Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage | GlobeImposter

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 23:57Botnet C&CCryptoWall
bolizarsospos.com
GoDaddy.com, LLC195.157.15.100 (- United Kingdom)
2016-03-17 18:22Botnet C&CLocky
plfbvdrpvsm.pw
Namecheap208.100.26.234 (- United States)
2016-03-17 07:14Botnet C&CTeslaCrypt
shampooherbal.com
NAME.COM, INC. (n/a)
2016-03-16 23:48Botnet C&CTeslaCrypt
joshsawyerdesign.com
GODADDY.COM, LLC107.180.4.11 (- United States)
2016-03-16 16:31Botnet C&CLocky
51.254.181.122
51.254.181.122 (- France)
2016-03-16 14:19Botnet C&CTeslaCrypt
hmgame.net
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-16 13:57Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.bestxprice.ch
(n/a)
2016-03-16 13:56Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.livecamshow.ch
(n/a)
2016-03-16 13:53Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.tormaster.fr
1API GmbH (n/a)
2016-03-16 13:43Botnet C&CLocky
51.255.107.8
51.255.107.8 (- France)
2016-03-16 13:28Botnet C&CTeslaCrypt
marketathart.com
CRAZY DOMAINS FZ-LLC192.185.35.88 (- United States)
2016-03-16 13:13Botnet C&CLocky
91.195.12.187
91.195.12.187 (- Ukraine)
2016-03-16 12:47Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.torstation.li
(n/a)
2016-03-16 12:38Botnet C&CTorrentLocker
dumberg.org
Registrar of Domain Names REG.RU[...] (n/a)
2016-03-16 10:21Botnet C&CCTB-Locker
beedqybvjehzlud5.tor2web.org
Tucows Inc.194.150.168.70 (- Germany)
2016-03-16 10:17Botnet C&CTeslaCrypt
esbook.com
ENOM, INC. (n/a)
2016-03-16 09:57Payment SiteTeslaCrypt
kkr4hbwdklf234bfl84uoqleflqwrfqwuelfh.brazabaya.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-03-16 07:30Botnet C&CTeslaCrypt
prodocument.co.uk
GoDaddy.com, LLP.67.23.226.169 (- United States)
2016-03-16 07:29Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.torgate.es
(n/a)
2016-03-15 20:07Botnet C&CLocky
188.127.231.116
188.127.231.116 (- Russian Federation)
2016-03-15 17:14Botnet C&CLocky
37.139.27.52
37.139.27.52 (- Netherlands)
2016-03-15 14:30Distribution SiteLocky
hppl.net
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]207.148.248.143 (- United States)
2016-03-15 14:30Distribution SiteLocky
glslindia.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]158.69.103.88 (- Canada)
2016-03-15 14:29Distribution SiteLocky
gargsons.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]158.69.103.88 (- Canada)
2016-03-15 14:29Distribution SiteLocky
flaxxup.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]158.69.103.88 (- Canada)
2016-03-15 14:29Distribution SiteLocky
demo.essarinfotech.net
GODADDY.COM, LLC158.69.103.88 (- Canada)
2016-03-15 14:29Distribution SiteLocky
creditwallet.net
GODADDY.COM, LLC23.20.239.12 (- United States)
2016-03-15 14:28Distribution SiteLocky
c001456.aaa.ididp.com
XIN NET TECHNOLOGY CORPORATION47.91.139.156 (- United States)
2016-03-15 14:28Distribution SiteLocky
alumaxgroup.in
Webiq Domains Solutions Pvt. Ltd[...] (n/a)
2016-03-15 14:26Distribution SiteLocky
aimsande.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...]158.69.103.88 (- Canada)
