Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage | GlobeImposter

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2016-02-25 20:02Payment SiteTeslaCrypt
tt54rfdjhb34rfbnknaerg.milerteddy.com
BIZCN.COM, INC.184.105.192.2 (- United States)
2016-02-25 18:20Botnet C&CLocky
91.121.97.170
91.121.97.170 (- France)
2016-02-25 16:30Botnet C&CCryptoWall
recaswine.ro
ICI - ROTLD93.118.36.235 (- Romania)
2016-02-25 16:30Botnet C&CCryptoWall
ecocalsots.com
TECNOCRATICA CENTRO DE DATOS, S.[...]37.247.125.42 (- Spain)
2016-02-25 16:30Botnet C&CCryptoWall
definitionen.de
136.243.69.220 (- Germany)
2016-02-25 14:35Botnet C&CCryptoWall
nupleta.com.br
186.202.127.236 (- Brazil)
2016-02-25 14:30Botnet C&CLocky
odgtnkmq.pw
Gandi SAS98.143.148.173 (- United States)
2016-02-25 14:30Botnet C&CLocky
jxqdry.ru
101DOMAIN-RU195.22.28.199 (- Portugal)
2016-02-25 14:30Botnet C&CLocky
bnjhx.eu
Key-Systems GmbH195.22.28.197 (- Portugal)
2016-02-25 11:25Botnet C&CTeslaCrypt
lutheranph.com
1&1 INTERNET SE (n/a)
2016-02-25 10:02Botnet C&CLocky
5.34.183.136
5.34.183.136 (- Ukraine)
2016-02-25 08:45Botnet C&CLocky
51.254.19.227
51.254.19.227 (- France)
2016-02-25 08:39Payment SiteLocky
twbers4hmi6dc65f.onion.cab
InterNetworX Ltd. & Co. KG62.138.11.6 (- Germany)
2016-02-25 08:38Payment SiteLocky
twbers4hmi6dc65f.onion.to
185.100.85.150 (- Romania)
2016-02-25 08:38Payment SiteLocky
twbers4hmi6dc65f.tor2web.org
Tucows Inc.185.100.85.150 (- Romania)
2016-02-25 08:13Botnet C&CLocky
31.184.197.119
31.184.197.119 (- Russian Federation)
2016-02-25 07:38Payment SiteTeslaCrypt
nnrtsdf34dsjhb23rsdf.spannflow.com
PAKNIC (PRIVATE) LIMITED216.218.135.114 (- United States)
2016-02-25 07:06Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.tor2web.fi
194.150.168.74 (- Germany)
2016-02-25 07:00Botnet C&CTeslaCrypt
snibi.se
www.NameSRS.com212.16.182.196 (- Sweden)
2016-02-24 18:36Botnet C&CCryptoWall
haarsaloncindy.nl
Mijn InternetOplossing B.V.5.178.65.43 (- Netherlands)
2016-02-24 07:44Payment SiteTeslaCrypt
ytrest84y5i456hghadefdsd.pontogrot.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-02-24 05:50Botnet C&CTeslaCrypt
www.big-cola.com
GODADDY.COM, LLC (n/a)
2016-02-23 13:55Botnet C&CTeslaCrypt
salesandmarketing101.net
GODADDY.COM, LLC23.229.172.137 (- United States)
2016-02-23 13:24Botnet C&CTeslaCrypt
ikstrade.co.kr
110.45.144.173 (- Korea)
2016-02-23 11:57Payment SiteTeslaCrypt
nn54djhfnrnm4dnjnerfsd.replylaten.at
(n/a)
2016-02-23 11:45Botnet C&CLocky
185.46.11.239
185.46.11.239 (- Russian Federation)
2016-02-23 11:26Botnet C&CCryptoWall
feuerwehr-stadt-riesa.de
178.254.50.156 (- Germany)
2016-02-23 11:26Botnet C&CCryptoWall
www.rippedknees.co.uk
123-Reg Limited t/a 123-reg212.48.68.63 (- United Kingdom)
2016-02-23 11:26Botnet C&CCryptoWall
www.hanoiguidedtours.com
NHAN HOA SOFTWARE COMPANY LTD104.131.43.146 (- United States)
2016-02-23 11:26Botnet C&CCryptoWall
takatei.com
GMO INTERNET, INC. DBA ONAMAE.CO[...]203.189.109.240 (- Japan)
2016-02-23 11:26Botnet C&CCryptoWall
paintituppottery.com
IN2NET NETWORK, INC.208.117.38.143 (- United States)
2016-02-23 06:07Botnet C&CTeslaCrypt
salaeigroup.com
GODADDY.COM, LLC (n/a)
