TomFace #1 Posted January 11, 2017 I was adding Dogpile to Firefox 20.1.0 and got this. It it a FP? Share this post Link to post Share on other sites
MysteryFCM #2 Posted January 12, 2017 This is not an F/P, no. Can you let us know where you downloaded it from and/or attach a copy please? Share this post Link to post Share on other sites
TomFace #3 Posted January 12, 2017 (edited) I was in Firefox....went to options>search>Dogpile was not there. Went to add more search engines, typed in Dogpile and added it to Firefox. That's when the notification came up. It is just a website block...correct?? Edited January 12, 2017 by TomFace Share this post Link to post Share on other sites
MysteryFCM #4 Posted January 12, 2017 Thanks for letting me know, I'll get the extension checked. It is just a block on the hostname, yes. Share this post Link to post Share on other sites
TomFace #5 Posted January 12, 2017 Thank you for your help Steven. Regards, Tom Share this post Link to post Share on other sites
MysteryFCM #6 Posted January 12, 2017 Unfortunately, I can't reproduce this so far. Share this post Link to post Share on other sites
MysteryFCM #7 Posted January 12, 2017 2 minutes ago, TomFace said: Thank you for your help Steven. Regards, Tom My pleasure. I'll drop another reply here once I'm able to reproduce the issue (installed the add-on on two different machines and neither produce the block). Share this post Link to post Share on other sites
TomFace #8 Posted January 12, 2017 Thank you for your help Steven. Regards, Tom Share this post Link to post Share on other sites
TomFace #9 Posted January 12, 2017 (edited) 6 minutes ago, MysteryFCM said: My pleasure. I'll drop another reply here once I'm able to reproduce the issue (installed the add-on on two different machines and neither produce the block). Well I just reproduced it.... Firefox 50.1.0 (I called it 20.1.0 by mistake earlier). Win 7 x64 Edited January 12, 2017 by TomFace Share this post Link to post Share on other sites
MysteryFCM #10 Posted January 12, 2017 Thanks for letting me know. I'm doing further testing, but in the meantime, if you're able to, can you let me know what you see when loading the following in Firefox and IE please? https://addons.mozilla.org/firefox/downloads/latest/dogpile/addon-14028-latest.xml?src=ss As long as nothing is interfering with it, what you see should be the same as I do; <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/"> <ShortName>Dogpile</ShortName> <Description>Dogpile.com Web Search</Description> <InputEncoding>UTF-8</InputEncoding> <Image width="16" height="16" type="image/x-icon">http://wanfamilyweb.com/public/weblaunchpad/icon_dogpile.jpg</Image> <Url type="text/html" method="GET" template="http://www.dogpile.com/dogpile/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true" /> </OpenSearchDescription> Share this post Link to post Share on other sites
TomFace #11 Posted January 12, 2017 (edited) IE 11 ******************************************************************************************************************************************************************************************** Firefox 50.1.0 Regards, Tom Edited January 12, 2017 by TomFace Share this post Link to post Share on other sites
MysteryFCM #12 Posted January 12, 2017 Much appreciated, thank you. I'm consulting with colleagues as I still can't reproduce this on my machines Share this post Link to post Share on other sites
MysteryFCM #13 Posted January 12, 2017 Neither myself nor my colleagues are able to reproduce this either, which leads to a suspicion of a hijack. Please follow the instructions at; https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Share this post Link to post Share on other sites
TomFace #14 Posted January 13, 2017 (edited) Posting results as directed. Edited January 13, 2017 by TomFace Share this post Link to post Share on other sites
MysteryFCM #15 Posted January 13, 2017 Much appreciated, thank you. Can you also post a Fiddler log of the issue occurring please; http://fiddlertool.com Once reproduced, select File -> Save -> All Sessions, then attach the .saz (you may need to zip it first). Share this post Link to post Share on other sites
TomFace #16 Posted January 13, 2017 I've never used Fiddler before-I'll send you the results in a PM after I figure it out. Share this post Link to post Share on other sites
TomFace #17 Posted January 13, 2017 (edited) The fiddler file is too big (even zipped) 32.7 M unless I did something wrong. Can I upload it somewhere-not sure how to do that. Edited January 13, 2017 by TomFace Share this post Link to post Share on other sites
TomFace #18 Posted January 13, 2017 32 minutes ago, TomFace said: The fiddler file is too big (even zipped) 32.7 M unless I did something wrong. Can I upload it somewhere-not sure how to do that. Steven, I figured it out....PM is on the way. Share this post Link to post Share on other sites
MysteryFCM #19 Posted January 14, 2017 I got it, thank you. It seems the cause in this case, is a redirect from; http://wanfamilyweb.com/public/weblaunchpad/icon_dogpile.jpg This URL produces a 404 for me, which isn't surprising given the site is parked. However, in your case, it's producing an HTTP 302 to dreniq.com; HTTP/1.1 302 Found Date: Fri, 13 Jan 2017 17:09:27 GMT Server: Apache Set-Cookie: vsid=902vr2318729673926125; expires=Wed, 12-Jan-2022 17:09:27 GMT; path=/; domain=wanfamilyweb.com; httponly Location: http://q.dreniq.com/iq?i=SKENZO&k=6b2a32fdf781b2feb6d7985efdf645a6&d=wanfamilyweb.com&u=%2Fpublic%2Fweblaunchpad%2Ficon_dogpile.jpg Vary: Accept-Encoding,User-Agent Keep-Alive: timeout=5, max=65 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Content-Length: 0 Given the wanfamilyweb.com URL is in the XML file for the add-on, it means someone from Dogpile is going to need to update it. In the meantime, you should be able to get it directly from the Dogpile.com site itself. Share this post Link to post Share on other sites
TomFace #20 Posted January 14, 2017 Thanks Steven for all your hard work. I take it there is no infection in my machine (other than a slight case of heartburn...Oh wait a minute, I have the heartburn) . Anyway thanks again! I need to upgrade to v 3.05-but it looks like there are a few issues going on-think I'll wait a bit-still got a few months left on MBAM 2.2.1 Share this post Link to post Share on other sites
MysteryFCM #21 Posted January 14, 2017 It remains a pleasure. Share this post Link to post Share on other sites