False positive

[Prochedary]

Hi,

out website https://basicland.cz/ shows that we have trojan. Could you tell us, what can we do? I do not know about anything bad at our website.

There are logs.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum události ochrany: 08.10.20
Čas události ochrany: 21:41
Logovací soubor: 3e685d08-099e-11eb-bc50-5404a63b9d82.json

-Informace o softwaru-
Verze: 4.2.1.89
Verze komponentů: 1.0.1061
Aktualizovat verzi balíku komponent: 1.0.30996
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19041.508)
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Podrobnosti o zablokovaném webu-
Škodlivý web: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Zablokováno, -1, -1, 0.0.0, , 

-Údaje o webu-
Kategorie: Trojský kůň
Doména: basicland.cz
IP Adresa: 104.28.22.29
Port: 443
Typ: Odchozí
Soubor: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



(end)


10/08/20	" 21:41:22.033"	1513515	15e8	07ac	INFO	MwacLib	MwacLibImpl::InvokeBlockCallback	"mwaclibimpl.cpp"	1097	"Connection blocked! ProcessId=10288 ProcessPath=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Domain=basicland.cz Address=104.28.22.29 Port=443 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist"
10/08/20	" 21:41:22.034"	1513515	15e8	07ac	INFO	MwacControllerImpl	mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback	"mwaccontrollerimplhelper.cpp"	2181	"Block notification callback 'basicland.cz' '104.28.22.29' 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'"
10/08/20	" 21:41:22.034"	1513515	15e8	07ac	INFO	MwacControllerImpl	mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback	"mwaccontrollerimplhelper.cpp"	2182	"AppDetectionNotification=F, BlockNotification=T"
10/08/20	" 21:41:22.158"	1513640	15e8	07ac	INFO	MWACControllerCOM	CMWACController::WebsiteBlockedNotificationCallback	"mwaccontroller.cpp"	1574	"Malicious Website Protection, domainblocklist, 104.28.22.29, basicland.cz, 443, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
10/08/20	" 21:41:22.158"	1513640	15e8	22cc	INFO	MwacControllerImpl	mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl	"mwaccontrollerimplhelper.cpp"	2284	"Block notification callback impl 'basicland.cz' '104.28.22.29' 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'"
10/08/20	" 21:41:22.163"	1513640	15e8	22cc	INFO	MwacControllerImpl	mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails	"mwaccontrollerimplhelper.cpp"	2268	"White list disposition (0) for 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'"
10/08/20	" 21:41:22.417"	1513890	15e8	22c8	INFO	MWACControllerCOM	CMWACController::TelemetryDataCallbackV3	"mwaccontroller.cpp"	2013	"Successfully sent the block event data to telemetry server."
10/08/20	" 21:41:27.848"	1519328	15e8	20bc	WARNING	HttpConnection	mb::common::net::HttpConnection::SendRequest	"httpconnection.cpp"	409	"HTTP POST - SSL error"
10/08/20	" 21:41:27.848"	1519328	15e8	20bc	WARNING	HttpConnection	mb::common::net::HttpConnection::LogExceptionDetails	"httpconnection.cpp"	1768	"Exception details: text=SSL connection unexpectedly closed"
10/08/20	" 21:41:27.849"	1519328	15e8	20bc	WARNING	TelemCtrlImpl	TelemetryControllerImpl::SendTelemetryRecord	"telemetrycontrollerimplhelper.cpp"	2088	"Problem sending JSON data to DSE stream [mwac] - server returned: -8"

 

[Zynthesist]

Hello,

Looks like there was a reported file here:

https://www.virustotal.com/gui/file/b15d0b7b98555f350eb03071c91080bebb5c4addcd74e0ec7766883bb8b8edfc/detection

hxxps://basicland.cz/.files/basic_cheat_detection.jar

 

[Prochedary]

Oh, ok. I removed it. It will be ok now?

[thisisu]

1 hour ago, Prochedary said:

Oh, ok. I removed it. It will be ok now?

Thank you. Yes it's being unblocked now.