Is thunderstore.io a scam?

Our automated security review marked thunderstore.io as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.

Is thunderstore.io safe to use?

thunderstore.io currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.

Does thunderstore.io have a valid SSL certificate?

Yes. thunderstore.io presents a valid TLSv1.3 certificate issued by Let's Encrypt · E7, expiring in 66 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

Has thunderstore.io been flagged by antivirus engines?

1 out of 92 antivirus engines in our malware network flagged thunderstore.io as malicious or suspicious (1 outright malicious). Even one detection is a meaningful signal.

Is thunderstore.io on any phishing or malware blacklists?

No. thunderstore.io is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is thunderstore.io hosted?

thunderstore.io resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the thunderstore.io report updated?

We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

SUSPICIOUS

Warning signs detected

Thunderstore is a real mod repository for Risk of Rain 2 and other games with occasional malware on subdomains. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Security Review

Is thunderstore.io legit or a scam?

Name: Is thunderstore.io legit or a scam?
Item: thunderstore.io
Rating: 3
Author: MalwareTips

Our verdict:Suspicious· 55/100

SafeSuspiciousDangerous

Thunderstore is a real mod repository for Risk of Rain 2 and other games with occasional malware on subdomains.

Top reasons

CRDF engine flagged the page as malicious.Malwarebytes reported malware on some subdomains such as valheim.thunderstore.io.No public business registration or ownership details found.

thunderstore.ioScanned 13d ago

Post Facebook

Trust score

SUSPICIOUS

Heuristics 39·MT 68

Category tags

mod repositorygaming75% MT confidence

Technical red flags (1)

1 of 92 engines flagged

Positive signals (3)

Not on major blacklists Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

0/92

Engines flagged this URL

Domain Age

—

Registration date unknown

MT Intelligence

Suspicious

Low likelihood · 75% confidence

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Low scam likelihoodengineMT · Guardiantrust68/100

MT AgentLive web researchVisual inspection

Confidence

The page is a fully functional, professional mod database with listings, downloads, and integration with mod managers like r2modman. Our antivirus network showed only a single flag from CRDF while browser blocklists remained clean. The evidence package confirms it is the official site with an active GitHub organization, yet Malwarebytes documented malware uploads to certain subdomains. Positive long-term user feedback appears on Reddit and Steam, though four complaints and no public business registration were also noted. The combination of a clean main domain with known subdomain risks makes the site usable but not risk-free.

Full dossier

Analysis complete

Page Content

The site presents itself as Thunderstore, a mod database for Risk of Rain 2 and 270+ other communities. It offers mod browsing, search filters, pinned popular packages, and links to Discord, GitHub, and the official app.

Infrastructure

Valid Let's Encrypt SSL, IP with very low abuse score, and clean browser blocklist status. One engine (CRDF) flagged the page as malicious while the remaining 91 engines did not.

Domain History

Official GitHub organization thunderstore-io exists with multiple public repositories. No WHOIS data was available in the scan.

Web Reputation

Users on Reddit and Steam report years of safe use. Malwarebytes flagged malware on some subdomains. independent review aggregator shows a modest 3.5/5 score from seven reviews.

Risk Factors

CRDF engine flagged the page as malicious.
Malwarebytes reported malware on some subdomains such as valheim.thunderstore.io.
No public business registration or ownership details found.

Positive Signals

Professional, fully rendered mod repository page with no scam indicators.
Clean browser blocklists and very low IP abuse score.
Active official GitHub organization and public status page.
Multiple years of positive user reports on Reddit and Steam.

AI Recommendation

Use the main thunderstore.io domain and the official Thunderstore app or r2modman. Always scan downloaded mods and avoid unknown subdomains.

Next-gen fraud intelligence

Evidence-backedCross-checked

Website Preview

LIVE RENDER

thunderstore.io

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

/ 100

No visual red flags

No scam visual patterns detected

The screenshot shows a fully rendered, professional mod repository page for Risk of Rain 2 with standard navigation, app promo, and mod listings. No scam indicators or suspicious elements are present.

Visual risk0/100

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for thunderstore.io, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration

No public record found

Could not match the site to a registered company — common for small sites.

Clone check

Not a clone

No well-known site's layout or branding detected here.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

1 scam report · 4 complaints · 2 positive

Key findings

7 headline facts from open-web research

thunderstore.io is described as a mod database and API for downloading mods for games like Risk of Rain 2, Lethal Company, Valheim.
Official GitHub organization: thunderstore-io with multiple repositories including the main Thunderstore project.
Malwarebytes has blocked subdomain valheim.thunderstore.io due to association with a Trojan; notes malware sometimes uploaded to subdomains.
Reddit and Steam users report using the platform and mods for 1-2+ years with no issues, comparing it favorably to Nexus Mods.
Integrates with r2modman mod manager (over 9.9 million downloads) and Overwolf Thunderstore Mod Manager app.
Has a public status page (thunderstore.statuspage.io) showing operational services and a wiki for common issues.
Trustpilot lists thunderstore.io with 7 reviews and average TrustScore of 3.5/5; categorized under software/gaming services in the US.

Scam reports (1)

Direct quotes from public scam databases, forums, and news.

Malwarebytesopen
"thunderstore.io is a mod database and API for downloading Risk of Rain 2 mods. Sometimes malware gets uploaded to some subdomains."

Positive reviews (2)

Quotes indicating the site is legitimate.

Reddit r/lethalcompanyopen
"Thunderstore is safe to use, like nexus but for unity games."
Steam Communityopen
"I've been using thunder store for 2 years now with no issues."

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

Malwarebytes documented that malware sometimes appears on subdomains. Reddit and Steam users describe the platform as safe and comparable to Nexus Mods after 1-2 years of use. No business registration records were located. Four complaints were noted alongside a modest independent review aggregator score.

Antivirus Engines

Detection matrix · live

1 engine flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

1Malicious0Suspicious59Harmless92Engines

of 92

CRDF

Malicious· malicious

1 antivirus engine flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbers9911155

Postal addressNot listed

Linked social profiles3

Signal Summary

Contact details look reasonable

No contact email found anywhere on the page.
No postal address visible on the page.

Phone number listed (9911155).
Links to 4 social profiles.

Domain & Encryption

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerLet's Encrypt · E7

ExpiresJul 29, 2026 (66d)

Self-signedNo

Hosting & Technology

HostingCloudflare, Inc.

Server locationUS

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file1

ISPCloudflare, Inc.

Usage typeContent Delivery Network

Proceed with caution

Our automated review flagged enough risk that you should treat this site as unverified.

Treat thunderstore.io as unverified
Do not enter credentials or send money until you have independently verified the business.
Verify the business through independent channels
Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.
Never use irreversible payment methods
Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.
Share your experience
If you have additional context, drop a comment below or post on the MalwareTips forum.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

VirusTotal

ListedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

s.nitropay.com github.com discord.gg

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

Our automated security review marked thunderstore.io as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.

Final Verdict

Trust / 100

Final Verdict·thunderstore.io

SUSPICIOUS

Thunderstore.io is a legitimate mod database and API for games like Risk of Rain 2. One antivirus engine flagged it and Malwarebytes noted malware on some subdomains, but user reports are mostly positive. Download mods only from the main site and scan files.

Use the main thunderstore.io domain and the official Thunderstore app or r2modman. Always scan downloaded mods and avoid unknown subdomains.

AV engines

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Suspicious reports

thiswebsitewillscamyou.com

7h ago

Read the review

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

Scanned by

JackStaff

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.