ScanMalware.com

Security Scan Report: citrusx.online

Redirected to: https://www.mediafire.com/file/j0wg18n9imz7ep4/CT_GR53.apks/file

Submitted: Mar 15, 2026, 11:42:48 AMCompleted: Mar 15, 2026, 11:44:30 AMpubliccompleted
Loading additional data...

Summary

This website contacted 32 IPs in 4 countries across 31 domains to perform 97 HTTP transactions. The main domain is mediafire.com and was registered NaN years ago.

Submitted URL: https://citrusx.online/download.php?file=garena

Effective URL: https://www.mediafire.com/file/j0wg18n9imz7ep4/CT_GR53.apks/fileRedirected

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

Page uses MediaFire branding to lure users into downloading an APK and contains a known malicious script; treat as high‑risk malware distribution.

Risk Factors
Malicious script indicator (known malicious URL)
Brand impersonation – MediaFire branding on unrelated domain
Distribution of executable APK from untrusted redirect page
Domain age information unavailable

Details

Page Title

CT_GR54

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

corporate

(50%)

Domain Information

Domain 'citrusx.online' uses the modern generic top-level domain (.online) and has no subdomain. The registrable portion 'citrusx' spans 7 characters with 2 vowels and five consonants. Splitting it apart reveals 2 words: citrus, x. Median word length is 3.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://citrusx.online/download.php?file=garena

Page Load Overview

7.68s
Total Load Time
97
HTTP Requests
31
Domains
1.2 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en-US
Text Length:5,264 chars
Detector Agreement:75%

Website Classification

Primary Category

corporate50% confidence
Type: spa
Method: structural

All Detected Categories

corporate
50%

Detected Features

Search
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
4142.251.141.130United States
AS15169Google LLC
344.254.11.32Boardman, Oregon, United States
AS16509Amazon.com, Inc.
3172.66.148.140United States
AS13335Cloudflare, Inc.
3142.250.187.230United States
AS15169Google LLC
3104.17.147.83United States
AS13335Cloudflare, Inc.
3172.67.199.186United States
AS13335Cloudflare, Inc.
3188.114.97.3United States
AS13335Cloudflare, Inc.
3104.17.148.83United States
AS13335Cloudflare, Inc.
3104.26.9.66United States
AS13335Cloudflare, Inc.
3142.251.141.99United States
AS15169Google LLC
9732--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T19F844C22F5D2A06F542F8073F17F3318B73FA143A101C569BA1CC1E4AFA598A6177B99

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:X1UgAkHnjzxQ6KSATT3IHsAquMtaW+LN7jxRLlzglKUf2veZz7Sru:SgAkHnjzxQBSAIMruMtCN7DBUf2veZL

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:372370:ccBaAzjSSRYiFIIlog0BSQQAwYAoiBgiJAgwj5RoDoinEEIGBBSJPGENIgQhWg9iiLFCwhQAQKEANQcAhIKoBGgESwERAogA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:e3c3cfcfcfdf01c3
Perceptual Hash:b86567c3e6c3901b
Difference Hash:06969e9a9d109b1f
Wavelet Hash:c3c3c3cbc7cf00c3
Color Hash:#a12dd2

Other Hashes

Crop Resistant:06969e9a9d109b1f,853946c616522500,33b131cdf1716961,6c1e1c1c18a3dcd8,11b233ccd4716861,1e1d1903851b011a

Scan History

Scan history not available

Unable to load historical scan data