Statistics

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox within the past 14 days.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 30 days.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned for the past 30 days.

RankReporterLast activityCredits earnedSubmissions
1Twitter @Cryptolaemus12021-10-17 164'077'890122'236
2Twitter @abuse_ch2021-10-18 294'90518'770
3Twitter @r0ny_1232021-10-17 275'745608
4Twitter @Virus_Deck2021-10-18 254'07020'580
5Twitter @drb_ra2021-10-17 74'7908'247
6Twitter @stoerchl2021-10-15 67'680423
7Twitter @ffforward2021-10-13 7'09052
8Twitter @pmmkowalczyk2021-10-08 6'005161
9Twitter @dripbrrr2021-10-12 4'095213
10Twitter @AndreGironda2021-10-17 3'740271

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (past 14 days).

IOCsIOC TypeIOC description
1'714ip:portip:port combination that is used for botnet Command&control (C&C)
1'485sha256_hashSHA256 hash of a malware sample (payload)
1'083urlURL that is used for botnet Command&control (C&C)
475urlURL that delivers a malware payload
199domainDomain that is used for botnet Command&control (C&C)
10md5_hashMD5 hash of a malware sample (payload)
10domainDomain name that delivers a malware payload
1sha3_384_hashSHA3-384 hash of a malware sample (payload)
1sha1_hashSHA1 hash of a malware sample (payload)

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox since it's launch in March 2021.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 12 months.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned.

RankReporterLast activityCredits earnedSubmissions
1Twitter @TheHack3r4chan2021-08-26 196'595'74525'821
2Twitter @Cryptolaemus12021-10-17 164'077'890122'236
3Twitter @lazyactivist1922021-05-25 150'755'73029'707
4Twitter @KrknSec2021-08-13 3'730'1551'221
5Twitter @dms18992021-09-04 1'628'6901'510
6Twitter @TRJM22072021-07-29 1'185'080688
7Twitter @Malwar3Ninja2021-08-02 1'037'895785
8Twitter @abuse_ch2021-10-18 294'90518'770
9Twitter @r0ny_1232021-10-17 275'745608
10Twitter @Sergiopd972021-06-04 265'920529

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (overall).

IOCsIOC TypeIOC description
191'963sha256_hashSHA256 hash of a malware sample (payload)
16'113ip:portip:port combination that is used for botnet Command&control (C&C)
10'792urlURL that is used for botnet Command&control (C&C)
4'970urlURL that delivers a malware payload
4'864domainDomain that is used for botnet Command&control (C&C)
457md5_hashMD5 hash of a malware sample (payload)
364domainDomain name that delivers a malware payload
150domainDomain used for credit card skimming (usually related to Magecart attacks)
67sha1_hashSHA1 hash of a malware sample (payload)
39ip:portip:port combination that delivery a malware payload
17sha3_384_hashSHA3-384 hash of a malware sample (payload)