I got a hit that a device on my network (found to be my Dappnode Eth2 Prysm validator) was flagged for possible malware command and control activity. The payload matched the Turkojan C2 command “nxt” from a source port of 30303/TCP (obviously Eth2)
Im fairly confident its a false positive but its also highly suspicious and concerning so I wanted to post here.
