False Positive | ubme.com

[valarzunian]

What are the subjects of the false-positive (domains, URLs, or IPs)?

• ubme.com
• sub.ubme.com
• https://ubme.com/
• https://sub.ubme.com/page

Why do you believe this is a false-positive?

I believe this is a false-positive because...
Hi,

I hope this email finds you well.

Our website, www.UBMe.com, was previously flagged as malicious or phishing by your security systems. We have since conducted a thorough security audit, removed any potential vulnerabilities, and ensured that the website is completely clean and safe for users.

We kindly request a re-evaluation of our website so that it can be removed from any blocklists or security warnings. If there are any specific concerns or additional steps required from our end, please let us know so we can address them promptly.

Thank you for your time and assistance. We appreciate your prompt review and confirmation.

Best regards,
Val

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

I discovered this false-positive by...
VirusTotal

Have you requested a review from other sources?

I have requested a review from CRDF and CyRadar. Both have rectified the issue and removed our domain ubme.com from their block/phishing lists. Please help to do same thing here.

Do you have a screenshot?

No response

Additional Information or Context

I have also noticed that...

[phishing-database-bot]

Verification Required

@valarzunian, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-b0e46a2c35f8af3b2c196f29726e8d30bbeabe43

   Your Verification ID: antiphish-b0e46a2c35f8af3b2c196f29726e8d30bbeabe43

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at contact@phish.co.za - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[valarzunian]

TXT DNS record has been set.

Val

[valarzunian]

Please help! We kindly request a re-evaluation of our website www.ubme.com so that it can be removed from any blocklists or security warnings on your end.

[valarzunian]

Hi,

Was just wondering if you had any update? All security vendors have removed UBMe.com from their block/malware/phishing lists, except for the Phishing Database. Please help!!! We have conducted a thorough security audit, removed any potential vulnerabilities, and ensured that the website is completely clean and safe for users.

https://www.virustotal.com/gui/domain/ubme.com?nocache=1

[valarzunian]

https://gridinsoft.com/online-virus-scanner/url/ubme-com - another report

[spirillen]

Comments

If there are any specific concerns or additional steps required from our end, please let us know so we can address them promptly

Plenty actually....

Look at the http header...

HTTP response, click to expand

HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Content-Length: 144
Content-Type: text/html; charset=UTF-8
Expires: Tue, 18 Mar 2025 02:16:35 GMT
Location: https://www.ubme.com/
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/8.0.30
WPO-Cache-Status: not cached
WPO-Cache-Message: The request method was not GET (HEAD)
Refresh: 0;url=https://www.ubme.com/
X-Redirect-By: WordPress
X-Powered-By: ASP.NET
Date: Tue, 18 Mar 2025 01:16:34 GMT

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/8.0.30
WPO-Cache-Status: not cached
WPO-Cache-Message: The request method was not GET (HEAD)
Link: <https://www.ubme.com/wp-json/>; rel="https://api.w.org/"
Link: <https://www.ubme.com/wp-json/wp/v2/pages/23141>; rel="alternate"; title="JSON"; type="application/json"
Link: <https://www.ubme.com/>; rel=shortlink
X-Powered-By: ASP.NET
Date: Tue, 18 Mar 2025 01:16:37 GMT

1. Running the all time porn sites favorites CMS WordPress is by it self a weakness, use Drupal or Joomla they are build with security first.
2. Get rid of the Red Alert IIS 8.5 webserver and use Secured Open Source like Nginx, Apache or Lightspeed
3. Change the OS platform to FOSS Linux for securoty
4. ASP.NET?? PornPress are using PHP not asp!!
5. Set proper security for your /wp-(admin|upload) path so only local resources have write access
6. PHP/8.0.30 Upgrade to latest stable release (Think it is 8.4 at time of writing)
7. Leaving detailed info of the sever and software used for hosting this, is making you the target as sitting duck.
8. etc. etc.

DNS Check

ptcheck ubme.com antiphish-b0e46a2c35f8af3b2c196f29726e8d30bbeabe43
The test value matches the DNS TXT record.

Thanks for using my tools.
Please consider a sponsor ship at https://www.mypdns.org/donate

Known phishing records

What can you tell me about these records, known to us from the PD project?

Subject                                                                                              Status      Source     Expiration Date   HTTP Code  Checker       Tested At          
---------------------------------------------------------------------------------------------------- ----------- ---------- ----------------- ---------- ------------- -------------------
https://www.ubme.com/wp-admin/myswisscom0888721                                                      INACTIVE    STDLOOKUP  Unknown           404        AVAILABILITY  18. Mar 2025 01:28:27
https://www.ubme.com/wp-admin/SBB/index                                                              INACTIVE    STDLOOKUP  Unknown           404        AVAILABILITY  18. Mar 2025 01:28:27

Execution Time: 00:00:00:7.995252



Status      Percentage   Amount      
----------- ------------ ------------
ACTIVE      0%           0           
INACTIVE    100%         2           
INVALID     0%           0

Verdict

I acknowledge that you have successfully removed the phishing pages; however, the insecure server configuration raises concerns for me. This makes me hesitant to consider whitelisting you, as it is quite definitive.

@g0d33p3rsec your comment and thought?

---

Thank you for reaching out. I want to clarify that I am not the owner of this project nor user of it. I assist with the whitelisting of domains to the best of my ability, but I do this as an unpaid volunteer in my free time. Your understanding and patience are greatly appreciated.
Additionally, I would like to share that I occasionally struggle with a mild degree of PTSD, which means I tend to forget even small details, like did I have breakfast this morning. So please bare with me, if I'm loosing the thread sometimes. Your understanding and patience in this matter are greatly appreciated.

If you feel inclined to buy me a cup of coffee, it would certainly help speed up the process, but please know that it will not influence my decisions or verdicts in any way.

Additionally, I want to be very clear: I do not access any Cloudflare, CloudFront, or Google networks. This is a matter of principle for me, as I believe in upholding human rights, the right to online privacy, and network security. These services often intercept traffic to collect personally identifiable information (PII), which I believe compromises our autonomy and makes us all puppets to the big tech puppeteers.

Thank you for your understanding!

Best regards.

[phishing-database-bot]

Closing.

Domain(s) or IP(s) not found in issue message or title.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.