Jump to content

FP on 205.234.175.175 for downloads.pdf-xchange.com


Recommended Posts

Hi,

I hope you can help us.  We have found that the MalwareBytes Add-In for Firefox is giving a false positive report to users who are downloading our software from hxxps://www.tracker-software.com/product/downloads

I have searched for other reports in this forum and found none.    I've read and followed these:

  • hxxps://forums.malwarebytes.com/topic/20806-important-please-read-before-reporting-a-false-positive/
  • hxxps://forums.malwarebytes.com/topic/21076-info-malicious-website-blocking/

The URL and IP address belong to CacheFly (hxxps://www.cachefly.com/) who provide a CDN for our product delivery.  They say they have had no other similar reports to date.

The URL is currently resolving to 205.234.175.175

~$ dig downloads.pdf-xchange.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> downloads.pdf-xchange.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61608
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;downloads.pdf-xchange.com.     IN      A

;; ANSWER SECTION:
downloads.pdf-xchange.com. 299  IN      CNAME   pdfxchange.cachefly.net.
pdfxchange.cachefly.net. 3599   IN      CNAME   vip1.g5.cachefly.net.
vip1.g5.cachefly.net.   3599    IN      A       205.234.175.175

;; Query time: 74 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May 03 16:39:05 PDT 2020
;; MSG SIZE  rcvd: 129

MalwareBytes installed application does mot seem to suffer the issue, I have to date only been able to reproduce this with the Firefox Add-In.

Can you help?

Paul

Link to post

If it helps, this is what we see:
 

image.thumb.png.886486b2d24171126a6685e1e3aa8b76.png

This is the URL:

moz-extension://a367c220-cb35-4923-a4db-249d3c36c085/app/eventpages/block.html?referrer=null&url=https%3A%2F%2Fdownloads.pdf-xchange.com%2FPDFXVE8.zip&host=downloads.pdf-xchange.com&type=malware&subtype=reputation&tabId=13&filename=undefined

Please and thanks,

 

Paul

Link to post

I have whitelisted it.  Please try again after 30 minutes (or so) and let me know if downloads are happening as expected.

Link to post

Thanks Gonzo, I appreciate the rapid response.

As I write this the Add-In is still reporting the site as untrustworthy.

Is there any kind of cache in the FireFox Add-In that should be cleared?

Link to post

And I am guilty of not reading the time stamp on your post Gonzo.

Indeed, just as you predicted, 30 minutes later all works as expected.

Thank you for the prompt action on this.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.