urlscan.io logo urlscan.io
SecurityTrails logo

apinvoices-app-ke49i.ondigitalocean.app Open in urlscan Pro
2606:4700::6811:b942  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Effective URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0...
Submission: On August 09 via manual from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 27 HTTP transactions. The main IP is 2606:4700::6811:b942, located in United States and belongs to CLOUDFLARENET, US. The main domain is apinvoices-app-ke49i.ondigitalocean.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 18th 2022. Valid for: a year.
This is the only time apinvoices-app-ke49i.ondigitalocean.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 109.71.161.200 34655 (DOCLER-AS)
5 185.13.88.201 34655 (DOCLER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.16.168.131 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 14 2606:4700::68... 13335 (CLOUDFLAR...)
1 104.18.38.252 13335 (CLOUDFLAR...)
2 2620:1ec:46::45 8075 (MICROSOFT...)
27 10
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
gfrew.invoicecreationresource.click
1    109.71.161.200 (Luxembourg)

ASN34655 (DOCLER-AS, LU)
www.livejasmin.com
5    185.13.88.201 (Luxembourg)

ASN34655 (DOCLER-AS, LU)
static1.dditscdn.com
static2.dditscdn.com
static4.dditscdn.com
static3.dditscdn.com
1    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
1    104.16.168.131 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
14    2606:4700::6811:b942 (United States)

ASN13335 (CLOUDFLARENET, US)
apinvoices-app-ke49i.ondigitalocean.app
1    104.18.38.252 (None, )

ASN13335 (CLOUDFLARENET, US)
lj.dcbosf.com
2    2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msftauthimages.net
Apex Domain
Subdomains		 Transfer
14 ondigitalocean.app
apinvoices-app-ke49i.ondigitalocean.app
45 KB
5 dditscdn.com
static1.dditscdn.com — Cisco Umbrella Rank: 334379
static2.dditscdn.com — Cisco Umbrella Rank: 572075
static4.dditscdn.com — Cisco Umbrella Rank: 572077
static3.dditscdn.com — Cisco Umbrella Rank: 587223
22 KB
2 msftauthimages.net
aadcdn.msftauthimages.net — Cisco Umbrella Rank: 3870
296 KB
1 dcbosf.com
lj.dcbosf.com — Cisco Umbrella Rank: 423221
610 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
1 hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 13203
89 KB
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1295
52 KB
1 livejasmin.com
www.livejasmin.com — Cisco Umbrella Rank: 252846
3 KB
1 invoicecreationresource.click
gfrew.invoicecreationresource.click
7 KB
0 cloudflare.com Failed
challenges.cloudflare.com — Cisco Umbrella Rank: 6372 Failed
27 10
Domain Requested by
14 apinvoices-app-ke49i.ondigitalocean.app 1 redirects apinvoices-app-ke49i.ondigitalocean.app
2 aadcdn.msftauthimages.net
2 static1.dditscdn.com gfrew.invoicecreationresource.click
1 lj.dcbosf.com www.livejasmin.com
1 www.googletagmanager.com gfrew.invoicecreationresource.click
1 js.hcaptcha.com gfrew.invoicecreationresource.click
1 static3.dditscdn.com gfrew.invoicecreationresource.click
1 www.googleoptimize.com gfrew.invoicecreationresource.click
1 static4.dditscdn.com gfrew.invoicecreationresource.click
1 static2.dditscdn.com gfrew.invoicecreationresource.click
1 www.livejasmin.com gfrew.invoicecreationresource.click
1 gfrew.invoicecreationresource.click
0 challenges.cloudflare.com Failed
27 13

This site contains links to these domains. Also see Links.

Domain
login.live.com
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
invoicecreationresource.click
GTS CA 1P5		 2023-08-04 -
2023-11-02		 3 months crt.sh
www.livejasmin.com
Sectigo RSA Organization Validation Secure Server CA		 2023-05-02 -
2024-05-25		 a year crt.sh
*.dditscdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-04-28 -
2024-05-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-15 -
2024-04-14		 a year crt.sh
ondigitalocean.app
Cloudflare Inc ECC CA-3		 2022-10-18 -
2023-10-17		 a year crt.sh
dcbosf.com
GTS CA 1P5		 2023-08-03 -
2023-11-01		 3 months crt.sh
aadcdn.msftauthimages.net
Microsoft Azure TLS Issuing CA 02		 2023-06-10 -
2024-06-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Frame ID: 110B76B856F6DDBD2657823991F7DC77
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

