Statistics

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox within the past 14 days.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 30 days.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned for the past 30 days.

RankReporterLast activityCredits earnedSubmissions
1Twitter @drb_ra2024-06-14 680'62586'218
2Twitter @abuse_ch2024-06-15 653'530100'165
3Twitter @Gi7w0rm2024-06-13 223'22542'716
4Twitter @thehappydinoa2024-06-07 139'58523'398
5Twitter @Grim2024-06-14 67'85013'512
6Twitter @malpulse2024-06-15 35'4555'100
7Twitter @crep1x2024-06-13 33'3506'614
8Twitter @0xrb2024-06-03 27'4004'282
9Twitter @Rony2024-06-15 23'3454'158
10Twitter @500mk5002024-06-08 16'2753'195

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (past 14 days).

IOCsIOC TypeIOC description
2'638ip:portip:port combination that is used for botnet Command&control (C&C)
1'693domainDomain that is used for botnet Command&control (C&C)
1'078urlURL that is used for botnet Command&control (C&C)
393sha256_hashSHA256 hash of a malware sample (payload)
389sha1_hashSHA1 hash of a malware sample (payload)
387md5_hashMD5 hash of a malware sample (payload)
240urlURL that delivers a malware payload
113ip:portip:port combination that delivery a malware payload
38domainDomain name that delivers a malware payload

The statistics below consider indicators of compromise (IOCs) submitted to ThreatFox since it's launch in March 2021.

Number of IOCs shared


The chart below documents the number of indicators of compromise (IOCs) shared on ThreatFox per day over a period of 12 months.

Top Contributors


Threatfox is "just" a platform for sharing IOCs. It would be worthless without the help of volunteers who contribute their IOCs to the project. The table below shows the top contributors by credits earned.

RankReporterLast activityCredits earnedSubmissions
1 Cryptolaemus12024-05-27 4'307'075679'825
2 drb_ra2024-06-14 680'62586'218
3 abuse_ch2024-06-15 653'530100'165
4 Gi7w0rm2024-06-13 223'22542'716
5 lazyactivist1922024-01-17 148'74529'736
6 Virus_Deck2022-09-30 147'93029'150
7 thehappydinoa2024-06-07 139'58523'398
8 TheTallJohnBrown2024-03-14 129'11525'823
9 _CarlosCabal2022-06-09 107'96521'593
10 nickkuechel2023-11-04 99'50016'303

Top Malware Families

Top Tags

IOCs by type


IOCs on ThreatFox are categorized so called IOC types. The following table shows the number of IOCs observed on ThreatFox per IOC type (overall).

IOCsIOC TypeIOC description
717'689sha256_hashSHA256 hash of a malware sample (payload)
174'575urlURL that delivers a malware payload
137'803ip:portip:port combination that is used for botnet Command&control (C&C)
79'040urlURL that is used for botnet Command&control (C&C)
50'975domainDomain that is used for botnet Command&control (C&C)
26'065domainDomain name that delivers a malware payload
7'572md5_hashMD5 hash of a malware sample (payload)
4'887sha1_hashSHA1 hash of a malware sample (payload)
2'384ip:portip:port combination that delivery a malware payload
418domainDomain used for credit card skimming (usually related to Magecart attacks)
21sha3_384_hashSHA3-384 hash of a malware sample (payload)