Intrusion attempt blocked

My norton says that "intrusion attempt 98.158.195.11 was blocked."  When I check the history is says that high level ads.inhabitat.com/www/delivery was blocked.  I cannot find this anywhere that I looked on the internet as a threat or in the Norton Community Forum.  What in the world is it?

Thank you for your quick response.  It looks like Exploit Toolkit Website 4 is the culprit.  As you can see I'm new to all of this.  My response to this block was to run Norton Security Suite 3 times and it looks okay.  Is there something else I should do with this.  Thank you for your assistance.

My norton says that "intrusion attempt 98.158.195.11 was blocked."  When I check the history is says that high level ads.inhabitat.com/www/delivery was blocked.  I cannot find this anywhere that I looked on the internet as a threat or in the Norton Community Forum.  What in the world is it?

Hi twooten77,

 

What you came across was a drive-by download attempt.  An exploit kit will look for unpatched vulnerabilities in your operating system and programs, which, if found, can be used  to install malware without any action on your part.  Norton detected the threat and blocked it.  Note that the exploit kit, which Norton blocked, is the first part of the attack.  In order to infect your PC the kit would have needed to find a software vulnerability on your system and then would have had to install the payload.  So, in general, once the exploit pack is detected and blocked, it is not capable of doing any damage.  If you have scanned your PC (which is always a prudent thing to do after Norton blocks something) and no threats were found, you can rest easy.

I just wanted to say Thank You!!! once again.   You have been great. 

You're very welcome.

Maybe, recently installed browser extensions is causal? 

Intrusion Prevention protects you from attacks when you are online. It scans network traffic for attack signatures, such as social threats and outbound attacks, that identify attempts to exploit vulnerabilities in your operating system or in a program that you use. To keep you secure, Intrusion Prevention discards packets from computers that try to send data with known attack signatures. It blocks connections to those computers.
[...]
For more information about the attacks that Intrusion Prevention blocks, go to the following URL:
https://www.broadcom.com/support/security-center/attacksignatures

https://support.norton.com/sp/en/us/norton-360/22.20.5.39/solutions/v15471442


Please tell us what Norton is telling you regarding this event/s.
Please review: How to post an image in the forums
https://community.norton.com/en/forums/how-post-image-forums-0


> Download and install Malwarebytes for Windows
https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows-v4
> Malwarebytes for Windows articles
https://support.malwarebytes.com/hc/en-us/categories/360002458014-Malwarebytes-for-Windows
> Deactivate Premium Trial in Malwarebytes for Windows v4
https://support.malwarebytes.com/hc/en-us/articles/360040972954-Deactivate-Premium-Trial-in-Malwarebytes-for-Windows-v4
> Malwarebytes free downloads
https://www.malwarebytes.com/mwb-download/

 

Is there an entry for this in Norton History under Intrusion Prevention?  These are generally attempts to exploit known security flaws in computer software that the user has not updated to install available fixes.

Hello

To me it seems to mean that some other computer tried to attack your computer and Core blocked  the attempt. So your computer should be safe.

Have a Good Night and

Thanks.

Thing is I've never visited that site, in face I never even heard of that site till the intrusion was blocked.

You do not necessarily have to visit the site. It could be in the code of one of the ads on the site. As the ad is loaded with the site, the attack is attempted. Norton blocked it so you should be OK.

 

Did a scan with adware cleaner, it found a few registry things it got rid of, but doing so messed up windows 10 to where only "Other User" was available and after 2 minuets windows would restart. But I got the issue fixed by booting windows 10 installation media and repairing windows. So far so good, haven't seen any new blocks for the intrusion.

Hello ED210

For peace of mind, please stop at one of the recommended malware removal sites. They will help you to check and see if you are clean or not. They will help you clean up the computer if needed.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users who unfortunately has passed away. That site is still being run by a good expert who happens to be one of the other Gurus.  The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Please let us know how you made out.

Thanks.




 

Thing is I've never visited that site, in face I never even heard of that site till the intrusion was blocked.

Malicious Site: Malicious Web Site, Domain, or URL (1)
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=23928

https://safeweb.norton.com/report/show?url=getmysoftware.info

 


https://forums.malwarebytes.com/topic/200676-possible-malware-issue-hijacking-powershell/#comment-1123773