• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

First time in 2 years I dont feel safe on Babiato

Status
Not open for further replies.
GayBlackJew

GayBlackJew

Active member
Jan 18, 2019
113
60
28

I found a malware being shared by the staff, and his defense is "U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer..."
patrocle said:
Look Friend, i share directly from the developer the theme and data files. U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer...

"You are a staff member why do you act like you dont know the basics... " and stop pointing fingers to a staff member! U have been warned.
Click to expand...

Until now the file is still not removed, I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware, just delete the whole thread so no one will know it ever happened, i dont care. But leaving it there is a threat to the community, to our community.
 
GayBlackJew said:

I found a malware being shared by the staff, and his defense is "U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer..."


Until now the file is still not removed, I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware, just delete the whole thread so no one will know it ever happened, i dont care. But leaving it there is a threat to the community, to our community.
Click to expand...
You need to provide further information please. A virus scan showing the malware is a good start. Also screenshots if you can.

Then we can look at it.

I have now downloaded the Theme and the Demo data. I'll look at it tomorrow.

TassieNZ :)
 
  • Like
Reactions: Fukutaro and anymoment
Sure, this community is the best.
What is your anti-virus? I guess if it is safe but your anti-virus is blocking it? I just wonder as I do not know anything on this field...
 
GayBlackJew said:
Thanks for your reply, the file is found in this post:

After extracting the .wpress file, inside the directory
/wp-content/uploads/2019/01/13181_HireBee_v1.3.6.zip

this is the virustotal scan:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

1599714511726.png
Click to expand...

before we adding any resource or post we look at malware ect.

But;

Some scanners especially virustotal isnt healthy results on scannig php files.

Because php has some functions example file_get_contents . Some scanners detects this function as malware but its not.

We can give many example like this.

At least there isnt any online scanner that works 100% and gives true results especially on php files.

So i dont believe there are malware on your php files.
 
  • Like
Reactions: anymoment
GayBlackJew said:

I found a malware being shared by the staff, and his defense is "U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer..."


Until now the file is still not removed, I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware, just delete the whole thread so no one will know it ever happened, i dont care. But leaving it there is a threat to the community, to our community.
Click to expand...

" I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware"

sharing malware...
2020-09-09_22-35-43.jpg
Why not go buy the theme and ask them why in the data file there is a virus...

I think you are crossing the line when you keep pointing fingers... "I'm not sure its the staff's pride or he is intentionally sharing it"

Like i said in the other tread my files are uploaded directly from the author / developer ,and if you want to use them check is on u to install at your own risk , and if something is up with them u can let someone know that have the time to install and check.

@TassieNZ
U can check...and see
Also the file demo data was deleted, from the other tread. Who ever wants the file they can go and buy it from the developer.
 
saranganime said:
Screenshot_1.jpg
i also found malware in this theme PsyPlay WordPress Movies Theme & Series [2.1.2]
Click to expand...


İn functions.php Hex encoded code found like below;

