URLhaus Database

You are currently viewing the URLhaus database entry for https://gal-lom.com/rr/?1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2634867
URL: https://gal-lom.com/rr/?1
URL Status:Offline
Host: gal-lom.com
Date added:2023-05-16 21:55:08 UTC
Last online:2023-05-18 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-05-16 21:55:51 UTC to abuse{at}tierpoint[dot]com)
Takedown time:1 day, 23 hours, 17 minutes Poor (down since 2023-05-18 21:12:57 UTC)
Tags:BB28 geofenced GuLoader link js Qakbot link qbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-05-18Qrocf.jsjs 1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffcVirustotal results 13.33%
2023-05-18Waoczds.jsjs c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021aVirustotal results 28.07% 
2023-05-18Upqtbebs.jsjs 76443e093ed6d6e3961cb5f9bbd546bab2d05f6bc2536c5744dc86f7a769bea8Virustotal results 30.51% 
2023-05-18Kgyes.jsjs 647ee07a0575b2f9a5e5347e8b1a721097cf16ab792e13052e8b077ba7ec1040n/a 
2023-05-18Thwfjrew.jsjs f0071ab8efac63f43a57e5ce10cebfd8f2d18f0b8df63002a484d4acdc24b4dfn/a Quakbot
2023-05-18Nowje.jsjs 16fe8055701bf9e829e70c4811b31fc75aec4d03582697ab493fd530e84ac6cdn/a Quakbot
2023-05-18Eoftip.jsjs 3938ff8a3f26ca0c121f461afcbf7394844e31d1fb9e68757fd98de2a4b3238bVirustotal results 23.08% 
2023-05-18Mtzjlslz.jsjs de678b4a37c6c15a808f0289a0185302b696546ff234a9c180ca99ac8bb1f313n/a GuLoader
2023-05-18Wmleyyyw.jsjs 64b83f23408d2a7227fa4c862e4bafcc65ec650c57113690f264fd64d4b9bfceVirustotal results 27.12% Quakbot
2023-05-18Rooqut.jsjs dd49f4bd134e3d669ea1daeb866bffdb27dd69e46b07dfc3b04758e718b40700n/a Quakbot
2023-05-18Avlrruzg.jsjs 41a9ac47a4429134ce75e112f1d067da61f8dc65ee77cd9e494c9434cf179f12Virustotal results 30.51% Quakbot
2023-05-18Hrnhoi.jsjs cb2b2c5c8e0ff33bbc082310f5ad09305fb6f7b7e6d660efa2c02393341d6fd3n/a 
2023-05-17Xztduw.jsjs 783e0a457afb1237e0956e6ff847bfcdb49ee23036f51b4621b534f54d67112cn/a Quakbot
2023-05-17Ksyupeo.jsjs 81d46bf6cc71d927906bc2a9ae29103ed6a1d3f01599e9736dd016267c874521Virustotal results 11.86% Quakbot
2023-05-17Ntgscsdx.jsjs a1f08963f5715bb8830f2ea036c6be1f8a5f34bc8a6bc799c36611f79e54b14dn/a Quakbot
2023-05-17Dfqbhxmk.jsjs 6f741f3bd19d3433e0618cd31b85f73aa09fb1dfe670c9e5a8e0ec01cf274495n/a Quakbot
2023-05-17Mfykxkt.jsjs 43f0a123b00abe19f1412b6fff2944e5bf4436a2ba20e3493ba9708ee5088c8bn/a Quakbot
2023-05-17Feztc.jsjs db756aef0c52e6f31a7cb628eefe67b0cc7d656427dd2d71c87ecce62165b562n/a Quakbot
2023-05-17Bqbqwy.jsjs 06dd122c870dc0c7017a3d844d474cac844248b64634c6d44fc0628a7c9bb97en/a Quakbot
2023-05-17Zluyxy.jsjs f78a63f27826956c5253654ad7feca2d467dbe866a39025e9e77f2b785352b4bn/a Quakbot
2023-05-17Dtagdyyv.jsjs 9842bcf9023fe4467105ef8d09e9fe1fb1196ba358a6771739b73b453a1a38c5n/a Quakbot
2023-05-17Gzsq.jsjs 50edeb7a880195317181c254c78ba7c928fce26f93b550f7669a68bfdf94b1afn/a Quakbot
2023-05-17Phwckzim.jsjs 7eec7c061f14c3d8f383059d48b7b700910197e3369a01c9f308689358c637e1n/a Quakbot
2023-05-17Lezwv.jsjs a36bfe0843189babac67ac91f96b482bb32b943aace5844fd6c752c05dbe2b81n/a Quakbot
2023-05-17Asfurah.jsjs 7d04ca2cc7fd33cbb4dcb810d697bf738c84d92ae5bca7c901c5eff209e09236n/a Quakbot
2023-05-17Mxelk.jsjs 01791b6240307696b72f80a5545061236310c90e1b4910d174d505b68f50a07an/a Quakbot
2023-05-16Xjuvkrds.jsjs 54cae62dd8ee382c4a37db17c63afb2ddbe4fb558ba057c63584dfc61ce7a8e9n/a