ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://94.156.177.41/ugop/five/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-13 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1526285
IOC:	http://94.156.177.41/ugop/five/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS214943 RAILNET
Country:	US
First seen:	2025-05-20 03:55:15 UTC
Last seen:	never
UUID:	3c9c41d2-352e-11f0-90ee-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2025-05-21 03:25:11	a6c286bfeda980d98802ccdc481d8e0d22ef3d3a302cf6febbc206069a64f821
2025-05-21 03:10:11	605acd8daeed0286629f52eab2267a433f3dfc9f4c3127a94881b96fbf389d97
2025-05-20 16:10:23	5e983a7357b431f6b43774024041e6bff410734e1ed8705de7032e3b5cf9f5ff
2025-05-20 15:17:55	6d893d39aa7cbad71156fbede1b15173ea68bcf53cc6aba1d0018270320b56f8
2025-05-20 07:55:22	e81120da828bfc636cb5cadb20a4e5418bfd3c66b8211a30510d686c8bb02bc5
2025-05-20 03:55:18	d4fadd4ee8d3864f9a07149decba872260789b39654db894c95ea23e16ede112