ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://www.sarele.com/tafari/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1332975
IOC:	http://www.sarele.com/tafari/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
Is compromised? :	False
ASN:	AS14618 AMAZON-AES
Country:	US
First seen:	2024-10-02 16:30:16 UTC
Last seen:	2025-08-17 10:00:03 UTC
UUID:	0de1afd6-80da-11ef-894b-42010aa4000a
Reporter	Gi7w0rm
Reward	5 credits from ThreatFox

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2025-08-17 13:10:08	a6b900dcbb2442e88f0832c13a8cd8048e84ff029e93451c5c6b9ae32b690e25
2025-08-17 12:40:07	6655debfccbdb40072c79ce8a51934684c4c7694b291a18baf30435148936c96
2025-08-17 10:50:05	af318d89f50805734d4c7b8eb5237432bb50c0eabe577c3a7c66ad8ef1f91f29
2025-08-17 10:00:09	9ddcd3d010e5b9062b6f68edbe33e55631a1829a15044d0eabf3e4d7e92366fb