F037Suspiciousvalidator: blocked
Repeated beacon-like connections to 172.16.4.10:8080
Established C2-like connections to 172.16.4.10:8080
Analyst narrative
Numerous TCP connections from 172.16.6.11 to 172.16.4.10:8080 in ESTABLISHED/CLOSE_WAIT/CLOSED states suggest beaconing to an internal proxy/C2. cand-0011/cand-0041.
Claims asserted
path172.16.4.10:8080
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
extract_network_iocsvol_netscan