F016Inconclusivevalidator: blocked
Multiple unowned TCP connections to 172.16.4.10 port 8080 in CLOSE_WAIT state
172.16.4.10:8080
Analyst narrative
Eight TCP connections from local system 172.16.6.11 to remote 172.16.4.10:8080 with no owning process identified. CLOSE_WAIT state and orphaned connections suggest potential RPC-based lateral movement or C2 communication.
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan