OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: jaj1105 on July 02, 2020, 09:41:12 pm
-
Hi all,
I have a lot of blocked alert from rules SID 2843255 (AZORult CnC) and 2837244 (Coinminer JS Host) on port 443.
The destinations OS is: Windows, Mac OSX, IOS, Linux, Android...
Is it a malware or only bad web navigation?
Thanks for your help!
Best regards,
Joseph
-
Hi all,
I have a lot of blocked alert from rules SID 2843255 (AZORult CnC) and 2837244 (Coinminer JS Host) on port 443.
The destinations OS is: Windows, Mac OSX, IOS, Linux, Android...
Is it a malware or only bad web navigation?
Thanks for your help!
Best regards,
Joseph
Without more info it's hard to say. If you just saw the alerts once I would say it's possible it was simply a bad hit on a website. However if you are seeing this regularly you may have malware. Regardless I would check the client machine that triggered the alarm for malware.