2016-02-22 23:43Botnet C&CCryptoWall
ecolux-comfort.com
DOMAINCONTEXT, INC.188.127.249.243 (- Russian Federation)
2016-02-22 23:34Botnet C&CPayCrypt
vonee.com
LIQUIDNET LTD.198.23.48.58 (- United States)
2016-02-22 21:39Botnet C&CCryptoWall
building.msu.ac.th
T.H.NIC Co., Ltd.202.28.32.20 (- Thailand)
2016-02-22 21:39Botnet C&CCryptoWall
www.granmarquise.com.br
187.18.184.70 (- Brazil)
2016-02-22 21:39Botnet C&CCryptoWall
konyavakfi.nl
RAPIDE Internet91.208.60.158 (- Netherlands)
2016-02-22 21:39Botnet C&CCryptoWall
abdal.com.ua
ua.ukraine185.68.16.196 (- Ukraine)
2016-02-22 08:01Payment SiteTeslaCrypt
dd7bsndhr45nfksdnkferfer.javakale.at
(n/a)
2016-02-22 08:01Payment SiteTeslaCrypt
k4restportgonst34d23r.oftpony.at
(n/a)
2016-02-22 07:49Payment SiteLocky
6dtxgqam4crv6rr6.onion.cab
InterNetworX Ltd. & Co. KG62.138.11.6 (- Germany)
2016-02-21 15:23Botnet C&CLocky
188.138.88.184
188.138.88.184 (- Germany)
2016-02-21 13:37Botnet C&CLocky
31.184.233.106
31.184.233.106 (- Russian Federation)
2016-02-20 15:45Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.nu
WorldNames, Inc (n/a)
2016-02-20 15:44Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.link
(n/a)
2016-02-20 15:43Payment SiteFAKBEN
24fkxhnr3cdtvwmy.onion.to
185.100.85.150 (- Romania)
2016-02-20 15:29Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.onion.lt
Gandi Sas82.94.251.220 (- Netherlands)
2016-02-20 15:29Botnet C&CCTB-Locker
zsn5qtrgfpu4tmpg.onion.gq
192.42.118.104 (- Netherlands)
2016-02-20 13:37Botnet C&CCryptoWall
frame3d.de
178.254.10.169 (- Germany)
2016-02-20 11:21Botnet C&CCryptoWall
autohaus-seevetal.com
CRONON AG81.169.145.162 (- Germany)
2016-02-20 11:21Botnet C&CCryptoWall
www.healthstafftravel.com.au
GoDaddy.com, LLC64.207.186.229 (- United States)
2016-02-20 11:21Botnet C&CCryptoWall
bisofit.com
ONLINENIC, INC.185.68.16.111 (- Ukraine)
2016-02-20 10:39Botnet C&CLocky
gitybdjgbxd.nl
Gandi98.143.148.173 (- United States)
2016-02-20 10:39Botnet C&CLocky
31.41.47.37
31.41.47.37 (- Russian Federation)
2016-02-20 10:39Botnet C&CLocky
svkjhguk.ru
101DOMAIN-RU195.22.28.199 (- Portugal)
2016-02-20 10:27Payment SiteTeslaCrypt
5rport45vcdef345adfkksawe.bematvocal.at
(n/a)
2016-02-20 10:27Payment SiteTeslaCrypt
b4youfred5485jgsa3453f.italazudda.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-02-20 10:27Payment SiteTeslaCrypt
prest54538hnksjn4kjfwdbhwere.hotchunman.com
KEY-SYSTEMS GMBH216.218.135.114 (- United States)
2016-02-19 18:19Botnet C&CLocky
pvwinlrmwvccuo.eu
OnlineNIC Inc185.46.11.239 (- Russian Federation)
2016-02-19 17:19Botnet C&CTeslaCrypt
iglesiaelrenacer.com
GODADDY.COM, LLC (n/a)
2016-02-19 16:13Botnet C&CCryptoWall
aditaborai.com.br
108.179.192.88 (- United States)
2016-02-19 14:03Botnet C&CLocky
85.25.138.187
85.25.138.187 (- Germany)
2016-02-19 05:13Botnet C&CCryptoWall
theassemblyguy.co.nz
103.40.81.47 (- New Zealand)
2016-02-19 05:13Botnet C&CCryptoWall
www.001edizioni.com
TUCOWS DOMAINS INC.95.110.230.190 (- Italy)
2016-02-18 18:33Botnet C&CLocky
94.242.57.45
94.242.57.45 (- Russian Federation)
2016-02-18 13:48Botnet C&CLocky
46.4.239.76
46.4.239.76 (- Germany)
2016-02-18 13:37Botnet C&CLocky
185.14.30.97
