ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://164.90.194.235/?id=61609117220942652.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	390273
IOC:	http://164.90.194.235/?id=61609117220942652
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS14061 DIGITALOCEAN-ASN
Country:	US
First seen:	2022-02-23 10:06:57 UTC
Last seen:	never
UUID:	55b40710-9490-11ec-a022-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-02-24 08:50:15	9b32c7bab515a968de59b05494701600fb0fac369e11169297713dc30b552491
2022-02-24 06:55:26	d47ae4f4dc0c0b8381f7f13bb64c4cf2c04751790763da3777ab99f75a6521b5
2022-02-23 14:26:50	f403386f84b822b26940b212a22960d9af08e355049f36d7ea6cc7d25199e703
2022-02-23 14:21:35	bdb1b580d5c5de031987c03e9004d912182d5c448fc4e8706454eb57b5a25ba7
2022-02-23 10:07:01	867cc6b16acccdbd82eefed418021568f5d527aa0075dab423bc760b3adc18e8