BEGIN OF HTTPS DATA:This request reached the HTTPS part of my honeypot yesterday. I am posting this more out or curiostity as it is the first time I see this type of requests, A bit googling lead to
2015-08-08 14:25:47
Source IP: 109.234.39.46
Country: RU RiskScore: 1 Malware: []
SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
Host: 109.234.106.8
SSTPCORRELATIONID: {5a433238-8781-11e3-b2e4-4e6d617021}
Content-Length: 18446744073709551615
https://msdn.microsoft.com/en-us/library/cc247364.aspx and shows that this is part of an Microsoft Secure Socket Tunneling Protocol (SSTP) initialization.
| Analysis Date | 2 seconds ago |
| Blacklist Status | POSSIBLY SAFE 0/40 |
| IP Address | 109.234.39.46 ( Websites Lookup ) |
| Reverse DNS | server6.com |
| ASN | AS35415 |
| ASN Owner | WebaZilla B.V. |
| ISP | McHost.Ru |
| Continent | Europe |
| Country Code |  (RU) Russian Federation |
| Latitude / Longitude | 55.75 / 37.6166 |
| City | Unknown |
| Region | Unknown |
Keine Kommentare:
Kommentar veröffentlichen