Attack Report for Detail

Header

Time

2022/09/14, 00:30:31 (GMT)

Transaction ID

L0BBB7FGQUP2BMZ9

Service

sip

Location

NL (Netherlands)

Attacker

51.124.185.29

Classification

Invite

Harm Potential

High

Description

Invites a user to a call request

Content

- Received -------------------------------------------------------
INVITE sip:071446462607520@***.***.***.***:5060;transport=tcp SIP/2.0
To: <sip:071446462607520@***.***.***.***>
From: 201<sip:201@***.***.***.***>;tag=e6113b26
Via: SIP/2.0/TCP 10.0.0.4:14522;branch=z9hG4bK-A864AA0-998782876-1--A864AA0;rport
Call-ID: A864AA0
CSeq: 1 INVITE
Contact: <sip:201@10.0.0.4:14522;transport=TCP>;+sip.instance="<urn:uuid:66412355-D124-AD1B-B50B-809FB9GA5RPG>"
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: Cisco Systems SIP
Allow-Events: hold, talk, conference
Supported: replaces, answermode, eventlist, outbound, path
Content-Length: 0


- Sended -------------------------------------------------------
SIP/2.0 400 Bad Request
To: <sip:071446462607520@***.***.***.***>;tag=1fxi495mj3
From: 201<sip:201@***.***.***.***>;tag=e6113b26
Via: SIP/2.0/TCP 10.0.0.4:14522;branch=z9hG4bK-A864AA0-998782876-1--A864AA0;received=51.124.185.29;rport=55432
Call-ID: A864AA0
CSeq: 1 INVITE
Contact: <sip:201@10.0.0.4:14522;transport=TCP>;+sip.instance="<urn:uuid:66412355-D124-AD1B-B50B-809FB9GA5RPG>"
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: Cisco Systems SIP
Allow-Events: hold, talk, conference
Supported: replaces, answermode, eventlist, outbound, path
Content-Length: 0

All details are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate