
52uo5k3t73ypjije.kwnw1b.bid
Eranet International Limited (n/a)

# of rows displayed: 100
# of entries in database: 12'974

Page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 >