Sonntag, 9. August 2015

SSTP establishment - 109.234.39.46

BEGIN OF HTTPS DATA:
2015-08-08 14:25:47
Source IP: 109.234.39.46
Country: RU RiskScore: 1 Malware: []
SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
Host: 109.234.106.8
SSTPCORRELATIONID: {5a433238-8781-11e3-b2e4-4e6d617021}
Content-Length: 18446744073709551615
This request reached the HTTPS part of my honeypot yesterday. I am posting this more out or curiostity as it is the first time I see this type of requests, A bit googling lead to
https://msdn.microsoft.com/en-us/library/cc247364.aspx and shows that this is part of an Microsoft Secure Socket Tunneling Protocol (SSTP) initialization.

Analysis Date2 seconds ago
Blacklist StatusPOSSIBLY SAFE 0/40
IP Address109.234.39.46 ( Websites Lookup )
Reverse DNSserver6.com
ASNAS35415
ASN OwnerWebaZilla B.V.
ISPMcHost.Ru
ContinentEurope
Country CodeFlag (RU) Russian Federation
Latitude / Longitude55.75 / 37.6166
CityUnknown
RegionUnknown