Report of Attack 149.7.16.28 (28-16-7-149.clients.gthost.com) sip detail

Header

Time	2023/01/19, 23:44:16 (GMT)
Transaction ID	8O7HI0OYWKQJ04U6
Service	sip
Location	GB (United Kingdom)
Attacker	149.7.16.28
Classification	Register
Harm Potential	Medium

Description

SIP Phone and user registeration request

Content

- Received -------------------------------------------------------
REGISTER sip:***.***.***.*** SIP/2.0
Via: SIP/2.0/TCP 149.7.16.28:5303;branch=z9hG4bK-524287-1---9e0b64041f1c7266;rport
Max-Forwards: 70
Contact: <sip:10000@149.7.16.28:5303;transport=tcp>;+sip.instance="<urn:uuid:33540D62-405E-C675-4A30-C6F64C259DA2>"
To: "10000"<sip:10000@***.***.***.***>
From: "10000"<sip:10000@***.***.***.***>;tag=9950d924
Call-ID: Fkirw839xAOUIWsFgBv1Iw..
CSeq: 1 REGISTER
Expires: 2300
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO, PUBLISH
Supported: replaces, outbound, path
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 0

INVITE sip:+46812112622@***.***.***.*** SIP/2.0
Via: SIP/2.0/TCP 149.7.16.28:5303;branch=z9hG4bK-524287-1---ef150d16d8353373;rport
Max-Forwards: 70
Contact: <sip:10000@149.7.16.28:5303;ob;transport=tcp>;+sip.instance="<urn:uuid:33540D62-405E-C675-4A30-C6F64C259DA2>"
To: <sip:+46812112622@***.***.***.***>
From: "10000"<sip:10000@***.***.***.***>;tag=1c738b21
Call-ID: K_iMtTrLFUYytEqCNew1ZA..
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO, PUBLISH
Content-Type: application/sdp
Supported: replaces, outbound, path
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 279

v=0
o=- 433743568 1 IN IP4 169.254.224.198
s=portsip.com
c=IN IP4 169.254.224.198
t=0 0
m=audio 20004 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv


- Sended -------------------------------------------------------
SIP/2.0 200 0K
Via: SIP/2.0/TCP 149.7.16.28:5303;branch=z9hG4bK-524287-1---9e0b64041f1c7266;received=149.7.16.28;rport=62499
Max-Forwards: 70
Contact: <sip:10000@149.7.16.28:5303;transport=tcp>;+sip.instance="<urn:uuid:33540D62-405E-C675-4A30-C6F64C259DA2>"
To: "10000"<sip:10000@***.***.***.***>;tag=hx53byc65z
From: "10000"<sip:10000@***.***.***.***>;tag=9950d924
Call-ID: Fkirw839xAOUIWsFgBv1Iw..
CSeq: 1 REGISTER
Expires: 2300
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO, PUBLISH
Supported: replaces, outbound, path
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 0

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin

If you like, you can support
with your donations to us..

Donate

Attack Report for Detail

Header

Time

2023/01/19, 23:44:16 (GMT)

Transaction ID

8O7HI0OYWKQJ04U6

Service

sip

Location

GB (United Kingdom)

Attacker

149.7.16.28

Classification

Register

Harm Potential

Medium

Description

SIP Phone and user registeration request

Content