correcol.co - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 198.71.53.89, located in United States and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is correcol.co.
TLS certificate: Issued by R3 on January 3rd 2023. Valid for: 3 months.

This is the only time correcol.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	81.169.158.60 81.169.158.60	6724 (STRATO ST...) (STRATO STRATO AG)
5	198.71.53.89 198.71.53.89	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	3

1 81.169.158.60 (Germany)

ASN6724 (STRATO STRATO AG, DE)
PTR: h2952531.stratoserver.net

login365.ti-ciberseguridad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 198.71.53.89 (United States)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

correcol.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	correcol.co correcol.co	1 MB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	18 KB
1	ti-ciberseguridad.com login365.ti-ciberseguridad.com	479 B
7	3

	Domain	Requested by
5	correcol.co	correcol.co
1	cdnjs.cloudflare.com	correcol.co
1	login365.ti-ciberseguridad.com
7	3

This site contains links to these domains. Also see Links.

Domain
correcol.com

Subject Issuer	Validity	Valid
email.correcol.co R3	`2022-12-26` - `2023-03-26`	3 months	crt.sh
correcol.co R3	`2023-01-03` - `2023-04-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://correcol.co/index.html
Frame ID: 66B2E145537AF13A5EF488D65CAD0798
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión

Page URL History Show full URLs

https://login365.ti-ciberseguridad.com/?correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=... Page URL
https://correcol.co/index.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

7
Requests

86 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1290 kB
Transfer

1430 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://correcol.com/
Title: ¿No puede acceder a su cuenta?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://login365.ti-ciberseguridad.com/?correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correo=ODQ6NTI6Nzc2MDkxNDA2NjA4NjgxMjUzNjkwMTIzNDU3OTk2MDA5ODc2NTQzMjEyMzQ1Njc4OTA5ODc2NTQzMjEyMzQ1Njc4OTA5ODc2NTQzMjM0NTY3ODk4NzY1NDM0NTY3ODc4OTA3ODkzMjE3ODkwMzIxNDU2NDMyNzg5MzI1Njc0MzI4OTAzMjY3ODMyNjc4MjE3ODkzMDI3 Page URL
https://correcol.co/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
login365.ti-ciberseguridad.com/ 198 B
479 B 609ms
16ms Document
text/html 81.169.158.60
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://login365.ti-ciberseguridad.com/?correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correo=ODQ6NTI6Nzc2MDkxNDA2NjA4NjgxMjUzNjkwMTIzNDU3OTk2MDA5ODc2NTQzMjEyMzQ1Njc4OTA5ODc2NTQzMjEyMzQ1Njc4OTA5ODc2NTQzMjM0NTY3ODk4NzY1NDM0NTY3ODc4OTA3ODkzMjE3ODkwMzIxNDU2NDMyNzg5MzI1Njc0MzI4OTAzMjY3ODMyNjc4MjE3ODkzMDI3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 81.169.158.60 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: h2952531.stratoserver.net
Software: Apache /
Resource Hash: a8c657174ecb6e25589c07ad2d0f81a9274b264b4118b757b9d57817f5526e4e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 159
Content-Type: text/html
Date: Wed, 22 Feb 2023 01:23:29 GMT
ETag: "c6-5ecede17925f3-gzip"
Keep-Alive: timeout=5, max=100
Last-Modified: Tue, 08 Nov 2022 04:21:57 GMT
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK Primary Request index.html Show response
correcol.co/ 2 KB
1 KB 758ms
123ms Document
text/html 198.71.53.89
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://correcol.co/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 198.71.53.89 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 25a390592714e9d39006e357a7b1e7df7cd500d9e57d714b01a09d5664f7f628

Request headers

Referer: https://login365.ti-ciberseguridad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 947
Content-Type: text/html; charset=UTF-8
Date: Wed, 22 Feb 2023 01:23:31 GMT
ETag: "8f8-5ece62fb09cb5-gzip"
Keep-Alive: timeout=5, max=100
Last-Modified: Mon, 07 Nov 2022 19:11:10 GMT
Server: Apache
Vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/ 157 KB
18 KB 53ms
23ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css

