cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is this account "1B9E3760"?

%3CLINGO-SUB%20id%3D%22lingo-sub-331956%22%20slang%3D%22en-US%22%3EWhat%20is%20this%20account%20%221B9E3760%22%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331956%22%20slang%3D%22en-US%22%3E%3CP%3EI%20keep%20seeing%20the%20account%20name%201B9E3760%20in%20our%20Windows%20security%20logs%2C%20only%20when%20an%20account%20has%20failed%20to%20log%20in.%20(But%20not%26nbsp%3B%3CEM%3Eevery%20time%3C%2FEM%3E%20an%20account%20has%20failed%20to%20log%20in.)%20The%20only%20thing%20that%20we've%20found%20is%20that%20this%20may%20be%20related%20to%20%22logon%20as%20a%20service%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhere%20would%20I%20even%20begin%20to%20look%20for%20more%20info%20on%20what%20this%20is%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-331956%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1042217%22%20slang%3D%22en-US%22%3ERe%3A%20What%20is%20this%20account%20%221B9E3760%22%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1042217%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F279538%22%20target%3D%22_blank%22%3E%40cschelin%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20case%20it%20is%20vulnerability%20scanner%26nbsp%3B%20InsightVM%20-%20Rapid7%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.rapid7.com%2Fproducts%2Finsightvm%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.rapid7.com%2Fproducts%2Finsightvm%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1137285%22%20slang%3D%22en-US%22%3ERe%3A%20What%20is%20this%20account%20%221B9E3760%22%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137285%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F475124%22%20target%3D%22_blank%22%3E%40vvatta%3C%2FA%3E%3A%3CBR%20%2F%3EI%20found%20this%20username%20in%20my%20logs%20as%20well%2C%20how%20and%20where%20did%20you%20find%20the%20connection%20between%20the%20name%20and%20nexpose%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20pretty%20sure%20that%20this%20is%20a%20nexose%20user%20but%20I%20would%20like%20to%20understand%20where%20this%20is%20configured%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20for%20the%20feedback%20and%20greets%2C%20younoobtoo%3C%2FLINGO-BODY%3E
Highlighted
cschelin
Occasional Visitor

‎02-06-2019 01:22 PM

‎02-06-2019 01:22 PM

What is this account "1B9E3760"?

I keep seeing the account name 1B9E3760 in our Windows security logs, only when an account has failed to log in. (But not every time an account has failed to log in.) The only thing that we've found is that this may be related to "logon as a service".

 

Where would I even begin to look for more info on what this is?

Labels:
2,523 Views
0 Likes
2 Replies
Reply
2 Replies
Highlighted
vvatta

‎12-02-2019 06:26 AM

‎12-02-2019 06:26 AM

Re: What is this account "1B9E3760"?

@cschelin 

In my case it is vulnerability scanner  InsightVM - Rapid7 https://www.rapid7.com/products/insightvm/

0 Likes
Reply
Highlighted
Younoobtoo

‎01-29-2020 06:49 AM

‎01-29-2020 06:49 AM

Re: What is this account "1B9E3760"?

@vvatta:
I found this username in my logs as well, how and where did you find the connection between the name and nexpose?

I'm pretty sure that this is a nexose user but I would like to understand where this is configured

Thanks for the feedback and greets, younoobtoo
0 Likes
Reply