BBVA phishing domains

Newly registered lookalikes - tracked daily

BBVA phishing domains

Newly registered lookalikes - tracked daily

Tracked (7d)

New (24h)

vs avg

—

Website: bbva.com
About: AISpanish banking phishing - credential and card-data harvest, frequently SMS-launched. Also targets BBVA's Mexico, Argentina, Peru, and Colombia footprints.
TLDs: .com (3) · .beer (1)
Hosts: LiquidNet US LLC (1) · Ghosty Networks LLC (1) · Amazon.com, Inc. (1)
Countries: United States (2) · Luxembourg (1) · Germany (1)

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Details
2026-05-20 00:43	2026-05-20 00:43	https://bbva-ci.com	Details
2026-05-17 00:45	2026-05-17 00:45	https://bbvafirsat.beer	Details
2026-05-15 01:13	2026-05-15 01:13	https://registro-bbva.com	Details
2026-05-14 00:37	2026-05-14 00:37	https://bbvarese.com	Details

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

URL	Screenshot	Details
https://bbva-ci.com		Details
https://bbvafirsat.beer		Details
https://registro-bbva.com		Details
https://bbvarese.com		Details

AIHow to verify a real BBVA URL

Legitimate BBVA URLs always end in bbva.com (e.g. www.bbva.com, account.bbva.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not BBVA.
The domains listed above were registered within the last 7 days. New-domain age is itself a signal — BBVA has owned bbva.com for years; brand-new look-alikes are almost never legitimate.
If you got the link from email, SMS, or social media, do not click it. Open bbva.com from your browser bookmark or type the domain manually.
Real BBVA pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.