AlexC
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
I agree, better false positive than incident 🙂
12 replies
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
Looks like users have installed an extension called "Sponsorblock" or some uBlock origin derivate
12 replies
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
Ok, we found it.
DNS Record involved on all endpoints: sponsor.ajay.app/database
12 replies
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
could also be related to the multi-messenger https://meetfranz.com/de/
12 replies
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
users are reporting it happens when they try to open youtube.
12 replies
CDCloudflare Developers
•Created by AlexC on 3/14/2025 in #general-help
Windows Defender C2 detection, Chrome/Brave/FireFox contacting malicous IP at cloudfare
right now we can not see the DNS record they're calling. We're still trying to figure out which service is getting contacted.
Strange thing is we have this from devices across all departments like finance, R&D, order management and production.
No plugins installed on either Chrome, Firefox or Brave that we can see.
12 replies