F020Inconclusivevalidator: blocked
DNS query to external IP 172.16.4.4 port 389 (LDAP)
172.16.4.4:389
Analyst narrative
Closed TCP connection to 172.16.4.4:389 (LDAP/Active Directory) detected. Indicates potential reconnaissance or credential enumeration attempt.
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan