We have quite a bit of machines reaching out to sites like IP-API.com or IPINFO.io. Both look like legit sites and many devices we sampled were things like iPhones or Android phones. There were, however several windows machines reaching out too. It could be legit traffic, but we're wondering if it could be communicating out for nefarious purposes too.
We cleaned up a bad emotet outbreak but we have been recently DDoS attacked. We're just afraid that these connections are trying to communicate these changes somewhere. We've blocked connections to those sites on our filter and in the firewall, but we were curious if anyone else had seen this, especially related to any virus or other intrusion method anyone may have seen before.
Thank you for your time,
Kevin W. Knuckles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.