The correct answer isUse Deep Packet Inspection (DPI) to block malicious domains. The key detail in this scenario is that the endpoint is makingcontinuous outbound TCP connections to a known Command-and-Control (C2) server over port 80, which strongly indicates active malware beaconing or payload retrieval.

Deep Packet Inspection enables security controls—such as next-generation firewalls or network security analytics platforms—to inspectapplication-layer content, including HTTP headers, URLs, domains, and payload characteristics. This allows defenders to block C2 communicationbased on domain names, URL patterns, or behavioral signatures, even if attackers change IP addresses. Since C2 infrastructure is frequently rotated, IP-based blocking alone is insufficient for long-term mitigation.

Option A (browser extension deny list) may help prevent a specific initial infection vector, but it does not addresspost-compromise C2 traffic, especially if malware communicates independently of the browser. Option B (antivirus quarantine) is reactive and limited by signature coverage; modern malware often evades AV detection. Option D (IDS) can detect similar connections but typically does notblocktraffic unless integrated with an IPS or firewall, making it less effective for mitigation.

From a professional threat hunting and SOC standpoint, blocking C2 communication at thenetwork layer using DPIis a high-impact defensive control. It disrupts attacker command channels, prevents data exfiltration, and buys time for endpoint remediation and forensic investigation.

This aligns withMITRE ATT&CK – Command and Control (TA0011)mitigation strategies and reflects a mature security posture:detect at the endpoint, disrupt at the network. Therefore, optionCis the most effective action to mitigate similar connections in the future.