The Warring States of NPF  

Go Back   The Warring States of NPF > Social > Computers & Technology
User Name
Password
FAQ Members List Calendar Today's Posts Join Chat

Closed Thread
View First Unread View First Unread   Click to unhide all tags.Click to hide all tags.  
Thread Tools Display Modes
Unread 04-06-2012, 12:03 PM   #1
Donomni
Would you deign to supply me food?
 
Donomni's Avatar
 
Join Date: Jan 2006
Location: Tampa Bay Area, Florida
Posts: 2,004
Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon.
Default Who or what is this IP address?

So, Malwarebytes keeps flagging this one IP address all the ding-dong time, and after having a full Malware scan and a full AVG scan, I *still* have no idea who or what is trying to talk to my computer, just that the IP is centered in China.

I don't remember any rules about dubious IP addresses, so here it is: 121.10.81.27

I'm not sure if anyone can help me with this, but it's getting kinda worrying at this point.

Any ideas, folks?
__________________

Chirrrrrrp. Also, dead blog.
Donomni is offline Add to Donomni's Reputation  
Unread 04-06-2012, 12:22 PM   #2
Nikose Tyris
Trash Goblin
 
Nikose Tyris's Avatar
 
Join Date: Jul 2004
Location: Coldwater, Ontario
Posts: 6,433
Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday! Nikose Tyris will now be known as Freedom Friday, but still on a Tuesday!
Send a message via AIM to Nikose Tyris Send a message via MSN to Nikose Tyris Send a message via Yahoo to Nikose Tyris Send a message via Skype™ to Nikose Tyris
Default

It's a Chinese IP registered to http://27.81.10.121.broad.zj.gd.dynamic.163data.com.cn/

http://ip-lookup.net/neighborhood.po...p=121.10.81.27 shows it's 'family' all being registered to the same source.

The WHOIS data responds no core details; it doesn't have recorded who the owner of the IP is.

here's everything else you might want to sift through for your own enjoyment:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=12...se&ext=netref2
#

NetRange: 121.0.0.0 - 121.255.255.255
CIDR: 121.0.0.0/8
OriginAS:
NetName: APNIC-121
NetHandle: NET-121-0-0-0-1
Parent:
NetType: Allocated to APNIC
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/apnic-info/whoi...e-and-spamming
RegDate: 2006-01-06
Updated: 2010-07-30
Ref: http://whois.arin.net/rest/net/NET-121-0-0-0-1

OrgName: Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 3646
City: South Brisbane
StateProv: QLD
PostalCode: 4101
Country: AU
RegDate:
Updated: 2012-01-24
Ref: http://whois.arin.net/rest/org/APNIC

ReferralServer: whois://whois.apnic.net

OrgAbuseHandle: AWC12-ARIN
OrgAbuseName: APNIC Whois Contact
OrgAbusePhone: +61 7 3858 3188
OrgAbuseEmail: search-apnic-not-arin@apnic.net
OrgAbuseRef: http://whois.arin.net/rest/poc/AWC12-ARIN

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net
OrgTechRef: http://whois.arin.net/rest/poc/AWC12-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#




Deferred to specific whois server: whois.apnic.net...


% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 121.8.0.0 - 121.15.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: IC83-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-GD
mnt-routes: MAINT-CHINANET-GD
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20060518
source: APNIC

route: 121.8.0.0/13
descr: From Guangdong Network of ChinaTelecom
origin: AS4134
mnt-by: MAINT-CHINANET
changed: dingsy@cndata.com 20060707
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC

person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: ipadm@189.cn
address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU
phone: +86-20-83877223
fax-no: +86-20-83877223
country: CN
changed: ipadm@189.cn 20110418
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn
abuse-mailbox: abuse_gdnoc@189.cn
source: APNIC

Hope I helped!
__________________
Quote:
Originally Posted by K-Re$ha View Post
Nikose is a known quantity and that quantity is jerk. Do not trust the sandwich.
Nikose Tyris is offline Add to Nikose Tyris's Reputation  
Unread 04-06-2012, 12:42 PM   #3
Donomni
Would you deign to supply me food?
 
Donomni's Avatar
 
Join Date: Jan 2006
Location: Tampa Bay Area, Florida
Posts: 2,004
Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon. Donomni single-handedly slew a dragon.
Default

Thanks for the info.

Although I'm not sure what I could use it for yet.

Still wonder how I got this IP's attention in the first place. The IP blocks say my computer is blocking incoming and outgoing data. ...really doesn't make me want to type anything like my various account passwords. I wonder if there's a more surefire way to block certain IPs.

Again, thanks for the IP info. I'll keep it on hand in case I need it.
__________________

Chirrrrrrp. Also, dead blog.
Donomni is offline Add to Donomni's Reputation  
Unread 04-06-2012, 04:22 PM   #4
Grandmaster_Skweeb
Doesn't care anymore
 
Grandmaster_Skweeb's Avatar
 
Join Date: Mar 2004
Posts: 2,429
Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age. Grandmaster_Skweeb ruled well and wisely, in the Golden Age.
Default

You could block all incoming and outgoing traffic to that IP on the routing layer, I.e. router's firewall. Mostly in case there are other computers/ devices that are also being talked to by that address. I'd also set up logging to have a record of how often the chatter occurs.

If nothing else tell your ISP that you're getting odd chatter from an IP address in Asia that might need some monitoring.
Grandmaster_Skweeb is offline Add to Grandmaster_Skweeb's Reputation  
Unread 03-10-2013, 11:44 PM   #5
InJun
Goomba
 
Join Date: Mar 2013
Posts: 3
InJun is reputed to be..repu..tational. Yes.
Default

Quote:
Originally Posted by Donomni View Post
So, Malwarebytes keeps flagging this one IP address all the ding-dong time, and after having a full Malware scan and a full AVG scan, I *still* have no idea who or what is trying to talk to my computer, just that the IP is centered in China.

I don't remember any rules about dubious IP addresses, so here it is: 121.10.81.27

I'm not sure if anyone can help me with this, but it's getting kinda worrying at this point.

Any ideas, folks?
I did IP search for 121.10.81.27 in IP-Details.com and found the following information:
Country : CHINA
Internet Service Provider : CHINANET-GD, CHINANET GUANGDONG PROVINCE NETWORK
IP Location : No.31 ,jingrong street,beijing, 100032

You can block an Incoming and Outgoing traffic to that Ip address by configuring your Router Firewall.
InJun is offline Add to InJun's Reputation  
Unread 03-11-2013, 12:18 AM   #6
POS Industries
Argus Agony
 
POS Industries's Avatar
 
Join Date: Oct 2005
Location: Gotta go fishing!
Posts: 10,483
POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them. POS Industries will strap all reputation givers to balloons and kidnap them.
Send a message via AIM to POS Industries
Default

Hey wow this thread is super old and has been inactive for nearly a year, so I'm gonna go ahead and close it.

InJun, welcome to the forums! Please bear in mind that we do have a rule about bumping threads that haven't been active for more than a month, and while there is some wiggle room, this thread really didn't have any wiggle left in it.

Don't feel bad, though. It's a common rookie mistake and I'm sure you'll learn from it!
__________________
Either you're dead or my watch has stopped.
POS Industries is offline Add to POS Industries's Reputation  
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:27 AM.
The server time is now 09:27:55 AM.


Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.