  1. https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t Page URL
  2. https://apinvoices-app-ke49i.ondigitalocean.app/ Page URL
  3. https://apinvoices-app-ke49i.ondigitalocean.app/oNaJuUUaxW.php HTTP 302
    https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

27
Requests

96 %
HTTPS

56 %
IPv6

10
Domains

13
Subdomains

10
IPs

4
Countries

515 kB
Transfer

1098 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t Page URL
  2. https://apinvoices-app-ke49i.ondigitalocean.app/ Page URL
  3. https://apinvoices-app-ke49i.ondigitalocean.app/oNaJuUUaxW.php HTTP 302
    https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?onload=onloadTurnstileCallback

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
gfrew.invoicecreationresource.click/ 		25 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36a5fe8d7a78a5a6bfc764e7119d4b93833167ba83a36520645c6613ab514a71

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7f40ae545a57b969-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 09 Aug 2023 14:27:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fccyT4qdiaQO3XQoWa8xwss8d5dt0KRDGtnSHIQB6uPfxEIla0w7jEaXEKimpBruJXoAdNxaGFibEJ12sdkbTbQIMiRbZyt8F6mqkyoQn7wamQdppGCEsEMM0qFCZDe14YfOq6DEM%2FqAXtNqZEsnHrOYBa2FbmLOSIiQ171fPLEaag%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
bs.js
www.livejasmin.com/cf-image/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.livejasmin.com/cf-image/js/bs.js
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
109.71.161.200 , Luxembourg, ASN34655 (DOCLER-AS, LU),
Reverse DNS
Software
unknown /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires
Sun, 01 Jan 2014 00:00:00 GMT
pragma
no-cache
date
Wed, 09 Aug 2023 14:27:40 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
content-encoding
gzip
server
unknown
content-type
application/x-javascript
consentCookie.e62f.js
static1.dditscdn.com/jsm2/site/livejasmin/script/bundle/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dditscdn.com/jsm2/site/livejasmin/script/bundle/consentCookie.e62f.js
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.13.88.201 , Luxembourg, ASN34655 (DOCLER-AS, LU),
Reverse DNS
Software
unknown /
Resource Hash
4df8d41337bba6c7d4044f73568b8785aa873261e3c14651396ea64dd50f289a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cdn-node
nlams
date
Wed, 09 Aug 2023 14:27:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 04 Aug 2023 07:11:46 GMT
server
unknown
etag
W/"64cca4b2-1bb3"
x-cache-status
R-HIT
vary
Accept-Encoding, Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=1209600, public
x-real-source
core-fe-staticorigin-lukyl-1, -
expires
Fri, 18 Aug 2023 09:20:00 GMT
main.1f51.css
static2.dditscdn.com/jsm2/site/livejasmin/script/bundle/ 		69 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static2.dditscdn.com/jsm2/site/livejasmin/script/bundle/main.1f51.css
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.13.88.201 , Luxembourg, ASN34655 (DOCLER-AS, LU),
Reverse DNS
Software
unknown /
Resource Hash
bad9e997483f6b7e0783f7a22d17627cad704edff13816ccee248fde8fb468eb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cdn-node
nlams
date
Wed, 09 Aug 2023 14:27:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 01 Aug 2023 06:58:10 GMT
server
unknown
etag
W/"64c8ad02-11579"
x-cache-status
R-HIT
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=1209600, public
x-real-source
core-fe-staticorigin-lubet-0, -
expires
Tue, 15 Aug 2023 10:21:18 GMT
index_controller.eacf.css
static4.dditscdn.com/jsm2/site/livejasmin/script/bundle/ 		18 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static4.dditscdn.com/jsm2/site/livejasmin/script/bundle/index_controller.eacf.css
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.13.88.201 , Luxembourg, ASN34655 (DOCLER-AS, LU),
Reverse DNS
Software
unknown /
Resource Hash
260149d65af0b104cf115c1ad9ca3eab788100ac791f079884eeb1999ba9136d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cdn-node
nlams
date
Wed, 09 Aug 2023 14:27:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Aug 2023 07:19:53 GMT
server
unknown
etag
W/"64d1ec99-46ff"
x-cache-status
R-HIT
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=1209600, public
x-real-source
core-fe-staticorigin-lubet-1, -
expires
Tue, 22 Aug 2023 07:46:44 GMT
en.8cb8.css
static1.dditscdn.com/jsm2/site/livejasmin/script/bundle/language/ 		121 B
456 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static1.dditscdn.com/jsm2/site/livejasmin/script/bundle/language/en.8cb8.css
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.13.88.201 , Luxembourg, ASN34655 (DOCLER-AS, LU),
