Statistics

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox within the past 14 days.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 30 days.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned for the past 30 days.

RankReporterLasta activityCredits earnedSubmissions
1Twitter @Sergiopd972021-04-14 265'920529
2Twitter @abuse_ch2021-04-14 112'1804'353
3Twitter @Virus_Deck2021-04-14 32'2752'666
4Twitter @ffforward2021-04-14 7'08050
5Twitter @pmmkowalczyk2021-04-14 6'005161
6Twitter @Thra_n2021-04-02 5'17545
7Twitter @swagdripdrip2021-04-14 23522
8Twitter @_hexcat2021-04-05 152
9Twitter @erdbaerkuchen2021-04-08 00
10Twitter @t4il5p1n2021-04-02 00

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (past 14 days).

IOCsIOC TypeIOC description
1'038sha256_hashSHA256 hash of a malware sample (payload)
269ip:portip:port combination that is used for botnet Command&control (C&C)
204urlURL that is used for botnet Command&control (C&C)
74domainDomain that is used for botnet Command&control (C&C)
22domainDomain used for credit card skimming (usually related to Magecart attacks)
19md5_hashMD5 hash of a malware sample (payload)
1urlURL that delivers a malware payload

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox since it's launch in March 2021.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 12 months.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned.

RankReporterLast activityCredits earnedSubmissions
1Twitter @Sergiopd972021-04-14 265'920529
2Twitter @MSteve252021-03-31 169'765253
3Twitter @abuse_ch2021-04-14 112'1804'353
4Twitter @Virus_Deck2021-04-14 32'2752'666
5Twitter @d4rksystem2021-01-24 8'100131
6Twitter @ffforward2021-04-14 7'08050
7Twitter @n4do52021-03-11 6'63012
8Twitter @pmmkowalczyk2021-04-14 6'005161
9Twitter @Thra_n2021-04-02 5'17545
10Twitter @r0ny_1232021-03-29 3'47061

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (overall).

IOCsIOC TypeIOC description
2'708sha256_hashSHA256 hash of a malware sample (payload)
2'273ip:portip:port combination that is used for botnet Command&control (C&C)
1'397urlURL that is used for botnet Command&control (C&C)
748domainDomain that is used for botnet Command&control (C&C)
305urlURL that delivers a malware payload
128domainDomain used for credit card skimming (usually related to Magecart attacks)
126md5_hashMD5 hash of a malware sample (payload)
84domainDomain name that delivers a malware payload
37ip:portip:port combination that delivery a malware payload
31sha1_hashSHA1 hash of a malware sample (payload)