Report - gecu-upgrade.from-tx.com/gecu.zip

Report Overview

Submitted URL
gecu-upgrade.from-tx.com/gecu.zip
IP
152.42.244.54
ASN
#0
Submitted
2024-05-10 10:07:21
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gecu-upgrade.from-tx.com	unknown	unknown	No data	No data	487 B	2.8 MB	152.42.244.54

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gecu-upgrade.from-tx.com/gecu.zip
IP
152.42.244.54
ASN
#0

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
2.8 MB (2761187 bytes)
Hash
2de9bb0392a92526bc8823b79b5d17d9
bd6b585182ec47390419e9f0a0ef0b9a9354ed0a
d93dcbd15beb55c9091a3cfab9ff26f33d5a0d5e1a931fc9d1cf26763ce3c9c9

Archive (42)

Modified	Filename	Size	Md5	File type
2023-04-12 21:41	ii.php	938 B	8143fa66c3a787a5e0f3edf53213c1fd	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2023-04-12 22:07	lgn.php	1.0 kB	9d0b5a4626fa150d8b1ad55d6b105add	PHP script, Unicode text, UTF-8 text, with CRLF line terminators
2022-12-07 23:03	antibot.php	89 kB	c72ac453d6406758df7227bee515ee85	PHP script, Unicode text, UTF-8 text, with very long lines (1365), with CRLF line terminators
2023-04-12 22:42	telegram.php	93 B	593522e4941abe242252088fc85f0fe0	PHP script, ASCII text, with CRLF line terminators
2023-04-10 18:52	03500-logo-lg-md-publish.png	7.5 kB	bc9db726a269f6561b45c8c5d660410b	PNG image data, 200 x 44, 8-bit/color RGBA, non-interlaced
2023-04-10 18:52	11.0b350b9b.chunk.js.download	83 kB	21e509397f214847f5a5c6446ed57062	JavaScript source, ASCII text, with very long lines (65536), with no line terminators
2023-04-10 18:52	11.41c5e6eb.chunk.css	26 kB	dc43e320019e88e25a071ebe66971ed5	ASCII text, with very long lines (25975)
2023-04-10 18:52	15.06f46345.chunk.css	1.5 kB	fbaf7402cbcc35fd8f077ccbdf7cc169	ASCII text, with very long lines (1497)
2023-04-10 18:52	15.e3023aae.chunk.js.download	13 kB	926e1dbe79e4dd2f77bb3d08692738a1	JavaScript source, ASCII text, with very long lines (13351)
2023-04-12 13:24	3p_cookie_test.html	2.3 kB	31435aae70c38eaade78768cba53e3b6	HTML document, ASCII text
2023-04-10 18:52	4.dda41559.chunk.js.download	301 kB	d13144c89b553224ae22ba461ff581c5	JavaScript source, ASCII text, with very long lines (65462)
2023-04-10 18:52	47.bb58f8a4.chunk.css	3.0 kB	d2a56dc86c14f9b39e7054115f43f213	ASCII text, with very long lines (2965)
2023-04-10 18:52	47.ddf40237.chunk.js.download	50 kB	d1e40c364640d3489d8ed5ed2e674a96	JavaScript source, ASCII text, with very long lines (50066)
2023-04-10 18:52	6.aa5c0b1e.chunk.js.download	31 kB	2cbf72c3264fbd01559bd0f78534738f	JavaScript source, ASCII text, with very long lines (30995)
2023-04-10 18:52	63.4c84f359.chunk.js.download	14 kB	c0a94633e2ce18db1925f7f2db46ed51	JavaScript source, ASCII text, with very long lines (14092)
2023-04-10 18:52	63.5f0347f9.chunk.css	1.8 kB	bac6bb84c8b092685cbbfe44ea6689fc	ASCII text, with very long lines (1705)
2023-04-10 18:52	9.9eca9dcf.chunk.js.download	91 kB	8d7680d114ac5a9e5acfecbaa2465ea1	JavaScript source, ASCII text, with very long lines (65462)
2023-04-10 18:52	94.d45167c2.chunk.js.download	22 kB	25b6790d69978bd03e04ef5c3c6be58c	JavaScript source, ASCII text, with very long lines (22146)
2023-04-10 18:52	AppMeasurement.js.download	78 kB	6c46168da4aa15459908e1be2a14c96b	ASCII text
2023-04-12 14:02	bg.png	1.9 MB	36afae315b2a543c9ead759e8dc6ddce	PNG image data, 1600 x 1066, 8-bit/color RGB, non-interlaced
2023-04-10 18:52	branding.css	6.9 kB	8e86bf42bb1321f9b6bb7851926870c3	ASCII text, with very long lines (6857)
2023-04-10 18:52	browser_compatibility.css	9.6 kB	f39182b2455f89988d1350c344b1b617	ASCII text
