KEMBAR78
Report Network Hack | PDF | Computer Networking | Computer Mediated Communication
Scribd
Upload
102 views7 pages

Report Network Hack

The document describes several failed SSH login attempts from IP addresses in China to a root username. Location lookups show one IP address is located in Shanghai, China and the other in Jiangsu, China. Blacklist checks show neither IP is listed on known blacklists.

Uploaded by

Edmar Samortin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
102 views7 pages

Report Network Hack

The document describes several failed SSH login attempts from IP addresses in China to a root username. Location lookups show one IP address is located in Shanghai, China and the other in Jiangsu, China. Blacklist checks show neither IP is listed on known blacklists.

Uploaded by

Edmar Samortin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Failed SSH login attempt from 49.88.112.112 at 2020-04-13 16:07:30 with username root.

Failed SSH login attempt from 49.88.112.112 at 2020-04-13 16:07:30 with username root.
Failed SSH login attempt from 222.186.15.10 at 2020-04-13 16:06:41 with username root.
Failed SSH login attempt from 222.186.15.10 at 2020-04-13 16:06:41 with username root.
Failed SSH login attempt from 222.186.15.10 at 2020-04-13 16:06:40 with username root.

IP Address Geographical Location Finder


Details for 222.186.15.10
IP: 222.186.15.10
Decimal: 3736735498
Hostname: 222.186.15.10
ASN: 23650
ISP: China Telecom
Organization: China Telecom jiangsu province backbone
Services: None detected
Type: Wireless Broadband
Assignment: Likely Dynamic IP

Continent: Asia
Country: China
Latitude: 34.7725  (34° 46′ 21.00″ N)
Longitude: 113.7266  (113° 43′ 35.76″ E)

Blacklist Status
access.redhawk.org all.s5h.net
b.barracudacentral.org bl.spamcop.net
bl.tiopan.com blackholes.wirehub.net
blacklist.sci.kun.nl block.dnsbl.sorbs.net
blocked.hilli.dk bogons.cymru.com
dnsbl.spfbl.net cbl.abuseat.org
dev.null.dk dialup.blacklist.jippg.org
dialups.mail-abuse.org dialups.visi.com
dnsbl.abuse.ch dnsbl.anticaptcha.net
dnsbl.antispam.or.id dnsbl.dronebl.org
dnsbl.justspam.org dnsbl.kempt.net
dnsbl.sorbs.net dnsbl.tornevall.org
dnsbl-1.uceprotect.net duinv.aupads.org
dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net
dul.dnsbl.sorbs.net escalations.dnsbl.sorbs.net
hil.habeas.com black.junkemailfilter.com
http.dnsbl.sorbs.net intruders.docs.uu.se
ips.backscatterer.org korea.services.net
mail-abuse.blacklist.jippg.org misc.dnsbl.sorbs.net
msgid.bl.gweep.ca new.dnsbl.sorbs.net
no-more-funn.moensted.dk old.dnsbl.sorbs.net
opm.tornevall.org pbl.spamhaus.org
proxy.bl.gweep.ca psbl.surriel.com
pss.spambusters.org.ar rbl.schulte.org
rbl.snark.net recent.dnsbl.sorbs.net
relays.bl.gweep.ca relays.mail-abuse.org
relays.nether.net rsbl.aupads.org
sbl.spamhaus.org smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net spam.dnsbl.sorbs.net
spam.olsentech.net spamguard.leadmon.net
spamsources.fabel.dk ubl.unsubscore.com
web.dnsbl.sorbs.net xbl.spamhaus.org
zen.spamhaus.org zombie.dnsbl.sorbs.net
dnsbl.inps.de bl.mailspike.net

= IP Not Listed (Good!)


= IP Listed (Bad!)
= Blacklist Timeout Error
= Blacklist Offline

Details for 49.88.112.112


IP: 49.88.112.112
Decimal: 827879536
Hostname: 49.88.112.112
ASN: 4134
ISP: China Telecom
Organization: China Telecom
Services: None detected
Type: Broadband
Assignment: Likely Static IP
Blacklist:
Bottom of Form
Continent: Asia
Country: China
State/Region: Shanghai
City: Shanghai
Latitude: 31.0449  (31° 2′ 41.64″ N)
Longitude: 121.4012  (121° 24′ 4.32″ E)

Blacklist Status
access.redhawk.org all.s5h.net
b.barracudacentral.org bl.spamcop.net
bl.tiopan.com blackholes.wirehub.net
blacklist.sci.kun.nl block.dnsbl.sorbs.net
blocked.hilli.dk bogons.cymru.com
dnsbl.spfbl.net cbl.abuseat.org
dev.null.dk dialup.blacklist.jippg.org
dialups.mail-abuse.org dialups.visi.com
dnsbl.abuse.ch dnsbl.anticaptcha.net
dnsbl.antispam.or.id dnsbl.dronebl.org
dnsbl.justspam.org dnsbl.kempt.net
dnsbl.sorbs.net dnsbl.tornevall.org
dnsbl-1.uceprotect.net duinv.aupads.org
dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net
dul.dnsbl.sorbs.net escalations.dnsbl.sorbs.net
hil.habeas.com black.junkemailfilter.com
http.dnsbl.sorbs.net intruders.docs.uu.se
ips.backscatterer.org korea.services.net
mail-abuse.blacklist.jippg.org misc.dnsbl.sorbs.net
msgid.bl.gweep.ca new.dnsbl.sorbs.net
no-more-funn.moensted.dk old.dnsbl.sorbs.net
opm.tornevall.org pbl.spamhaus.org
proxy.bl.gweep.ca psbl.surriel.com
pss.spambusters.org.ar rbl.schulte.org
rbl.snark.net recent.dnsbl.sorbs.net
relays.bl.gweep.ca relays.mail-abuse.org
relays.nether.net rsbl.aupads.org
sbl.spamhaus.org smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net spam.dnsbl.sorbs.net
spam.olsentech.net spamguard.leadmon.net
spamsources.fabel.dk ubl.unsubscore.com
web.dnsbl.sorbs.net xbl.spamhaus.org
zen.spamhaus.org zombie.dnsbl.sorbs.net
dnsbl.inps.de bl.mailspike.net

= IP Not Listed (Good!)


= IP Listed (Bad!)
= Blacklist Timeout Error
= Blacklist Offline
RUN TESTING USING NETWORK MAPPING
root@kali:~# nmap -sV -Pn -A 203.160.167.181
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-13 09:20 EDT
Nmap scan report for 203.160.167.181
Host is up (1.5s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open https Apache
|_http-server-header: Apache
|_http-title: User Portal
| ssl-cert: Subject: commonName=203.160.167.181/organizationName=CEZA/countryName=ph
| Subject Alternative Name: DNS:203.160.167.181
| Not valid before: 2020-03-13T05:17:02
|_Not valid after: 2022-05-22T05:17:02
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 4.X (92%)
OS CPE: cpe:/o:linux:linux_kernel:4.4
Aggressive OS guesses: Linux 4.4 (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 9 hops

TRACEROUTE (using port 443/tcp)


HOP RTT ADDRESS
1 59.40 ms 192.168.254.254
2 59.85 ms 10.91.18.98
3 93.00 ms 10.205.251.178
4 71.32 ms 120.28.190.1
5 ...
6 60.10 ms 120.28.10.218
7 ...
8 131.45 ms 10.1.100.6
9 111.57 ms 203.160.167.181

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 879.41 seconds

Summary for Network Mapping Testing

You might also like