![](/screenshots/79a2f993-34a0-4a51-81a6-e63ad6d3db34.png)
metaswap.ai
Open in
urlscan Pro
2606:4700:3032::ac43:afea
Malicious Activity!
Public Scan
Effective URL: https://metaswap.ai/secure/
Submission: On March 07 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 27th 2024. Valid for: 3 months.
This is the only time metaswap.ai was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Transportation (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.203.7.25 67.203.7.25 | 21769 (AS-COLOAM) (AS-COLOAM) | |
2 | 2606:4700:303... 2606:4700:3032::ac43:afea | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 185.139.247.114 185.139.247.114 | 47957 (ING-AS) (ING-AS) | |
1 | 146.75.120.193 146.75.120.193 | 54113 (FASTLY) (FASTLY) | |
1 | 66.22.35.41 66.22.35.41 | 48851 (RADWARE) (RADWARE) | |
12 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ogone.com
secure.ogone.com — Cisco Umbrella Rank: 202873 |
70 KB |
2 |
metaswap.ai
metaswap.ai |
13 KB |
1 |
israelpost.co.il
mypost.israelpost.co.il |
|
1 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 7986 |
3 KB |
1 |
phone-llc.com
1 redirects
www.post-israel.phone-llc.com |
215 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
8 | secure.ogone.com |
metaswap.ai
|
2 | metaswap.ai |
metaswap.ai
|
1 | mypost.israelpost.co.il |
metaswap.ai
|
1 | i.imgur.com |
metaswap.ai
|
1 | www.post-israel.phone-llc.com | 1 redirects |
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
metaswap.ai E1 |
2024-02-27 - 2024-05-27 |
3 months | crt.sh |
secure.ogone.com Sectigo RSA Organization Validation Secure Server CA |
2023-09-14 - 2024-09-13 |
a year | crt.sh |
*.imgur.com Sectigo RSA Domain Validation Secure Server CA |
2024-02-15 - 2025-02-14 |
a year | crt.sh |
*.israelpost.co.il DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-08 - 2024-06-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://metaswap.ai/secure/
Frame ID: 3208E65BF267D78F962B4BBE7FD01B71
Requests: 13 HTTP requests in this frame
Screenshot
![](/screenshots/79a2f993-34a0-4a51-81a6-e63ad6d3db34.png)
Page Title
חברת דואר ישראל - Israel Postal CompanyPage URL History Show full URLs
-
https://www.post-israel.phone-llc.com/
HTTP 301
https://metaswap.ai/secure/ Page URL
Detected technologies
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.post-israel.phone-llc.com/
HTTP 301
https://metaswap.ai/secure/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
metaswap.ai/secure/ Redirect Chain
|
30 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wait_turn.gif
metaswap.ai/secure/Betaalbevestiging_files/ |
16 B 16 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.min.js
secure.ogone.com/ncol/prod/js/jquery.core/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate-1.4.1.min.js
secure.ogone.com/ncol/prod/js/jquery.plugins/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Class.create.js
secure.ogone.com/ncol/prod/js/jquery.plugins/dependencies/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.jquery-encoder-0.1.0.min.js
secure.ogone.com/ncol/prod/js/jquery.plugins/ |
20 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form_validation.js
secure.ogone.com/ncol/prod/js/ |
22 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yvq9kDX.png
i.imgur.com/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Fp_inc.1.2.js
secure.ogone.com/ncol/prod/js/fp/ |
20 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base64_inc.js
secure.ogone.com/ncol/prod/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wait_turn.gif
secure.ogone.com/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_170x92.png
mypost.israelpost.co.il/media/1490/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Transportation (Transportation)100 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| ncolwaitwindow number| ncolwaitwindowopen function| ShowWaitMsg function| my_submitAndWait function| justWait function| close_ncol_wait function| Class function| trustHTML object| OGONE function| createHiddenInput number| js_version function| ddValue function| valueIsUndefined function| strReplace function| Convert2Float function| isNumber function| isInt function| containsNoN function| are2Numbers function| xor function| FormFieldsA function| DependenciesA function| FieldDescriptor function| evalFormFields function| isValidEMail function| isValidUrl function| isValidSIC function| checkCCValid_Short function| checkCCValid function| my_submitAndDisable function| my_submit function| getInfoBrandFromCardNb function| Is_cvcOK function| evalFormFieldsN function| checkEMail function| checkEmailInput function| checkEMailECML function| checkCVCAndPresInd string| AlertMSG_109 string| AlertMSG_110 string| AlertMSG_173 string| AlertMSG_1205 string| AlertMSG_111 string| AlertERR_907 string| AlertERR_95 string| AlertERR_96 number| G_lsu function| my_valscript number| cvc_NbrFormFields string| arrcvc string| arrDispCVCFlag object| formFields function| ClearForm function| getNavigatorPlatform function| getNavigatorOsCpu function| getNavigatorUserAgent function| getNavigatorAppName function| getNavigatorAppVersion function| getNavigatorPluginFnames function| getNavigatorPluginDescs function| addPluginDescForIe function| getAdobeReaderVerForIe function| getFlashPlayerVerForIe function| getQuickTimePlayerVerForIe function| getRealPlayerVerForIe function| getShockwavePlayerVerForIe function| getWinMediaPlayerVerForIe function| getNavigatorMimeTypes function| submitForm function| getCurDateTime function| getJsVersion undefined| g_commonHdAr undefined| g_ieHdAr function| fillHdFromMultiDimArHd function| getHdForDirectPostFromMultiDimArHd function| createMultiDimArHd function| addElInMultiDimArHd function| getHdForDirectPost function| fillMultiDimArHd function| fillHdJs function| grabFocus function| javaStatus function| flashStatus function| javaPostException function| javaCaptureException function| flashPostException function| javaCapture function| flashCapture number| g_iWaitPer object| g_dStartSubmit function| isJavaStsOk function| isJavaStsOk2 function| waitDuring function| isMSIE function| ieComponentVersion function| probeActiveX function| probeMimeTypesForJava function| detectJava function| javaVersion object| Base640 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.imgur.com
metaswap.ai
mypost.israelpost.co.il
secure.ogone.com
www.post-israel.phone-llc.com
146.75.120.193
185.139.247.114
2606:4700:3032::ac43:afea
66.22.35.41
67.203.7.25
20452258ecbbfc7bc63881cf227bc13dca2fd55a1d7514eeb2b397ebc78be6a7
361bdbba5e1024e9b1f94672656ee493bb593c88680b88e89902350686dcd0e5
3884395f6775c6ecbe466725eaa22ebaaa88dc3ad79bb4b81db6cf5914c16ee2
4a4c2721d21ae8f0e6def654b3d3ac6cfe4771c7a0d99bb23dced17ee571e1e9
59b66845812b0f601bd3212774a8982a9aaf6d82074e258ea951e2465fad5407
75667c8241a0ed2ecb1951ad44a784530693c37b136abad2e462a1f449923751
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
8eab0a98668e768f47e03deb52480d8fff2b6a0ef6d49e29b23646fb0af27f06
d8577728301dbbf96a0561220efdb10f2c6980b3203d159c5d92bdfe7ab570f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb22f0ecba843859d810ce48c261e33337cf9164bf88953d09b653fd3fd663e8