ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://128.199.46.58/~hgyf/?search=5fbc60a5616cd4b45654929504981815.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-26 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	375427
IOC:	http://128.199.46.58/~hgyf/?search=5fbc60a5616cd4b45654929504981815
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS14061 DIGITALOCEAN-ASN
Country:	US
First seen:	2022-02-02 05:56:43 UTC
Last seen:	never
UUID:	e5d3fdb0-83ec-11ec-a824-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-02-06 08:29:43	13947b2724583f8c59baaaf703ab547b83b5781d54b16b991b1cd0841ef6b52b
2022-02-06 08:29:42	be8a60534d2da76da0afedf764981f793d795871b8547ac82127a585d6f20ad9
2022-02-06 08:29:41	96d24ecb1f16f686d133671714dbfb0bbf672ef3b8b51e4ad3c045d00c9b33db
2022-02-02 11:11:46	e381c16b6ea4e3d809cb3e2099a1b63f8d804a61e3442d9a0b72b71dca2c042a
2022-02-02 06:11:40	2d21da0983f30e00a2c213a0a022eb230ab69262fb2b13cf07b1eb1fc74ffb04
2022-02-02 05:56:45	e32aa4d98e0e8a46c4a17b5bce1b59842a31ba0b9b105cb2a51e006cdae4f412