1. Main › 
2. Tracker

Tracker

Ransomware Tracker to distinguishes between the following threats:

• Ransomware botnet Command & Control servers (C&Cs)
• Ransomware Payment Sites
• Ransomware Distribution Sites

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

• TeslaCrypt
• CryptoWall (if you do want to know more about CryptoWall, check out CryptoWall Tracker)
• TorrentLocker
• PadCrypt
• Locky
• CTB-Locker
• FAKBEN
• PayCrypt

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage | GlobeImposter

Dateadded (UTC)	Threat	Malware	Host (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not. Red = Online Green = Offline Grey = Unknown)	Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)	IP address (ASN, Country)
2017-11-01 06:12	Distribution Site	Locky	cirad.or.id		202.145.0.45 ( Indonesia)
2017-11-01 06:12	Distribution Site	Locky	givagarden.com	Tucows Domains Inc.	93.186.244.43 ( Italy)
2017-11-01 06:12	Distribution Site	Locky	ingress.kannste.net	Cronon AG	85.214.249.115 ( Germany)
2017-11-01 06:12	Distribution Site	Locky	internet-webshops.de		217.160.224.147 ( Germany)
2017-10-31 09:53	Distribution Site	Locky	hotelxaguate.com	PDR Ltd. d/b/a PublicDomainRegis[...]	(n/a)
2017-10-31 09:53	Distribution Site	Locky	rosiautosuli.hu		87.229.45.38 ( Hungary)
2017-10-31 09:53	Distribution Site	Locky	edificioexpo.com	Arsys Internet, S.L. d/b/a NICLI[...]	94.23.221.122 ( France)
2017-10-31 09:53	Distribution Site	Locky	cqaqualite.com	1&1 Internet SE	23.20.239.12 ( United States)
2017-10-31 09:52	Distribution Site	Locky	first-paris-properties.com	OVH	(n/a)
2017-10-31 09:43	Botnet C&C	Locky	aechjic.pw	Namecheap	208.100.26.251 ( United States)
2017-10-31 09:43	Botnet C&C	Locky	95.85.19.195		95.85.19.195 ( Netherlands)
2017-10-30 15:44	Distribution Site	Locky	pciholog.ru	RD-RU	90.156.201.38 ( Russian Federation) +3 A record(s) 90.156.201.48 (AS25532, Russian Federation) 90.156.201.58 (AS25532, Russian Federation) 90.156.201.64 (AS25532, Russian Federation)
2017-10-30 15:39	Distribution Site	Locky	hobbystube.net	CPS-Datensysteme GmbH	83.220.128.111 ( Germany)
2017-10-30 15:39	Distribution Site	Locky	fuettern24.de		176.28.9.111 ( Germany)
2017-10-30 15:39	Distribution Site	Locky	dvprojekt.hr		213.202.100.90 ( Croatia)
2017-10-29 00:14	Botnet C&C	PayCrypt	calicutsaawariya.com	GoDaddy.com, LLC	192.185.182.56 ( United States)
2017-10-29 00:14	Botnet C&C	PayCrypt	calicutsaawariya.com	GoDaddy.com, LLC	192.185.182.56 ( United States)
2017-10-28 22:59	Botnet C&C	PayCrypt	the-arts-today.com	GoDaddy.com, LLC	192.185.41.213 ( United States)
2017-10-24 11:20	Distribution Site	Locky	themclarenfamily.com	Key-Systems GmbH	92.48.90.34 ( United Kingdom)
2017-10-24 11:20	Distribution Site	Locky	tatianadecastelbajac.fr	AMEN / Agence des Médias Numériq[...]	(n/a)
2017-10-24 11:20	Distribution Site	Locky	video.rb-webdev.de		85.214.28.187 ( Germany)
2017-10-20 00:03	Botnet C&C	Locky	lvanwwbyabcfevyi.pw	Namecheap	n/a
2017-10-20 00:03	Botnet C&C	Locky	88.214.236.11		88.214.236.11 ( Russian Federation)
2017-10-18 06:21	Botnet C&C	Sage	mbfce24rgn65bx3g.is0hvt1.com	Trunkoz Technologies Pvt Ltd. d/[...]	(n/a)
2017-10-14 12:52	Botnet C&C	Locky	vpuroeit.pw	Namecheap	n/a
2017-10-13 14:52	Botnet C&C	Sage	mbfce24rgn65bx3g.0ny42p.com	Web Commerce Communications Limi[...]	(n/a)
2017-10-13 14:52	Botnet C&C	Sage	mbfce24rgn65bx3g.hp8ewo.net	PakNIC (Private) Limited	(n/a)
2017-10-12 05:08	Distribution Site	Locky	lacosturera.es		86.109.170.198 ( Spain)
2017-10-12 05:08	Distribution Site	Locky	missiegeslaagd.nl	WebReus	91.195.240.92 ( Germany)
