forum-metal.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 82.165.25.137, located in Germany and belongs to ONEANDONE-AS Brauerstrasse 48, DE. The main domain is forum-metal.com.

This is the only time forum-metal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address		AS Autonomous System
6	82.165.25.137 82.165.25.137		8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
7	2

6 82.165.25.137 (Germany)

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: s15954151.onlinehome-server.info

forum-metal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	forum-metal.com forum-metal.com	30 KB
0	uzone.id Failed cfs.uzone.id Failed
7	2

	Domain	Requested by
6	forum-metal.com	forum-metal.com
0	cfs.uzone.id Failed	forum-metal.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://forum-metal.com/go/memberLogin/mobile/login.php
Frame ID: 18ACF2946EFE384E76CC1D585971F686
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

30 kB
Transfer

29 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response forum-metal.com/go/memberLogin/mobile/	4 KB 4 KB	74ms 42ms	Document text/html	82.165.25.137 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Full URL http://forum-metal.com/go/memberLogin/mobile/login.php Protocol HTTP/1.1 Server 82.165.25.137 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS s15954151.onlinehome-server.info Software Apache / PleskLin Resource Hash `9bcb977aff446cd516c15f0146f2c07a2ba29334b4fa740f6c84b3663f65b3de` Request headers Host forum-metal.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Response headers Date Sun, 23 Feb 2020 08:12:28 GMT Server Apache X-Powered-By PleskLin Connection close Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	header.png forum-metal.com/go/memberLogin/images/	15 KB 15 KB	73ms 59ms	Image image/png	82.165.25.137 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Show image Full URL http://forum-metal.com/go/memberLogin/images/header.png Requested by Host: forum-metal.com URL: http://forum-metal.com/go/memberLogin/mobile/login.php Protocol HTTP/1.1 Server 82.165.25.137 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS s15954151.onlinehome-server.info Software Apache / PleskLin Resource Hash `7ae694638bb670bd12e1976d78fbc9a2a632303bb508f2f6820bffdf0b03535f` Request headers Referer http://forum-metal.com/go/memberLogin/mobile/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Response headers Date Sun, 23 Feb 2020 08:12:28 GMT Last-Modified Wed, 05 Dec 2018 05:47:40 GMT Server Apache X-Powered-By PleskLin ETag "24ce21-3adc-57c3feb899700" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 15068
GET H/1.1	200 OK	footer.png forum-metal.com/go/memberLogin/images/	5 KB 5 KB	89ms 76ms	Image image/png	82.165.25.137 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Show image Full URL http://forum-metal.com/go/memberLogin/images/footer.png Requested by Host: forum-metal.com URL: http://forum-metal.com/go/memberLogin/mobile/login.php Protocol HTTP/1.1 Server 82.165.25.137 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS s15954151.onlinehome-server.info Software Apache / PleskLin Resource Hash `7f106e5573f887dab541dfda3365cfc929e4b17b67e20d91906ea189b78d9279` Request headers Referer http://forum-metal.com/go/memberLogin/mobile/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Response headers Date Sun, 23 Feb 2020 08:12:28 GMT Last-Modified Thu, 27 Apr 2017 02:11:06 GMT Server Apache X-Powered-By PleskLin ETag "24ce1d-1419-54e1c782fc280" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 5145
GET H/1.1	200 OK	g+.png forum-metal.com/go/memberLogin/images/	3 KB 3 KB	179ms 166ms	Image image/png	82.165.25.137 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Show image Full URL http://forum-metal.com/go/memberLogin/images/g+.png Requested by Host: forum-metal.com URL: http://forum-metal.com/go/memberLogin/mobile/login.php Protocol HTTP/1.1 Server 82.165.25.137 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS s15954151.onlinehome-server.info Software Apache / PleskLin Resource Hash `3a4b97b64db2be0485c1a224d2f846dfca51b2bcc6889a457c8d4d4beb5dad43` Request headers Referer http://forum-metal.com/go/memberLogin/mobile/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Response headers Date Sun, 23 Feb 2020 08:12:28 GMT Last-Modified Thu, 27 Apr 2017 02:11:06 GMT Server Apache X-Powered-By PleskLin ETag "24ce20-c71-54e1c782fc280" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 3185
GET H/1.1	200 OK	no%20account.png forum-metal.com/go/memberLogin/images/	1 KB 2 KB	76ms 62ms	Image image/png	82.165.25.137 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Show image Full URL http://forum-metal.com/go/memberLogin/images/no%20account.png Requested by Host: forum-metal.com URL: http://forum-metal.com/go/memberLogin/mobile/login.php Protocol HTTP/1.1 Server 82.165.25.137 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS s15954151.onlinehome-server.info Software Apache / PleskLin Resource Hash `ca8e128d1fb82ede5ebad9fd3fc80e453491dcf13f91d75753c266fa49ecfd5d` Request headers Referer http://forum-metal.com/go/memberLogin/mobile/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Response headers Date Sun, 23 Feb 2020 08:12:28 GMT Last-Modified Thu, 27 Apr 2017 02:11:06 GMT Server Apache X-Powered-By PleskLin ETag "24ce25-52c-54e1c782fc280" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 1324
GET H/1.1	200 OK	button.png forum-metal.com/go/memberLogin/images/	926 B 1 KB	77ms 64ms	Image image/png	82.165.25.137 ONEANDONE-AS Brau...
General Check archive.org Show headers Download Go to Show image Full URL http://forum-metal.com/go/memberLogin/images/button.png Requested by Host: forum-metal.com URL: http://forum-metal.com/go/memberLogin/mobile/login.php Protocol HTTP/1.1 Server 82.165.25.137 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE), Reverse DNS s15954151.onlinehome-server.info Software Apache / PleskLin Resource Hash `db1180b4694a667ab51b5c07972b7355c821249757001897609423da3fe1b9d0` Request headers Referer http://forum-metal.com/go/memberLogin/mobile/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50 Response headers Date Sun, 23 Feb 2020 08:12:28 GMT Last-Modified Thu, 27 Apr 2017 02:11:06 GMT Server Apache X-Powered-By PleskLin ETag "24a9ec-39e-54e1c782fc280" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 926
GET		request cfs.uzone.id/2fn7a2/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cfs.uzone.id
URL: http://cfs.uzone.id/2fn7a2/request?id=1&enc=9UwkxLgY9&params=4TtHaUQnUEiP6K%2fc5C582CL4NjpNgssKOB0xRk3OTg6jny0D8yMYdZmau%2f1HewhXwh0vnG6txlmBOxukWPAwQStxbyHRlespVqfRNUf9cHe8PReQ9yZ7xmRxp2y5Qo5H%2f3OhNqby0j4EfCZKXyX91j%2b5OSM3KR9BlMKOjP2ITw7o4AwZ2hRbHW%2bggjhmSHoeYDQhqubmcCmpglq5YUTrffUAmwk95bh1qQXHKwOeR3%2fwgUpx5MQc9RqRixiNM97al9ZyI4eQkI0oLAn35CheHbWunun7hwyhXauuHsmnuz1pFhJAvaey%2b%2faYgxapodB4Ed1N5BsVams3QzQK5n3ezojpjel57%2fX2IC3Ict7gzYz4ep1QXt85nLpPFDqZfL6%2f3BaGtWuOwBtEXVT%2fD1bMSFhnaM2FqGmvPl4nvWWhLbIhn%2bzDEM4tew%3d%3d&idc_r=24587036548&domain=forum-metal.com&sw=1600&sh=1200

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cfs.uzone.id
forum-metal.com
cfs.uzone.id
82.165.25.137
3a4b97b64db2be0485c1a224d2f846dfca51b2bcc6889a457c8d4d4beb5dad43
7ae694638bb670bd12e1976d78fbc9a2a632303bb508f2f6820bffdf0b03535f
7f106e5573f887dab541dfda3365cfc929e4b17b67e20d91906ea189b78d9279
9bcb977aff446cd516c15f0146f2c07a2ba29334b4fa740f6c84b3663f65b3de
ca8e128d1fb82ede5ebad9fd3fc80e453491dcf13f91d75753c266fa49ecfd5d
db1180b4694a667ab51b5c07972b7355c821249757001897609423da3fe1b9d0

forum-metal.com Open in urlscan Pro 82.165.25.137 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

30 kBTransfer

29 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

forum-metal.com Open in urlscan Pro
82.165.25.137 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

30 kB
Transfer

29 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!