185.14.30.97 (- Netherlands)
2016-02-18 12:32Botnet C&CLocky
uxvvm.us
DYNADOT LLC69.195.129.70 (- United States)
2016-02-18 12:32Botnet C&CLocky
dltvwp.it
ITDOMAINS-REG104.238.173.18 (- United Kingdom)
2016-02-18 11:31Botnet C&CTeslaCrypt
dongxinh.com
ONLINENIC, INC. (n/a)
2016-02-18 10:44Botnet C&CTeslaCrypt
dustywinslow.com
ENOM, INC.108.174.112.194 (- United States)
2016-02-18 10:44Botnet C&CLocky
kqlxtqptsmys.in
101domain, Inc. (R115-AFIN)195.22.28.198 (- Portugal)
2016-02-18 10:44Botnet C&CLocky
95.181.171.58
95.181.171.58 (- Russian Federation)
2016-02-18 02:36Botnet C&CLocky
195.154.241.208
195.154.241.208 (- France)
2016-02-17 17:57Botnet C&CLocky
sdwempsovemtr.yt
EURODNS S.A.45.56.77.175 (- United States)
2016-02-17 17:57Botnet C&CLocky
fnarsipfqe.pw
Namecheap45.56.77.175 (- United States)
2016-02-17 14:59Botnet C&CLocky
luvenxj.uk
Dynadot, LLC t/a Dynadot69.195.129.70 (- United States)
2016-02-17 14:59Botnet C&CLocky
xfyubqmldwvuyar.yt
NETIM104.238.173.18 (- United Kingdom)
2016-02-17 14:59Botnet C&CLocky
kpybuhnosdrm.in
101domain, Inc. (R115-AFIN)n/a
2016-02-17 14:37Botnet C&CLocky
dkoipg.pw
Regtime Ltdn/a
2016-02-17 12:07Botnet C&CTeslaCrypt
lovemydress.pl
home.pl S.A. (n/a)
2016-02-16 13:29Botnet C&CLocky
195.64.154.14
195.64.154.14 (- Ukraine)
2016-02-16 08:32Botnet C&CLocky
86.104.134.144
86.104.134.144 (- Moldova)
2016-02-15 13:41Botnet C&CTeslaCrypt
ekop.org
Nics Telekomunikasyon Ticaret Lt[...] (n/a)
2016-02-15 10:20Botnet C&CTeslaCrypt
mosaudit.com
REGISTRAR OF DOMAIN NAMES REG.RU[...] (n/a)
2016-02-14 03:16Botnet C&CTeslaCrypt
yoyoeventos.com
ENOM, INC.187.45.240.67 (- Brazil)
2016-02-13 19:53Botnet C&CCryptoWall
madisonbootcamps.com
GODADDY.COM, LLC50.63.64.23 (- United States)
2016-02-13 09:12Botnet C&CCryptoWall
millsmanagement.nl
Hosting2GO B.V.83.137.194.38 (- Netherlands)
2016-02-13 01:15Botnet C&CCryptoWall
nonnuoccaobang.com
P.A. VIET NAM COMPANY LIMITED (n/a)
2016-02-10 18:46Botnet C&CCryptoWall
italyprego.com
GODADDY.COM, LLC78.110.50.154 (- Russian Federation)
2016-02-09 10:08Botnet C&CTeslaCrypt
dunyamuzelerimuzesi.com
NICS TELEKOMUNIKASYON TICARET LT[...] (n/a)
2016-02-09 10:08Botnet C&CTeslaCrypt
iicsdrd.com
GODADDY.COM, LLC (n/a)
2016-02-08 22:32Botnet C&CCryptoWall
www.plexipr.com
ENOM, INC.65.98.35.114 (- United States)
2016-02-08 20:18Botnet C&CTeslaCrypt
westhollywooddentaloffice.com
PDR LTD. D/B/A PUBLICDOMAINREGIS[...] (n/a)
2016-02-08 06:09Botnet C&CCryptoWall
www.bishopbell.co.uk
123-Reg Limited t/a 123-reg217.177.8.89 (- United Kingdom)
2016-02-08 05:56Botnet C&CCryptoWall
studiolegalecsb.it
REGISTER-REG104.47.161.9 (- Netherlands)
2016-02-08 05:54Botnet C&CCryptoWall
smartnote.co
WILD WEST DOMAINS, INC.184.168.68.65 (- United States)
2016-02-06 20:05Botnet C&CCryptoWall
dechehang.com
HICHINA ZHICHENG TECHNOLOGY LTD.112.124.96.107 (- China)
2016-02-06 08:22Botnet C&CCryptoWall
www.feddoctor.com
GODADDY.COM, LLC192.163.206.61 (- United States)
2016-02-05 16:59Botnet C&CCryptoWall
portret-tekening.nl
Hosting2GO B.V.83.137.194.115 (- Netherlands)

# of rows displayed: 100
# of entries in database: 13'867

Page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 >