ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://198.187.30.47/p.php?id=1128716100238392.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 838643 |
|---|---|
| IOC: | http://198.187.30.47/p.php?id=1128716100238392 |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Loki Password Stealer (PWS) |
| Malware alias: | Burkina, Loki, LokiBot, LokiPWS |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS22612 NAMECHEAP-NET |
| Country: |  US |
| First seen: | 2022-07-19 05:16:37 UTC |
| Last seen: | never |
| UUID: | f6f58aab-0721-11ed-a0e7-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | Loki LokiBot LokiPWS |
| Reference: | https://tria.ge/220719-fsgpzacbhn |
AndreGironda
MITRE T1566.001Date: Mon, 18 Jul 2022 21:30-22:00 -0700
Received: from se1e-lax1.servconfig.com (173.231.224.5)
MIME-Version: 1.0
From: Simo Trading Ltd <alabbas@simotrade.hu>
To: Microsoft Outlook <user@domain.com>
Subject: ORDER INQUIRY & OUR COMPANY OVERVIEW
Reply-To: alabbas@simotrade.hu
User-Agent: Roundcube Webmail/1.4.12
Message-ID: <d78f8c6d4a579ff0b1f4a1d8ecfcb3bf@simotrade.hu>
X-Sender: alabbas@simotrade.hu
X-Priority: 2 (High)
Content-Type: multipart/mixed; boundary="=_b6d0ad7871ab53286e5e9b86a50cabb3"
Return-Path: alabbas@simotrade.hu
Attachment Name: ORDER INQUIRY_PDF.z
7-Zip SHA256: 8ef45b38d8e7961ba6bcf1672629c4ec28de6f19cc5c8086cfaa1b71a4b78f42
Unzipped Executable Name: G6kbXn2Vosgy9Us.exe
Executable SHA256: a96432be55773a8be471a30c0cdf2e8dcdf470db1d1c85ae75ccbd14d6ef0009
LokiPWS Unpacked Executable SHA256: 0b32b02d95c1d896d166329bc7d27074336caef65c67417a463718cee7eee419