ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://185.227.139.5/sxisodifntose.php/w3WdjHBMG5lDq.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	172492
IOC:	http://185.227.139.5/sxisodifntose.php/w3WdjHBMG5lDq
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS48011 DigiTurunc
Country:	TR
First seen:	2021-08-11 22:32:10 UTC
Last seen:	never
UUID:	f77f8633-faf3-11eb-830d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2021-08-12 06:42:10	c448169380e81c58f9468dfc7ffe85622b8e01d1b1b9cb66dabb7be265cd5306
2021-08-12 02:02:26	ac4a470326858948bd6e8d28e2d8b0751b3b0ff61e882501bec8e434714d9a3e
2021-08-11 22:32:13	11641171be559d99044f4d62bfbb517de3c0981758f98998a57345b93b01dd1e