# pnbahiadecadiz.es — MALICIOUS > pnbahiadecadiz.es is weaponized for bank-themed phishing, flagged by 9/95 VirusTotal scanners. Immediate investigation strongly advised. Check the full report. ## Summary pnbahiadecadiz.es is a recently activated domain explicitly engineered to harvest sensitive banking credentials through fraudulent login portals. Security telemetry confirms this infrastructure masquerades as a legitimate banking service, luring victims via social engineering tactics such as spoofed emails or fake SMS messages that direct users to counterfeit portals hosted on this domain. The threat actor’s infrastructure leverages a deliberately chosen domain string resembling a trusted regional banking brand, amplifying the likelihood of successful deception. PhishDestroy identifies this as an elevated-risk phishing operation due to its clear intent to compromise financial account access. This domain presents multiple red flags corroborated by independent security platforms. VirusTotal analysis reveals 9 out of 95 security vendors have already flagged pnbahiadecadiz.es, indicating active detection across diverse scanning engines. Infrastructure analysis shows resolution to IP 172.67.193.239, which is associated with known malicious hosting environments. The domain utilizes a valid SSL certificate issued by Google Trust Services, a tactic commonly employed to deceive users into believing the site is legitimate. WHOIS data indicates the domain was registered within the last 30 days, suggesting recent acquisition for malicious purposes. Additionally, this domain has been listed on 7 public blocklists, further validating its malicious reputation. Users who have interacted with pnbahiadecadiz.es—whether by entering credentials or downloading content—should immediately cease all further interaction and assess potential exposure. If credentials were entered, change passwords on all associated accounts immediately and enable multi-factor authentication where available. Review recent transactions for unauthorized activity and report any suspicious behavior to the legitimate banking institution. Organizations should consider blocking this domain at the network perimeter and flagging it within email security gateways to prevent further propagation. Security teams are advised to monitor for any lateral movement or credential reuse associated with this campaign using the unique seed identifier c5739e as a tracking reference. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.67.193.239 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2d07c865-c996-4bab-90a5-8a80f2aa3d83 - PhishDestroy: https://phishdestroy.io/domain/pnbahiadecadiz.es/ - LLM endpoint: https://phishdestroy.io/domain/pnbahiadecadiz.es/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pnbahiadecadiz.es/ Last updated: 2026-03-30