ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://checkvim.com/ga4/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-14 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	202107
IOC:	http://checkvim.com/ga4/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS14618 AMAZON-AES
Country:	US
First seen:	2021-08-30 01:01:44 UTC
Last seen:	never
UUID:	d84ba052-092d-11ec-830d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2021-08-30 04:16:43	bb1eb1ec38360dbdd93d45378001cdb85eb851e4cf07ed319fdc05cfbdfe4385
2021-08-30 03:22:03	c052e01ae221afc96980201ad33ce3a0397d718b8e14383c5d1cd13b8ab02fcd
2021-08-30 01:47:07	2c871304d7cf89be426d8e55c09d7139aa127c755e304551b30bf3df9fad4943
2021-08-30 01:01:48	7c5244658642c7dd2e49903d6332a2e732ed8df98c498776bb3015814b9556b8