santander-portugal.com
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of santander-portugal.com
The domain santander-portugal.com appears to present itself as an online banking login page for Portuguese-speaking retail customers. The page title, branding, and visible interface reference “NetBanco Particulares” and Santander, and the layout is designed to collect a username and password for account access.
Based on the domain name and page content, this site appears to imitate the branding of Santander rather than operate as an independent informational website. The domain closely resembles Santander’s official brand naming while adding a geographic term, which may cause confusion for users looking for the bank’s legitimate Portugal-facing services.
Safety Assessment for santander-portugal.com
This website shows multiple high-risk indicators at the time of this scan. It was flagged by 22 out of 91 security engines, with many detections describing the page as phishing or otherwise malicious. In addition, the domain closely resembles santander.com and may be a look-alike intended to capture credentials from users expecting Santander’s legitimate online banking portal. The screenshot reinforces that concern because it displays Santander branding and a banking login form requesting account access details.
The domain is also extremely new, with a recorded age of 0 days, no established traffic ranking, and additional contextual red flags noted in the scan data. Although one malware scan reported no flagged files and major content-malice blocklists did not show listings at the time of this scan, the domain's IP address is listed on one mail-reputation blocklist, which is a minor supporting caution rather than the main reason for concern.
Based on these findings, this website may pose potential risks to visitors, particularly anyone asked to enter banking credentials.
Technical Description
The site is using a valid Let's Encrypt SSL certificate and serves content over an nginx web server. DNSSEC appears to be enabled, which is a positive domain-configuration detail, but these technical measures only indicate that encryption and DNS signing are present; they do not verify the legitimacy of the operator or the trustworthiness of the page content.
The domain was registered very recently and is hosted on infrastructure attributed to Slayer Group Limited, with the server located in Frankfurt am Main, Germany. The combination of a newly created domain, banking-themed login functionality, and strong multi-engine phishing detections is a notable technical risk pattern at the time of this scan.
Share your experience with this website. Was it safe? Did you encounter any issues?