Requested by

Host: correcol.co
URL: https://correcol.co/index.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://correcol.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 01:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 444436
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17522
last-modified: Tue, 12 May 2020 17:56:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ebae359-27293"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WN9jCGdRT4sRRt5YNeFdi20m6kM%2Fd0yqRsfPTTB9Njtq7U9%2FZ91WmJNClo3z0AQmj%2BDRRbV0iZ1%2BHv709HsKQYWEqJsh1hQcEYqekobjk93h1eodU%2Bv6PfimezUnAAhMSbn7XdqrpHeVUJIGepIyWx%2FH"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79d3eabccb093722-FRA
expires: Mon, 12 Feb 2024 01:23:31 GMT

GET
H/1.1 200
OK styles.min.css
correcol.co/css/ 2 KB
917 B 123ms
123ms Stylesheet
text/css 198.71.53.89
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://correcol.co/css/styles.min.css
Requested by: Host: correcol.co
URL: https://correcol.co/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 198.71.53.89 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2f6094c8731ced6feefe60e3bec2accb416f88fbce7f4791a3365bdc71818fa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://correcol.co/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Wed, 22 Feb 2023 01:23:31 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Nov 2022 16:07:33 GMT
Server: Apache
ETag: "746-5ece39f0b212f-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 598

GET
H/1.1 200
OK logo.svg
correcol.co/img/ 4 KB
4 KB 127ms
126ms Image
image/svg+xml 198.71.53.89
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://correcol.co/img/logo.svg
Requested by: Host: correcol.co
URL: https://correcol.co/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 198.71.53.89 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://correcol.co/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Wed, 22 Feb 2023 01:23:32 GMT
Last-Modified: Mon, 07 Nov 2022 02:52:01 GMT
Server: Apache
ETag: "e43-5ecd881fdad53"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3651

GET
H/1.1 200
OK key.png
correcol.co/img/ 597 B
865 B 230ms
123ms Image
image/png 198.71.53.89
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://correcol.co/img/key.png
Requested by: Host: correcol.co
URL: https://correcol.co/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 198.71.53.89 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5c2ec64938c32a299c2a079c800bf008c6788abd5b6673e889f81e7abaac17a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://correcol.co/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Wed, 22 Feb 2023 01:23:32 GMT
Last-Modified: Mon, 07 Nov 2022 13:51:14 GMT
Server: Apache
ETag: "255-5ece1b781768a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 597

GET
H/1.1 200
OK background.png
correcol.co/img/ 1 MB
1 MB 143ms
126ms Image
image/png 198.71.53.89
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://correcol.co/img/background.png
Requested by: Host: correcol.co
URL: https://correcol.co/css/styles.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 198.71.53.89 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 24c68a968e99d841f446d6953d3eb15109b286de77fbbaf60a0577375d0d9a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://correcol.co/css/styles.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Wed, 22 Feb 2023 01:23:32 GMT
Last-Modified: Mon, 07 Nov 2022 02:52:01 GMT
Server: Apache
ETag: "13c247-5ecd881fdad53"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1294919

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
correcol.co
login365.ti-ciberseguridad.com
198.71.53.89
2606:4700::6811:180e
81.169.158.60
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
24c68a968e99d841f446d6953d3eb15109b286de77fbbaf60a0577375d0d9a16
25a390592714e9d39006e357a7b1e7df7cd500d9e57d714b01a09d5664f7f628
2f6094c8731ced6feefe60e3bec2accb416f88fbce7f4791a3365bdc71818fa2
5c2ec64938c32a299c2a079c800bf008c6788abd5b6673e889f81e7abaac17a6
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
a8c657174ecb6e25589c07ad2d0f81a9274b264b4118b757b9d57817f5526e4e

correcol.co Open in urlscan Pro 198.71.53.89 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1290 kBTransfer

1430 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

correcol.co Open in urlscan Pro
198.71.53.89 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1290 kB
Transfer

1430 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!