ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://fantogrosic.duckdns.org/wp-admin/contents/fre.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1660689
IOC: http://fantogrosic.duckdns.org/wp-admin/contents/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is high (100%)
ASN:AS27323 SERVERSTADIUM
Country:- US
First seen:2025-11-28 17:20:03 UTC
Last seen:never
UUID:7a3ee4cd-cc7e-11f0-a341-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-11-28 17:20:11 2ee04de97c5bf6af7ba600804ea315a3598696270693cc1104bc7f6df7fdc55d
2025-11-28 17:20:07 3ba90a8a015b4d1fb782b75512d710d0d3b560be39040e01bd0de2157ff140f1