Code: 
${"\x47\x4c\x4f\x42\x41LS"}["p\x6d\x78j\x76b\x76"]="\x63\x6f\x6e\x66\x69gs";${"G\x4c\x4f\x42ALS"}["t\x78o\x66u\x70\x63\x69"]="\x73\x69\x7ae";${"\x47\x4c\x4f\x42AL\x53"}["\x66\x77d\x74\x72phl"]="i\x6d\x67";${"\x47LOB\x41\x4c\x53"}["\x73\x6f\x6c\x6f\x79\x6d\x64\x6ej\x6f\x75"]="\x70\x6f\x73ter\x75\x72\x6c";${"\x47L\x4f\x42A\x4c\x53"}["\x69\x69o\x6f\x6d\x65g\x75\x6b"]="i\x6dgs\x72c";${"\x47L\x4fB\x41LS"}["\x73\x68\x66\x78\x78\x66\x62\x62\x6a\x78\x6a\x68"]="\x74h\x75\x6db";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6b\x66h\x71gvl\x77\x78\x76"]="\x63a\x74_\x69\x64";${"\x47\x4c\x4fB\x41\x4c\x53"}["\x78m\x71kmx\x63"]="\x73\x69\x74\x65\x32";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73\x75hd\x62\x73\x61\x70me\x79"]="\x73\x69\x74e";function module_movies(){${${"G\x4cO\x42\x41L\x53"}["\x73\x75\x68\x64b\x73\x61\x70\x6d\x65\x79"]}=EDD_SL_STORE_URL;if(${${"\x47\x4c\x4f\x42AL\x53"}["\x73u\x68d\x62s\x61\x70\x6d\x65y"]}=="ht\x74ps://\x70\x73\x79t\x68\x65\x6d\x65s.com"){include_once"\x69n\x63ludes/\x70ar\x74\x73/m\x6fdu\x6c\x65\x73/modu\x6ce-\x6do\x76i\x65s.p\x68\x70";}}add_shortcode("\x6do\x64ul\x65-\x6d\x6fv\x69\x65s","mod\x75l\x65\x5fmovi\x65\x73");function module_tvshows(){${${"\x47LO\x42\x41L\x53"}["suh\x64\x62s\x61\x70\x6d\x65y"]}=EDD_SL_STORE_URL;if(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73uh\x64bs\x61\x70\x6d\x65y"]}=="h\x74tps://\x70\x73yt\x68emes\x2e\x63o\x6d"){include_once"in\x63\x6cud\x65\x73/p\x61\x72\x74s/m\x6f\x64\x75\x6ces/\x6d\x6f\x64ule-t\x76\x73h\x6fws.php";}}add_shortcode("mod\x75l\x65-\x74\x76s\x68o\x77s","\x6d\x6fd\x75\x6ce\x5ft\x76\x73\x68\x6f\x77s");function module_episodes(){$oyrjbkvgfozh="\x73\x69\x74e";${${"\x47\x4c\x4f\x42A\x4cS"}["\x73\x75\x68d\x62s\x61\x70\x6de\x79"]}=EDD_SL_STORE_URL;if(${$oyrjbkvgfozh}=="ht\x74ps://p\x73\x79t\x68e\x6d\x65s\x2ec\x6f\x6d"){include_once"\x69ncl\x75\x64\x65\x73/\x70a\x72t\x73/m\x6f\x64ul\x65s/\x6dodule-\x65p\x69\x73o\x64\x65s.php";}}add_shortcode("m\x6fdul\x65-e\x70\x69\x73od\x65\x73","\x6dod\x75\x6ce_\x65p\x69sod\x65s");function module_extra1(){$uytzvk="\x73\x69\x74e";$kbojiiynxue="s\x69\x74\x65";${$kbojiiynxue}=EDD_SL_STORE_URL;if(${$uytzvk}=="\x68tt\x70\x73://ps\x79th\x65m\x65\x73\x2eco\x6d"){include_once"\x69\x6e\x63l\x75d\x65\x73/\x70\x61rt\x73/m\x6fdu\x6ces/\x6dod\x75l\x65-extr\x611.\x70h\x70";}}add_shortcode("mo\x64u\x6ce-\x65\x78\x74\x72\x611","\x6dod\x75le\x5f\x65\x78\x74\x72a1");function module_extra2(){${"\x47L\x4f\x42\x41L\x53"}["\x72bam\x61e\x78\x71"]="\x73ite";${${"\x47L\x4fB\x41LS"}["\x72\x62\x61\x6da\x65\x78\x71"]}=EDD_SL_STORE_URL;$dktynojzurp="s\x69t\x65";if(${$dktynojzurp}=="h\x74tp\x73://\x70syth\x65\x6d\x65s.c\x6fm"){include_once"\x69n\x63\x6cu\x64e\x73/p\x61\x72\x74\x73/\x6dod\x75l\x65s/modul\x65-\x65x\x74r\x61\x32.\x70\x68\x70";}}add_shortcode("\x6dodule-\x65\x78tra\x32","m\x6fdu\x6c\x65\x5f\x65\x78tra\x32");function module_extra3(){${"\x47\x4cO\x42A\x4c\x53"}["\x6bl\x6cx\x74\x77c\x71\x65"]="\x73i\x74\x65";${${"\x47L\x4f\x42ALS"}["\x73\x75\x68\x64\x62\x73a\x70\x6de\x79"]}=EDD_SL_STORE_URL;if(${${"GL\x4fB\x41\x4cS"}["\x6b\x6c\x6c\x78tw\x63\x71\x65"]}=="h\x74\x74ps://\x70\x73yt\x68\x65\x6des\x2e\x63\x6f\x6d"){include_once"incl\x75d\x65\x73/\x70ar\x74s/mo\x64ules/mo\x64\x75\x6ce-\x65\x78tr\x613\x2e\x70\x68\x70";}}add_shortcode("\x6d\x6f\x64u\x6ce-\x65x\x74r\x613","m\x6fd\x75l\x65\x5fext\x72\x613");function module_extra4(){$qiihywij="\x73\x69\x74\x65";${$qiihywij}=EDD_SL_STORE_URL;if(${${"\x47L\x4f\x42\x41L\x53"}["\x73\x75h\x64\x62s\x61\x70m\x65\x79"]}=="http\x73://\x70syt\x68e\x6d\x65\x73.c\x6f\x6d"){include_once"\x69\x6ec\x6c\x75de\x73/par\x74s/mod\x75les/\x6do\x64ul\x65-\x65xt\x72\x614.\x70\x68p";}}add_shortcode("\x6do\x64u\x6c\x65-ex\x74\x72\x61\x34","\x6d\x6fd\x75\x6c\x65_e\x78\x74ra4");function module_extra5(){${"\x47L\x4f\x42A\x4c\x53"}["fm\x67\x74ubm"]="s\x69t\x65";${"\x47\x4c\x4f\x42\x41L\x53"}["d\x70\x62\x74\x75\x64"]="\x73\x69\x74\x65";${${"G\x4c\x4f\x42\x41L\x53"}["fm\x67tub\x6d"]}=EDD_SL_STORE_URL;if(${${"GL\x4fBA\x4c\x53"}["\x64\x70\x62t\x75d"]}=="\x68tt\x70\x73://p\x73\x79\x74h\x65\x6des\x2ec\x6f\x6d"){include_once"\x69nc\x6c\x75d\x65s/par\x74s/\x6d\x6fdules/mo\x64\x75\x6ce-\x65x\x74r\x61\x35.php";}}add_shortcode("\x6d\x6f\x64\x75\x6ce-ex\x74ra5","\x6do\x64u\x6c\x65\x5fe\x78tr\x61\x35");function homepage_modules(){${"\x47LOB\x41\x4c\x53"}["\x6a\x6c\x6d\x78\x68\x7atx"]="\x63o\x64\x65\x78";${"\x47\x4c\x4fB\x41\x4cS"}["\x6e\x64\x7a\x68\x79w\x6e\x79"]="\x63\x6f\x64\x65x";${${"\x47\x4c\x4f\x42\x41LS"}["\x6a\x6c\x6d\x78h\x7a\x74\x78"]}=get_option("mo\x64u\x6ce-s\x68o\x72tcode\x73");if(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6e\x64\x7ah\x79\x77\x6e\x79"]}){$cvkqvtlv="s\x69\x74\x65";$pchvjyjfhym="\x73\x69\x74\x65";${$cvkqvtlv}=EDD_SL_STORE_URL;if(${$pchvjyjfhym}=="\x68\x74t\x70\x73://p\x73\x79\x74\x68eme\x73\x2e\x63\x6f\x6d"){${"\x47\x4c\x4f\x42A\x4c\x53"}["\x65\x6a\x74u\x70lmc\x6ca"]="\x63\x6f\x64e\x78";return do_shortcode(${${"\x47\x4c\x4fBA\x4cS"}["\x65\x6a\x74\x75\x70\x6c\x6d\x63l\x61"]});}}else{$mpjguvnsaokq="si\x74\x65\x32";${${"G\x4cOBA\x4cS"}["\x78\x6d\x71km\x78c"]}=EDD_SL_STORE_URL;if(${$mpjguvnsaokq}=="\x68ttps://ps\x79\x74h\x65me\x73\x2eco\x6d"){include_once"\x69n\x63lude\x73/pa\x72t\x73/mo\x64ule\x73/\x6do\x64\x75\x6c\x65-\x6d\x6fv\x69e\x73.p\x68p";include_once"\x69\x6ec\x6cude\x73/p\x61\x72ts/\x6dod\x75l\x65s/\x6d\x6f\x64\x75\x6c\x65-tvs\x68ow\x73.p\x68p";include_once"in\x63l\x75\x64e\x73/\x70a\x72ts/m\x6f\x64u\x6c\x65s/mod\x75l\x65-\x65\x70\x69\x73\x6f\x64\x65\x73\x2eph\x70";include_once"\x69\x6ec\x6c\x75\x64\x65s/par\x74s/\x6d\x6f\x64\x75l\x65s/mo\x64ule-e\x78t\x72\x611.