Support intro
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. 
The Basics
- Nextcloud Server version (e.g., 29.x.x):
31.0.5
- Operating system and version (e.g., Ubuntu 24.04):
Ubuntu 24.04
- Web server and version (e.g, Apache 2.4.25):
Apache 2.4
- PHP version (e.g, 8.3):
8.3
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
When generating share link to folder and testing the link on another machine
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
VM, installed with curl
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
On a fresh install, my Cisco Firepower is flagging this as a trojan when using a generated shared public link.
192.168.50.14 : 65371 / tcp → 192.168.80.137 : 80 (http) / tcp MALWARE-CNC Win.Trojan.Redaman outbound connection (1:49625:1) (+0)
the link is formatted like this: http://192.168.80.137/index.php/s/****
192.168.50.14 is my local machine
192.168.80.137 is Nextcloud server
Steps to replicate it (hint: details matter!):
- Create a file / folder
- generate share link
- use share link on another machine
- check firewall
Log entries
Nextcloud
Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.
PASTE HERE
{“reqId”:“Xs8NoIr1dfnY22D20XGL”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“rpf1hzzIHdvGPZOjlJBw”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“3hrypezIgwvaPRkqWEj0”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“G18DApo95bhZDejiGeMV”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“lQJ1I9IoVSYhXtMpsv5O”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“7bpWqhqraZqzR06Qd1Xb”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“8qU1Xp81hPy3AQ2AJ9KA”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“OG8wsEJ8w5dV9TGpAPPg”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“ugPQQcW23vzEAhuLwlrw”,“level”:2,“time”:“2025-05-26T11:58:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?forceIcon=0&a=0>
{“reqId”:“XMCfU3RKQORqLOnTzvEn”,“level”:2,“time”:“2025-05-26T11:59:03+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/apps/photos/api/v1/preview/5>
{“reqId”:“DqLasWLwFR7XyBTQRm5M”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/apps/photos/api/v1/preview/4>
{“reqId”:“qhlsnhX3yEtuhEy9Mtzf”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/apps/photos/api/v1/preview/4>
{“reqId”:“gaNI55ZiN0ZasMudDyIi”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/apps/photos/api/v1/preview/5>
{“reqId”:“Bjvx8CZ3CITl5BBisitJ”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/apps/photos/api/v1/preview/5>
{“reqId”:“AwJmqwduKtsI7x9gUlBB”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/apps/photos/api/v1/preview/4>
{“reqId”:“boA9AP3iDMDVxxoSeGHz”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/apps/photos/api/v1/preview/5>
{“reqId”:“atNiE7QT9ALRyokKCB3J”,“level”:2,“time”:“2025-05-26T11:59:04+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/apps/photos/api/v1/preview/5>
{“reqId”:“0NFYNNN1UYhOaJB91Idl”,“level”:2,“time”:“2025-05-26T12:01:37+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“text”,“method”:“POST”,“url”:”/index.php/apps/text/session/54/save",“message”:“Sa>
{“reqId”:“kGD83okC7YaDdv7gE12E”,“level”:2,“time”:“2025-05-26T12:01:42+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=3&x=128&>
{“reqId”:“mZEGarlL1dyM8M6onpXB”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=52&x=32&>
{“reqId”:“2G4EE3WW0WdUZjijX54V”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=53&x=32&>
{“reqId”:“paxkjMC16zU5WJIGuXZm”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=51&x=32&>
{“reqId”:“FdXXEI0tFs1KnWJxTM1W”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=48&x=32&>
{“reqId”:“ucLI8rzkjKJNpZ8dWrbz”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=50&x=32&>
{“reqId”:“jGVndiwOuN7LTVfwrcRM”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=37&x=32&>
{“reqId”:“AIkVRwdVonrzazH9z6CZ”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=47&x=32&>
{“reqId”:“dyTfH8hnQuvzyI1e1HfS”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=42&x=32&>
{“reqId”:“I93gNn284UEydItJ09Nu”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=43&x=32&>
{“reqId”:“B6GcxRutKXKncWSaltey”,“level”:2,“time”:“2025-05-26T12:09:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=49&x=32&>
{“reqId”:“DrX27w5WZvWqe9JRVvIE”,“level”:3,“time”:“2025-05-26T12:10:22+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“webdav”,“method”:“DELETE”,“url”:“/remote.php/dav/files/it/Nextcloud%20intro.mp4”>
{“reqId”:“kQ7dgwxMAbHDzb40SP1w”,“level”:3,“time”:“2025-05-26T12:10:22+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“webdav”,“method”:“DELETE”,“url”:“/remote.php/dav/files/it/Templates”,“message”:“>
