04-06-2012, 12:03 PM | #1 |
Would you deign to supply me food?
Join Date: Jan 2006
Location: Tampa Bay Area, Florida
Posts: 2,004
|
Who or what is this IP address?
So, Malwarebytes keeps flagging this one IP address all the ding-dong time, and after having a full Malware scan and a full AVG scan, I *still* have no idea who or what is trying to talk to my computer, just that the IP is centered in China.
I don't remember any rules about dubious IP addresses, so here it is: 121.10.81.27 I'm not sure if anyone can help me with this, but it's getting kinda worrying at this point. Any ideas, folks? |
04-06-2012, 12:22 PM | #2 |
Trash Goblin
|
It's a Chinese IP registered to http://27.81.10.121.broad.zj.gd.dynamic.163data.com.cn/
http://ip-lookup.net/neighborhood.po...p=121.10.81.27 shows it's 'family' all being registered to the same source. The WHOIS data responds no core details; it doesn't have recorded who the owner of the IP is. here's everything else you might want to sift through for your own enjoyment: # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=12...se&ext=netref2 # NetRange: 121.0.0.0 - 121.255.255.255 CIDR: 121.0.0.0/8 OriginAS: NetName: APNIC-121 NetHandle: NET-121-0-0-0-1 Parent: NetType: Allocated to APNIC Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/apnic-info/whoi...e-and-spamming RegDate: 2006-01-06 Updated: 2010-07-30 Ref: http://whois.arin.net/rest/net/NET-121-0-0-0-1 OrgName: Asia Pacific Network Information Centre OrgId: APNIC Address: PO Box 3646 City: South Brisbane StateProv: QLD PostalCode: 4101 Country: AU RegDate: Updated: 2012-01-24 Ref: http://whois.arin.net/rest/org/APNIC ReferralServer: whois://whois.apnic.net OrgAbuseHandle: AWC12-ARIN OrgAbuseName: APNIC Whois Contact OrgAbusePhone: +61 7 3858 3188 OrgAbuseEmail: search-apnic-not-arin@apnic.net OrgAbuseRef: http://whois.arin.net/rest/poc/AWC12-ARIN OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: search-apnic-not-arin@apnic.net OrgTechRef: http://whois.arin.net/rest/poc/AWC12-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # Deferred to specific whois server: whois.apnic.net... % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 121.8.0.0 - 121.15.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: IC83-AP mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-routes: MAINT-CHINANET-GD status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ changed: hm-changed@apnic.net 20060518 source: APNIC route: 121.8.0.0/13 descr: From Guangdong Network of ChinaTelecom origin: AS4134 mnt-by: MAINT-CHINANET changed: dingsy@cndata.com 20060707 source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: anti-spam@ns.chinanet.cn.net address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN changed: dingsy@cndata.com 20070416 mnt-by: MAINT-CHINANET source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: ipadm@189.cn address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU phone: +86-20-83877223 fax-no: +86-20-83877223 country: CN changed: ipadm@189.cn 20110418 mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn abuse-mailbox: abuse_gdnoc@189.cn source: APNIC Hope I helped! |
04-06-2012, 12:42 PM | #3 |
Would you deign to supply me food?
Join Date: Jan 2006
Location: Tampa Bay Area, Florida
Posts: 2,004
|
Thanks for the info.
Although I'm not sure what I could use it for yet. Still wonder how I got this IP's attention in the first place. The IP blocks say my computer is blocking incoming and outgoing data. ...really doesn't make me want to type anything like my various account passwords. I wonder if there's a more surefire way to block certain IPs. Again, thanks for the IP info. I'll keep it on hand in case I need it. |
04-06-2012, 04:22 PM | #4 |
Doesn't care anymore
Join Date: Mar 2004
Posts: 2,429
|
You could block all incoming and outgoing traffic to that IP on the routing layer, I.e. router's firewall. Mostly in case there are other computers/ devices that are also being talked to by that address. I'd also set up logging to have a record of how often the chatter occurs.
If nothing else tell your ISP that you're getting odd chatter from an IP address in Asia that might need some monitoring. |
03-10-2013, 11:44 PM | #5 | |
Goomba
Join Date: Mar 2013
Posts: 3
|
Quote:
Country : CHINA Internet Service Provider : CHINANET-GD, CHINANET GUANGDONG PROVINCE NETWORK IP Location : No.31 ,jingrong street,beijing, 100032 You can block an Incoming and Outgoing traffic to that Ip address by configuring your Router Firewall. |
|
03-11-2013, 12:18 AM | #6 |
Argus Agony
|
Hey wow this thread is super old and has been inactive for nearly a year, so I'm gonna go ahead and close it.
InJun, welcome to the forums! Please bear in mind that we do have a rule about bumping threads that haven't been active for more than a month, and while there is some wiggle room, this thread really didn't have any wiggle left in it. Don't feel bad, though. It's a common rookie mistake and I'm sure you'll learn from it!
__________________
Either you're dead or my watch has stopped. |
|
|