C2 usage in Cloudflare network


I have notices on some empire framework C&C traffic, that it make use of a cloudflare network IPs.
for example, the domain ceeskophishingcampaignapt1337[.]com that used for C&C, like in one of the
automated scans performed on an Empire PowerShell script: https://tria.ge/201014-d72rhy53ex/behavioral1#network , make usage of cloudflare IPs.

There should be restrictions on that kinds of malicious usage in cloudflare reverse proxys.

Why there is no restrictions/blocking for cases like this?

Is it even possible to block this kind of usage?

Thanks, Yaron.

Complaints cannot be filed via this forum. To submit an abuse report, go to cloudflare.com/abuse. The Trust and Safety team will then review the details and reply if appropriate.

1 Like

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.