A threat (js/agent.rrl) was found google chrome tried to access a website (jahancablearka.com)

[mansour iranmanesh 0]

Hello, have a good day
I have a problem and I am facing the following error in my antivirus

a threat (js/agent.rrl) was found google chrome tried to access a website (jahancablearka.com)

This site is for me, but since today Anti Veserus gets stuck on all js files and blocks them
Thank you for guiding me

[Marcos 5,165]

You've probably made a typo since jahancablearka.com domain doesn't exist.

[mansour iranmanesh 0]

[itman 1,720]

This is a strange one.

The web site exists as noted here: https://www.robtex.com/dns-lookup/jahancablearka.com . However, it won't resolve in browser (Firefox) nor is it accessible at sucuri.com.

My guess is this web site is being geographically restricted to access within Iran only.

Edited Tuesday at 01:18 PM by itman

[itman 1,720]

Is this a HTTP only web site?

The HTTP web site was accessed at VirusTotal and scans clean: https://www.virustotal.com/gui/url/3feead69cac521e96ce4d6c363be92c3055d583b43760874f9be1ccd255edeb3 .

Even after disabling HTTPS always option in Firefox, it still will only attempt access via HTTPS which fails.

[Marcos 5,165]

12 minutes ago, itman said:

The HTTP web site was accessed at VirusTotal and scans clean: https://www.virustotal.com/gui/url/3feead69cac521e96ce4d6c363be92c3055d583b43760874f9be1ccd255edeb3 .

That only means VirtusTotal queried AV scanners to find out if the url is on their blacklists. It didn't attempt to access the site.

[itman 1,720]

41 minutes ago, Marcos said:

That only means VirtusTotal queried AV scanners to find out if the url is on their blacklists. It didn't attempt to access the site.

Yes, I realize that.

My point was VT was able to access the site under HTTP criteria. When I try to do so in Firefox, it will redirect to HTTPS even with HTTPS only disabled.

Edited Tuesday at 02:43 PM by itman

[itman 1,720]

I also performed tracert and nslookup on this domain and both failed. As such, this is not a publicly registered domain. This also means since the domain cannot be accessed via the Internet, it's impossible to diagnosis the malicious script Eset is detecting.

[Marcos 5,165]

Surely it's not a false positive and the detected web page contains a malicious JS.

[mansour iranmanesh 0]

It blocks all my accesses and blocks all js files both on the website and in the site admin
Do you have any suggestions?

[Marcos 5,165]

An administrator of the website should find and remove the malicious JavaScript. As for the screenshot of VT results, you are comparing apples with oranges, ie. url blacklists with malware detection in html/js files.

You can supply logs collected with ESET Log Collector and I'll provide you with the exact malicious code that should be removed.