New Registrations

Banco Santander phishing domains

Newly registered lookalikes - tracked daily


Banco Santander phishing domains

Newly registered lookalikes - tracked daily


Tracked (7d)
14
New (24h)
6
vs avg
About
AIRetail banking phishing concentrated in Spain, UK, Latin America. Mimics the personal banking login and OTP confirmation flow.
TLDs
.com (8) · .finance (1) · .shop (1)
Countries
United StatesUnited States (6) · FranceFrance (2) · SpainSpain (1)

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-07-17 03:15 2026-07-17 03:15
https://totta.finance
Screenshot of totta.finance Details
2026-07-17 03:09 2026-07-17 03:09
https://santanderforeignremitance.com
Screenshot of santanderforeignremitance.com Details
2026-07-17 03:09 2026-07-17 03:09
https://santanderbank.shop
Screenshot of santanderbank.shop Details
2026-07-17 03:08 2026-07-17 03:08
https://santander-seguridad.com
Screenshot of santander-seguridad.com GSB Details
2026-07-17 02:49 2026-07-17 02:49
https://mi-santander.com
Screenshot of mi-santander.com Details
2026-07-16 01:55 2026-07-16 01:55
https://pj-santandernetibe.lat
Screenshot of pj-santandernetibe.lat Details
2026-07-14 01:55 2026-07-14 01:55
https://seguridad-santander-es.online
Screenshot of seguridad-santander-es.online Details
2026-07-13 02:20 2026-07-13 02:20
https://tottalkphone.com
Screenshot of tottalkphone.com Details
2026-07-12 01:21 2026-07-12 01:21
https://santanderpreferencial.com
Screenshot of santanderpreferencial.com Details
2026-07-12 01:21 2026-07-12 01:21
https://santanderendanza.com
Screenshot of santanderendanza.com Details
2026-07-12 01:21 2026-07-12 01:21
https://santanderbank.support
Screenshot of santanderbank.support Details
2026-07-11 02:35 2026-07-11 02:35
https://santanderpvtbk.com
Screenshot of santanderpvtbk.com Details
2026-07-11 01:25 2026-07-11 01:25
https://credito-santander.com
Screenshot of credito-santander.com Details
2026-07-10 01:15 2026-07-10 01:15
https://santanders.top
Screenshot of santanders.top Details

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

URL Screenshot Details
https://totta.finance
Screenshot of totta.finance Details
https://santanderforeignremit…
Screenshot of santanderforeignremitance.com Details
https://santanderbank.shop
Screenshot of santanderbank.shop Details
https://santander-seguridad.c…
GSB
Screenshot of santander-seguridad.com Details
https://mi-santander.com
Screenshot of mi-santander.com Details
https://pj-santandernetibe.lat
Screenshot of pj-santandernetibe.lat Details
https://seguridad-santander-e…
Screenshot of seguridad-santander-es.online Details
https://tottalkphone.com
Screenshot of tottalkphone.com Details
https://santanderpreferencial…
Screenshot of santanderpreferencial.com Details
https://santanderendanza.com
Screenshot of santanderendanza.com Details
https://santanderbank.support
Screenshot of santanderbank.support Details
https://santanderpvtbk.com
Screenshot of santanderpvtbk.com Details
https://credito-santander.com
Screenshot of credito-santander.com Details
https://santanders.top
Screenshot of santanders.top Details

AIHow to verify a real Banco Santander URL

  • Legitimate Banco Santander URLs always end in bancosantander.es (e.g. www.bancosantander.es, account.bancosantander.es). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Banco Santander.
  • The domains listed above were registered within the last 7 days. New-domain age is itself a signal — Banco Santander has owned bancosantander.es for years; brand-new look-alikes are almost never legitimate.
  • If you got the link from email, SMS, or social media, do not click it. Open bancosantander.es from your browser bookmark or type the domain manually.
  • Real Banco Santander pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.