Correos phishing domains

Newly registered lookalikes - tracked daily

Correos phishing domains

Newly registered lookalikes - tracked daily

Tracked (7d)

New (24h)

vs avg

—

Website: correos.es
About: AISpanish postal lure - same parcel-delivery 'fee required' pattern as DHL / FedEx, localised to Spain. Almost always SMS-launched.
TLDs: .lol (5) · .cyou (2) · .top (2)
Hosts: Cloudflare, Inc. (9) · IONOS SE (3) · Tencent Building, Kejizhongyi Avenue (2)
Countries: United States (13) · Germany (3) · Singapore (1)

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Details
2026-06-12 01:10	2026-06-12 01:10	https://correos855.click	Details
2026-06-12 01:09	2026-06-12 01:09	https://correos76139.cyou	Details
2026-06-12 01:09	2026-06-12 01:09	https://correos48540.sbs	Details
2026-06-12 01:09	2026-06-12 01:09	https://correos291.cyou	Details
2026-06-11 01:21	2026-06-11 01:21	https://correosr.top	Details
2026-06-08 00:58	2026-06-08 00:58	https://correosscl.top	Details
2026-06-07 01:11	2026-06-07 01:11	https://correosuyuguay.forum	Details
2026-06-07 01:10	2026-06-07 01:10	https://correoss.store	Details
2026-06-07 01:10	2026-06-07 01:10	https://correoss.org	Details
2026-06-07 01:10	2026-06-07 01:10	https://correoss.info	Details
2026-06-07 01:09	2026-06-07 01:09	https://correosconectamosalpais.com	Details
2026-06-06 01:19	2026-06-06 01:19	https://correosunivalle.com	Details
2026-06-06 01:19	2026-06-06 01:19	https://correosmart.online	Details
2026-06-06 01:19	2026-06-06 01:19	https://correoschilen.lol	Details
2026-06-06 01:19	2026-06-06 01:19	https://correoschilem.lol	Details
2026-06-06 01:19	2026-06-06 01:19	https://correoschilek.lol	Details
2026-06-06 01:19	2026-06-06 01:19	https://correoschileb.lol	Details
2026-06-06 01:19	2026-06-06 01:19	https://correoschile.lol	Details

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

URL	Screenshot	Details
https://correos855.click		Details
https://correos76139.cyou		Details
https://correos48540.sbs		Details
https://correos291.cyou		Details
https://correosr.top		Details
https://correosscl.top		Details
https://correosuyuguay.forum		Details
https://correoss.store		Details
https://correoss.org		Details
https://correoss.info		Details
https://correosconectamosalpa…		Details
https://correosunivalle.com		Details
https://correosmart.online		Details
https://correoschilen.lol		Details
https://correoschilem.lol		Details
https://correoschilek.lol		Details
https://correoschileb.lol		Details
https://correoschile.lol		Details

AIHow to verify a real Correos URL

Legitimate Correos URLs always end in correos.es (e.g. www.correos.es, account.correos.es). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Correos.
The domains listed above were registered within the last 7 days. New-domain age is itself a signal — Correos has owned correos.es for years; brand-new look-alikes are almost never legitimate.
If you got the link from email, SMS, or social media, do not click it. Open correos.es from your browser bookmark or type the domain manually.
Real Correos pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.