> Cybersecurity experts are reporting a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.

> One similarity Cofense saw between almost all of the malicious .es domains was that 99 percent of them were hosted on Cloudflare, and most of the phishing pages used a Cloudflare Turnstile CAPTCHA.

https://www.theregister.com/2025/07/05/spain_domains_phishing/