Security Scan Report: onlinexpress.gesa.com

Redirected to:
https://onlinexpress.gesa.com/Banking/SignIn.aspx
Submitted: May 22, 2026, 1:34:22 AMCompleted: May 22, 2026, 1:37:06 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 3 domains to perform 14 HTTP transactions. The main domain is onlinexpress.gesa.com and was registered NaN years ago.

Submitted URL: https://onlinexpress.gesa.com

Effective URL: https://onlinexpress.gesa.com/Banking/SignIn.aspxRedirected

The Cisco Umbrella rank of the primary domain is #491,171 of the top 1 million websites

AI Security Verdict

Low Risk

Confidence: 78%

3
Risk Score

The site is old and shows no malicious indicators, but low ranking and heavy JS obfuscation suggest caution.

Risk Factors
Low Cisco Umbrella ranking (rank #491,171) for a site claiming a credit‑union brand
Critical JavaScript obfuscation score with multiple eval() calls
Brand name displayed on a sub‑domain (onlinexpress.gesa.com) that is not a known official domain
Safety Factors
Domain registered since 1996 – long‑standing registration
No malicious IoC or YARA detections
No IDS/Suricata alerts
No cross‑origin credential submission or exfiltration
Domain age information unavailable

Details

Primary Scan Blocked — Fallback Capture Shown

The primary scanner could not load this page (possible bot protection). The screenshot and page details shown were captured by a fallback browser that loaded the page successfully.

Page Title

Sign In - Gesa Credit Union

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

government public service

(41%)

Domain Information

You're looking at domain 'onlinexpress.gesa.com' on the commercial generic top-level domain (.com), featuring subdomain 'onlinexpress'. The second-level label 'gesa' is 4 characters long holding two vowels versus two consonants. Segmentation suggests 2 words: ges, a. Median word length is 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://onlinexpress.gesa.com

Page Load Overview

95.17s
Total Load Time
60
HTTP Requests
4
Domains
906 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en-us
Text Length:348 chars
Detector Agreement:100%

Website Classification

Primary Category

government public service41% confidence
Type: spa
Method: ml+structural

All Detected Categories

government public service
41%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
20142.251.110.94United States
AS15169Google LLC
2045.60.33.81United States
AS19551Incapsula Inc
20192.178.183.95United States
AS15169Google LLC
603--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T13811023B85159868E5310536D49AF0D9831064C7F3F08A016ED522077BB4ACB64526ED

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

24:Hd1hvyZIxijvVF0U2iXS43eYWD+jtpn7dwV:HbhSfjq8SAehyK

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:997:AAEAAAAAABAAFBAAAAoAEAIAAAABAAAAAAEgAAAAAAAAAAAAAAAAAAAQAAAAAAAAgAAAAAAAaAACACAAAAAgAAggAAAwACAE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:001c1c3c3c000000
Perceptual Hash:9a986467db9b6464
Difference Hash:4431317179061000
Wavelet Hash:0c1c3c3c3c0c0000
Color Hash:#6ce070

Other Hashes

Crop Resistant:4431317179061000

Scan History

Scan history not available

Unable to load historical scan data