2023-04-10 18:52	browser-test-all.js.download	49 kB	faf9a798fe69cfdebcbf86c1ea3f917c	JavaScript source, ASCII text
2023-04-10 18:52	common.css	3.3 kB	f251d4161b77ba29b818cefe87ea25ad	ASCII text
2023-04-10 18:52	css	8.6 kB	974d9a4d7b675ea5d298e1ea83367050	ASCII text
2023-04-10 18:52	DBKAPI.js.download	19 kB	7bd25170427927b02c748d7f1092bfd9	JavaScript source, ASCII text, with very long lines (1631)
2023-04-10 18:52	equalHousingOpportunity.png	3.3 kB	7cc1eeab61b3af7e9648d45b0f4def44	PNG image data, 63 x 65, 8-bit/color RGBA, non-interlaced
2023-04-10 18:52	equalOpportunityLender.png	4.5 kB	92fb502974f74a7450b72107f7e43761	PNG image data, 54 x 65, 8-bit/color RGBA, non-interlaced
2023-04-10 18:52	geculogo_200px75px-AxzG4.png	5.0 kB	bf293b11cbc976652fddc93cfd403c4f	PNG image data, 200 x 75, 8-bit/color RGBA, non-interlaced
2023-04-10 18:52	iframeResizer.min.js.download	12 kB	70b53b598c4ec4b93f95a024010a17b0	JavaScript source, ASCII text, with very long lines (11581)
2023-04-10 18:52	LAB.min.js.download	5.6 kB	c97a45e39383835d90112cc30f0ddc06	JavaScript source, ASCII text, with very long lines (5436)
2023-04-10 18:52	LoginWidget.css	14 kB	60638695bc4143a4df69c34c8dd83cbd	Unicode text, UTF-8 text, with very long lines (13827)
2023-04-12 13:24	main.6d1cb043.chunk.css	252 kB	e4898087485a88bbdd1268f116a9bd5b	ASCII text, with very long lines (65518)
2023-04-10 18:52	main.a186bae1.chunk.js.download	1.4 MB	cb35c69370cf22d58fe3ddb99a98b6ad	JavaScript source, ASCII text, with very long lines (65459)
2023-04-10 18:52	ncua.png	5.1 kB	a855ed2094bc4397d97a816f1ecc5352	PNG image data, 106 x 49, 8-bit/color RGBA, non-interlaced
2023-04-10 18:52	UIFlexibilityBranding.css	18 kB	c29a524642188e6e8f0502af198dfae6	ASCII text, with very long lines (17524)
2023-04-10 18:52	UIFlexibilityBranding.js.download	87 kB	c4566a51ec8bde9cb954be41051bb4a8	JavaScript source, ASCII text, with very long lines (65457)
2023-04-10 18:52	VisitorAPI.js.download	46 kB	79152048ab3f015a599531962290ce43	JavaScript source, ASCII text, with very long lines (32047)
2022-12-07 21:39	index.php	39 B	96b239532bcb005a95984fbf733a8db7	PHP script, ASCII text, with CRLF line terminators
2023-04-12 22:09	login.php	100 kB	b16bb3fc9b964ed9e5c7aec801d068bc	PHP script, ASCII text, with very long lines (10059)
2023-04-12 21:41	success.php	93 kB	d166af133089ffca87e96cc847f82714	PHP script, ASCII text, with very long lines (10059), with CRLF line terminators
2023-04-12 22:13	verification.php	97 kB	a0811f4d9c49c96c93ebfb2754e70c9b	PHP script, ASCII text, with very long lines (10059), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/60

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

gecu-upgrade.from-tx.com/gecu.zip

152.42.244.54

200 OK

2.8 MB

URL User Request GET HTTP/1.1
gecu-upgrade.from-tx.com/gecu.zip
IP
152.42.244.54:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectgecu-upgrade.from-tx.com
FingerprintDB:39:19:94:98:29:3E:A4:3C:06:8C:71:04:C6:AE:90:B6:73:19:A9
ValidityThu, 02 May 2024 16:39:09 GMT - Wed, 31 Jul 2024 16:39:08 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
2.8 MB (2761187 bytes)
Hash
2de9bb0392a92526bc8823b79b5d17d9
bd6b585182ec47390419e9f0a0ef0b9a9354ed0a
d93dcbd15beb55c9091a3cfab9ff26f33d5a0d5e1a931fc9d1cf26763ce3c9c9

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/60

HTTP Headers

GET /gecu.zip HTTP/1.1
Host: gecu-upgrade.from-tx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 10:06:56 GMT
Server: Apache
Last-Modified: Thu, 02 May 2024 17:48:05 GMT
Accept-Ranges: bytes
Content-Length: 2761187
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (42)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers