Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: simmerdownthere on November 04, 2021, 08:12:46 PM

Title: Google inkestyle.net Constant Threat Detection
Post by: simmerdownthere on November 04, 2021, 08:12:46 PM
Hey team.

I noticed over the past few days to a week, that Avast is detecting inkestyle.net as a Blacklisted URL and pops up every time I open up the Google search page.
I don't mind this being blocked if it's legitimately a bad service/URL, but it gets annoying because it pops up with every new Google search windows i make.

Is there any way to stop the notifications without creating an exception for it so that it's continuing to be blocked?

I'm on Windows 10 Pro 2004 version with the latest Avast Free Antivirus at ver. 21.9.2494 build 21.9.6698.561 and virus definitions version 21104-8.
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: DavidR on November 04, 2021, 08:23:57 PM
See this topic - https://forum.avast.com/index.php?topic=307196.0
I get a 403 Forbidden error in trying to connect, so I'm not getting an alert.
I have no exception set.
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: simmerdownthere on November 04, 2021, 10:16:36 PM
See this topic - https://forum.avast.com/index.php?topic=307196.0
I get a 403 Forbidden error in trying to connect, so I'm not getting an alert.
I have no exception set.

Doesn't look like they've found a solution yet in that post
I've tried checking if it was something with Chrome's search engine feature, because that's what i use 99% of the time. It looks like it happens regardless of using the Address Bar search engine function or just going to google.com and typing in the search bar.

The specific URL is hXXps://inkestyle.net/23567dbd647db71d0a.js, so it's a javascript file
It looks like the first detection was yesterday, November 3rd, shortly before 4:45 PM EST. And i use Google fairly regularly. It went off about 9 times altogether yesterday.

I do have several Ad blocker add-ons on, but i haven't had this URL become an issue until yesterday after running my PC for over a year now with Avast.
I'm assuming there was some change in a recent definition update that added this.
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: DavidR on November 04, 2021, 10:43:31 PM
first - Please 'modify' your post change the URL from https to hXXps, to break the link and avoid accidental exposure to suspect sites, thanks.  The last thing anyone wants is an active link to an unknown javascript file.

It wasn't an indication that there is a solution, but another topic to monitor and questions asked in Reply #6 of that topic and would also be applicable here.
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: simmerdownthere on November 05, 2021, 04:05:44 AM
first - Please 'modify' your post change the URL from https to hXXps, to break the link and avoid accidental exposure to suspect sites, thanks.  The last thing anyone wants is an active link to an unknown javascript file.

It wasn't an indication that there is a solution, but another topic to monitor and questions asked in Reply #6 of that topic and would also be applicable here.

From the questions you mentioned in there, I wasn't trying specifically to connect to that javascript file at inkestyle.net
Google search just seems to want to connect there every 5 to 10 minutes when using the search engine
The browser i'm using is the latest version of Google Chrome
There are several add-ons, but no updates or additions have been made in the past week to them
Chrome was updated last week i believe, but these messages just started popping up yesterday

I'm not sure what else to tell you besides that.
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: Asyn on November 05, 2021, 10:24:13 AM
-> https://www.virustotal.com/gui/url/8b77074200aa731e976565939d577c03c75b861bf451f38104912f96368df742
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: simmerdownthere on November 05, 2021, 07:03:45 PM
-> https://www.virustotal.com/gui/url/8b77074200aa731e976565939d577c03c75b861bf451f38104912f96368df742

Well that's annoying. Just because a tiny fraction of AV partners/providers mark it as malicious.
Is there any way to get rid of this connection block popup for this file without adding an exception? Or is an exception the only way?
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: DavidR on November 05, 2021, 07:27:08 PM
Given the random javascript file name I rather doubt this would be an easy task.  Using any form of wildcard to exclude either all .js scripts or the whole domain would be a large risk (hole in security).

Note that Avast isn't in that list as it doesn't do on demand site scans like this but live scans via the Web Shield, which isn't used on virustotal.com scans
Title: Re: Google inkestyle.net Constant Threat Detection
Post by: simmerdownthere on November 06, 2021, 08:17:37 AM
Given the random javascript file name I rather doubt this would be an easy task.  Using any form of wildcard to exclude either all .js scripts or the whole domain would be a large risk (hole in security).

Note that Avast isn't in that list as it doesn't do on demand site scans like this but live scans via the Web Shield, which isn't used on virustotal.com scans

So the blocking isn't related to virustotal.com. Got it. I just went ahead and created the exception to get it done with.
I've got Windows Defender running, plus many adblocker addons to help out.