Phishings targeting Intesa San Paolo

Suspicious and active websites

Phishings targeting Intesa

Suspicious and active websites

Active

New (7d)

Trend (7d)

—

Website: intesasanpaolo.com
About: AIItalian retail and business banking phishing - credential, OTP, and card-data harvest.
Hosts: Amazon.com, Inc. (1)
Countries: Germany (1)
TLS certs: DigiCert Global G2 TLS RSA SHA256 2020 CA1 (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Screenshot	Flags	Details
2026-05-17 01:30	2026-04-29 09:00	https://intesasanpaolo-proteggi-la-mia-carta.netlify.app		TweetFeed	Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL	Screenshot	Details
https://intesasanpaolo-proteg… TweetFeed		Details

Legitimate Intesa San Paolo URLs always end in intesasanpaolo.com (e.g. www.intesasanpaolo.com, account.intesasanpaolo.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Intesa San Paolo.
The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
If you got the link from email, SMS, or social media, do not click it. Open intesasanpaolo.com from your browser bookmark or type the domain manually.
Real Intesa San Paolo pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.