Jump to content

A threat (js/agent.rrl) was found google chrome tried to access a website (jahancablearka.com)


Recommended Posts

Hello, have a good day
I have a problem and I am facing the following error in my antivirus

a threat (js/agent.rrl) was found google chrome tried to access a website (jahancablearka.com)

This site is for me, but since today Anti Veserus gets stuck on all js files and blocks them
Thank you for guiding me

Link to comment
Share on other sites

  • Marcos changed the title to A threat (js/agent.rrl) was found google chrome tried to access a website (jahancablearka.com)
  • Administrators

You've probably made a typo since jahancablearka.com domain doesn't exist.

Link to comment
Share on other sites

Posted (edited)

This is a strange one.

The web site exists as noted here: https://www.robtex.com/dns-lookup/jahancablearka.com . However, it won't resolve in browser (Firefox) nor is it accessible at sucuri.com.

My guess is this web site is being geographically restricted to access within Iran only.

Edited by itman
Link to comment
Share on other sites

Is this a HTTP only web site?

The HTTP web site was accessed at VirusTotal and scans clean: https://www.virustotal.com/gui/url/3feead69cac521e96ce4d6c363be92c3055d583b43760874f9be1ccd255edeb3 .

Even after disabling HTTPS always option in Firefox, it still will only attempt access via HTTPS which fails.

Link to comment
Share on other sites

  • Administrators
12 minutes ago, itman said:

The HTTP web site was accessed at VirusTotal and scans clean: https://www.virustotal.com/gui/url/3feead69cac521e96ce4d6c363be92c3055d583b43760874f9be1ccd255edeb3 .

That only means VirtusTotal queried AV scanners to find out if the url is on their blacklists. It didn't attempt to access the site.

Link to comment
Share on other sites

Posted (edited)
41 minutes ago, Marcos said:

That only means VirtusTotal queried AV scanners to find out if the url is on their blacklists. It didn't attempt to access the site.

Yes, I realize that.

My point was VT was able to access the site under HTTP criteria. When I try to do so in Firefox, it will redirect to HTTPS even with HTTPS only disabled.

Edited by itman
Link to comment
Share on other sites

I also performed tracert and nslookup on this domain and both failed. As such, this is not a publicly registered domain. This also means since the domain cannot be accessed via the Internet, it's impossible to diagnosis the malicious script Eset is detecting.

Link to comment
Share on other sites

  • Administrators

Surely it's not a false positive and the detected web page contains a malicious JS.

Link to comment
Share on other sites

  • Administrators

An administrator of the website should find and remove the malicious JavaScript. As for the screenshot of VT results, you are comparing apples with oranges, ie. url blacklists with malware detection in html/js files.

You can supply logs collected with ESET Log Collector and I'll provide you with the exact malicious code that should be removed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...