ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://185.246.220.60/project/five/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1102562
IOC:	http://185.246.220.60/project/five/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS44477 UNKNOWN
Country:	MD
First seen:	2023-04-12 09:06:35 UTC
Last seen:	never
UUID:	532dae59-d911-11ed-8380-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2023-04-13 07:15:12	9ae2652b21aec0fc4943c65aca9d962365cee932c8047b7ab59cfd88bebbeea4
2023-04-12 13:05:59	3b443a4340a31c409a64a8e7e28ae42e2837290c2ff387643b122d5cf8cfdddc
2023-04-12 12:06:49	0f499eaeeba3237aedfb784cf65c67ef9aae645ab0d4153cb6af1289e37040d7
2023-04-12 09:06:37	79866667d5cd578a1c6eda54a748ff9d316fff39064eecd282bc2a9ad8a5ac7d