2017-10-12 05:08	Distribution Site	Locky	itsmaterial.us	eNom, LLC	98.124.252.176 ( United States)
2017-10-12 05:08	Distribution Site	Locky	sambad.com.np		162.222.225.172 ( United States)
2017-10-12 05:07	Distribution Site	Locky	fetchstats.net	Eranet International Limited	(n/a)
2017-10-12 05:07	Distribution Site	Locky	download.justowin.it	ARUBA-REG	95.110.225.147 ( Italy)
2017-10-12 05:07	Distribution Site	Locky	centralbaptistchurchnj.org	GoDaddy.com, LLC	(n/a)
2017-10-12 05:07	Distribution Site	Locky	motifahsap.com	PDR Ltd. d/b/a PublicDomainRegis[...]	188.132.180.113 ( Turkey)
2017-10-12 05:07	Distribution Site	Locky	shamanic-extracts.biz	GoDaddy.com, Inc.	184.168.131.241 ( United States)
2017-10-12 05:07	Distribution Site	Locky	basedow-bilder.de		194.116.187.130 ( Germany)
2017-10-12 05:07	Distribution Site	Locky	pacalik.net	PDR Ltd. d/b/a PublicDomainRegis[...]	(n/a)
2017-10-12 05:07	Distribution Site	Locky	hair-select.jp		180.222.185.74 ( Japan)
2017-10-11 11:28	Distribution Site	Locky	old.tuttoggi.info	Tucows Domains Inc.	66.71.182.143 ( Italy)
2017-10-11 11:28	Distribution Site	Locky	wiskundebijles.nu	Key-Systems GmbH	62.212.95.30 ( Netherlands)
2017-10-11 11:28	Distribution Site	Locky	georginabringas.com	Tucows Domains Inc.	104.248.211.186 ( United States)
2017-10-11 11:28	Distribution Site	Locky	team-bobcat.org	EPAG Domainservices GmbH	(n/a)
2017-10-11 11:28	Distribution Site	Locky	pdj.co.id		104.244.120.69 ( United States)
2017-10-11 11:27	Distribution Site	Locky	t-plesk.com	PDR Ltd. d/b/a PublicDomainRegis[...]	77.92.99.9 ( Turkey)
2017-10-11 11:27	Distribution Site	Locky	resortphotographics.com	eNom, Inc.	184.168.131.241 ( United States)
2017-10-11 11:27	Distribution Site	Locky	eurecas.org	OnlineNIC Inc.	188.65.87.2 ( Italy)
2017-10-11 11:27	Distribution Site	Locky	highpressurewelding.co.uk	LCN.com Ltd	35.240.15.72 ( United States)
2017-10-11 11:27	Distribution Site	Locky	vithos.de		87.106.52.12 ( Germany)
2017-10-11 11:27	Distribution Site	Locky	maule.biz	eNom, LLC	98.124.251.176 ( United States)
2017-10-11 11:27	Distribution Site	Locky	areanuova.it	WIDE-REG	46.231.27.51 ( Italy)
2017-10-11 11:27	Distribution Site	Locky	missinglynxsystems.com	GoDaddy.com, LLC	66.36.173.181 ( United States)
2017-10-11 11:27	Distribution Site	Locky	fetchstats.net	Eranet International Limited	(n/a)
2017-10-11 11:27	Distribution Site	Locky	jns.co.th	T.H.NIC Co., Ltd.	203.146.43.65 ( Thailand)
2017-10-11 10:44	Distribution Site	Locky	hellonwheelsthemovie.com	Tucows Domains Inc.	66.36.165.149 ( United States)
2017-10-11 10:30	Distribution Site	Locky	estudiperceptiva.com	Arsys Internet, S.L. d/b/a NICLI[...]	86.109.170.66 ( Spain)
2017-10-11 10:30	Distribution Site	Locky	mh-service.ru	RU-CENTER-RU	89.253.235.118 ( Russian Federation)
2017-10-11 10:29	Distribution Site	Locky	bit-chasers.com	eNom, Inc.	(n/a)
2017-10-11 10:29	Distribution Site	Locky	bjp.co.id		103.58.102.38 ( Indonesia)
2017-10-11 10:29	Distribution Site	Locky	paulcruse.com	Tucows Domains Inc.	91.215.186.147 ( United Kingdom)
2017-10-11 10:29	Distribution Site	Locky	nsaflow.info	Eranet International Limited	(n/a)
2017-10-11 10:29	Distribution Site	Locky	monstermx.com	PDR Ltd. d/b/a PublicDomainRegis[...]	72.34.251.187 ( United States)
2017-10-11 10:29	Distribution Site	Locky	suncoastot.com	eNom, Inc.	98.124.252.176 ( United States)
2017-10-11 10:29	Distribution Site	Locky	logica-info.com	PDR Ltd. d/b/a PublicDomainRegis[...]	103.58.102.36 ( Indonesia)
2017-10-10 18:54	Distribution Site	Locky	estudiperceptiva.com	Arsys Internet, S.L. d/b/a NICLI[...]	86.109.170.66 ( Spain)
2017-10-10 18:53	Distribution Site	Locky	monstermx.com	PDR Ltd. d/b/a PublicDomainRegis[...]	72.34.251.187 ( United States)
2017-10-10 18:50	Distribution Site	Locky	bjp.co.id		103.58.102.38 ( Indonesia)
2017-10-10 18:50	Distribution Site	Locky	nsaflow.info	Eranet International Limited	(n/a)
2017-10-10 18:50	Distribution Site	Locky	paulcruse.com	Tucows Domains Inc.	91.215.186.147 ( United Kingdom)
2017-10-10 18:50	Distribution Site	Locky	suncoastot.com	eNom, Inc.	98.124.252.176 ( United States)
2017-10-10 18:49	Distribution Site	Locky	bit-chasers.com	eNom, Inc.	(n/a)
2017-10-10 18:49	Distribution Site	Locky	logica-info.com	PDR Ltd. d/b/a PublicDomainRegis[...]	103.58.102.36 ( Indonesia)
2017-10-10 18:49	Distribution Site	Locky	mh-service.ru	RU-CENTER-RU	89.253.235.118 ( Russian Federation)
2017-10-10 18:49	Distribution Site	Locky	hellonwheelsthemovie.com	Tucows Domains Inc.	66.36.165.149 ( United States)
2017-10-10 18:49	Distribution Site	Locky	handhi.com	Tucows Domains Inc.	162.213.255.19 ( United States)
2017-10-10 18:49	Distribution Site	Locky	m-tensou.net	Tucows Domains Inc.	202.218.252.73 ( Japan)
2017-10-10 08:55	Distribution Site	Locky	henweekendsbirmingham.co.uk	Pulsant (Scotland) Ltd	35.240.15.72 ( United States)
2017-10-10 08:55	Distribution Site	Locky	test.sisap.ro	Hostvision SRL	(n/a)
2017-10-10 08:54	Distribution Site	Locky	deltasec.net	CSL Computer Service Langenbach [...]	(n/a)
2017-10-10 08:54	Distribution Site	Locky	agrourbis.com	Arsys Internet, S.L. d/b/a NICLI[...]	86.109.170.66 ( Spain)
2017-10-10 08:54	Distribution Site	Locky	xploramail.com	Soluciones Corporativas IP, SL	(n/a)
2017-10-10 08:54	Distribution Site	Locky	mastertenniscoach.com	GoDaddy.com, LLC	69.16.209.47 ( United States)
2017-10-10 08:54	Distribution Site	Locky	likiihillschool.com	Tucows Domains Inc.	(n/a)
2017-10-10 08:54	Distribution Site	Locky	axtes.com	OVH	37.59.210.47 ( France)
2017-10-10 08:54	Distribution Site	Locky	dueeffepromotion.com	eNom, Inc.	31.11.34.199 ( Italy)
2017-10-10 08:54	Distribution Site	Locky	nsaflow.info	Eranet International Limited	(n/a)
2017-10-10 08:54	Distribution Site	Locky	shahanabiomedicals.com	Name.com, Inc.	64.140.170.18 ( United States)
2017-10-10 08:51	Distribution Site	Locky	mediatrendsistem.com	DNC Holdings, Inc.	(n/a)
2017-10-10 08:51	Distribution Site	Locky	bodywork-sf.net	eNom, Inc.	(n/a)
2017-10-10 08:51	Distribution Site	Locky	brascopperchile.cl		(n/a)
2017-10-10 08:51	Distribution Site	Locky	fls-portal.co.uk	ukfast.net Ltd t/a UKFast.Net Li[...]	200.63.47.3 ( Panama)
2017-10-10 08:50	Distribution Site	Locky	evlilikpsikolojisi.com	Nics Telekomunikasyon Tic Ltd. S[...]	(n/a)
2017-10-10 08:50	Distribution Site	Locky	ashtontan.com	Tucows Domains Inc.	103.6.198.208 ( Malaysia)
2017-10-10 08:50	Distribution Site	Locky	essenza.co.id		202.169.44.141 ( Indonesia)
2017-10-10 08:50	Distribution Site	Locky	gilgroup.com	Network Solutions, LLC.	216.177.130.203 ( United States)
2017-10-10 08:50	Distribution Site	Locky	scottfranch.org	Todaynic.com, Inc.	(n/a)
2017-10-10 08:50	Distribution Site	Locky	aeaccting.com	eNom, Inc.	208.67.23.166 ( United States)
2017-10-10 08:49	Distribution Site	Locky	bsfotodesign.com	eNom, Inc.	94.126.169.150 ( Portugal)
2017-10-10 08:49	Distribution Site	Locky	galeona.com	Arsys Internet, S.L. d/b/a NICLI[...]	212.89.16.142 ( Spain)
2017-10-10 08:49	Distribution Site	Locky	ashapeforlife.com	1&1 Internet SE	217.160.0.51 ( Germany)

# of rows displayed: 100
# of entries in database: 13'865