Tripped website firewall- is someone attacking through my computer?

Hi there,

I was browsing the web and I visited a certain website. (A rescue non-profit for wildcats. I like big cats. Anyways.) I clicked on a link on the page- not an external link, but supposedly a link to another page on the same site- and I was redirected to an error screen from Sucuri Website Firewall (screenshot attached.) It said that the firewall had detected an obfuscated attack payload coming from my device.

On my word, I was not trying to attack the website. Just browsing. So what could cause my computer to trip a website's firewall like this? Is it possible that someone was using my device through a backdoor to orchestrate an attack? Or is this more likely a false positive? I haven't used the internet on that computer since getting this message. Any advice appreciated.

Im using Windows 11 Home, v. 22H2
OS build 22621.2283, 64-bit
HP OMEN 16-b0xxx
My browser was Firefox 118.0 (unfortunately I can't remember if I was using my VPN at the time. Trying to confirm as we speak by comparing ip addresses)

If needed, I can post the full address of the blocked webpage

Thank you!

Edited by cactus37, 18 December 2023 - 07:26 PM.

No attack from your device - firewall just blocked an attempt from that url going to your device.

 

Best advice - first clean the browser cache, then run the Windows Disk cleaner,  and then scan with your resident antivirus/antimalware scanners. You should be clean.

 

I can't remember if I was using my VPN at the time.

A VPN can cause this at times.

Please update Mozilla Firefox to version 121.0.

Good luck!

Edited by midimusicman79, 19 December 2023 - 02:09 PM.

firewall just blocked an attempt from that url going to your device.

Thank you all so far. Just to be clear, I don't have Securi Website Firewall running on my device- the block came from the website itself. Why would the site stop my computer from accessing that url?

Edited by cactus37, 04 January 2024 - 04:00 PM.

You are welcome, cactus37!

It would be interesting if you please could upload the full address of the blocked webpage to VirusTotal and share the resulting link here.

Good luck!

Thanks for your advice earlier. (Took me a while to get around to fixing it- life happened.) I cleared the cache, ran Disk Cleanup, and scanned with Malwarebytes free, then Windows Defender. (I did a full scan, then an offline scan.) I also updated everything- Defender, Malwarebytes, Windows Update- since the internet on the macchine had been turned off for several months.

I also checked the url of the blocked page and linked the results here. The page itself (1st link) came up clean. Interestingly though, when I checked the address of the main domain (bigcatrescue.org), it was flagged under 'Relations' as communicating with malicious files (2nd link). Should this have any bearing on the results of the first page?

https://www.virustotal.com/gui/url/ba06e85a751a4f85f1301a93bc17daa47a5ffab6d567fb65dbfaf2cf368835ad

https://www.virustotal.com/gui/domain/bigcatrescue.org/relations

As for the scans, they all came up clean. However, I read the log for the offline scan and errors occured- the scan couldn't open a registry hive.( I don't know if that would affect its capacity to detect something.) There are also some events in my Windows security log that look concering, odd behavior coming from my Desktop Windows Manager, and a CMOS checksum error that's coincided with all this.

TLDR- the scans all say it's fine, but there are still concerning things going on. I don't know if I'm looking at normal behavior or not. I'm wondering if I should start a new thread to address some of these issues.

You are welcome, cactus37!

You can start a new topic in the Virus, Trojan, Spyware, and Malware Removal Help Forum, for assistance by the Malware Response Team.

And to do that, please follow the instructions in the Malware Removal and Log Section Preparation Guide.

Good luck!

Edited by midimusicman79, 20 February 2024 - 08:25 PM.