F028Suspiciousvalidator: blocked
Network connections to external C2 infrastructure
TCP connections to 13.89.220.65:443 and 52.16.55.11:443
Analyst narrative
Network traffic captured showing established TCP connections to external IP addresses 13.89.220.65 and 52.16.55.11 on port 443 (HTTPS) with CLOSE_WAIT and CLOSED states. IPs associated with cloud infrastructure, suggesting command-and-control communication.
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan