Unknown user hitting serversMalware & Forensics

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Malware & Forensics Unknown user hitting servers

This topic contains 2 replies, has 3 voices, and was last updated by  Lucien 2 years, 3 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #106212


    I wanted to ask a question in regards to a strange activity that we are noticing within our Domain Controllers and one of our servers, our SIEM is alerting in regards to an unknown user account with the name 1B9E3760. We have checked all of our servers for any local service accounts or scripts. We haven’t found where this activity is coming from, the source IP and Destination IP are the same the port is 0.

    We decided to look online to see if there was anything out there in regards to this username, we found this user id attached to a Chinese IP address. We found this user id on the following website http://bei.kr/?idx=463353000

    This has us scratching our heads since we aren’t sure where this is coming from any help would be great.



    Did you ever figure out what this was?

    That chinese site is just mapping a hex number to an IP.



    BIGGUNS, is 1B9E3760 a Windows, or an application user ? (which app). If Windows, is it a local, or a domain account. What is your SIEM tool’s name, and its message ? Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?