Gl-search.com
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 17,039 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 2,988 |
| First Seen: | February 5, 2018 |
| Last Seen: | August 1, 2023 |
| OS(es) Affected: | Windows |
The Gl-search.com domain appears to host a seemingly legitimate search service. However, the Gl-search.com domain is associated with a browser hijacker program. The first reports of questionable activity connected to Gl-search.com were received in the last week of January 2018. Computer security researchers reported that Gl-search.com is registered to the 104.28.19.218 IP address that is recognized as a source of various Trojans and pirated software through 2017. The Gl-search.com browser hijacker may enter computers via game cracks, illegally obtained shareware and free software packages.
The Gl-search.com browser hijacker is observed to change the default new tab, start page and search provider in Google Chrome, Mozilla Firefox and Internet Explorer. Lab tests reveled that the browser hijacker at hand might add the URL h[tt]p://gl-search[.]com/popup.php?id=twptle2tz to the shortcuts of popular Internet browsers. The new tabs powered by Gl-search.com featured the titled 'Search Engine' and mimic the style of the default new tab page in Google Chrome. However, the Gl-search.com browser hijacker does not let users make modifications to the quick dial thumbnails and access the 'Apps' menu. The Gl-search.com search aggregator is stated to be powered by a custom Google search (Cse.google.com/cse), but we found that PC users are shown irrelevant results and have no options to sort the sites found by Gl-search.com. Additionally, the 'Images,' 'Videos' and 'Maps' tabs on Gl-search.com trigger new tabs which load the Google Image search, YouTube and Google Maps. We advise against using the Gl-search.com site for your daily activities. PC users who are infected with the Gl-search.com browser hijacker may want to run a scan with a trusted anti-malware solution and have it removed. Web surfers may experience the security notifications from Web filtering services while under the influence of the Gl-search.com browser hijacker. We have seen security vendors use the following detection names when traffic to the 104.28.19.218 IP address is detected:
- HTML.JS.AA
- HTML/Phishing.Google.J
- HTML:Phishing-XL [Phish]
- JS.Phishing.5
- Js.Phish.Gen!c
- MSIL/Immirat.H
- Riskware ( 0040eff71 )
- Trojan-PSW.HTML.AccPhish.b
- Trojan.Script.Finisher.ehnjoq
- Virus:Win32/Ramnit.B
URLs
Gl-search.com may call the following URLs:
| https://gl-search.com/results.php |
