Honeypots.tk

Attack Report for Detail

Header

Time

2022/11/16, 16:54:09 (GMT)

Transaction ID

1I228E49D28EK9A3

Service

sip

Location

US (United States)

Attacker

157.97.134.110

Classification

Register

Harm Potential

Medium

Description

SIP Phone and user registeration request

Content

- Received -------------------------------------------------------
REGISTER sip:meca.se SIP/2.0
Via: SIP/2.0/TCP 10.5.0.2:6482;branch=z9hG4bK-524287-1---7b16a17b0607ed3e;rport
Max-Forwards: 70
Contact: <sip:10000@10.5.0.2:6482;transport=tcp>;+sip.instance="<urn:uuid:730FF22E-9405-0196-762C-D5AC6A0ACE46>"
To: "10000"<sip:10000@meca.se>
From: "10000"<sip:10000@meca.se>;tag=5b1e3068
Call-ID: KUaB-AjFrLSSBDxz2nnuVw..
CSeq: 1 REGISTER
Expires: 300
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO
Supported: replaces
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 0

INVITE sip:+15012394772@meca.se SIP/2.0
Via: SIP/2.0/TCP 10.5.0.2:6482;branch=z9hG4bK-524287-1---0753be55bb06c36c;rport
Max-Forwards: 70
Contact: <sip:10000@10.5.0.2:6482;transport=tcp>;+sip.instance="<urn:uuid:730FF22E-9405-0196-762C-D5AC6A0ACE46>"
To: <sip:+15012394772@meca.se>
From: "10000"<sip:10000@meca.se>;tag=9f771d25
Call-ID: v3XParWDvh-c_c1dXKWM5w..
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO
Content-Type: application/sdp
Supported: replaces
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 265

v=0
o=- 428178560 1 IN IP4 10.5.0.2
s=portsip.com
c=IN IP4 10.5.0.2
t=0 0
m=audio 20004 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
INVITE sip:0015012394772@meca.se SIP/2.0
Via: SIP/2.0/TCP 10.5.0.2:6482;branch=z9hG4bK-524287-1---8e4e865d2c3caa4e;rport
Max-Forwards: 70
Contact: <sip:10000@10.5.0.2:6482;transport=tcp>;+sip.instance="<urn:uuid:730FF22E-9405-0196-762C-D5AC6A0ACE46>"
To: <sip:0015012394772@meca.se>
From: "10000"<sip:10000@meca.se>;tag=b20c7b6f
Call-ID: _R0RRgPfwjAOvfGmLIQDqA..
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO
Content-Type: application/sdp
Supported: replaces
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 265

v=0
o=- 428178560 1 IN IP4 10.5.0.2
s=portsip.com
c=IN IP4 10.5.0.2
t=0 0
m=audio 20010 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv


- Sended -------------------------------------------------------
SIP/2.0 200 0K
Via: SIP/2.0/TCP 10.5.0.2:6482;branch=z9hG4bK-524287-1---7b16a17b0607ed3e;received=157.97.134.110;rport=12998
Max-Forwards: 70
Contact: <sip:10000@10.5.0.2:6482;transport=tcp>;+sip.instance="<urn:uuid:730FF22E-9405-0196-762C-D5AC6A0ACE46>"
To: "10000"<sip:10000@meca.se>;tag=tn0ah67jof
From: "10000"<sip:10000@meca.se>;tag=5b1e3068
Call-ID: KUaB-AjFrLSSBDxz2nnuVw..
CSeq: 1 REGISTER
Expires: 300
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO
Supported: replaces
User-Agent: Cisco
Allow-Events: hold, talk, conference
Content-Length: 0

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate

honeypots.tk ©2020