{“reqId”:“VMCK3rCysmDhFt5s0Wq1”,“level”:2,“time”:“2025-05-26T12:12:07+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=355&x=32>
{“reqId”:“TJjbbWm2qhQvOiCVCstN”,“level”:2,“time”:“2025-05-26T12:12:57+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“–”,“app”:“cron”,“method”:“GET”,“url”:“/cron.php”,“message”:“failed to create instance of b>
{“reqId”:“VCxVTMIpIgDtSmNFkRBB”,“level”:2,“time”:“2025-05-26T12:13:41+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=355&x=19>
{“reqId”:“DKcu8a2g2Gbalf1AFReF”,“level”:2,“time”:“2025-05-26T12:13:46+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=355&c=66>
{“reqId”:“uWG5nj69CZW9V4uugJvM”,“level”:2,“time”:“2025-05-26T12:14:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=34&x=32&>
{“reqId”:“k9r96z7mo4kdEe993QZ7”,“level”:2,“time”:“2025-05-26T12:14:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=39&x=32&>
{“reqId”:“a8MJm3Tex9GC1l5YYvhJ”,“level”:2,“time”:“2025-05-26T12:14:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=38&x=32&>
{“reqId”:“DQFI8B7LxkUey8BpxeVq”,“level”:2,“time”:“2025-05-26T12:14:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=35&x=32&>
{“reqId”:“AfyGFGAFookdal7r7dmv”,“level”:2,“time”:“2025-05-26T12:14:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=40&x=32&>
{“reqId”:“WrsAOt6dS6o6BsMAKS6Q”,“level”:3,“time”:“2025-05-26T12:14:34+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“PHP”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=32&x=32&y=32&mimeFallb>
{“reqId”:“PQlyiqUzjcxehHfoBFFe”,“level”:2,“time”:“2025-05-26T12:15:10+00:00”,“remoteAddr”:“192.168.50.14”,“user”:”–“,“app”:“no app in context”,“method”:“POST”,“url”:”/index.php/login",“message”:“Login fai>
{“reqId”:“hcLxAK7rk4Hn5HWYFE4J”,“level”:2,“time”:“2025-05-26T12:15:18+00:00”,“remoteAddr”:“192.168.50.14”,“user”:”–“,“app”:“no app in context”,“method”:“POST”,“url”:”/index.php/login",“message”:“Login fai>
{“reqId”:“6vNiMiPqMTeomr5Rigkg”,“level”:3,“time”:“2025-05-26T12:19:13+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“index”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=18&x=32&y=32&mimeFal>
{“reqId”:“CDZ5pumidRT5VbX6qNol”,“level”:3,“time”:“2025-05-26T12:19:14+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“PHP”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=14&x=32&y=32&mimeFallb>
{“reqId”:“bWz94zHF0rLILYzedEPo”,“level”:3,“time”:“2025-05-26T12:19:14+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“index”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=23&x=32&y=32&mimeFal>
{“reqId”:“8JCCH8p4pNMs82sieIKZ”,“level”:3,“time”:“2025-05-26T12:19:14+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“index”,“method”:“GET”,“url”:“/index.php/core/preview?fileId=27&x=32&y=32&mimeFal>
{“reqId”:“O4jyhlna5tzyY6ELWwjZ”,“level”:3,“time”:“2025-05-26T12:19:15+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“index”,“method”:“GET”,“url”:”/index.php/core/preview?fileId=18&x=32&y=32&mimeFal>
{“reqId”:“1B6UwIIpOggnV4Jn6NRh”,“level”:2,“time”:“2025-05-26T12:22:47+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“–”,“app”:“cron”,“method”:“GET”,“url”:“/cron.php”,“message”:“failed to create instance of b>
{“reqId”:“1B6UwIIpOggnV4Jn6NRh”,“level”:2,“time”:“2025-05-26T12:22:47+00:00”,“remoteAddr”:“192.168.50.14”,“user”:”–“,“app”:“cron”,“method”:“GET”,“url”:”/cron.php",“message”:“failed to create instance of b>
{“reqId”:“1B6UwIIpOggnV4Jn6NRh”,“level”:2,“time”:“2025-05-26T12:22:47+00:00”,“remoteAddr”:“192.168.50.14”,“user”:”–“,“app”:“cron”,“method”:“GET”,“url”:”/cron.php",“message”:“failed to create instance of b>
{“reqId”:“1B6UwIIpOggnV4Jn6NRh”,“level”:2,“time”:“2025-05-26T12:22:47+00:00”,“remoteAddr”:“192.168.50.14”,“user”:”–“,“app”:“cron”,“method”:“GET”,“url”:”/cron.php",“message”:“failed to create instance of b>
{“reqId”:“o0GAYohXp0ng4gcbnt9X”,“level”:3,“time”:“2025-05-26T12:36:55+00:00”,“remoteAddr”:“192.168.50.14”,“user”:“it”,“app”:“no app in context”,“method”:“POST”,“url”:”/ocs/v2.php/apps/files_sharing/api/v1/>
Web Browser
If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.
PASTE
Web server / Reverse Proxy
The output of your Apache/nginx/system log in /var/log/____:
PASTE HERE
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
PASTE HERE
Apps
The output of occ app:list (if possible).
Tips for increasing the likelihood of a response
- Use the
preformatted textformatting option in the editor for all log entries and configuration output. - If screenshots are useful, feel free to include them.
- If possible, also include key error output in text form so it can be searched for.
- Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
