# corrsteadunion.com — MALICIOUS

> corrsteadunion.com is linked to phishing scams aiming to steal data. Stay alert and avoid interaction with this suspicious domain.

## Summary
PhishDestroy has identified corrsteadunion.com as an active phishing domain posing a medium risk to users. This threat is significant because phishing attempts can compromise sensitive information, potentially leading to identity theft or financial loss. Vigilance against such domains is essential to protect personal and organizational data.

The domain corrsteadunion.com was registered on December 25, 2025, through Ultahost, Inc. It resolves to the IP address 159.100.6.5 and has been flagged by 3 out of 95 security vendors on VirusTotal, indicating some recognition of its malicious nature. Its relatively recent creation and association with a hosting provider known for less stringent controls raise concerns about its intent and infrastructure.

Users are advised to refrain from clicking any links or providing personal information if they encounter corrsteadunion.com. Employing updated security solutions and reporting suspicious domains can help prevent phishing attacks. Organizations should consider blocking this domain on their networks to minimize exposure to potential scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Corrstead Union - Dedicated to innovating, simplifying, and humanizing digital banking.

## Domain Intelligence
- Registered: 2025-12-25 12:08:05
- Registrar: Ultahost, Inc.
- IP: 159.100.6.5
- Nameservers: ns1.ultahost.com ns2.ultahost.com ns3.ultahost.com ns4.ultahost.com

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["Fortinet", "Netcraft", "Seclookup"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://urlscan.io/screenshots/019d01e2-d1a8-7640-9bd2-eb405f775069.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/6aeffeff-fa06-40d2-b189-521472d59e42
- PhishDestroy: https://phishdestroy.io/domain/corrsteadunion.com/
- LLM endpoint: https://phishdestroy.io/domain/corrsteadunion.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/corrsteadunion.com/
Last updated: 2026-03-19