Reverse DNS
Software
unknown /
Resource Hash
6c1ff21fae0f30011bbb1a59baf5e69a59a44b4550eb213a3cfadebecdb24b9c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cdn-node
nlams
date
Wed, 09 Aug 2023 14:27:40 GMT
x-content-type-options
nosniff
last-modified
Mon, 31 Jul 2023 10:35:31 GMT
server
unknown
etag
"64c78e73-79"
x-cache-status
R-HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=1209600, public
x-real-source
core-fe-staticorigin-lukyl-0, -
accept-ranges
bytes
content-length
121
expires
Mon, 14 Aug 2023 11:38:14 GMT
optimize.js
www.googleoptimize.com/ 		148 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-M8VBSNG
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
53259
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 09 Aug 2023 14:27:40 GMT
advertisement.js
static3.dditscdn.com/jsm2/master/script/ga/ 		22 B
366 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static3.dditscdn.com/jsm2/master/script/ga/advertisement.js
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.13.88.201 , Luxembourg, ASN34655 (DOCLER-AS, LU),
Reverse DNS
Software
unknown /
Resource Hash
15d06f37fc16d6cc3f4347759322649dc5d9b570dca3a028437181d72d961bd0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cdn-node
nlams
date
Wed, 09 Aug 2023 14:27:40 GMT
x-content-type-options
nosniff
last-modified
Tue, 01 Aug 2023 14:15:30 GMT
server
unknown
etag
"64c91382-16"
x-cache-status
R-HIT
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=1209600, public
x-real-source
core-fe-staticorigin-lubet-0, -
accept-ranges
bytes
content-length
22
expires
Tue, 15 Aug 2023 16:54:20 GMT
api.js
js.hcaptcha.com/1/ 		313 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hcaptcha.com/1/api.js?onload=reCaptchaLoaded
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 2efef6dd9770b3981ddd7a213ccc0dda.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
x-amz-version-id
dpFtj21lqddCTxD3RQerzp.gchQi5Xgb
age
0
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 07 Aug 2023 12:40:17 GMT
server
cloudflare
etag
W/"8eea60bd1081f1db59c6c48060f83799"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=120
cf-ray
7f40ae6179761afa-AMS
x-amz-cf-id
i9eQ1Zpm0n0p3ooA0nJfIsOiUSEpBvjqhjWM_dI06B9_oY4PGsNJWw==
gtm.js
www.googletagmanager.com/ 		121 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7
Requested by
Host: gfrew.invoicecreationresource.click
URL: https://gfrew.invoicecreationresource.click/?irg=launjamJhcnRsZXR0QGNmcHdvb2QuY29t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89516
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Aug 2023 14:27:40 GMT
/
apinvoices-app-ke49i.ondigitalocean.app/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://gfrew.invoicecreationresource.click
Referer
https://gfrew.invoicecreationresource.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
private
cf-cache-status
DYNAMIC
cf-ray
7f40ae623d1f0b50-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 09 Aug 2023 14:27:40 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
result
lj.dcbosf.com/cf-image/cdbs/NhUeSxQIHx0LCUseBgteVh0M/cFRQVE1YWEpSWg/eVBQXExQX0pZ/c464a81eeace7d9f8111dd4626a2c2fd/ 		159 B
610 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lj.dcbosf.com/cf-image/cdbs/NhUeSxQIHx0LCUseBgteVh0M/cFRQVE1YWEpSWg/eVBQXExQX0pZ/c464a81eeace7d9f8111dd4626a2c2fd/result
Requested by
Host: www.livejasmin.com
URL: https://www.livejasmin.com/cf-image/js/bs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://gfrew.invoicecreationresource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 14:27:40 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
cf-ray
7f40ae627a0db722-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.js
challenges.cloudflare.com/turnstile/v0/b/7186c00a/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
  • https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?onload=onloadTurnstileCallback
0
0
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/gif
Primary Request /
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/
Redirect Chain
  • https://apinvoices-app-ke49i.ondigitalocean.app/oNaJuUUaxW.php
  • https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.o...
15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31ec1b85239f6799c341a0da835c8117a29b03a7baed6eb7287feed60717ef9e

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://apinvoices-app-ke49i.ondigitalocean.app
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
private
cf-cache-status
MISS
cf-ray
7f40ae7dcc8a0b50-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 09 Aug 2023 14:27:44 GMT
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200

Redirect headers

cache-control
private
cf-cache-status
DYNAMIC
cf-ray
7f40ae630e0b0b50-AMS
content-type
text/html; charset=UTF-8
date
Wed, 09 Aug 2023 14:27:44 GMT
location
f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
302
css.css
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		24 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/css.css
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13853a83c9d5320662be27925e44f7e48e284fb30747d31e0f6ce996470b64a5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"5e65-6027e4872cfb3"
vary
Accept-Encoding
content-type
text/css
cache-control
private
cf-ray
7f40ae7e6d4d0b50-AMS
mp.js
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/mp.js
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e0a81574e631c7e3f75db9478970fcbd6d81f8275bbed664498c12eec3023ba

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"1509-6027e4872e813"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private
cf-ray
7f40ae7e6d4f0b50-AMS
45_sgsjshsdggdjxdghvcvcj.png
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/45_sgsjshsdggdjxdghvcvcj.png
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"1413-6027e4872b0a1"
vary
Accept-Encoding
content-type
image/png
cache-control
private
accept-ranges
bytes
cf-ray
7f40ae7f1e6e0b50-AMS
content-length
5139
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"e43-6027e4872e493"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private
cf-ray
7f40ae7f1e740b50-AMS
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		513 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"201-6027e4872cc63"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private
cf-ray
7f40ae7f1e7c0b50-AMS
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		915 B
340 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"393-6027e4872d628"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private
cf-ray
7f40ae7f1e7e0b50-AMS
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		915 B
328 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"393-6027e4872d2e8"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private
cf-ray
7f40ae7f1e800b50-AMS
sc_login.js
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/sc_login.js
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0e74e60af1071828d901d37ea36097222f2d0f2bc80336a807ac1f005fd9d9e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"3171-6027e4872ec20"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private
cf-ray
7f40ae7f0e530b50-AMS
0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"bbe-6027e4872ad6d"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
private
accept-ranges
bytes
cf-ray
7f40ae7f1e890b50-AMS
content-length
3006
Mic_BG.jpg
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/Mic_BG.jpg
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 14:27:45 GMT
cf-cache-status
MISS
last-modified
Wed, 09 Aug 2023 14:27:44 GMT
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
etag
W/"442d-6027e4872be51"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
private
accept-ranges
bytes
cf-ray
7f40ae7f1e8b0b50-AMS
content-length
17453
check.php
apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/ 		351 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/check.php
Requested by
Host: apinvoices-app-ke49i.ondigitalocean.app
URL: https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/include/src/sc_login.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b942 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4089626a1be3c344bca5930f28e757c4d37c41487f409622c44433f263d40d8

Request headers

Referer
https://apinvoices-app-ke49i.ondigitalocean.app/f1839891813c45439a22c3474ac20d98/?client_id=0000006193-0000-0twn-rv00-000000000&y=e2amJhcnRsZXR0QGNmcHdvb2QuY29t&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=true
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 14:27:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
x-do-app-origin
59ad17c9-64a1-43b6-9287-387ad2bcabc3
x-do-orig-status
200
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
7f40ae7fcf830b50-AMS
expires
Thu, 19 Nov 1981 08:52:00 GMT
illustration
aadcdn.msftauthimages.net/dbd5a2dd-9g7hyqgb4kfnqnwwslpnspxnijcaw7eiy4go2x6xky8/logintenantbranding/0/ 		288 KB
289 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-9g7hyqgb4kfnqnwwslpnspxnijcaw7eiy4go2x6xky8/logintenantbranding/0/illustration?ts=637405518122505610
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
10c047ac4dca75898270c16534b7ad328f367c9ec433e8f4479722107a81defa

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Wed, 09 Aug 2023 14:27:45 GMT
last-modified
Mon, 09 Nov 2020 20:50:12 GMT
content-md5
aJAzPZkPnU2f9mchE45ALg==
etag
0x8D884F10DB00125
vary
Origin
x-cache
TCP_MISS
content-type
image/*
x-azure-ref
0YqLTZAAAAAD5OMrMRbFGTbQiLIYKUZKCQU1TMDRFREdFMTkyMAA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk=
x-ms-request-id
e33548da-701e-0000-27cd-ca0753000000
cache-control
public, max-age=86400
x-ms-version
2009-09-19
content-length
295301
bannerlogo
aadcdn.msftauthimages.net/dbd5a2dd-9g7hyqgb4kfnqnwwslpnspxnijcaw7eiy4go2x6xky8/logintenantbranding/0/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-9g7hyqgb4kfnqnwwslpnspxnijcaw7eiy4go2x6xky8/logintenantbranding/0/bannerlogo?ts=637405518127818129
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f1c774f9d8faa1642be2b1423ce76e688e20afd52d51f00d142c288bf2fb1c91

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://apinvoices-app-ke49i.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Wed, 09 Aug 2023 14:27:45 GMT
last-modified
Mon, 09 Nov 2020 20:50:12 GMT
content-md5
cR/FR+IqScsxRN5eX40Wjg==
etag
0x8D884F10DE99589
vary
Origin
x-cache
TCP_MISS
content-type
image/*
x-azure-ref
0YqLTZAAAAAALlE+aS4L8R6SWgg8osyV1QU1TMDRFREdFMTkyMAA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk=
x-ms-request-id
d8ac4d9f-c01e-002a-6ccd-cad843000000
cache-control
public, max-age=86400
x-ms-version
2009-09-19
content-length
7252

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
challenges.cloudflare.com
URL
https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?onload=onloadTurnstileCallback

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword object| Progress object| Mainbox object| Fedred object| Emailsection object| Passsection object| Back object| BGimg object| LOGOimg object| dimBG object| USER object| PASS object| USER_ERR object| PASS_ERR object| SENSITIVE_ERR function| loaded function| validateEmail function| NE function| NEE

5 Cookies

Domain/Path Name / Value
gfrew.invoicecreationresource.click/ Name: xbs_us
Value: c464a81eeace7d9f8111dd4626a2c2fd
gfrew.invoicecreationresource.click/ Name: xbs_cfb
Value: cFRQVE1YWEpXWBRBW0lGARRXXWdTCgtgUVlRUAFcUg4LXEsAE18KTV0CUAlEDVsHCBwSABVGWwtcXQpFTFkO
apinvoices-app-ke49i.ondigitalocean.app/ Name: xlogin
Value: amJhcnRsZXR0QGNmcHdvb2QuY29t
apinvoices-app-ke49i.ondigitalocean.app/ Name: ip
Value: MmEwMDoxNjMwOjI6NjA4OjoxNQ%3D%3D
apinvoices-app-ke49i.ondigitalocean.app/ Name: PHPSESSID
Value: kji5ho6nk04jhjmvskv0hcrdh396bbs0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauthimages.net
apinvoices-app-ke49i.ondigitalocean.app
challenges.cloudflare.com
gfrew.invoicecreationresource.click
js.hcaptcha.com
lj.dcbosf.com
static1.dditscdn.com
static2.dditscdn.com
static3.dditscdn.com
static4.dditscdn.com
www.googleoptimize.com
www.googletagmanager.com
www.livejasmin.com
challenges.cloudflare.com
104.16.168.131
104.18.38.252
109.71.161.200
185.13.88.201
2606:4700::6811:b942
2620:1ec:46::45
2a00:1450:4001:803::200e
2a00:1450:4001:806::2008
2a06:98c1:3120::3
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
10c047ac4dca75898270c16534b7ad328f367c9ec433e8f4479722107a81defa
13853a83c9d5320662be27925e44f7e48e284fb30747d31e0f6ce996470b64a5
15d06f37fc16d6cc3f4347759322649dc5d9b570dca3a028437181d72d961bd0
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
1e0a81574e631c7e3f75db9478970fcbd6d81f8275bbed664498c12eec3023ba
260149d65af0b104cf115c1ad9ca3eab788100ac791f079884eeb1999ba9136d
31ec1b85239f6799c341a0da835c8117a29b03a7baed6eb7287feed60717ef9e
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
36a5fe8d7a78a5a6bfc764e7119d4b93833167ba83a36520645c6613ab514a71
4df8d41337bba6c7d4044f73568b8785aa873261e3c14651396ea64dd50f289a
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
6c1ff21fae0f30011bbb1a59baf5e69a59a44b4550eb213a3cfadebecdb24b9c
a0e74e60af1071828d901d37ea36097222f2d0f2bc80336a807ac1f005fd9d9e
bad9e997483f6b7e0783f7a22d17627cad704edff13816ccee248fde8fb468eb
c4089626a1be3c344bca5930f28e757c4d37c41487f409622c44433f263d40d8
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898
f1c774f9d8faa1642be2b1423ce76e688e20afd52d51f00d142c288bf2fb1c91
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea