www.toshibafix.com Open in urlscan Pro
142.44.139.178  Malicious Activity! Public Scan

URL: https://www.toshibafix.com/000/
Submission: On September 09 via automatic, source phishtank — Scanned from CA

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 142.44.139.178, located in Canada and belongs to OVH, FR. The main domain is www.toshibafix.com.
TLS certificate: Issued by R3 on August 22nd 2022. Valid for: 3 months.
This is the only time www.toshibafix.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Itau (Banking)

Domain & IP information

IP Address AS Autonomous System
7 142.44.139.178 16276 (OVH)
7 1
Apex Domain
Subdomains
Transfer
7 toshibafix.com
www.toshibafix.com
141 KB
7 1
Domain Requested by
7 www.toshibafix.com www.toshibafix.com
7 1

This site contains no links.

Subject Issuer Validity Valid
*.toshibafix.com
R3
2022-08-22 -
2022-11-20
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.toshibafix.com/000/
Frame ID: 5A8C0AA8529A18FE850CFF647496D366
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Inicio

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

141 kB
Transfer

270 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.toshibafix.com/000/
7 KB
2 KB
Document
General
Full URL
https://www.toshibafix.com/000/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
dd5d1067ca3df61d4adc2d91dad6e40b2f52f79ba3252ec23e506ee21a3771ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Fri, 09 Sep 2022 17:59:31 GMT
last-modified
Wed, 07 Sep 2022 16:07:40 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-nginx-upstream-cache-status
EXPIRED
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
lgn.css
www.toshibafix.com/000/ff/
144 KB
20 KB
Stylesheet
General
Full URL
https://www.toshibafix.com/000/ff/lgn.css
Requested by
Host: www.toshibafix.com
URL: https://www.toshibafix.com/000/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
d33641dafd133ef4dfecc4bfac495e557609c852d67e1f19468d7233190034b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.toshibafix.com/000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 17:59:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 07 Sep 2022 16:08:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
expires
Sun, 09 Oct 2022 17:59:31 GMT
cache-control
max-age=2592000
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
STALE
LOGO_ita.png
www.toshibafix.com/000/ff/
44 KB
44 KB
Image
General
Full URL
https://www.toshibafix.com/000/ff/LOGO_ita.png
Requested by
Host: www.toshibafix.com
URL: https://www.toshibafix.com/000/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
3aff6206d924c35025b595d4876ee279d1519269999e066aa8ffc41189050527
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.toshibafix.com/000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 17:59:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 07 Sep 2022 16:08:05 GMT
server
nginx
content-type
image/png
expires
Tue, 08 Nov 2022 17:59:31 GMT
cache-control
max-age=5184000
x-server-powered-by
Engintron
accept-ranges
bytes
content-length
44615
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
STALE
bottom.png
www.toshibafix.com/000/ff/
28 KB
29 KB
Image
General
Full URL
https://www.toshibafix.com/000/ff/bottom.png
Requested by
Host: www.toshibafix.com
URL: https://www.toshibafix.com/000/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
76460e705cc668b3f517809abed94e599230b18e920d2d865f52f54aa76b7ede
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.toshibafix.com/000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 17:59:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 07 Sep 2022 16:08:04 GMT
server
nginx
content-type
image/png
expires
Tue, 08 Nov 2022 17:59:31 GMT
cache-control
max-age=5184000
x-server-powered-by
Engintron
accept-ranges
bytes
content-length
29061
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
STALE
air-blog.jpg
www.toshibafix.com/000/ff/
28 KB
28 KB
Image
General
Full URL
https://www.toshibafix.com/000/ff/air-blog.jpg
Requested by
Host: www.toshibafix.com
URL: https://www.toshibafix.com/000/ff/lgn.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
530450c99b610df9f0e84a708d7fb384e2c28ad8b9b0f05a948510b5f1cd76d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.toshibafix.com/000/ff/lgn.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 17:59:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 07 Sep 2022 16:08:04 GMT
server
nginx
content-type
image/jpeg
expires
Tue, 08 Nov 2022 17:59:31 GMT
cache-control
max-age=5184000
x-server-powered-by
Engintron
accept-ranges
bytes
content-length
28412
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
STALE
requerido_ban.png
www.toshibafix.com/000/login/css/custom-theme/images/
19 KB
19 KB
Image
General
Full URL
https://www.toshibafix.com/000/login/css/custom-theme/images/requerido_ban.png
Requested by
Host: www.toshibafix.com
URL: https://www.toshibafix.com/000/ff/lgn.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
df313bb939984d075b1abc619823feed0deca2b089d2c884a44f0b6899905f3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.toshibafix.com/000/ff/lgn.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 17:59:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
link
<https://www.toshibafix.com/wp-json/>; rel="https://api.w.org/"
x-xss-protection
1; mode=block
OpenSans.woff
www.toshibafix.com/000/Fonts/
0
0
Font
General
Full URL
https://www.toshibafix.com/000/Fonts/OpenSans.woff
Requested by
Host: www.toshibafix.com
URL: https://www.toshibafix.com/000/ff/lgn.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.44.139.178 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns552909.ip-142-44-139.net
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.toshibafix.com/000/ff/lgn.css
Origin
https://www.toshibafix.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 17:59:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
link
<https://www.toshibafix.com/wp-json/>; rel="https://api.w.org/"
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Itau (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| soloNumeros

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://www.toshibafix.com/000/login/css/custom-theme/images/requerido_ban.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.toshibafix.com/000/Fonts/OpenSans.woff
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block