False Positive | click.shootproof.com

[george-number-three]

What are the subjects of the false-positive (domains, URLs, or IPs)?

click.shootproof.com

Why do you believe this is a false-positive?

This is a click tracking URL for sendgrid. One of our platform users had their account hacked and the actor sent out a large number of spam emails via our platform. Since we have click tracking enabled on SendGrid account The malicious URL was replaced with a click tracking URL. We have worked with sendgrid to deactive the malicious redirects and the compromised accounts has been suspended. Please advise if additional action is required.

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

I discovered this false-positive by using Virus Total after reports from our users.

Have you requested a review from other sources?

I have requested a review from...
Certego
CyRadar
Gridinsoft
ArcSight Threat Intelligence
CRDF - Removed already.

Do you have a screenshot?

Screenshot

Additional Information or Context

I have also noticed that...

[phishing-database-bot]

Verification Required

@george-zenfolio, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-29053eb4b332e81506c128b5a3a5e978b842775d

   Your Verification ID: antiphish-29053eb4b332e81506c128b5a3a5e978b842775d

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at contact@phish.co.za - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[george-number-three]

➜ ~ dig _phishingdb.shootproof.com TXT

; <<>> DiG 9.10.6 <<>> _phishingdb.shootproof.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22284
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_phishingdb.shootproof.com. IN TXT

;; ANSWER SECTION:
_phishingdb.shootproof.com. 300 IN TXT "antiphish-29053eb4b332e81506c128b5a3a5e978b842775d"

;; Query time: 34 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Apr 18 09:13:47 MDT 2025
;; MSG SIZE rcvd: 118

[phishing-database-bot]

Closing.

Domain(s) or IP(s) not found in the Phishing.Database project: click.shootproof.com.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.