it looks like ip-api.com is blocked

Hi,
the domain ip-api.com is used by azure to translate public ip with geographical locations
I noticed that when launching some power script form azure/office365 from a pc behind a firbox it fails.
The cause is that the connections to this domain is blocked and listed as botnet...
I hope it is not actually part of a botnet....

2022-04-15 15:27:31 Member2 Deny 192.168.200.75 208.95.112.1 http/tcp 64661 80 LAN Vodafone Fibra blocked sites 52 127 (Navigazione Standard-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 1868373732 win 61690" botnet="destination" geo_dst="USA" Traffic

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @g.bonvecchio@basenet.it
    There are multiple detections of trojan CnC based traffic via that IP and FQDN, with many detections occurring today (April 17.)
    If you rely on that service, I would suggest contacting the host and requesting they look into the issue as it appears legitimate.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.