# s.safebank.onl — SUSPICIOUS > s.safebank.onl is a fake banking login phishing domain flagged by Google Safe Browsing for social engineering. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies s.safebank.onl as a fraudulent banking login portal designed to steal credentials by impersonating a legitimate financial institution. This domain is part of an active phishing campaign targeting users with fake login prompts that harvest sensitive banking details. The threat involves malicious actors tricking victims into entering their username, password, or one-time passcodes under the guise of verifying account activity or resolving security alerts. Once harvested, these credentials are exploited to drain accounts or enable unauthorized transactions. The domain employs deceptive branding to appear authentic, increasing the risk of successful social engineering attacks. This domain was flagged by Google Safe Browsing for SOCIAL_ENGINEERING tactics, indicating a high likelihood of malicious intent. It resolves to IP address 34.194.247.17 and was issued an SSL certificate by Let’s Encrypt, which is commonly abused by phishing operators to add a veneer of legitimacy. VirusTotal currently reports 0 detections out of 95 scan engines, meaning most antivirus tools have not yet identified its malicious payload, leaving users vulnerable. The domain appears on 1 known security blocklist and is blocked by the OISD threat intelligence feed, which aggregates malicious domains. Its infrastructure and SSL certificate further suggest opportunistic hosting on cloud providers like AWS, where phishing pages are frequently deployed to evade detection. The domain’s registration details remain unpublished, a common tactic used by threat actors to avoid accountability and takedown efforts. Users who have visited s.safebank.onl should immediately check for unauthorized transactions and change passwords on all banking and email accounts. Avoid entering any credentials on this site and do not click any links or buttons it presents. Scan your device using trusted antivirus software and consider activating multi-factor authentication where available. Report this domain to PhishDestroy to help block its spread. Always verify banking websites by manually typing the official URL or using a saved bookmark. Be cautious of unsolicited emails, texts, or pop-ups that direct you to login portals. Staying vigilant and verifying suspicious domains through reliable threat databases like PhishDestroy can prevent credential theft and financial loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.194.247.17 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/s.safebank.onl - PhishDestroy: https://phishdestroy.io/domain/s.safebank.onl/ - LLM endpoint: https://phishdestroy.io/domain/s.safebank.onl/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/s.safebank.onl/ Last updated: 2026-04-05