paulororke Posted May 3, 2020 ID:1378465 Share Posted May 3, 2020 Hi, I hope you can help us. We have found that the MalwareBytes Add-In for Firefox is giving a false positive report to users who are downloading our software from hxxps://www.tracker-software.com/product/downloads I have searched for other reports in this forum and found none. I've read and followed these: hxxps://forums.malwarebytes.com/topic/20806-important-please-read-before-reporting-a-false-positive/ hxxps://forums.malwarebytes.com/topic/21076-info-malicious-website-blocking/ The URL and IP address belong to CacheFly (hxxps://www.cachefly.com/) who provide a CDN for our product delivery. They say they have had no other similar reports to date. The URL is currently resolving to 205.234.175.175 ~$ dig downloads.pdf-xchange.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> downloads.pdf-xchange.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61608 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;downloads.pdf-xchange.com. IN A ;; ANSWER SECTION: downloads.pdf-xchange.com. 299 IN CNAME pdfxchange.cachefly.net. pdfxchange.cachefly.net. 3599 IN CNAME vip1.g5.cachefly.net. vip1.g5.cachefly.net. 3599 IN A 205.234.175.175 ;; Query time: 74 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun May 03 16:39:05 PDT 2020 ;; MSG SIZE rcvd: 129 MalwareBytes installed application does mot seem to suffer the issue, I have to date only been able to reproduce this with the Firefox Add-In. Can you help? Paul Link to post
paulororke Posted May 4, 2020 Author ID:1378468 Share Posted May 4, 2020 If it helps, this is what we see: This is the URL: moz-extension://a367c220-cb35-4923-a4db-249d3c36c085/app/eventpages/block.html?referrer=null&url=https%3A%2F%2Fdownloads.pdf-xchange.com%2FPDFXVE8.zip&host=downloads.pdf-xchange.com&type=malware&subtype=reputation&tabId=13&filename=undefined Please and thanks, Paul Link to post
gonzo Posted May 4, 2020 ID:1378586 Share Posted May 4, 2020 I have whitelisted it. Please try again after 30 minutes (or so) and let me know if downloads are happening as expected. Link to post
paulororke Posted May 4, 2020 Author ID:1378592 Share Posted May 4, 2020 Thanks Gonzo, I appreciate the rapid response. As I write this the Add-In is still reporting the site as untrustworthy. Is there any kind of cache in the FireFox Add-In that should be cleared? Link to post
paulororke Posted May 4, 2020 Author ID:1378614 Share Posted May 4, 2020 And I am guilty of not reading the time stamp on your post Gonzo. Indeed, just as you predicted, 30 minutes later all works as expected. Thank you for the prompt action on this. Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now