ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://secure01-redirect.net/gd4/fre.php.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-26 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 384838 |
|---|---|
| IOC: | http://secure01-redirect.net/gd4/fre.php |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Loki Password Stealer (PWS) |
| Malware alias: | Burkina, Loki, LokiBot, LokiPWS |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS16509 AMAZON-02 |
| Country: |  US |
| First seen: | 2022-02-10 04:03:52 UTC |
| Last seen: | never |
| UUID: | 75264f7a-8a26-11ec-a022-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | LokiBot |
| Reference: | https://tria.ge/220210-ea546sdbcn |
AndreGironda
MITRE T1566.001Date: Thu, 10 Feb 2022 02:00-02:30 +0100
Received: from smtp1.cloud4africa.net (164.160.32.62)
MIME-Version: 1.0
From: HSD ENGINE <sales1@hsdengine.com>
To: undisclosed-recipients:;
Subject: DD QUOTATION FOR MV. CHIANG LAAN TRADER
User-Agent: Roundcube Webmail/1.4.12
Message-ID: <61568d69a3da7ec1058cfbe9885ba72e@hsdengine.com>
X-Sender: sales1@hsdengine.com
Return-Receipt-To: HSD ENGINE <sales1@hsdengine.com>
Disposition-Notification-To: HSD ENGINE <sales1@hsdengine.com>
Content-Type: multipart/mixed; boundary="=_2688cc86300b2d376e914ccb452f5960"
X-Get-Message-Sender-Via: cp02.hosting.cloud4africa.net: authenticated_id: eric.gnimadi@datavillage.ci
X-Authenticated-Sender: cp02.hosting.cloud4africa.net: eric.gnimadi@datavillage.ci
Return-Path: sales1@hsdengine.com
Attachment Name: Quotation Forms_MV. CHIANG LAAN TRADER.xlsx
Maldoc SHA256: b1f0960e3e9d4403b124a495b0bbfa3242c8bf85dbc68c58905d79df70e26ea5
Stage URL: hXXp://103[.]170.255.45/windowSSH/.csrss[.]exe
Stage Executable SHA256: ff305461502bed4b1ad74954c2e2a0d8377b46b7aaa82207a57f7b5163f1b584
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).