vitinhmxc.vn Open in urlscan Pro
42.112.30.39 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://vitinhmxc.vn/tyme/tyme_updates/
Submission Tags: 7459959
Submission: On March 08 via api (March 8th 2022, 2:36:19 pm UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 42.112.30.39, located in Hanoi, Viet Nam and belongs to FPT-AS-AP The Corporation for Financing & Promoting Technology, VN. The main domain is vitinhmxc.vn.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 6th 2022. Valid for: 3 months.

This is the only time vitinhmxc.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TymeBank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	42.112.30.39 42.112.30.39		18403 (FPT-AS-AP...) (FPT-AS-AP The Corporation for Financing & Promoting Technology)
9	2

5 42.112.30.39 (Hanoi, Viet Nam)

ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)
PTR: 3039.hostingviet.vn

vitinhmxc.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	vitinhmxc.vn vitinhmxc.vn	220 KB
0	tymedigital.co.za Failed bank.tymedigital.co.za Failed
9	2

	Domain	Requested by
5	vitinhmxc.vn	vitinhmxc.vn
0	bank.tymedigital.co.za Failed	vitinhmxc.vn
9	2

This site contains links to these domains. Also see Links.

Domain
activation.tymedigital.co.za
register.tymedigital.co.za
www.tymebank.co.za

Subject Issuer	Validity	Valid
vitinhmxc.vn cPanel, Inc. Certification Authority	`2022-02-06` - `2022-05-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vitinhmxc.vn/tyme/tyme_updates/
Frame ID: BBB6B96A1106224067EC2B591D7E14AE
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Internet BankingLogo/TymeBank/Primary/Whitelogo_TymeDigital

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

220 kB
Transfer

545 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://activation.tymedigital.co.za/reset-credentials
Title: Forgot your password or login PIN?

Search URL Search Domain Scan URL

URL: https://activation.tymedigital.co.za/
Title: Already a TymeBank customer but new to Internet Banking? Click here

Search URL Search Domain Scan URL

URL: https://register.tymedigital.co.za/
Title: Open an account in under 5 mins

Search URL Search Domain Scan URL

URL: https://www.tymebank.co.za/help-support/
Title: Contact us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response vitinhmxc.vn/tyme/tyme_updates/	61 KB 16 KB	930ms 204ms	Document text/html	42.112.30.39 FPT-AS-AP The Cor...
General Check archive.org Show headers Download Go to Full URL https://vitinhmxc.vn/tyme/tyme_updates/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 42.112.30.39 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN), Reverse DNS 3039.hostingviet.vn Software LiteSpeed / Resource Hash `1382b1f9af016872ea35302624d9601fc3214fd68b1adf726a15cd427602e3d4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers cache-control public, max-age=1 expires Tue, 08 Mar 2022 14:36:12 GMT content-type text/html last-modified Wed, 15 Dec 2021 23:27:52 GMT accept-ranges bytes content-encoding br vary Accept-Encoding content-length 16493 date Tue, 08 Mar 2022 14:36:11 GMT server LiteSpeed
GET H2	200	icon vitinhmxc.vn/tyme/tyme_updates/digital_files/	568 B 639 B	207ms 203ms	Stylesheet application/octet-stream	42.112.30.39 FPT-AS-AP The Cor...
General Check archive.org Show headers Download Go to Full URL https://vitinhmxc.vn/tyme/tyme_updates/digital_files/icon Requested by Host: vitinhmxc.vn URL: https://vitinhmxc.vn/tyme/tyme_updates/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 42.112.30.39 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN), Reverse DNS 3039.hostingviet.vn Software LiteSpeed / Resource Hash `280c8e958a665794324eec504e10de82e9ac4207b9caad7ee19c9006de8127a8` Request headers Accept-Language de-DE,de;q=0.9 Referer https://vitinhmxc.vn/tyme/tyme_updates/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 14:36:11 GMT last-modified Tue, 20 Apr 2021 02:53:22 GMT server LiteSpeed content-type application/octet-stream cache-control public, max-age=1 accept-ranges bytes content-length 568 expires Tue, 08 Mar 2022 14:36:12 GMT
GET H2	200	37.923f665a.chunk.css vitinhmxc.vn/tyme/tyme_updates/digital_files/	114 KB 18 KB	207ms 203ms	Stylesheet text/css	42.112.30.39 FPT-AS-AP The Cor...
General Check archive.org Show headers Download Go to Full URL https://vitinhmxc.vn/tyme/tyme_updates/digital_files/37.923f665a.chunk.css Requested by Host: vitinhmxc.vn URL: https://vitinhmxc.vn/tyme/tyme_updates/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 42.112.30.39 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN), Reverse DNS 3039.hostingviet.vn Software LiteSpeed / Resource Hash `6e4cf77bab931ac66a55c44659e2692e4cc90c9a872f5b86c96283ffbc1c50b5` Request headers Accept-Language de-DE,de;q=0.9 Referer https://vitinhmxc.vn/tyme/tyme_updates/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 14:36:11 GMT content-encoding br last-modified Tue, 20 Apr 2021 02:53:22 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=7776000 accept-ranges bytes content-length 18185 expires Mon, 06 Jun 2022 14:36:11 GMT
GET H2	200	main.97e2aa19.chunk.css vitinhmxc.vn/tyme/tyme_updates/digital_files/	214 KB 30 KB	406ms 402ms	Stylesheet text/css	42.112.30.39 FPT-AS-AP The Cor...
General Check archive.org Show headers Download Go to Full URL https://vitinhmxc.vn/tyme/tyme_updates/digital_files/main.97e2aa19.chunk.css Requested by Host: vitinhmxc.vn URL: https://vitinhmxc.vn/tyme/tyme_updates/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 42.112.30.39 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN), Reverse DNS 3039.hostingviet.vn Software LiteSpeed / Resource Hash `41e35bc4730764bb43d3465b1969060520b490b4cda2daea8d42c4f3c3698081` Request headers Accept-Language de-DE,de;q=0.9 Referer https://vitinhmxc.vn/tyme/tyme_updates/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 14:36:11 GMT content-encoding br last-modified Tue, 20 Apr 2021 02:53:22 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=7776000 accept-ranges bytes content-length 30972 expires Mon, 06 Jun 2022 14:36:11 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `66884707c556b4cd6caa4792bc15a2e04e1237f59f1b9d04af3e8ef63fa1baa8` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	200	login-bg.73bbe666.jpg vitinhmxc.vn/tyme/tyme_updates/digital_files/	154 KB 155 KB	200ms 200ms	Image image/jpeg	42.112.30.39 FPT-AS-AP The Cor...
General Check archive.org Show headers Download Go to Show image Full URL https://vitinhmxc.vn/tyme/tyme_updates/digital_files/login-bg.73bbe666.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 42.112.30.39 Hanoi, Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN), Reverse DNS 3039.hostingviet.vn Software LiteSpeed / Resource Hash `3421f8e6cf80d358f9b06ff1911a349996b4cb6daf2e4f5c28e22975341367fb` Request headers Accept-Language de-DE,de;q=0.9 Referer https://vitinhmxc.vn/tyme/tyme_updates/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 08 Mar 2022 14:36:12 GMT last-modified Sat, 02 Oct 2021 01:41:42 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=7776000 accept-ranges bytes content-length 158084 expires Mon, 06 Jun 2022 14:36:12 GMT
GET		helveticaneue-thin-webfont.77657056.woff bank.tymedigital.co.za/static/media/	0 0

