Possible FP for hxxps://www.seclan.com (81.19.112.23)
Hello,
Our company has a problem related to Malwarebytes. We don’t know why our company websites are blocked in Malwarebytes?
Here’s a log-file from my computer’s Malwarebytes scan:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/16/21
Scan Time: 3:10 PM
Log File: afe7a99a-9eac-11eb-a9ed-78acc0ae97b2.json
-Software Information-
Version: 4.1.2.73
Components Version: 1.0.1003
Update Package Version: 1.0.39465
License: Trial
-System Information-
OS: Windows 10 (Build 19041.928)
CPU: x64
File System: NTFS
User: JOHENT-Z400\root
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 377509
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 8 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
And here’s the information flag that we get when entering into any of our company websites:
Here’s the corresponding log-file:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 4/16/21
Protection Event Time: 4:29 PM
Log File: bed98e18-9eb7-11eb-8107-78acc0ae97b2.json
-Software Information-
Version: 4.1.2.73
Components Version: 1.0.1003
Update Package Version: 1.0.39465
License: Trial
-System Information-
OS: Windows 10 (Build 19041.928)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: Trojan
Domain: zammad.seclan.com
IP Address: 81.19.123.72
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(end)
Here are the IP addresses of the sites:
ip=109.70.162.92&url=seafile.seclan.com
ip=81.19.112.23&url=www.seclan.com
ip=81.19.123.72&url=zammad.seclan.com
ip=109.70.160.99&url=smtp-auth.seclan.com
ip=81.19.112.26&url=kopano.seclan.com
It seems that every site, which is part of the seclan.com domain, is blocked.
I can’t figure out why? Could you please tell me how I can fix this?
Best Regards,
Jouni Henttonen
Seclan Ltd.