Suspicious

Phishings targeting Correos

Suspicious and active websites


Phishings targeting Correos

Suspicious and active websites


Active
2
New (7d)
1
Trend (7d)
About
AISpanish postal lure - same parcel-delivery 'fee required' pattern as DHL / FedEx, localised to Spain. Almost always SMS-launched.
Countries
United StatesUnited States (1) · United KingdomUnited Kingdom (1)
TLS certs
WR3 (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-07-03 07:30 2026-07-03 01:01
https://correos-institucionallco2026x.iceiy.com/?i=1
Screenshot of correos-institucionallco2026x.iceiy.com OpenPhish urlscan Details
2026-07-03 07:30 2026-06-25 01:01
https://correosprepago.bnext.es/pwd?token=xbe6vb2chqe6tn2gpvdq5dmogw
Screenshot of correosprepago.bnext.es OpenPhish Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL Screenshot Details
https://correos-institucional…
OpenPhish urlscan
Screenshot of correos-institucionallco2026x.iceiy.com Details
https://correosprepago.bnext.…
OpenPhish
Screenshot of correosprepago.bnext.es Details

AIHow to verify a real Correos URL

  • Legitimate Correos URLs always end in correos.es (e.g. www.correos.es, account.correos.es). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Correos.
  • The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
  • If you got the link from email, SMS, or social media, do not click it. Open correos.es from your browser bookmark or type the domain manually.
  • Real Correos pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.