Statistics

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox within the past 14 days.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 30 days.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned for the past 30 days.

RankReporterLasta activityCredits earnedSubmissions
1Twitter @TheHack3r4chan2021-06-11 141'001'29519'153
2Twitter @Cryptolaemus12021-06-12 293'38031'159
3Twitter @Sergiopd972021-06-04 265'920529
4Twitter @abuse_ch2021-06-12 134'5908'163
5Twitter @Virus_Deck2021-06-12 107'7158'699
6Twitter @dripbrrr2021-06-11 2'700136
7Twitter @Myrtus0x02021-06-08 2'17563
8Twitter @edelahozuah2021-06-09 2'12035
9Twitter @MiguelSantareno2021-06-04 27555
10Twitter @0x482153332021-06-11 405

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (past 14 days).

IOCsIOC TypeIOC description
31'955sha256_hashSHA256 hash of a malware sample (payload)
480ip:portip:port combination that is used for botnet Command&control (C&C)
422urlURL that delivers a malware payload
331urlURL that is used for botnet Command&control (C&C)
119domainDomain name that delivers a malware payload
82domainDomain that is used for botnet Command&control (C&C)
10md5_hashMD5 hash of a malware sample (payload)

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox since it's launch in March 2021.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 12 months.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned.

RankReporterLast activityCredits earnedSubmissions
1Twitter @lazyactivist1922021-05-25 150'755'73029'707
2Twitter @TheHack3r4chan2021-06-11 141'001'29519'153
3Twitter @dms18992021-05-13 1'625'3601'474
4Twitter @Cryptolaemus12021-06-12 293'38031'159
5Twitter @Sergiopd972021-06-04 265'920529
6Twitter @MSteve252021-03-31 169'765253
7Twitter @abuse_ch2021-06-12 134'5908'163
8Twitter @Virus_Deck2021-06-12 107'7158'699
9Twitter @Malwar3Ninja2021-05-18 66'015162
10Twitter @MichalKoczwara2021-05-06 8'595193

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (overall).

IOCsIOC TypeIOC description
85'974sha256_hashSHA256 hash of a malware sample (payload)
5'043ip:portip:port combination that is used for botnet Command&control (C&C)
2'778urlURL that is used for botnet Command&control (C&C)
2'350domainDomain that is used for botnet Command&control (C&C)
1'377urlURL that delivers a malware payload
215domainDomain name that delivers a malware payload
178md5_hashMD5 hash of a malware sample (payload)
128domainDomain used for credit card skimming (usually related to Magecart attacks)
45sha1_hashSHA1 hash of a malware sample (payload)
39ip:portip:port combination that delivery a malware payload
14sha3_384_hashSHA3-384 hash of a malware sample (payload)