ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://91.92.243.254/password/five/fre.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1744554
IOC: http://91.92.243.254/password/five/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS202412 OMEGATECH-AS
Country:- GB
First seen:2026-02-11 09:00:51 UTC
Last seen:never
UUID:2a968eb3-0728-11f1-a068-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:LokiBot
Reference: https://bazaar.abuse.ch/sample/6f9d54ef5d053a976a180e0b24d35b54992acc9c65443ca11951c28222cd5afc/

Avatar
abuse_ch
lokibot (aka Burkina,Loki,LokiBot,LokiPWS) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2026-02-17 17:25:09 c6df74426be4447e6956ec541c65e8a3dbd7136fb86c1a173ef336110d985c22
2026-02-17 16:35:06 a80c12e9918e846ee99c8aed69c882e7a2587712300519099b538e73adf74e1a