10 GB in a 27 KB Gzip File [My Present To HTTP Scanners]

Here’s a gzip bomb I use to redirect http scanners and web scrapers to:


Create a PHP file with the following:

< ?php header('Content-Encoding: gzip'); echo file_get_contents('10G.gz');

Example: http://rehmann.co/gz-bomb.php

How it works:

  1. A web-crawler or browser requests the page and sends the "accept-encoding: gzip, deflate, br" header.
    So long as gzip is accepted, the gzip bomb will do its job.
  2. The web server and php script respond to the request with the 27 KB Gzip bomb package. 27 KB is delivered to the client.
  3. The client browser or crawler begins to unzip the data before it is processed by the script or shown to the user
  4. The client machine runs out of memory / crashes before the bomb is fully unzipped.

MikroTik RouterOS 0-Day: mikrotik0417.zip / vigor20180417.zip

Some notes on the MikroTik RouterOs 0-day exploit:

mikrotik0417.zip / vigor20180417.zip are the two payload files targeting Mikrotek routers.

They have been seen from the following domains:


  1. 162.212.182[.]64
  2. march10dom3[.]com
  3. march10dom5[.]com
  4. march10dom6[.]com
  5. march10dom7[.]com
  6. march10dom8[.]com
  7. marchdom4[.]com
  8. utyrhgfhtujyhrgef[.]com
  9. shabihello[.]com

SHA256 of Payloads:

  • 11bb98f34193d058b349b4e1f927dc4f
  • f0ef1c888ed5f2f3f1c0c8e6f992749c
  • 115a2cd858eb76edc6f4f7897e9f569b
  • 18f64bdad09f4252121124499c4a713a

Possible WhoIs Record related to these domains:
[email protected]


Rukus Captive Portal Login


The above urls are in the format of the Captive Portal Login for Rukus Session Initiation Protocol (SIP) / VOIP devices. You will need to replace {sip-server-ip-address} with the IP or host address of your SIP server. You may need to change https to http in order to reliably connect to the server, but this is not recommended (as it degrades the security of the connection between your login and the device).

You may be trying to login at 153-130:9997/SubscriberPortal/hotspotlogin

If you are having trouble logging in, please share your issues below!

Extract Last Word/Number in a Cell in Excel


Say you have the following excel table and you want to populate the right-most cell with the 8.99 from cell B1.

The function you’ll need is as follows:

=RIGHT(B1,LEN(B1)-FIND(“@”,SUBSTITUTE(B1,” “,”@”,(LEN(B1)-LEN(SUBSTITUTE(B1,” “,””)))/LEN(” “))))

This will get the last string with the right-most space before it.

perceptioninc.in Facebook Login Message Scam [304-725-4004, 300-847-6352]

Message from (304) 725-4004. “Message id 52933JN0gk. You have a message from (300) 847 6352: http://perceptioninc.in”

“You have a new message from (300) 847 6352” the scam message begins.

You don’t have a new message, but you have received a scam message.

Following the link to perceptioninc.in takes you to a clearly fraudulent facebook login page.

Notice the url is not facebook.com but perceptinc.in

Not only does this website steal your credentials, but it does so over an insecure connection. Anyone on your wifi network (or internet upstream provider) can potentially see what you submit to this form (but that’s the least of your worries after submitting the form)

Infrared Photobiomodulation Hat Prototype

Here’s an Adidas hat with 850nm and 950nm LEDs installed for photobiomodulation. The hat is a simple prototype using the components overviewed in this post. I have yet to add PWM (pulse width modulation) to the LED strips.

Inside the hat with the Infrared LEDs engaged
Backside of the hat wiring connects to a 12 volt adapter
Close-up View of the LED Array

Infrared SMD LED Strips (850nm & 940nm) [for photobiomodulation]

Here is my quick video review of a couple Infrared LED strips I purchased from Aliexpress. The goal is to turn these into 10 Hz & 40 Hz pulsing infrared strips for some sort of DIY photo-bio-modulation therapy or just science testing.

A few studies I find interesting include:

It seems with 10 Hz flashing [infrared] light, people may experience a relaxing, alpha wave inducing effect while with 40 Hz, a stimulating effect may be produced (increased Gamma waves).

The video was shot through a Google Pixel. I’ve also taken this photo to try and show you the infrared wavelengths. While trying to make the same video on my iPhone, the LEDs were completely dark (invisible to the camera sensor).

Looking at the two different strips with my eyeballs, the 850nm strip has a very subtle red glow to it while the 940nm strip is completely invisible to my human eyes — but I can tell it is on because it gets quite hot.

two infrared led strips glowing a light purple
940nm strip on the left, 850nm strip on the right

I’ll add another post once I have a control mechanism to properly adjust the pulse of these infrared leds.  All together I have about 2 meters of LEDs with a total energy output of around 20 watts (12 Volts @ 1.67 Amps)


Bank of America LoopPay – Mobile Payment Keychain

The LoopPay TPD is a token payment device key fob; it supports MST and NFC technologies for payment and is controlled by a companion app over a Bluetooth Low Energy connection.
LoopPay keychains are currently available for Bank of America customers in partnership with SamsungPay. The LoopPay device is compatible with iOS 10 and higher Apple devices as well as Android devices beyond version 5.0.

The loopPay fob device is made in collaboration with Bank of America, Samsung Pay, and looPay (recently BoA acquired)

The loopPay device is said to provide several features including:

  • Vault all your credentials (payment, loyalty, ID, passwords)
  • Checkout Fast: Tap & Pay in stores, auto-fill online
  • Secure one-time-use card data prevents theft & reuse
  • Suspend your cards in seconds if lost
  • Receive immediate transaction alerts
  • Ring and find your keys or your phone

These features essentially make this keychain an extension of your phone’s Google Pay with the added bonus of Tile’s find-your-phone and find-your-keys functionality, not to mention the loopPay device is actually rechargeable, unlike the disposable Tiles.

UPC: 851785005229

To get started, Install the LoopPay app from the iOS AppStore or Google Play, create an account, connect the LoopPay TPD with your phone, load your credit and debit cards and start making payment with your LoopPay TPD in the stores by holding your device close to the payment terminal reader and pressing the device button to make payment. Setup your device by navigating to looppay.com/setup

Bank of America, Hold against reader press button to pay. Designed in USA made in china. CE approved.
Bank of America loopPay Device Back, Model SPTPD02

httpd.service failed because a configured resource limit was exceeded : Failed to start The Apache HTTP Server

It may be that your disk space is out!

see for yourself:

run “df -h”

Find more space in order to start apache.

sudo service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Job for httpd.service failed because a configured resource limit was exceeded. See "systemctl status httpd.service" and "journalctl -xe" for details.

Apr 04 00:20:23 rehmann-co-instance-us-west dbus[322]: avc: received setenforce notice (enforcing=0)
Apr 04 00:20:23 rehmann-co-instance-us-west dbus-daemon[322]: dbus[322]: avc: received setenforce notice (enforcing=0)
Apr 04 00:20:26 rehmann-co-instance-us-west sudo[1177]: root : TTY=pts/0 ; PWD=/var/log/httpd ; USER=root ; COMMAND=/sbin/service httpd restart
Apr 04 00:20:26 rehmann-co-instance-us-west polkitd[301]: Registered Authentication Agent for unix-process:1178:13160 (system bus name :1.31 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Apr 04 00:20:26 rehmann-co-instance-us-west systemd[1]: httpd.service failed to run 'start' task: No space left on device
Apr 04 00:20:26 rehmann-co-instance-us-west systemd[1]: Failed to start The Apache HTTP Server.