Security Scan Report: invoice-3020923.surge.sh

Submitted: Jul 1, 2026, 7:39:56 PMCompleted: Jul 1, 2026, 7:57:29 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 2 HTTP transactions. The main domain is invoice-3020923.surge.sh and was registered NaN years ago.

Submitted URL: https://invoice-3020923.surge.sh/[email protected]

AI Security Verdict

High Risk

Confidence: 80%

7
Risk Score

The site hosts a credential‑stealing login form on an unknown‑age surge.sh subdomain with no reputation, indicating a high‑risk phishing page.

Risk Factors
Unknown subdomain age
Unranked domain reputation
Credential collection on a generic invoice portal
Domain age information unavailable

Details

Page Title

Invoice Portal

Scan Type

public

Language

🇺🇸

English

(58% confidence)

Category

finance banking

(76%)

Domain Information

Domain 'invoice-3020923.surge.sh' uses the .sh country-code top-level domain, featuring subdomain 'invoice-3020923'. Count 5 characters in 'surge' holding two vowels versus 3 consonants. Tokenizing the label suggests 1 word: surge. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://invoice-3020923.surge.sh/?email=joel@1a.se

Page Load Overview

0.69s
Total Load Time
2
HTTP Requests
1
Domains
257 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:58%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:58%
Script Type:Latin
HTML Lang Attribute:zh-CN
Text Length:173 chars
Detector Agreement:100%
Language mismatch: Declared as zh but detected as en

Website Classification

Primary Category

finance banking76% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
76%
government public service
29%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
2188.166.132.94Amsterdam, North Holland, Netherlands
AS14061DigitalOcean, LLC
21--

Detected Technologies1

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T14A32A34629F314556C43A4B43BA756063374D013D906CC787FAD832C9F89E6BADB2BCA

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:UX71rihF+ZTf3TRXBDwQyJbEtONg5WXim2typXXNSmKWwKOE6fFb:CFIEtg0FNR

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:11956:NFJAJSbRQZIAMFkWISSmYmBBKBcAVZiAaDAEKICwgQAXQIRJBGPLg7GQgAC0CQS5i9lpDKhepGgEgE7EokMgASIwLEFITgVC

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000181838180000
Perceptual Hash:99cc6633996ccc33
Difference Hash:0014b2b2b2b20420
Wavelet Hash:3c003c3c3c3c003c
Color Hash:#6ce09c

Other Hashes

Crop Resistant:0014b2b2b2b20420

Scan History

Scan history not available

Unable to load historical scan data