0

False positive by the threat intelligence feeds

The threat intelligence feeds are blocking the domain that's used by the Spanish postal service (Correos) to send short parcel tracking links.

The blocked domain is:

https://www.cexpr.es/

That's the short url domain they send in sms messages for:

https://www.correosexpress.com/

The NIC whois info for cexpr.es:

REGISTRANT DATA

Domain name cexpr.es
state Activated
Identifier FEB53-ESNIC-F5
Registrant Sociedad Estatal Correos y Telegrafos S.A.
Register Date 09-04-2015
Expiration Date 09-04-2023
Registrar ACENS TECHNOLOGIES S.L.

1 reply

null
    • Andrea_Draghetti
    • 1 yr ago
    • Reported - view

    Hi, the false positive comes from this report: https://www.phishtank.com/phish_detail.php?phish_id=7949139

    Four users reported that the site is phishing, which is why it was blocked.

    I ask PhishTank to review that report and remove the false positive.

    I also add the domain cexpr.es to the whitelist on Phishing Army!

    Thanks for the tip!

Content aside

  • 1 yr agoLast active
  • 1Replies
  • 139Views
  • 3 Following