I’ve been receiving this notification from a couple of days. Is there anything I can do?

Category: Intrusion Prevention
Date & Time, 14/8/2024 9:33:12 a. m
Risk, Medium
Activity, An intrusion attempt by 158.255.211.11 was blocked
Status, Blocked
Recommended Action, No Action Required
IPS Alert Name, Malicious Site: Malicious Domain Request 21
Default Action, No Action Required
Action Taken, No Action Required
Attacking Computer, 158.255.211.11, 80
Attacker URL,
Destination Address, SAINT (192.168.1.33, 51351)",158.255.211.11
Source Address, TCP, www-http
Traffic Description Network traffic from
Matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE.

Hello The IP address you post traces to Vienna, Austria. Its not blacklisted.

https://www.ip-tracker.org/lookup.php?ip=158.255.211.11

Is it Norton that is flagging this or Chrome?

SA

Did you recently install any program or browser extension?
Did you recently allow push notifications?
Do you run Chrome sync?

What DIY have you tried?
Please run Norton Full Scan & Malwarebytes Scan.

Were my machine and I wanted reassurance.
I’d ask Malwarebytes Malware Removal Help Forums to check my machine.

Malwarebytes offers free second opinion on-demand scanner.
Malwarebytes offers free self-help guides.
Malwarebytes offers free one-on-one malware removal assistance.
Malwarebytes staff & experts help all. Malwarebytes subscription is not required.

How to install and run a scan with Malwarebytes
https://malwaretips.com/blogs/run-a-scan-with-malwarebytes/
Malware Removal Self-Help Guides
https://forums.malwarebytes.com/forum/39-malware-removal-self-help-guides/
Malwarebytes Malware Removal Help Forums
https://forums.malwarebytes.com/forum/108-malware-removal-help/
Malware Removal Help Forums dedicated to cleaning infected devices. Get personalized help removing adware, malware, spyware, ransomware, trojans, viruses and more from tech experts.

Malicious Site: Malicious Domain Request 21
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31349

Did you recently install any program or browser extension?

Not recently

Did you recently allow push notifications?

No

Do you run Chrome sync?

I don’t know

What DIY have you tried?

I don’t know what it is

I ran both scans, but they didn’t find anything

DIY = do it yourself
What have you tried, yourself. Sorry, I was not clear.

If I were receiving repeating Norton IPS Alerts and I wanted reassurance.
I’d ask Malwarebytes Malware Removal Help Forums to check my machine.

https://www.tenforums.com/tutorials/115678-enable-disable-sync-google-chrome-windows.html

https://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/

If I were receiving repeating Norton IPS Alerts and I wanted reassurance.
I’d ask Malwarebytes Malware Removal Help Forums to check my machine.

Attack from URL, http://at26.prmsrvs.com/api/test?3887027951

png_198391432×792 60 KB

If I were receiving repeating Norton IPS Alerts and I wanted reassurance.
I’d ask Malwarebytes Malware Removal Help Forums to check my machine.

image982×367 41.2 KB

https://www.reddit.com/r/computerviruses/comments/1es9cky/httpat26prmsrvscomapitest3887027951/

@Saintccs
Please post progress
Thanks

Oh, ok. Thank you. English is not my mother language. I have been receiving some help from bleepingcomputer forums. I wanted to explain that I’m only getting this issue from my work sessions and that I’m not getting into dangerous pages when this happens.

The post has the same name: httpsfi13prmsrvscom

Btw, I also tried to post it in malwwarebites forums, but I wasn’t able to sign in after multiple tries.

Note: only work with one help forum…at a time.

https://www.bleepingcomputer.com/forums/t/799768/httpsfi13prmsrvscom/

Ok, thanks. I will keep that in mind

I’m following your Bleeping progress. Thanks

at23.prmsrvs.com
URL Analysed: http://at23.prmsrvs.com/api/test?242305800187
Norton Rating  Caution 
CURRENT CATEGORY  Suspicious

https://safeweb.norton.com/report?url=http://at23.prmsrvs.com/api/test?242305800187