ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://85.31.47.84/adsafref/Panel/five/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1394908
IOC:	http://85.31.47.84/adsafref/Panel/five/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS401116 NYBULA
Country:	US
First seen:	2025-01-27 10:50:21 UTC
Last seen:	never
UUID:	818e555c-dc9c-11ef-a65d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2025-01-28 04:55:14	6ecc82c2ba384129c19d83312baa7ccff19011a013b16f2459b29865484bfcab
2025-01-28 01:35:16	da32c24a460cc7a3134f189037333434ae1160aa97121b85a938060d1dbd1be8
2025-01-27 12:55:22	685a8fcb7894acbd04b96b69651870187dd9539a959a5b363522ce74b9ff741e
2025-01-27 11:55:21	82dc89757479317dcf084448dd8411b1503442fbcb30589d0f3dbd97d5762c59
2025-01-27 11:50:23	644c4d8e1df0f7ae73497d7d5f94ce806e54b611b2ca60cf28ea0a695b28f2d3
2025-01-27 10:55:26	a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc90a42053d454cfc671c7
2025-01-27 10:50:23	f1f5ca357c3c67ee391971f3dee3136ca140f5d0e905237837427d4bd287e797