Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2017-03-30 15:13Botnet C&CPayCrypt
boosterprize.biz
NAMECHEAP, INC.198.144.121.78 (- Belize)
2017-03-05 09:25Botnet C&CPayCrypt
www.nesqwikp.biz
NAMECHEAP, INC.31.220.40.22 (- Germany)
2016-07-30 07:49Botnet C&CPayCrypt
print-pack.club
Hosting Ukraine LLC.185.68.16.115 (- Ukraine) +1 A record(s) 185.68.16.115 (AS200000, - Ukraine)
2016-07-30 07:49Botnet C&CPayCrypt
print-pack.club
Hosting Ukraine LLC.185.68.16.115 (- Ukraine) +1 A record(s) 185.68.16.115 (AS200000, - Ukraine)
2016-07-07 22:00Botnet C&CPayCrypt
graund-a.com.ua
ua.ukraine185.68.16.115 (- Ukraine) +1 A record(s) 185.68.16.115 (AS200000, - Ukraine)
2016-07-07 22:00Botnet C&CPayCrypt
graund-a.com.ua
ua.ukraine185.68.16.115 (- Ukraine) +1 A record(s) 185.68.16.115 (AS200000, - Ukraine)
2016-05-04 22:34Botnet C&CPayCrypt
dnibsan.com
ENOM, INC.67.225.220.95 (- United States)
2016-04-27 10:13Botnet C&CPayCrypt
parasolesdecolombia.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]198.1.80.79 (- United States)
2016-04-16 14:31Botnet C&CPayCrypt
jfheubdh.cc
KEY-SYSTEMS GMBH85.25.194.97 (- Germany) +1 A record(s) 85.25.194.97 (AS8972, - Germany)
2016-04-16 14:31Botnet C&CPayCrypt
jfheubdh.cc
KEY-SYSTEMS GMBH85.25.194.97 (- Germany) +1 A record(s) 85.25.194.97 (AS8972, - Germany)
2016-04-11 12:39Botnet C&CPayCrypt
www.hiverhoney.com
GODADDY.COM, LLC162.253.144.139 (- United States)
2016-03-28 12:13Botnet C&CPayCrypt
livingbybuddhism.com
TUCOWS DOMAINS INC.103.6.198.132 (- Malaysia) +1 A record(s) 103.6.198.132 (AS46015, - Malaysia)
2016-03-28 12:13Botnet C&CPayCrypt
livingbybuddhism.com
TUCOWS DOMAINS INC.103.6.198.132 (- Malaysia) +1 A record(s) 103.6.198.132 (AS46015, - Malaysia)
2016-03-19 23:39Botnet C&CPayCrypt
promedia.co.in
GoDaddy.com, LLC (R101-AFIN)192.185.21.126 (- United States) +1 A record(s) 192.185.21.126 (AS20013, - United States)
2016-03-12 23:23Botnet C&CPayCrypt
neyenirneicilir.com
NICS TELEKOMUNIKASYON TICARET LT[...]94.73.150.190 (- Turkey)
2016-03-12 20:09Botnet C&CPayCrypt
promedia.co.in
GoDaddy.com, LLC (R101-AFIN)192.185.21.126 (- United States) +1 A record(s) 192.185.21.126 (AS20013, - United States)
2016-02-22 23:34Botnet C&CPayCrypt
vonee.com
LIQUIDNET LTD.198.23.48.58 (- United States)

# of rows displayed: 17
# of entries in database: 12'828