1

BBVA domain categorized as thread and blocked

Subdomain movil.bbva.es which belongs to BBVA ( the second biggest bank in Spain ) and that is used for their mobile app are categorized as threats because the AI engine classify them as so and also because they appear in the "Threat Intelligence Feeds" source.

2 replies

null
    • Hey
    • 2 yrs ago
    • Reported - view

    The detection is completely right and honestly impressive to see since its a Phishing Domain getting detected through CNAME.

    if you check movil.bbva.es through Virustotal you get a single detection by ESET but that could be considered a false positive, looking at the CNAME that site leads to though (you can see this hovering over the info button on the logs.) it has 9 detections.

    https://www.virustotal.com/gui/url/b23ffb9648990e672098f86bea9c26b4f8695a9fddebd736294e72946cff14c4

    So the AI/Threat Intelligence blocking that domain is completely justified. Kaspersky/Eset/Phishing Database all tag this as a Phishing URL.

    • enr00ted
    • 2 yrs ago
    • Reported - view

    Ok so who de we report to, this false positive ? Whitelisting this domain makes my bank app work again. Thank you Sergio cause I was getting crazy not understanding what configuration from NextDNS was causing this issue, was even planing on giving up on the service actually.

Content aside

  • 1 Likes
  • 2 yrs agoLast active
  • 2Replies
  • 59Views
  • 3 Following