AL
⚠ 1 unencrypted destination10.0.2.15:8080 is using plain HTTP.
7 HTTPS · 1 HTTP18 destinations observed
Destination-Centered Topology
A secondary-call map should show who called the host, over what protocol, and what the exposure looks like.
Useful per destination: caller sessions, endpoint, protocol/port, data volume, likely purpose, and whether the connection is expected, encrypted, and policy-safe.
Identity, adjacency, activity, and posture around one representative item.
Caller Chain
Who initiated the outbound edge.
unknown usersame live session
Claude Codeagent
10.0.1.44endpoint
Connection Context
What the edge itself looks like.
10.0.2.15destination host
httpprotocol
8080port
Destination
10.0.2.15:8080
Representative risky edge because it is plain HTTP and tied to a small but unusual set of calls.
1 session · 3 calls · 0.4 KB avg
Comparative Context
How it differs from the rest of the graph.
api.github.comexpected https peer
api.anthropic.comexpected model peer
only HTTP edgeoutlier
Risk Lens
The security meaning of the call.
unencrypted trafficpolicy issue
small payloadtriage hint
review session + file edgespossible exfil path
Protocol
http
Port
8080
Encryption
none
Current posture
investigate caller
| Destination | Protocol | Port | Sessions | Total calls | Avg bytes | Last seen |
|---|---|---|---|---|---|---|
| api.github.com | https | 443 | 11 | 184 | 4.2 KB | today |
| api.anthropic.com | https | 443 | 27 | 312 | 18.7 KB | today |
| api.openai.com | https | 443 | 2 | 14 | 12.1 KB | Mar 28 |
| api.figma.com | https | 443 | 4 | 31 | 88.4 KB | today |
| registry.npmjs.org | https | 443 | 8 | 62 | 1.1 KB | today |
| pypi.org | https | 443 | 3 | 19 | 0.8 KB | today |
| 10.0.2.15 | http | 8080 | 1 | 3 | 0.4 KB | 22 min ago |
| storage.googleapis.com | https | 443 | 5 | 28 | 142 KB | today |