Tracker

Ransomware Tracker to distinguishes between the following threats:

Each entry in Ransomware Tracker is tagged to a threat and a malware. Currently, the following Ransomware families are tracked:

New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

Search

You can search for a host or URL using the following search form:

Set a filter for the list below

Below is a list of Ransomware botnet C&C servers tracked by Ransomware Tracker. You have the possibility to filter the list below using certain pre-defined filters shown below.

General filters: Remove filter (Show all) | Online hosts
Filter by threat: Botnet C&Cs | Payment Sites | Distribution Sites
Filter by malware: TeslaCrypt | CryptoWall | TorrentLocker | PadCrypt | Locky | CTB-Locker | FAKBEN | PayCrypt | DMALocker | Cerber | Sage | GlobeImposter

Dateadded (UTC)ThreatMalwareHost (?Domain name or IP address used by the Ransomware. The leading dots (Red, Green, Grey) indicate whether the Host is active or not.

Red = Online
Green = Offline
Grey = Unknown
)
Domain Registrar (?In some cases Ransomware Tracker is not able to determine the sponsoring Registrar of a domain name. Thats either because the Registry does not reveal this information in the whois or because the Registry doesn't offer a whois service.)IP address (ASN, Country)
2017-08-31 05:01Distribution SiteLocky
87hfdredwertyfdvvlkgdrsadm.net
Eranet International Limited (n/a)
2017-08-31 05:01Distribution SiteLocky
fremonttwnshp.com
Tucows Domains Inc.67.209.250.204 (- United States)
2017-08-31 05:01Distribution SiteLocky
fwbcondo.com
GoDaddy.com, LLC74.116.0.194 (- United States)
2017-08-31 05:00Distribution SiteLocky
asr.geilefotzen.at
193.239.248.170 (- Austria)
2017-08-31 05:00Distribution SiteLocky
camerawind.com
GoDaddy.com, LLC (n/a)
2017-08-31 05:00Distribution SiteLocky
galeona.com
Arsys Internet, S.L. d/b/a NICLI[...]212.89.16.142 (- Spain)
2017-08-31 05:00Distribution SiteLocky
gbvm.nl
Registrar.eu149.210.143.182 (- Netherlands)
2017-08-31 05:00Distribution SiteLocky
fondue-artisan.ch
Axianet.ch Srl (n/a)
2017-08-30 14:09Botnet C&CLocky
146.120.110.46
146.120.110.46 (- Russian Federation)
2017-08-30 09:46Distribution SiteLocky
fluritreuhand.ch
switchplus AG (n/a)
2017-08-30 09:46Distribution SiteLocky
firstclean.pt
80.172.241.36 (- Portugal)
2017-08-30 09:46Distribution SiteLocky
fhginformatica.com
1&1 Internet SE217.76.128.34 (- Spain)
2017-08-30 09:46Distribution SiteLocky
essenza.co.id
202.169.44.141 (- Indonesia)
2017-08-30 09:45Distribution SiteLocky
fiancevisacover.com
eNom, Inc.216.55.186.90 (- United States)
2017-08-30 09:45Distribution SiteLocky
87hfdredwertyfdvvlkgdrsadm.net
Eranet International Limited (n/a)
2017-08-30 09:45Distribution SiteLocky
fmarson.com
eNom, Inc.80.172.241.35 (- Portugal)
2017-08-30 09:45Distribution SiteLocky
fiera.leadercoop.it
REGDOM-REG94.177.162.137 (- Italy)
2017-08-30 09:45Distribution SiteLocky
esp.jp
121.50.42.51 (- Japan)
2017-08-30 09:44Distribution SiteLocky
exploreafricatourssafaris.com
Tucows Domains Inc.41.72.154.148 (- South Africa)
2017-08-30 09:44Distribution SiteLocky
faraway-lodge.co.za
41.72.154.153 (- South Africa)
2017-08-30 09:44Distribution SiteLocky
financeforautos.com
GoDaddy.com, LLC (n/a)
2017-08-30 09:44Distribution SiteLocky
florian-koenig.de
81.90.36.218 (- Germany)
2017-08-30 09:44Distribution SiteLocky
fartrell.it
ALTERNET-REG62.4.9.20 (- France)
2017-08-30 09:43Distribution SiteLocky
formareal.com
eNom, Inc.87.118.114.57 (- Germany)
2017-08-30 09:43Distribution SiteLocky
ferrecorte.com
Wild West Domains, LLC (n/a)
2017-08-29 16:26Distribution SiteLocky
familylawlexington.com
Tucows Domains Inc.67.222.38.88 (- United States)
2017-08-29 13:42Payment SiteCerber
oqwygprskqv65j72.1gqj8x.top
Eranet International Limited127.0.0.1 (n/a)
2017-08-29 12:33Distribution SiteLocky
ferienwohnunginzingst.de
87.106.27.66 (- Germany)
2017-08-29 12:33Distribution SiteLocky
drommtoinononcechangerrer.info
Eranet International Limited (n/a)
2017-08-29 12:32Distribution SiteLocky
fashionsources.co.uk
Namesco Limited213.246.109.52 (- United Kingdom)
2017-08-29 12:32Distribution SiteLocky
finas-atelier.nl
Registrar.eu91.209.7.116 (- Netherlands)
2017-08-29 12:32Distribution SiteLocky
fastrepair-schijndel.nl
Bizzcom B.V. (n/a)
2017-08-29 12:32Distribution SiteLocky
hamabo.co.id
202.145.0.45 (- Indonesia)
2017-08-29 12:32Distribution SiteLocky
habeggercorp.net
GoDaddy.com, LLC23.111.138.46 (- United States)
2017-08-29 12:31Distribution SiteLocky
eduardomarti.com
Domain.com, LLC86.109.162.85 (- Spain)
2017-08-29 12:31Distribution SiteLocky
finglassafetyforum.ie
80.84.234.13 (- Netherlands)
2017-08-29 12:31Distribution SiteLocky
hecam.de
83.169.22.79 (- Germany)
2017-08-29 12:31Distribution SiteLocky
familiabuchholz.com
Network Solutions, LLC.82.165.142.24 (- Germany)
2017-08-29 12:31Distribution SiteLocky
go-coo.jp
203.183.65.225 (- Japan)
2017-08-29 12:31Distribution SiteLocky
fastretail.be
Eurodns S.A.164.132.235.17 (- France)
2017-08-29 09:48Distribution SiteLocky
grlarquitectura.com
Arsys Internet, S.L. d/b/a NICLI[...]212.89.14.185 (- Spain)
2017-08-29 09:47Distribution SiteLocky
drommtoinononcechangerrer.info
Eranet International Limited (n/a)
2017-08-29 09:47Distribution SiteLocky
griffithphoto.com
GoDaddy.com, LLC184.168.131.241 (- United States)
2017-08-29 09:46Distribution SiteLocky
guestbook.secraterri.com
Network Solutions, LLC.204.197.244.127 (- United States)
2017-08-29 09:46Distribution SiteLocky
groh-ag.com
PSI-USA, Inc. dba Domain Robot188.40.17.48 (- Germany)
2017-08-29 05:19Distribution SiteLocky
graficasicarpearanjuez.com
eNom, Inc.185.18.197.109 (- Spain)
2017-08-29 05:19Distribution SiteLocky
glostrap.com
TLDs, LLC dba SRSplus34.200.181.247 (- United States)
2017-08-29 05:19Distribution SiteLocky
gotcaughtdui.com
GoDaddy.com, LLC132.148.21.213 (- United States)
2017-08-29 05:19Distribution SiteLocky
glendoradrivingandtraffic.com
GoDaddy.com, LLC198.185.159.144 (- United States) +3 A record(s) 198.185.159.145 (AS53831, - United States)
198.49.23.144 (AS53831, - United States)
198.49.23.145 (AS53831, - United States)
2017-08-29 05:19Distribution SiteLocky
hendrikvankerkhove.be
Registrar.eu (n/a)
2017-08-29 05:18Distribution SiteLocky
grossklos.de
94.130.189.10 (- Germany)
2017-08-29 05:18Distribution SiteLocky
gruppostolfaedilizia.it
CRITICALCASE-REG46.37.22.181 (- Italy)
2017-08-26 13:10Botnet C&CLocky
46.17.44.153
46.17.44.153 (- Russian Federation)
2017-08-26 04:49Botnet C&CLocky
185.17.120.130
185.17.120.130 (- Russian Federation)
2017-08-25 20:29Botnet C&CLocky
46.183.165.45
46.183.165.45 (- Russian Federation)
2017-08-24 22:39Botnet C&CLocky
185.179.190.31
185.179.190.31 (- Russian Federation)
2017-08-24 17:59Distribution SiteLocky
go-coo.jp
203.183.65.225 (- Japan)
2017-08-24 17:55Distribution SiteLocky
heimatverein-menne.de
62.75.191.150 (- France)
2017-08-24 14:32Botnet C&CLocky
5.196.99.239
5.196.99.239 (- France)
2017-08-24 11:50Payment SiteCerber
oqwygprskqv65j72.1d88b8.top
Eranet International Limited127.0.0.1 (n/a)
2017-08-23 15:49Botnet C&CLocky
94.242.59.239
94.242.59.239 (- Russian Federation)
2017-08-23 12:49Distribution SiteLocky
grupofergus.com.bo
86.109.167.37 (- Spain)
2017-08-23 12:49Distribution SiteLocky
gdrural.com.au
Enetica (n/a)
2017-08-23 12:49Distribution SiteLocky
grupoajedrecisticoaleph.com
Domain.com, LLC86.109.167.33 (- Spain)
2017-08-23 12:48Distribution SiteLocky
geocean.co.id
103.58.102.38 (- Indonesia)
2017-08-23 12:48Distribution SiteLocky
gestionale-orbit.it
ARUBA-REG95.110.165.108 (- Italy)
2017-08-23 12:48Distribution SiteLocky
gruppostolfaedilizia.it
CRITICALCASE-REG46.37.22.181 (- Italy)
2017-08-23 12:48Distribution SiteLocky
grundschulmarkt.com
Corehub, S.R.L.91.250.98.128 (- Germany)
2017-08-23 12:47Distribution SiteLocky
grupoegeria.net
Nominalia Internet S.L.92.222.83.238 (- France)
2017-08-23 10:38Distribution SiteLocky
grlarquitectura.com
Arsys Internet, S.L. d/b/a NICLI[...]212.89.14.185 (- Spain)
2017-08-22 09:10Distribution SiteLocky
mandmlandscapes.com
Network Solutions, LLC.173.247.249.48 (- United States)
2017-08-22 08:09Distribution SiteLocky
gigaga.de
83.220.128.111 (- Germany)
2017-08-22 08:09Distribution SiteLocky
ggiudici.it
REGDOM-REG (n/a)
2017-08-22 08:09Distribution SiteLocky
ggcadiz.com
eNom, Inc. (n/a)
2017-08-22 08:09Distribution SiteLocky
gewinnspiel-sachsenhausen.de
194.173.175.16 (- Germany)
2017-08-22 08:08Distribution SiteLocky
gewerbeverein-auggen.de
176.28.12.83 (- Germany)
2017-08-22 08:08Distribution SiteLocky
getraenke-weichmann.de
83.138.80.111 (- Germany)
2017-08-22 08:08Distribution SiteLocky
german-brazil-club.com
1&1 Internet SE87.106.247.167 (- Germany)
2017-08-22 08:07Distribution SiteLocky
gbstamps4u.com
CSL Computer Service Langenbach [...]185.119.173.239 (- United Kingdom)
2017-08-22 08:07Distribution SiteLocky
gavorchid.com
Tucows Domains Inc.149.255.60.144 (- United Kingdom)
2017-08-22 08:07Distribution SiteLocky
droohsdronfhystgfh.info
Eranet International Limited (n/a)
2017-08-21 21:31Botnet C&CLocky
5.188.63.30
5.188.63.30 (- Russian Federation)
2017-08-21 13:41Botnet C&CLocky
176.107.185.19
176.107.185.19 (- Ukraine)
2017-08-21 10:26Distribution SiteLocky
geobirds.be
Registrar.eu178.208.35.92 (- Belgium)
2017-08-20 06:45Payment SiteCerber
qfjhpgbefuhenjp7.1e1jbc.top
Eranet International Limited127.0.0.1 (n/a)
2017-08-19 02:59Botnet C&CLocky
91.201.202.12
91.201.202.12 (- Ukraine)
2017-08-19 02:59Botnet C&CLocky
213.159.214.86
213.159.214.86 (- Russian Federation)
2017-08-18 09:08Botnet C&CLocky
5.187.5.171
5.187.5.171 (- Germany)
2017-08-16 23:59Botnet C&CLocky
91.228.239.216
91.228.239.216 (- Russian Federation)
2017-08-16 23:59Botnet C&CLocky
31.202.128.249
31.202.128.249 (- Ukraine)
2017-08-16 23:59Botnet C&CLocky
185.80.148.137
185.80.148.137 (- Russian Federation)
2017-08-14 16:17Payment SiteCerber
oqwygprskqv65j72.1fs9pz.top
Eranet International Limited127.0.0.1 (n/a)
2017-08-13 18:19Botnet C&CLocky
xvchcbeqxkd.pw
Namecheap208.100.26.251 (- United States)
2017-08-13 18:19Botnet C&CLocky
103.43.75.87
103.43.75.87 (- Australia)
2017-08-13 13:22Botnet C&CLocky
vcabbvhrqhot.pw
Namecheap208.100.26.251 (- United States)
2017-08-12 15:43Payment SiteCerber
oqwygprskqv65j72.14jqyo.top
Eranet International Limited127.0.0.1 (n/a)
2017-08-08 14:01Payment SiteCerber
oqwygprskqv65j72.1kh9ct.top
Eranet International Limited127.0.0.1 (n/a)
2017-08-04 10:52Payment SiteCerber
oqwygprskqv65j72.13rdvu.top
Eranet International Limited127.0.0.1 (n/a)
2017-07-31 18:19Payment SiteCerber
oqwygprskqv65j72.1hbdbx.top
Eranet International Limited127.0.0.1 (n/a)
2017-07-30 22:35Payment SiteCerber
oqwygprskqv65j72.13gpqd.top
Eranet International Limited127.0.0.1 (n/a)

# of rows displayed: 100
# of entries in database: 13'867

Page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 >