Home 0P3N Blog Unknown User Hitting Servers
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Unknown User Hitting Servers

January 1, 2016
authors profile image
January 1, 2016
I wanted to ask a question in regards to a strange activity that we are noticing within our Domain Controllers and one of our servers, our SIEM is alerting in regards to an unknown user account with the name 1B9E3760. We have checked all of our servers for any local service accounts or scripts. We haven't found where this activity is coming from, the source IP and Destination IP are the same the port is 0. We decided to look online to see if there was anything out there in regards to this username, we found this user id attached to a Chinese IP address. We found this user id on the following website https://bei.kr/?idx=463353000 This has us scratching our heads since we aren't sure where this is coming from any help would be great. Did you ever figure out what this was? That chinese site is just mapping a hex number to an IP. BIGGUNS, is 1B9E3760 a Windows, or an application user ? (which app). If Windows, is it a local, or a domain account. What is your SIEM tool's name, and its message ? Thanks
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry