urlscan.io logo urlscan.io
SecurityTrails logo

feateuredsigns.com Open in urlscan Pro
141.98.5.31  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/b80cc4fc54321ed/b0a338e6e2c53a0#cl/27925_md/1/23170/5451/22/126442
Effective URL: https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md
Submission Tags: phishing
Submission: On March 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 141.98.5.31, located in Bulgaria and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is feateuredsigns.com.
TLS certificate: Issued by R3 on March 7th 2023. Valid for: 3 months.
This is the only time feateuredsigns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 141.98.5.31 8100 (ASN-QUADR...)
1 35.227.249.51 15169 (GOOGLE)
4 4
Apex Domain
Subdomains		 Transfer
2 talkingim.com
talkingim.com
2 KB
1 ygd65cggh.com
www.ygd65cggh.com
1 feateuredsigns.com
feateuredsigns.com
423 B
1 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 398
676 B
4 4
Domain Requested by
2 talkingim.com 1 redirects storage.googleapis.com
1 www.ygd65cggh.com feateuredsigns.com
1 feateuredsigns.com talkingim.com
1 storage.googleapis.com
4 4

This site contains no links.

Subject Issuer Validity Valid
storage.googleapis.com
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh
feateuredsigns.com
R3		 2023-03-07 -
2023-06-05		 3 months crt.sh
b82mtrk.com
Starfield Secure Certificate Authority - G2		 2022-11-08 -
2023-06-16		 7 months crt.sh

This page contains 1 frames:

Frame: https://www.ygd65cggh.com/938L6R/3NKCBL9/?sub1=351247&sub2=940917755
Frame ID: ACB0DAE998436CFCE6A210B30305AD55
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://storage.googleapis.com/b80cc4fc54321ed/b0a338e6e2c53a0 Page URL
  2. http://talkingim.com/ Page URL
  3. http://talkingim.com/cl/27925_md/1/23170/5451/22/126442 HTTP 302
    https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md Page URL

Page Statistics

4
Requests

75 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

2 kB
Transfer

1 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/b80cc4fc54321ed/b0a338e6e2c53a0 Page URL
  2. http://talkingim.com/ Page URL
  3. http://talkingim.com/cl/27925_md/1/23170/5451/22/126442 HTTP 302
    https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
b0a338e6e2c53a0
storage.googleapis.com/b80cc4fc54321ed/ 		101 B
676 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/b80cc4fc54321ed/b0a338e6e2c53a0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1943
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-length
101
content-type
text/html
date
Tue, 07 Mar 2023 23:27:51 GMT
etag
"8207f48826c4b2d9d9364ebab5f06b72"
expires
Wed, 08 Mar 2023 00:27:51 GMT
last-modified
Tue, 07 Mar 2023 23:10:18 GMT
server
UploadServer
x-goog-generation
1678230618290908
x-goog-hash
crc32c=Sz3H9w== md5=ggf0iCbEstnZNk66tfBrcg==
x-goog-metageneration
2
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
101
x-guploader-uploadid
ADPycdttNMTOLUyZyrWcyy89bDO2SqXSVn0OfRBKrahMhpxAlGrvGuo8sNl8foLqMqojae3iunmDI7uLP3VKr_05Fzrn
/
talkingim.com/ 		421 B
974 B 		Document
General
Check archive.org
Download Go to
Full URL
http://talkingim.com/
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/b80cc4fc54321ed/b0a338e6e2c53a0
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7a46cbfbfdd79267-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 08 Mar 2023 00:00:14 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xhBTzgMAiG3hPpucYkO5x4bGt1zs%2FRQf5ZZZ6TsC22rHFyKNDSTJCyGzp7BSkAJU%2BJfhNoGzs0%2Fz5b7AQ8e7aYVn2TMCYeSrk484LBsXeITFw2aFTWtxNs6BRJ83GUZMmwaPYA%2BHYezW3taB"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
X-Powered-By
PHP/7.1.33
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request 22_126442_23170_437805_md
feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/
Redirect Chain
  • http://talkingim.com/cl/27925_md/1/23170/5451/22/126442
  • https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md
131 B
423 B 		Document
General
Check archive.org
Download Go to
Full URL
https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md
Requested by
Host: talkingim.com
URL: http://talkingim.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
141.98.5.31 , Bulgaria, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software
Apache /
Resource Hash
dd3e0c423112ff55302f607ed792d4ade18df2a91e89b617f09665442979d640

Request headers

Referer
http://talkingim.com/#cl/27925_md/1/23170/5451/22/126442
Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
de-DE,de;q=0.9

Response headers

content-length
131
content-type
text/html; charset=UTF-8
date
Wed, 08 Mar 2023 00:00:17 GMT
server
Apache

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
7a46cc009ffd9267-FRA
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 08 Mar 2023 00:00:16 GMT
Location
https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pygDRhC1TiN0v72DOFumzmi%2FBvwrYlA9mccDWNoy%2FWcyLtsLU2tskjWEVwi3NHE8x5iyO6Gqtlp4ZdvLozOPxccr6Jbajus71lPFHXPqZjZKNIt12uj8AH3Wc8iiyLe5eAoR0xMBgHKgdOJI"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
X-Powered-By
PHP/7.1.33
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
www.ygd65cggh.com/938L6R/3NKCBL9/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ygd65cggh.com/938L6R/3NKCBL9/?sub1=351247&sub2=940917755
Requested by
Host: feateuredsigns.com
URL: https://feateuredsigns.com/0/2/31590/8a4c52a23fd0caffac84f37fb0a6b391/1/27925_3/22_126442_23170_437805_md
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.249.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.249.227.35.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
https://feateuredsigns.com/
Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-Ch-Ua-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Mar 2023 00:00:17 GMT
server
nginx
vary
Origin
via
1.1 google
x-eflow-request-id
d8fc5054-147b-4e82-b94b-b57af9f54ddf

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
feateuredsigns.com/ Name: uid5330
Value: 940917755-20230307190017-51cd74691425c8c2de45052cead6d772-

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

feateuredsigns.com
storage.googleapis.com
talkingim.com
www.ygd65cggh.com
141.98.5.31
2a00:1450:4001:80b::2010
2a06:98c1:3121::3
35.227.249.51
dd3e0c423112ff55302f607ed792d4ade18df2a91e89b617f09665442979d640