CF1761134868740-tsm20251017082432

WWW.RTSAK.COM - ransomware.live

Search for IP or hostnames:

ransomware.live checked at 2025-10-22T12:07:48.723Z 240ms 114/114/114 100% R:20

ransomware.live

MXmail.protonmail.ch
A176.119.200.128🇨🇭 Proton AG
PTRmail.protonmail.ch
A185.70.42.128🇨🇭 Proton AG
PTRmail.protonmail.ch
A185.205.70.128🇫🇷 Proton AG
PTRmail.protonmail.ch
MXmailsec.protonmail.ch
A176.119.200.129🇨🇭 Proton AG
PTRmailsec.protonmail.ch
A185.70.42.129🇨🇭 Proton AG
PTRmailsec.protonmail.ch
A185.205.70.129🇫🇷 Proton AG
PTRmailsec.protonmail.ch
NSns-15-b.gandi.net
A2001:4b98:aaab::10 🇫🇷 Gandi LiveDNS
PTRns-15-b.gandi.net
A213.167.230.16🇫🇷 Gandi LiveDNS
PTRns-15-b.gandi.net
NSns-237-a.gandi.net
A2001:4b98:aaaa::ee 🇫🇷 Gandi LiveDNS
PTRns-237-a.gandi.net
A173.246.100.238🇺🇸 Gandi LiveDNS
PTRns-237-a.gandi.net
NSns-8-c.gandi.net
A2604:3400:aaac::9 🇺🇸 Gandi LiveDNS
PTRns-8-c.gandi.net
A217.70.187.9🇫🇷 Gandi LiveDNS
PTRns-8-c.gandi.net
A2001:41d0:1004:bd::1 🇫🇷 OVH
A149.202.86.189🇫🇷 OVH
PTRns3018561.ip-149-202-86.eu

live

NSv0n0.nic.live
NSv0n1.nic.live
NSv0n2.nic.live
NSv0n3.nic.live
NSv2n0.nic.live
NSv2n1.nic.live

Up

Starts with same word

Starts similarily

AI analysis

ransomware.live is a parent of monitor-6.ransomware.live, monitor-4.ransomware.live and cti.ransomware.live.

ransomware.live has two IP numbers: 2001:41d0:1004:bd::1 and 149.202.86.189.

Other host names including ns3018561.ip-149-202-86.eu, monitor-6.ransomware.live, monitor-4.ransomware.live and cti.ransomware.live share IP numbers with ransomware.live.

ransomware.live is delegated to three name servers: ns-15-b.gandi.net, ns-237-a.gandi.net and ns-8-c.gandi.net.

ransomware.live at least partially shares name servers with other domains, including wildora.net, yesss-club.fr, medgicnet.fr, tisseo.legal and isora.fr.

these name servers are commonly used with ns-149-a.gandi.net, ns-191-c.gandi.net, ns-22-c.gandi.net, ns-57-a.gandi.net, ns-40-c.gandi.net, ns-28-c.gandi.net, ns-122-c.gandi.net, ns-123-b.gandi.net and ns-61-b.gandi.net.

Host names with two IP numbers:

ns-15-b.gandi.net: 2001:4b98:aaab::10 and 213.167.230.16

ns-237-a.gandi.net: 2001:4b98:aaaa::ee and 173.246.100.238

ns-8-c.gandi.net: 2604:3400:aaac::9 and 217.70.187.9

ransomware.live is served by two mail servers mail.protonmail.ch and mailsec.protonmail.ch.

ransomware.live shares the same mail server setup as other domains, for instance tomsramek.com, infohead.com, brndr.net, hende.org and michaeloakes.com.

ransomware.live shares at least some mail servers with other domains, for example ecwilson.com, objexp.com, hla.one, secure.engineering and karon.io.

Host names with three IP numbers:

The host name mail.protonmail.ch resolves to 176.119.200.128, 185.70.42.128 and 185.205.70.128.

The host name mailsec.protonmail.ch resolves to 176.119.200.129, 185.70.42.129 and 185.205.70.129.

Perform reverse DNS lookup as well as normal forward DNS. Check Autonomous System Numbers (ASNs) and BGP connections between Internet Service Providers.
dbq

raIPhLt CF johedugfp 2025-10-22