ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://178.128.244.245/search.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	293522
IOC:	http://178.128.244.245/search.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS14061 DIGITALOCEAN-ASN
Country:	US
First seen:	2022-01-11 03:55:49 UTC
Last seen:	never
UUID:	5d17d35b-7292-11ec-8ab6-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-01-11 21:05:26	7810cf2bce5b5213338a5da89dbb64f0bfc49e12683e3fa42a43b409c3455760
2022-01-11 07:35:50	2a174288b1de8817794579bc2dc242e3e779667f9c8e3d31c50097392928b28d
2022-01-11 06:45:57	25bb0049ff989eaf2e578dd5f0b088bb9e57fc90c0c5ea76a587faa1d7e3a774
2022-01-11 03:55:52	10c32b7b14e3f8bd33f03dc6951d6756304d484fdf76b24abd5da0e62b20f363