Statistics

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox within the past 14 days.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 30 days.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned for the past 30 days.

RankReporterLasta activityCredits earnedSubmissions
1Twitter @Cryptolaemus12021-07-21 162'740'06076'987
2Twitter @abuse_ch2021-07-25 171'96513'000
3Twitter @Virus_Deck2021-07-25 159'82012'898
4Twitter @MichalKoczwara2021-07-24 8'595193
5Twitter @dripbrrr2021-07-21 3'910195
6Twitter @stoerchl2021-07-23 3'44567
7Twitter @Myrtus0x02021-07-20 2'25068
8Twitter @0xCARNAGE2021-07-22 795114
9Twitter @MattNels2021-07-14 60519
10Twitter @MiguelSantareno2021-07-14 27555

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (past 14 days).

IOCsIOC TypeIOC description
1'301sha256_hashSHA256 hash of a malware sample (payload)
1'215ip:portip:port combination that is used for botnet Command&control (C&C)
406urlURL that is used for botnet Command&control (C&C)
187domainDomain that is used for botnet Command&control (C&C)
37md5_hashMD5 hash of a malware sample (payload)
25urlURL that delivers a malware payload
8domainDomain used for credit card skimming (usually related to Magecart attacks)
7sha1_hashSHA1 hash of a malware sample (payload)

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox since it's launch in March 2021.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 12 months.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned.

RankReporterLast activityCredits earnedSubmissions
1Twitter @TheHack3r4chan2021-06-16 196'595'74525'821
2Twitter @Cryptolaemus12021-07-21 162'740'06076'987
3Twitter @lazyactivist1922021-05-25 150'755'73029'707
4Twitter @dms18992021-05-13 1'625'3601'474
5Twitter @Malwar3Ninja2021-07-09 1'037'895785
6Twitter @Sergiopd972021-06-04 265'920529
7Twitter @abuse_ch2021-07-25 171'96513'000
8Twitter @MSteve252021-03-31 169'765253
9Twitter @Virus_Deck2021-07-25 159'82012'898
10Twitter @MichalKoczwara2021-07-24 8'595193

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (overall).

IOCsIOC TypeIOC description
141'796sha256_hashSHA256 hash of a malware sample (payload)
8'991ip:portip:port combination that is used for botnet Command&control (C&C)
3'960urlURL that is used for botnet Command&control (C&C)
2'745domainDomain that is used for botnet Command&control (C&C)
2'251urlURL that delivers a malware payload
298md5_hashMD5 hash of a malware sample (payload)
222domainDomain name that delivers a malware payload
150domainDomain used for credit card skimming (usually related to Magecart attacks)
64sha1_hashSHA1 hash of a malware sample (payload)
39ip:portip:port combination that delivery a malware payload
14sha3_384_hashSHA3-384 hash of a malware sample (payload)