GET		HelveticaNeue-Light.57036bf2.woff bank.tymedigital.co.za/static/media/	0 0

GET		helveticaneue-thin-webfont.aad847b7.ttf bank.tymedigital.co.za/static/media/	0 0

GET		HelveticaNeue-Light.0a4d37b2.ttf bank.tymedigital.co.za/static/media/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.77657056.woff

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.57036bf2.woff

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.aad847b7.ttf

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.0a4d37b2.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TymeBank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://vitinhmxc.vn/tyme/tyme_updates/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.77657056.woff' from origin 'https://vitinhmxc.vn' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.77657056.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://vitinhmxc.vn/tyme/tyme_updates/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.57036bf2.woff' from origin 'https://vitinhmxc.vn' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.57036bf2.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://vitinhmxc.vn/tyme/tyme_updates/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.aad847b7.ttf' from origin 'https://vitinhmxc.vn' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.aad847b7.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://vitinhmxc.vn/tyme/tyme_updates/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.0a4d37b2.ttf' from origin 'https://vitinhmxc.vn' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.0a4d37b2.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.tymedigital.co.za
vitinhmxc.vn
bank.tymedigital.co.za
42.112.30.39
1382b1f9af016872ea35302624d9601fc3214fd68b1adf726a15cd427602e3d4
280c8e958a665794324eec504e10de82e9ac4207b9caad7ee19c9006de8127a8
3421f8e6cf80d358f9b06ff1911a349996b4cb6daf2e4f5c28e22975341367fb
41e35bc4730764bb43d3465b1969060520b490b4cda2daea8d42c4f3c3698081
66884707c556b4cd6caa4792bc15a2e04e1237f59f1b9d04af3e8ef63fa1baa8
6e4cf77bab931ac66a55c44659e2692e4cc90c9a872f5b86c96283ffbc1c50b5

vitinhmxc.vn Open in urlscan Pro 42.112.30.39 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

56 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

220 kBTransfer

545 kBSize

0 Cookies

4 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

vitinhmxc.vn Open in urlscan Pro
42.112.30.39 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

220 kB
Transfer

545 kB
Size

0
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!