it looks like ip-api.com is blocked
the domain ip-api.com is used by azure to translate public ip with geographical locations
I noticed that when launching some power script form azure/office365 from a pc behind a firbox it fails.
The cause is that the connections to this domain is blocked and listed as botnet...
I hope it is not actually part of a botnet....
2022-04-15 15:27:31 Member2 Deny 192.168.200.75 22.214.171.124 http/tcp 64661 80 LAN Vodafone Fibra blocked sites 52 127 (Navigazione Standard-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 1868373732 win 61690" botnet="destination" geo_dst="USA" Traffic
Sign In to comment.
Hi @[email protected]
There are multiple detections of trojan CnC based traffic via that IP and FQDN, with many detections occurring today (April 17.)
If you rely on that service, I would suggest contacting the host and requesting they look into the issue as it appears legitimate.
WatchGuard Customer Support