payfast.toromanufa.org
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://payfast.toromanufa.org/
Submission Tags: @phishunt_io
Submission: On March 15 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 9th 2024. Valid for: 3 months.
This is the only time payfast.toromanufa.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3033::6815:5109 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE) | |
29 | 7 |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
toromanufa.org
payfast.toromanufa.org |
303 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1144 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2970 |
28 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 390 |
30 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 746 |
24 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 253 |
7 KB |
1 |
rdirrct-w.com
netflix.rdirrct-w.com |
521 B |
29 | 6 |
Domain | Requested by | |
---|---|---|
19 | payfast.toromanufa.org |
payfast.toromanufa.org
|
1 | stackpath.bootstrapcdn.com |
payfast.toromanufa.org
|
1 | ajax.googleapis.com |
payfast.toromanufa.org
|
1 | maxcdn.bootstrapcdn.com |
payfast.toromanufa.org
|
1 | code.jquery.com |
payfast.toromanufa.org
|
1 | cdnjs.cloudflare.com |
payfast.toromanufa.org
|
1 | netflix.rdirrct-w.com | |
29 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rdirrct-w.com GTS CA 1P5 |
2024-03-09 - 2024-06-07 |
3 months | crt.sh |
toromanufa.org GTS CA 1P5 |
2024-03-09 - 2024-06-07 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://payfast.toromanufa.org/
Frame ID: 616E7E47A303071E0D3E0483F6FA84BF
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
PayFast - Login to Your Account | PayFastPage URL History Show full URLs
- https://netflix.rdirrct-w.com/ Page URL
- https://payfast.toromanufa.org/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://netflix.rdirrct-w.com/ Page URL
- https://payfast.toromanufa.org/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
netflix.rdirrct-w.com/ |
75 B 521 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
payfast.toromanufa.org/ |
66 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
payfast.toromanufa.org/css/ |
287 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
payfast_logo.svg
payfast.toromanufa.org/img/ |
8 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
drop_btn.png
payfast.toromanufa.org/img/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side_btn.png
payfast.toromanufa.org/img/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
syt.gif
payfast.toromanufa.org/img/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssl_lock.png
payfast.toromanufa.org/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssl_lock.png
payfast.toromanufa.org/index_files/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cc-cvv-small.png
payfast.toromanufa.org/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cc-cvv-big.png
payfast.toromanufa.org/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
entrust_site_seal_small.png
payfast.toromanufa.org/img/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loadapp.css
payfast.toromanufa.org/css/ |
544 KB 76 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
secured.gif
payfast.toromanufa.org/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
online-security2.jpg
payfast.toromanufa.org/img/ |
28 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img4.gif
payfast.toromanufa.org/img/ |
59 KB 59 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
payfast.toromanufa.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
syt.gif
payfast.toromanufa.org/img/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ssl_lock.png
payfast.toromanufa.org/index_files/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
open-sans-v17-latin-regular.woff2
payfast.toromanufa.org/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Lato-Bold.woff2
payfast.toromanufa.org/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-SemiBold.woff2
payfast.toromanufa.org/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
webfa-duotone-900.woff2
payfast.toromanufa.org/fonts/vendor/@fortawesome/fontawesome-pro/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Bold.woff
payfast.toromanufa.org/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- payfast.toromanufa.org
- URL
- https://payfast.toromanufa.org/fonts/open-sans-v17-latin-regular.woff2?33543c5cc5d88f5695dd08c87d280dfd
- Domain
- payfast.toromanufa.org
- URL
- https://payfast.toromanufa.org/fonts/OpenSans-SemiBold.woff2?9270ef76ecf19291853f2091bbf747c1
- Domain
- payfast.toromanufa.org
- URL
- https://payfast.toromanufa.org/fonts/vendor/@fortawesome/fontawesome-pro/webfa-duotone-900.woff2?d03e9c2b44ce4ad169037070c1faf2d1
- Domain
- payfast.toromanufa.org
- URL
- https://payfast.toromanufa.org/fonts/Lato-Bold.woff?d32dfc9e538f7555be38690d19b8796d
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Popper function| $ function| jQuery object| bootstrap string| rdrt string| f0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
netflix.rdirrct-w.com
payfast.toromanufa.org
stackpath.bootstrapcdn.com
payfast.toromanufa.org
2606:4700:3033::6815:5109
2606:4700::6811:180e
2606:4700::6812:acf
2a00:1450:4001:81c::200a
2a04:4e42::649
2a06:98c1:3121::3
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0d9900975d8964e99244844ec0bda4cea48c641c23d1f570eb88b7338d469ab9
114e3bc2a0f9b43eba8000540915c6942b598902ad255f7831b089ed1cd8f13e
18af5ee9b4e7a770a5c3602f0a753ab2cd4017eeca593391d239f132bd80c95c
20c86d31ec83a76967ce9b7ce8220eb125f825f95712b1072cabd1393d45da6c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
403bf0771475156bac8182af1ad5d27a786688151cafdf5e774ab96ccb3b73c9
50ded9570fa6f2a244d56fb49094b56bbe1026bb59ccf22b9b333b1697d4c46c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
70155eed2d59bdc811d6d763e81dea308840d5ffd4437a6ce58e832de53f3f8d
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a5686924e481e85be3c7d6d627cd42b0354dca861d99a835986a14963501e2fd
b8b6d7d9f072eaa0bef5dd33d015fdfb78541d79aa8aacea064f915ca2c78398
c26efb93544856806cead9c22021a7ea48ca034bafeb8a471c948bee6e490db1
c399c0d0bc5b2d6cafb63d4218e38f81ea8f15216687643e34ddf1a5c48e15f9
ccb0a1e8928cf8f65da688fed1ff262eb74844c136fb2f6ea57519c6a70d864f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d912af5d319b197272547ff983c1b5f7b22661e03969621c2e3d1f255824b1f2
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b