The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Phishing detected
| URL | hxxps://www[.]santander[.]es | |
| Brand | Santander | |
| Screenshot | https://cdn.zerophish.ai/caf8f9be-74ca-435e-8b8c-3899dfc4dee9.jpg | |
| Scan ID | 5ad6613a-a87c-4f2e-b3cc-b8f4cf6a6382 |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The inspected page seems to be trying to mimic a legitimate website of the ‘Santander’ brand but its domain is suspicious as they’re using www.santander.es, which is different from the official Santander’s banking site domain. The text and image contents are trying to mimic the appearance of a legitimate service , yet the services offered in the HTML like ‘SERVICIO DE LIMPIEZA’ or ‘OPOSICIONES’ do not align with the banking services provided by the brand Santander. Additionally, the alert-like messages about municipal services, taxes, scholarships etc, might be trying to bait users into clicking the links, probably leading to potential phishing traps.