![](/screenshots/8c040a9b-210d-4029-8124-6cbeeb8fc4d4.png)
correcol.co
Open in
urlscan Pro
198.71.53.89
Malicious Activity!
Public Scan
Effective URL: https://correcol.co/index.html
Submission: On February 22 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on January 3rd 2023. Valid for: 3 months.
This is the only time correcol.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 81.169.158.60 81.169.158.60 | 6724 (STRATO ST...) (STRATO STRATO AG) | |
5 | 198.71.53.89 198.71.53.89 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
ASN6724 (STRATO STRATO AG, DE)
PTR: h2952531.stratoserver.net
login365.ti-ciberseguridad.com |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
correcol.co |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
correcol.co
correcol.co |
1 MB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196 |
18 KB |
1 |
ti-ciberseguridad.com
login365.ti-ciberseguridad.com |
479 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | correcol.co |
correcol.co
|
1 | cdnjs.cloudflare.com |
correcol.co
|
1 | login365.ti-ciberseguridad.com | |
7 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
correcol.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
email.correcol.co R3 |
2022-12-26 - 2023-03-26 |
3 months | crt.sh |
correcol.co R3 |
2023-01-03 - 2023-04-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://correcol.co/index.html
Frame ID: 66B2E145537AF13A5EF488D65CAD0798
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/8c040a9b-210d-4029-8124-6cbeeb8fc4d4.png)
Page Title
Iniciar sesiónPage URL History Show full URLs
- https://login365.ti-ciberseguridad.com/?correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=... Page URL
- https://correcol.co/index.html Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: ¿No puede acceder a su cuenta?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://login365.ti-ciberseguridad.com/?correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correoTQ=0&correo=ODQ6NTI6Nzc2MDkxNDA2NjA4NjgxMjUzNjkwMTIzNDU3OTk2MDA5ODc2NTQzMjEyMzQ1Njc4OTA5ODc2NTQzMjEyMzQ1Njc4OTA5ODc2NTQzMjM0NTY3ODk4NzY1NDM0NTY3ODc4OTA3ODkzMjE3ODkwMzIxNDU2NDMyNzg5MzI1Njc0MzI4OTAzMjY3ODMyNjc4MjE3ODkzMDI3 Page URL
- https://correcol.co/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
login365.ti-ciberseguridad.com/ |
198 B 479 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.html
correcol.co/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/ |
157 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.min.css
correcol.co/css/ |
2 KB 917 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
correcol.co/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
key.png
correcol.co/img/ |
597 B 865 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.png
correcol.co/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
correcol.co
login365.ti-ciberseguridad.com
198.71.53.89
2606:4700::6811:180e
81.169.158.60
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
24c68a968e99d841f446d6953d3eb15109b286de77fbbaf60a0577375d0d9a16
25a390592714e9d39006e357a7b1e7df7cd500d9e57d714b01a09d5664f7f628
2f6094c8731ced6feefe60e3bec2accb416f88fbce7f4791a3365bdc71818fa2
5c2ec64938c32a299c2a079c800bf008c6788abd5b6673e889f81e7abaac17a6
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
a8c657174ecb6e25589c07ad2d0f81a9274b264b4118b757b9d57817f5526e4e