2016-03-15 13:29Payment SiteTorrentLocker
3qbyaoohkcqkzrz6.torplanet.eu
eNom, Inc (n/a)
2016-03-15 12:43Botnet C&CLocky
51.255.107.10
51.255.107.10 (- France)
2016-03-15 11:43Botnet C&CTeslaCrypt
esbook.com
ENOM, INC. (n/a)
2016-03-15 08:11Botnet C&CTeslaCrypt
nlhomegarden.com
GODADDY.COM, LLC107.180.50.210 (- United States)
2016-03-15 07:51Botnet C&CTeslaCrypt
emmy2015.com
GODADDY.COM, LLC107.180.50.183 (- United States)
2016-03-15 07:38Distribution SiteTeslaCrypt
imgointoeatnowcc.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-15 07:38Distribution SiteTeslaCrypt
imgointoeatnowcc.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-15 07:38Distribution SiteTeslaCrypt
giveitalltheresqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-15 07:38Distribution SiteTeslaCrypt
giveitalltheresqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-14 15:40Botnet C&CTeslaCrypt
kel52.com
1&1 INTERNET SE108.167.141.20 (- United States)
2016-03-14 15:21Distribution SiteTeslaCrypt
washitallawayff.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-14 15:21Distribution SiteTeslaCrypt
giveitallhereqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-14 09:16Distribution SiteTeslaCrypt
ohelloguyff.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-14 09:15Distribution SiteTeslaCrypt
bonjovijonqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-14 07:49Payment SiteTeslaCrypt
974gfbjhb23hbfkyfaby3byqlyuebvly5q254y.mendilobo.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-03-14 07:42Payment SiteTeslaCrypt
a64gfdsjhb4htbiwaysbdvukyft5q.zobodine.at
(n/a)
2016-03-14 07:35Distribution SiteTeslaCrypt
ohelloguyqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-14 07:35Distribution SiteTeslaCrypt
ohelloguymyff.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-14 07:35Distribution SiteTeslaCrypt
ohelloguyzzqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-14 07:35Distribution SiteTeslaCrypt
howisittomorrowff.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-14 07:34Distribution SiteTeslaCrypt
bonjovijonqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-14 06:34Botnet C&CTeslaCrypt
198.1.95.93
(n/a)
2016-03-12 23:23Botnet C&CPayCrypt
neyenirneicilir.com
NICS TELEKOMUNIKASYON TICARET LT[...]94.73.150.190 (- Turkey)
2016-03-12 20:09Botnet C&CPayCrypt
promedia.co.in
GoDaddy.com, LLC (R101-AFIN)192.185.21.126 (- United States)
2016-03-12 10:21Botnet C&CTeslaCrypt
controlfreaknetworks.com
GODADDY.COM, LLC97.74.249.1 (- United States)
2016-03-12 09:43Botnet C&CCryptoWall
oregonreversemortgage.com
NAMEPAL.COM, LLC198.143.138.43 (- United States)
2016-03-12 09:43Botnet C&CCryptoWall
jambola.com
123-REG LIMITED208.109.189.88 (- United States)
2016-03-12 09:23Botnet C&CTeslaCrypt
shirongfeng.cn
浙江贰贰网络有限公司103.254.148.121 (- Hong Kong)
2016-03-11 21:48Botnet C&CLocky
91.234.32.192
91.234.32.192 (- Ukraine)
2016-03-11 19:35Botnet C&CLocky
91.219.30.254
91.219.30.254 (- Ukraine)
2016-03-11 13:41Botnet C&CLocky
31.184.196.75
31.184.196.75 (- Russian Federation)
