ccnhb.co.za Open in urlscan Pro
154.0.162.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ccnhb.co.za/00::/tyme/
Submission: On December 22 via automatic, source phishtank (December 22nd 2021, 10:09:41 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 154.0.162.214, located in South Africa and belongs to Afrihost, ZA. The main domain is ccnhb.co.za.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 20th 2021. Valid for: 3 months.

This is the only time ccnhb.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TymeBank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
4	154.0.162.214 154.0.162.214		37611 (Afrihost) (Afrihost)
9	2

4 154.0.162.214 (South Africa)

ASN37611 (Afrihost, ZA)
PTR: spiderwick.aserv.co.za

ccnhb.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ccnhb.co.za ccnhb.co.za	225 KB
0	tymedigital.co.za Failed bank.tymedigital.co.za Failed
9	2

	Domain	Requested by
4	ccnhb.co.za	ccnhb.co.za
0	bank.tymedigital.co.za Failed	ccnhb.co.za
9	2

This site contains links to these domains. Also see Links.

Domain
activation.tymedigital.co.za
register.tymedigital.co.za
www.tymebank.co.za

Subject Issuer	Validity	Valid
ccnhb.co.za cPanel, Inc. Certification Authority	`2021-12-20` - `2022-03-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ccnhb.co.za/00::/tyme/
Frame ID: A14B0B652964FBA74CC700503A9A4663
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Internet BankingLogo/TymeBank/Primary/Whitelogo_TymeDigital

Page Statistics

9
Requests

44 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

225 kB
Transfer

544 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://activation.tymedigital.co.za/reset-credentials
Title: Forgot your password or login PIN?

Search URL Search Domain Scan URL

URL: https://activation.tymedigital.co.za/
Title: Already a TymeBank customer but new to Internet Banking? Click here

Search URL Search Domain Scan URL

URL: https://register.tymedigital.co.za/
Title: Open an account in under 5 mins

Search URL Search Domain Scan URL

URL: https://www.tymebank.co.za/help-support/
Title: Contact us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ccnhb.co.za/00::/tyme/ 61 KB
18 KB 935ms
393ms Document
text/html 154.0.162.214
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL

https://ccnhb.co.za/00::/tyme/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.0.162.214 , South Africa, ASN37611 (Afrihost, ZA),

Reverse DNS

spiderwick.aserv.co.za

Software

nginx /

Resource Hash

1382b1f9af016872ea35302624d9601fc3214fd68b1adf726a15cd427602e3d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Wed, 22 Dec 2021 22:09:35 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 16 Dec 2021 04:27:52 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: nginx-ah
content-encoding: gzip

GET icon
ccnhb.co.za/00::/tyme/digital_files/ 0
0

GET
H2 200 37.923f665a.chunk.css
ccnhb.co.za/00::/tyme/digital_files/ 114 KB
20 KB 205ms
204ms Stylesheet
text/css 154.0.162.214
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL

https://ccnhb.co.za/00::/tyme/digital_files/37.923f665a.chunk.css

Requested by

Host: ccnhb.co.za
URL: https://ccnhb.co.za/00::/tyme/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.0.162.214 , South Africa, ASN37611 (Afrihost, ZA),

Reverse DNS

spiderwick.aserv.co.za

Software

nginx /

Resource Hash

6e4cf77bab931ac66a55c44659e2692e4cc90c9a872f5b86c96283ffbc1c50b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ccnhb.co.za/00::/tyme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 22:09:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Apr 2021 07:53:22 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
expires: Fri, 21 Jan 2022 22:09:35 GMT
cache-control: max-age=2592000
x-server-powered-by: nginx-ah
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: HIT

GET
H2 200 main.97e2aa19.chunk.css
ccnhb.co.za/00::/tyme/digital_files/ 214 KB
33 KB 395ms
395ms Stylesheet
text/css 154.0.162.214
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL

https://ccnhb.co.za/00::/tyme/digital_files/main.97e2aa19.chunk.css

Requested by

Host: ccnhb.co.za
URL: https://ccnhb.co.za/00::/tyme/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.0.162.214 , South Africa, ASN37611 (Afrihost, ZA),

Reverse DNS

spiderwick.aserv.co.za

Software

nginx /

Resource Hash

41e35bc4730764bb43d3465b1969060520b490b4cda2daea8d42c4f3c3698081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ccnhb.co.za/00::/tyme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 22:09:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Apr 2021 07:53:22 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
expires: Fri, 21 Jan 2022 22:09:36 GMT
cache-control: max-age=2592000
x-server-powered-by: nginx-ah
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: HIT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66884707c556b4cd6caa4792bc15a2e04e1237f59f1b9d04af3e8ef63fa1baa8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 login-bg.73bbe666.jpg
ccnhb.co.za/00::/tyme/digital_files/ 154 KB
155 KB 215ms
215ms Image
image/jpeg 154.0.162.214
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ccnhb.co.za/00::/tyme/digital_files/login-bg.73bbe666.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.0.162.214 , South Africa, ASN37611 (Afrihost, ZA),

Reverse DNS

spiderwick.aserv.co.za

Software

nginx /

Resource Hash

3421f8e6cf80d358f9b06ff1911a349996b4cb6daf2e4f5c28e22975341367fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ccnhb.co.za/00::/tyme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 22:09:36 GMT
x-content-type-options: nosniff
last-modified: Sat, 02 Oct 2021 06:41:42 GMT
server: nginx
content-type: image/jpeg
expires: Sun, 20 Feb 2022 22:09:36 GMT
cache-control: max-age=5184000
x-server-powered-by: nginx-ah
accept-ranges: bytes
content-length: 158084
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: HIT

GET helveticaneue-thin-webfont.77657056.woff
bank.tymedigital.co.za/static/media/ 0
0

GET HelveticaNeue-Light.57036bf2.woff
bank.tymedigital.co.za/static/media/ 0
0

GET HelveticaNeue-Light.0a4d37b2.ttf
bank.tymedigital.co.za/static/media/ 0
0

GET helveticaneue-thin-webfont.aad847b7.ttf
bank.tymedigital.co.za/static/media/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ccnhb.co.za
URL: https://ccnhb.co.za/00::/tyme/digital_files/icon

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.77657056.woff

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.57036bf2.woff

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.0a4d37b2.ttf

Domain: bank.tymedigital.co.za
URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.aad847b7.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TymeBank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://ccnhb.co.za/00::/tyme/ Message: Refused to apply style from 'https://ccnhb.co.za/00::/tyme/digital_files/icon' because its MIME type ('') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
javascript	error	URL: https://ccnhb.co.za/00::/tyme/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.57036bf2.woff' from origin 'https://ccnhb.co.za' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.57036bf2.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ccnhb.co.za/00::/tyme/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.77657056.woff' from origin 'https://ccnhb.co.za' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.77657056.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ccnhb.co.za/00::/tyme/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.aad847b7.ttf' from origin 'https://ccnhb.co.za' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/helveticaneue-thin-webfont.aad847b7.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ccnhb.co.za/00::/tyme/ Message: Access to font at 'https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.0a4d37b2.ttf' from origin 'https://ccnhb.co.za' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.tymedigital.co.za/static/media/HelveticaNeue-Light.0a4d37b2.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.tymedigital.co.za
ccnhb.co.za
bank.tymedigital.co.za
ccnhb.co.za
154.0.162.214
1382b1f9af016872ea35302624d9601fc3214fd68b1adf726a15cd427602e3d4
3421f8e6cf80d358f9b06ff1911a349996b4cb6daf2e4f5c28e22975341367fb
41e35bc4730764bb43d3465b1969060520b490b4cda2daea8d42c4f3c3698081
66884707c556b4cd6caa4792bc15a2e04e1237f59f1b9d04af3e8ef63fa1baa8
6e4cf77bab931ac66a55c44659e2692e4cc90c9a872f5b86c96283ffbc1c50b5

ccnhb.co.za Open in urlscan Pro 154.0.162.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

44 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

225 kBTransfer

544 kBSize

0 Cookies

4 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

9 Console Messages

Security Headers

Indicators

ccnhb.co.za Open in urlscan Pro
154.0.162.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

44 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

225 kB
Transfer

544 kB
Size

0
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!