You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-05-22 1:47 am
- shadowmaster
- Member
- From: Midwest, USA
- Registered: 2014-12-20
- Posts: 31
- Website
Anyone know what xpymep.exe is?
While checking in on a board I monitor, I seen this in the who is online now area.
Guest IP: 178.210.xxx.xx »
xpymep.exe
I ran the ip but it came up clean, though the arin's who is came up with this:
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Amsterdam, spammers haven.
I'm guessing the xpymep is supposed to be the user agent? Also guessing this is some sort of xrunner crap. Not real familiar with all that stuff.
Any insight?
Offline
#2 2017-05-22 2:12 am
- Papa Parrot
- Member
- From: Mexico
- Registered: 2011-08-19
- Posts: 1,826
- Website
Re: Anyone know what xpymep.exe is?
It is a "user agent", and yes it is part of xrunner, the administrator of the forum you "monitor" could easily block it.
What is xpymep.exe ?
------------------
http://www.spambotsecurity.com/forum/vi … ?f=7&t=728
-------------------
https://github.com/pH7Software/pH7-Soci … e.htaccess
SetEnvIfNoCase User-Agent "^xpymep.exe" bad_bot
Offline
#3 2017-05-22 2:26 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,420
- Website
Re: Anyone know what xpymep.exe is?
You are quoting the organisation that allocated the original netblock. You need to examine IPs at the AS level:
Some examples until I got bored. I used the following commands to obtain the following info:–
$ whois 178.210.0.0
$ whois 178.210.8.0
$ whois 178.210.12.0
$ whois 178.210.16.0
$ whois 178.210.24.0
$ whois 178.210.32.0
$ whois 178.210.33.0
178.210.0.0/19 (178.210.0.0 - 178.210.7.255) AS31214 (TIS-DIALOG-ISP, dynamic PPP, RU)
178.210.0.0/19 (178.210.8.0 - 178.210.11.255) AS31214 (TIS-DIALOG-ISP, dynamic PPP, RU)
178.210.0.0/19 (178.210.12.0 - 178.210.15.255) AS31214 (TIS-DIALOG-ISP, dynamic PPP, RU)
178.210.0.0/19 (178.210.16.0 - 178.210.23.255) AS31214 (TIS-DIALOG-ISP, dynamic PPP, RU)
178.210.0.0/19 (178.210.24.0 - 178.210.31.255) AS31214 (TIS-DIALOG-ISP, dynamic PPP, RU)
178.210.32.0/24 (178.210.32.0 - 178.210.32.255) AS43727 (KVANT-TELECOM-MOSCOW, RU)
178.210.33.0/24 (178.210.33.0 - 178.210.33.255) AS43727 (KVANT-TELECOM-SERPUHOV, RU)
...and so on. And remember, the largest spammers in the world are all based in the USA.
spywarelib.com said that 'xpymep.exe' had been fingered as a “Trojan-Downloader”. But of course, that is all academic as this is a site for fighting spammers, not abuse.
Offline
#4 2017-06-04 1:30 am
- shadowmaster
- Member
- From: Midwest, USA
- Registered: 2014-12-20
- Posts: 31
- Website
Re: Anyone know what xpymep.exe is?
Fast answer by you guys, thanks much, and a slow follow up by me, sorry. I'm not really to worried about this, it was just something new I seen.
Thanks for links Garry, I will definitely check them out.
the administrator of the forum you "monitor"
Thats funny, monitor in quotes. While I don't technically own the website I do host it on my account and do what little maintenance there is to do on it, so for all intensive purposes I guess I am the admin on it.
Some examples until I got bored. I used the following commands to obtain the following info:–
$ whois 178.210.0.0 $ whois 178.210.8.0 $ whois 178.210.12.0 $ whois 178.210.16.0 $ whois 178.210.24.0
I guess I'm not much of an administrator, cause I'm not sure where you ran the commands.
Thanks again.
Offline
#5 2017-06-04 3:45 am
- Papa Parrot
- Member
- From: Mexico
- Registered: 2011-08-19
- Posts: 1,826
- Website
Re: Anyone know what xpymep.exe is?
Thats funny, monitor in quotes
Ok, well your welcome, and I am not sure on the "monitor" , maybe I am mis using the quotes,... it was because I was not sure if you meant monitor, or administer , to me
they are 2 different things,... for example a forum, I monitor it for spam, and am authorized
to remove the spam,... but I am not authorized to do any other administrative tasks, so
I do not administer the forum.
Any way, if you do have administrative privileges, you can block the sources of this mal-ware bot.
Offline
#6 2017-06-04 9:16 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,420
- Website
Re: Anyone know what xpymep.exe is?
Alex Kemp wrote:I used the following commands to obtain the following info:–
$ whois 178.210.0.0
I guess I'm not much of an administrator, cause I'm not sure where you ran the commands.
The dollar ('$') at the beginning indicates that the environment is the Debian (or any other Linux) terminal, issued in this case as a non-admin user.
Once you ID the ASN (Autonomous-System Number) you have identified the network operator of that collection of IPs (it is often best to think of an ASN as the ISP; more info at Wikipedia + CIDR Report). Although we often use the term “Toxic IP” in SFS, it is more accurate to say “Toxic ASN”, since numbers are rarely vicious, whilst humans often are. In addition, there can be some churn in IPs (transfer between operators) which CIDR Report continuously monitors, plus the NoC can be anywhere in the world and may well be separate to the Operator location.
Offline
#7 2017-06-06 12:25 am
- shadowmaster
- Member
- From: Midwest, USA
- Registered: 2014-12-20
- Posts: 31
- Website
Re: Anyone know what xpymep.exe is?
Ok thanks guys. Good info there.
Offline
#8 2017-07-14 10:27 am
- TETYYS
- Member
- Registered: 2012-12-27
- Posts: 200
Re: Anyone know what xpymep.exe is?
xpymep = хрумер = xrumer
https://en.wikipedia.org/wiki/XRumer
i love reporting spam
Offline
#9 2017-07-15 9:57 pm
- shadowmaster
- Member
- From: Midwest, USA
- Registered: 2014-12-20
- Posts: 31
- Website
Re: Anyone know what xpymep.exe is?
xpymep = хрумер = xrumer
That's what I assumed from the get go, although I see I did type " xrunner ".
Last edited by shadowmaster (2017-07-15 9:57 pm)
Offline
Pages: 1