2016-03-11 13:41Botnet C&CTeslaCrypt
sappmtraining.com
GODADDY.COM, LLC (n/a)
2016-03-11 13:04Payment SiteTeslaCrypt
bfd45u8ehdklrfqwlhbhjbgqw.niptana.at
(n/a)
2016-03-11 10:52Distribution SiteLocky
www.momstav.com
CSL COMPUTER SERVICE LANGENBACH [...] (n/a)
2016-03-11 10:52Distribution SiteLocky
galit-law.co.il
(n/a)
2016-03-11 10:51Distribution SiteLocky
peterdickem.com
WILD WEST DOMAINS, LLC31.192.113.173 (- Netherlands)
2016-03-11 10:51Distribution SiteLocky
nobilitas.cz
REG-STABLE88.86.120.181 (- Czech Republic)
2016-03-11 10:51Distribution SiteLocky
50.28.211.199
(n/a)
2016-03-11 10:51Distribution SiteLocky
nro.gov.sd
197.254.225.100 (- Sudan)
2016-03-11 10:20Distribution SiteLocky
ghayatv.com
DOMAIN.COM, LLC (n/a)
2016-03-11 10:13Distribution SiteTeslaCrypt
mommycantakeff.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-11 10:13Distribution SiteTeslaCrypt
mommycantakeff.com
WEB COMMERCE COMMUNICATIONS LIMI[...] (n/a)
2016-03-11 10:12Distribution SiteTeslaCrypt
hellomississmithqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-11 10:12Distribution SiteTeslaCrypt
hellomississmithqq.com
KEY-SYSTEMS GMBH (n/a)
2016-03-11 08:58Payment SiteTeslaCrypt
kh5jfnvkk5twerfnku5twuilrnglnuw45yhlw.vealsithe.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-03-11 06:52Botnet C&CTeslaCrypt
vtechshop.net
GODADDY.COM, LLC (n/a)
2016-03-11 06:47Distribution SiteLocky
kaleofis.com
NICS TELEKOMUNIKASYON TICARET LT[...]176.9.91.101 (- Germany)
2016-03-10 17:56Botnet C&CLocky
31.184.196.78
31.184.196.78 (- Russian Federation)
2016-03-10 15:54Botnet C&CTeslaCrypt
multibrandphone.com
1&1 INTERNET SE (n/a)
2016-03-10 13:36Payment SiteTeslaCrypt
irhng84nfaslbv243ljtblwqjrb.pinnafaon.at
(n/a)
2016-03-10 13:35Payment SiteTeslaCrypt
rbg4hfbilrf7to452p89hrfq.boonmower.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-03-10 12:32Botnet C&CTeslaCrypt
tele-channel.com
REALTIME REGISTER BV (n/a)
2016-03-10 11:40Botnet C&CLocky
91.234.33.149
91.234.33.149 (- Ukraine)
2016-03-10 11:18Botnet C&CTorrentLocker
vitrok.org
Registrar of Domain Names REG.RU[...] (n/a)
2016-03-10 10:52Distribution SiteLocky
xn--b1afonddk2l.xn--p1ai
(n/a)
2016-03-10 10:51Distribution SiteLocky
ncrweb.in
Webiq Domains Solutions Pvt. Ltd[...]146.88.26.212 (- India)
2016-03-10 10:51Distribution SiteLocky
iwear.md
(n/a)
2016-03-10 10:50Distribution SiteLocky
fortyseven.com.ar
(n/a)
2016-03-10 10:50Distribution SiteLocky
fashion-boutique.com.ua
ua.nic185.65.245.177 (- Ukraine)
2016-03-10 06:39Botnet C&CCryptoWall
gibdd.ws
Regtime.net Ltd.178.208.83.11 (- Russian Federation)
2016-03-10 06:39Botnet C&CCryptoWall
anoukdelecluse.nl
Hosting2GO B.V.83.137.194.20 (- Netherlands)
2016-03-10 05:51Botnet C&CTeslaCrypt
specializedaccess.co.uk
Namesco Limited85.233.160.146 (- United Kingdom)
2016-03-09 20:39Botnet C&CLocky
151.236.14.51
151.236.14.51 (- Netherlands)
2016-03-09 19:25Botnet C&CLocky
egovrxvuspxck.be
101Domain, Inc.195.22.26.248 (- Portugal)

# of rows displayed: 100
# of entries in database: 13'867

Page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 >