I’m running Windows 10 Home build 1903, and recently started monitoring outbound connections (using Malwarebytes Windows Firewall Control). explorer.exe today attempted to connect to 104.24.102.72, which is a Cloudflare IP address. (This happened while I was using Win+Tab to modify workspaces, but that might be a coincidence.)
explorer.exe appears to have a valid digital signature chain.
- Is Microsoft known to use Cloudflare as a CDN?
- Could there be shell extensions that are hosted in explorer.exe, whose network traffic is attributed to that executable?