Statistics

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox within the past 14 days.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 30 days.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned for the past 30 days.

RankReporterLast activityCredits earnedSubmissions
1Twitter @Cryptolaemus12021-09-20 163'525'960120'363
2Twitter @abuse_ch2021-09-20 233'44517'182
3Twitter @Virus_Deck2021-09-20 219'47517'781
4Twitter @stoerchl2021-09-14 67'455404
5Twitter @drb_ra2021-09-20 35'5204'320
6Twitter @HarioMenkel2021-09-11 10'6151'515
7Twitter @warz_s2021-09-08 9'035133
8Twitter @Thra_n2021-09-17 5'19047
9Twitter @r0ny_1232021-09-10 3'59575
10Twitter @AndreGironda2021-09-17 865113

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (past 14 days).

IOCsIOC TypeIOC description
3'019sha256_hashSHA256 hash of a malware sample (payload)
1'905urlURL that is used for botnet Command&control (C&C)
1'729ip:portip:port combination that is used for botnet Command&control (C&C)
478urlURL that delivers a malware payload
215domainDomain that is used for botnet Command&control (C&C)
16md5_hashMD5 hash of a malware sample (payload)
6domainDomain name that delivers a malware payload
2sha1_hashSHA1 hash of a malware sample (payload)
2sha3_384_hashSHA3-384 hash of a malware sample (payload)

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox since it's launch in March 2021.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 12 months.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned.

RankReporterLast activityCredits earnedSubmissions
1Twitter @TheHack3r4chan2021-08-26 196'595'74525'821
2Twitter @Cryptolaemus12021-09-20 163'525'960120'363
3Twitter @lazyactivist1922021-05-25 150'755'73029'707
4Twitter @KrknSec2021-08-13 3'730'1551'221
5Twitter @dms18992021-09-04 1'628'6901'510
6Twitter @TRJM22072021-07-29 1'185'080688
7Twitter @Malwar3Ninja2021-08-02 1'037'895785
8Twitter @Sergiopd972021-06-04 265'920529
9Twitter @abuse_ch2021-09-20 233'44517'182
10Twitter @Virus_Deck2021-09-20 219'47517'781

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (overall).

IOCsIOC TypeIOC description
188'435sha256_hashSHA256 hash of a malware sample (payload)
12'585ip:portip:port combination that is used for botnet Command&control (C&C)
8'308urlURL that is used for botnet Command&control (C&C)
4'321domainDomain that is used for botnet Command&control (C&C)
3'823urlURL that delivers a malware payload
427md5_hashMD5 hash of a malware sample (payload)
351domainDomain name that delivers a malware payload
150domainDomain used for credit card skimming (usually related to Magecart attacks)
66sha1_hashSHA1 hash of a malware sample (payload)
39ip:portip:port combination that delivery a malware payload
16sha3_384_hashSHA3-384 hash of a malware sample (payload)