Suspicious

Phishings targeting Banco Santander

Suspicious and active websites

Phishings targeting Santander

Suspicious and active websites

Active
6
New (7d)
2
Trend (7d)
Website
bancosantander.es
About
AIRetail banking phishing concentrated in Spain, UK, Latin America. Mimics the personal banking login and OTP confirmation flow.
Hosts
Cloudflare, Inc. (3) · Amazon.com, Inc. (2) · acens AS (1)
Countries
United StatesUnited States (5) · SpainSpain (1)
TLS certs
Let's Encrypt (2) · WR1 (1) · R12 (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-05-29 13:30 2026-05-26 01:00
http://santanderabogados.co
Screenshot of santanderabogados.co OpenPhish urlscan Details
2026-05-29 13:30 2026-05-25 20:33
https://santanderabogados.co
Screenshot of santanderabogados.co urlscan Details
2026-05-29 13:30 2026-05-12 10:55
https://admin.santandercitas.com
Screenshot of admin.santandercitas.com urlscan Details
2026-05-29 13:30 2026-04-15 13:05
https://santandervyg.transcom-fs.com
Screenshot of santandervyg.transcom-fs.com PhishTank Details
2026-05-29 13:30 2026-04-05 17:13
https://santanderbet317.com
Screenshot of santanderbet317.com urlscan Details
2026-05-29 13:30 2026-04-03 13:01
http://leia-santander.vercel.app
Screenshot of leia-santander.vercel.app GSB OpenPhish Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL Screenshot Details
http://santanderabogados.co
OpenPhish urlscan 		Screenshot of santanderabogados.co Details
https://santanderabogados.co
urlscan 		Screenshot of santanderabogados.co Details
https://admin.santandercitas.…
urlscan 		Screenshot of admin.santandercitas.com Details
https://santandervyg.transcom…
PhishTank 		Screenshot of santandervyg.transcom-fs.com Details
https://santanderbet317.com
urlscan 		Screenshot of santanderbet317.com Details
http://leia-santander.vercel.…
GSB OpenPhish 		Screenshot of leia-santander.vercel.app Details

AIHow to verify a real Banco Santander URL

  • Legitimate Banco Santander URLs always end in bancosantander.es (e.g. www.bancosantander.es, account.bancosantander.es). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Banco Santander.
  • The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
  • If you got the link from email, SMS, or social media, do not click it. Open bancosantander.es from your browser bookmark or type the domain manually.
  • Real Banco Santander pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.