AlexC
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
We're facing multiple incident reports by Microsoft Defender with the following process:
"chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,11649817129998401053,18190743795037028513,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2144 /prefetch:3
It's contacting the IP address 188.114.96.3 which belongs to cloudfare according to IPWHOIS.
Is anybody else expericieng this issue?
12 replies