ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://galandskiyher1.com:80/.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-04-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 1150059 |
|---|---|
| IOC: | http://galandskiyher1.com:80/ |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Raccoon |
| Malware alias: | Mohazo, RaccoonStealer, Racealer, Racoon |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| First seen: | 2023-08-15 06:52:47 UTC |
| Last seen: | never |
| UUID: | 57c4093b-3b38-11ee-8c7f-42010aa4000a |
| Reporter |  NexusFuzzy |
| Reward | 5 credits from ThreatFox |
| Tags: | raccoon |
NexusFuzzy
{"libs_nss3": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll",
"libs_msvcp140": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll",
"libs_vcruntime140": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll",
"libs_mozglue": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll",
"libs_freebl3": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll",
"libs_softokn3": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll",
"ews_meta_e": "ejbalbakoplchlghecdalmeeeajnimhm;MetaMask;Local Extension Settings",
"ews_tronl": "ibnejdfjmmkpcnlpebklmnkoeoihofec;TronLink;Local Extension Settings",
"libs_sqlite3": "http://galandskiyher1.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll",
"ews_bsc": "fhbohimaelbohpjbbldcngcnapndodjp;BinanceChain;Local Extension Settings",
"ews_ronin": "fnjhmkhhmkbjkkabndcnnogagogbneec;Ronin;Local Extension Settings",
"wlts_exodus": "Exodus;26;exodus;*;*partitio*,*cache*,*dictionar*",
"wlts_atomic": "Atomic;26;atomic;*;*cache*,*IndexedDB*",
"wlts_jaxxl": "JaxxLiberty;26;com.liberty.jaxx;*;*cache*",
"wlts_binance": "Binance;26;Binance;*app-store.*,*.fp;-",
"wlts_coinomi": "Coinomi;28;Coinomi\\Coinomi\\wallets;*;-",
"wlts_electrum": "Electrum;26;Electrum\\wallets;*;-",
"wlts_elecltc": "Electrum-LTC;26;Electrum-LTC\\wallets;*;-",
"wlts_elecbch": "ElectronCash;26;ElectronCash\\wallets;*;-",
"wlts_guarda": "Guarda;26;Guarda;*;*cache*,*IndexedDB*",
"wlts_green": "BlockstreamGreen;28;Blockstream\\Green;*;cache,gdk,*logs*",
"wlts_ledger": "Ledger Live;26;Ledger Live;*;*cache*,*dictionar*,*sqlite*",
"ews_ronin_e": "kjmoohlgokccodicjjfebfomlbljgfhk;Ronin;Local Extension Settings",
"ews_meta": "nkbihfbeogaeaoehlefnkodbefgpgknn;MetaMask;Local Extension Settings",
"sstmnfo_System Info.txt": "System Information: ",
"|Installed applications": "",
"wlts_daedalus": "Daedalus;26;Daedalus Mainnet;*;log*,*cache,chain,dictionar*",
"wlts_mymonero": "MyMonero;26;MyMonero;*;*cache*",
"wlts_xmr": "Monero;5;Monero\\\\wallets;*.keys;-",
"wlts_wasabi": "Wasabi;26;WalletWasabi\\\\Client;*;*tor*,*log*",
"ews_metax": "mcohilncbfahbmgdjkbpemcciiolgcge;MetaX;Local Extension Settings",
"ews_xdefi": "hmeobnfnfcmdkdcmlblgagmfpfboieaf;XDEFI;IndexedDB",
"ews_waveskeeper": "lpilbniiabackdjcionkobglmddfbcjo;WavesKeeper;Local Extension Settings",
"ews_solflare": "bhhhlbepdkbapadjdnnojkbgioiodbic;Solflare;Local Extension Settings",
"ews_rabby": "acmacodkjbdgmoleebolmdjonilkdbch;Rabby;Local Extension Settings",
"ews_cyano": "dkdedlpgdmmkkfjabffeganieamfklkm;CyanoWallet;Local Extension Settings",
"ews_coinbase": "hnfanknocfeofbddgcijnmhnfnkdnaad;Coinbase;IndexedDB",
"ews_auromina": "cnmamaachppnkjgnildpdmkaakejnhae;AuroWallet;Local Extension Settings",
"ews_khc": "hcflpincpppdclinealmandijcmnkbgn;KHC;Local Extension Settings",
"ews_tezbox": "mnfifefkajgofkcjkemidiaecocnkjeh;TezBox;Local Extension Settings",
"ews_coin98": "aeachknmefphepccionboohckonoeemg;Coin98;Local Extension Settings",
"ews_temple": "ookjlbkiijinhpmnjffcofjonbfbgaoc;Temple;Local Extension Settings",
"ews_iconex": "flpiciilemghbmfalicajoolhkkenfel;ICONex;Local Extension Settings",
"ews_sollet": "fhmfendgdocmcbmfikdcogofphimnkno;Sollet;Local Extension Settings",
"ews_clover": "nhnkbkgjikgcigadomkphalanndcapjk;CloverWallet;Local Extension Settings",
"ews_polymesh": "jojhfeoedkpkglbfimdfabpdfjaoolaf;PolymeshWallet;Local Extension Settings",
"ews_neoline": "cphhlgmgameodnhkjdmkpanlelnlohao;NeoLine;Local Extension Settings",
"ews_keplr": "dmkamcknogkgcdfhhbddcghachkejeap;Keplr;Local Extension Settings",
"ews_terra_e": "ajkhoeiiokighlmdnlakpjfoobnjinie;TerraStation;Local Extension Settings",
"ews_terra": "aiifbnbfobpmeekipheeijimdpnlpgpp;TerraStation;Local Extension Settings",
"ews_liquality": "kpfopkelmapcoipemfendmdcghnegimn;Liquality;Local Extension Settings",
"ews_saturn": "nkddgncdjgjfcddamfgcmfnlhccnimig;SaturnWallet;Local Extension Settings",
"ews_guild": "nanjmdknhkinifnkgdcggcfnhdaammmj;GuildWallet;Local Extension Settings",
"ews_phantom": "bfnaelmomeimhlpmgjnjophhpkkoljpa;Phantom;Local Extension Settings",
"ews_tronlink": "ibnejdfjmmkpcnlpebklmnkoeoihofec;TronLink;Local Extension Settings",
"ews_brave": "odbfpeeihdkbihmopkbjmoonfanlbfcl;Brave;Local Extension Settings",
"ews_mewcx": "nlbmnnijcnlegkjjpcfjclmcfggfefdm;MEW_CX;Sync Extension Settings",
"ews_ton": "nphplpgoakhhjchkkhmiggakijnkhfnd;TON;Local Extension Settings",
"ews_goby": "jnkelfanjkeadonecabehalmbgpfodjm;Goby;Local Extension Settings",
"ews_ton_ex": "nphplpgoakhhjchkkhmiggakijnkhfnd;TON;Local Extension Settings",
"ews_Cosmostation": "fpkhgmpbidmiogeglndfbkegfdlnajnf;Cosmostation;Local Extension Settings",
"ews_bitkeep": "jiidiaalihmmhddjgbnbgdfflelocpak;BitKeep;Local Extension Settings",
"ews_stargazer": "pgiaagfkgcbnmiiolekcfmljdagdhlcm;Stargazer;Local Extension Settings",
"ews_clv": "nhnkbkgjikgcigadomkphalanndcapjk;CloverWallet;Local Extension Settings",
"ews_jaxxlibertyext": "cjelfplplebdjjenllpjcblmjkfcffne;JaxxLibertyExtension;Local Extension Settings",
"ews_enkrypt": "kkpllkodjeloidieedojogacfhpaihoh;Enkrypt;Local Extension Settings",
"ews_gamestop": "pkkjjapmlcncipeecdmlhaipahfdphkd;GameStop Wallet;Local Extension Settings",
"ews_xds": "aholpfdialjgjfhomihkjbmgjidlcdno;Exodus Web3 Wallet;Local Extension Settings",
"xtntns_authenticatorcc": "bhghoamapcdpbohphigoooaddinpkbai;Authenticator.cc;Sync Extension Settings",
"xtntns_keepassxc_browser": "oboonakemofpalcgghocfoadofidjkkk;KeePassXC Browser;Local Extension Settings",
"xtntns_keepassTusk": "fmhmiaejopepamlcjkncpgpdjichnecm;KeePass Tusk;Local Extension Settings",
"xtntns_bitwardenEx": "nngceckbapebfimnlniiiahkandclblb;Bitwarden;Local Extension Settings",
"xtntns_microsoftAfL": "fiedbfgcleddlbcmgdigjgdfcggjcion;Microsoft Autofill Local;Local Extension Settings",
"xtntns_microsoftAfS": "fiedbfgcleddlbcmgdigjgdfcggjcion;Microsoft Autofill Sync;Sync Extension Settings",
"ews_martian": "efbglgofoippbgcjepnhiblaibcnclgk;Martian Aptos;Local Extension Settings",
"ews_braavos_c": "jnlgamecbpmbajjfhmmmlhejkemejdma;Braavos;Local Extension Settings",
"ews_okx_c": "mcohilncbfahbmgdjkbpemcciiolgcge;OKX;Local Extension Settings",
"ews_pontem_c": "phkbamefinggmakgklpkljjmgibohnba;Pontem Aptos;Local Extension Settings",
"ews_sender_c": "epapihdplajcdnnkdeiahlgigofloibg;SenderWallet;Local Extension Settings",
"ews_hashpack_c": "gjagmgiddbbciopjhllkdnddhcglnemk;Hashpack;Local Extension Settings",
"ews_ever_c": "cgeeodpfagjceefieflmdfphplkenlfk;EVER;Local Extension Settings",
"ews_finnie_c": "cjmkndjhnagcfbpiemnkdpomccnjblmj;Finnie;Local Extension Settings",
"ews_leap_terra_c": "aijcbedoijmgnlmjeegjaglmepbmpkpi;LeapTerra;Local Extension Settings",
"ews_petra_atos_c": "ejjladinnckdgjemekebdpeokbikhfci;Petra Aptos;Local Extension Settings",
"ews_eternl_c": "kmhcihpebfmpgmihbkipmjlmmioameka;Eternl;Local Extension Settings",
"ews_gero_wlt_c": "bgpipimickeadkjlklgciifhnalhdjhe;GeroWallet;Local Extension Settings",
"ews_Nami": "lpfcbjknijpeeillifnkikgncikgfhdo;Nami Wallet;Local Extension Settings",
"ews_slope": "pocmplpaccanhmnllbbkpgfliimjljgo;Slope Wallet;Local Extension Settings",
"ews_trust": "egjidjbpglichdcondbcbdnbeeppgdph;Trust Wallet Extension;Local Extension Settings",
"ews_safepalext": "lgmpcpglpngdoalbgeoldeajfclnhafa;Safepal Extension;Local Extension Settings",
"token": "",
"botnet_id": "c610d498a9c34173052f3f4fcea051af",
"c2": "http://galandskiyher1.com:80/",
"reference": null
}