\x70hp";include_once"in\x63\x6c\x75d\x65\x73/\x70\x61rt\x73/\x6do\x64u\x6c\x65\x73/m\x6fd\x75l\x65-e\x78\x74ra\x32\x2ephp";include_once"incl\x75des/\x70\x61\x72ts/\x6d\x6f\x64ule\x73/m\x6fd\x75le-\x65x\x74r\x61\x33.\x70\x68p";include_once"i\x6e\x63lu\x64\x65s/\x70\x61r\x74\x73/m\x6f\x64\x75l\x65s/\x6dodu\x6ce-\x65x\x74r\x61\x34\x2eph\x70";include_once"\x69\x6e\x63\x6c\x75de\x73/\x70\x61rts/\x6do\x64\x75\x6c\x65s/m\x6f\x64u\x6ce-\x65x\x74ra\x35\x2ep\x68\x70";}}}function get_cat_slug($cat_id){$xdlgliwqq="\x73i\x74e";${${"G\x4cO\x42A\x4c\x53"}["k\x66\x68qg\x76\x6c\x77x\x76"]}=(int)${${"\x47LO\x42\x41L\x53"}["\x6b\x66\x68\x71g\x76l\x77xv"]};${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73uh\x64\x62\x73\x61\x70\x6de\x79"]}=EDD_SL_STORE_URL;$ryggvwuwhfed="c\x61\x74\x65\x67or\x79";${$ryggvwuwhfed}=&get_category(${${"\x47\x4cO\x42A\x4c\x53"}["k\x66\x68\x71\x67v\x6c\x77\x78\x76"]});if(${$xdlgliwqq}=="h\x74tps://ps\x79\x74h\x65\x6de\x73.\x63\x6fm"){return$category->slug;}}if(get_option("l\x69ve-se\x61\x72c\x68")=="true"){require_once(get_parent_theme_file_path("/\x69\x6e\x63lu\x64\x65\x73/p\x6cug\x69\x6e\x73/l\x69\x76\x65searc\x68/livesea\x72\x63h\x2e\x70h\x70"));}add_filter("\x73e\x61r\x63\x68w\x70\x5f\x6ci\x76\x65_s\x65a\x72c\x68\x5fp\x6fs\x74\x73\x5f\x70e\x72_\x70\x61ge","my\x5fse\x61\x72ch\x77p_l\x69ve_\x73e\x61r\x63h_po\x73ts_\x70\x65\x72_\x70\x61ge");function psy_get_thumb(){${"\x47\x4c\x4fBA\x4c\x53"}["l\x78\x75\x6e\x6a\x6b\x68"]="p\x69\x64";${"\x47\x4c\x4f\x42\x41L\x53"}["\x67\x70\x74\x74\x72g\x6eyh\x6f\x67"]="pos\x74e\x72\x75r\x6c";${${"G\x4c\x4f\x42\x41\x4c\x53"}["l\x78u\x6e\x6a\x6b\x68"]}=get_the_ID();${"\x47\x4c\x4f\x42\x41\x4c\x53"}["t\x65i\x78\x6dphs\x74"]="po\x73\x74\x65r\x75\x72l\x5fe";$gxqieeq="p\x69\x64";${${"\x47\x4c\x4fB\x41L\x53"}["g\x70\x74\x74rg\x6e\x79\x68og"]}=info_movie_get_meta("poste\x72_\x75\x72l");${"\x47\x4cO\x42A\x4c\x53"}["o\x7a\x6d\x73\x6df\x68\x6b\x67\x6c"]="i\x6d\x67\x73\x72\x63";${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x74eix\x6d\x70h\x73\x74"]}=episodios_get_meta("\x70ost\x65\x72_\x73\x65\x72i\x65");if(has_post_thumbnail(${$gxqieeq})){$yrushxfz="\x70\x69d";${${"\x47L\x4f\x42\x41\x4cS"}["s\x68\x66xxfbb\x6axjh"]}=get_the_post_thumbnail_url(${$yrushxfz},"full");${"\x47L\x4fB\x41L\x53"}["\x66\x6emr\x69\x6e"]="\x74h\x75\x6db";${${"\x47\x4cO\x42A\x4c\x53"}["\x69\x69\x6f\x6f\x6d\x65\x67\x75k"]}=${${"G\x4c\x4f\x42\x41L\x53"}["f\x6e\x6d\x72\x69n"]};}else{${"\x47\x4c\x4fB\x41\x4cS"}["\x75j\x62\x6a\x76\x6a"]="p\x6f\x73\x74\x65r\x75r\x6c\x5f\x65";${"G\x4c\x4f\x42A\x4c\x53"}["r\x6di\x62\x64\x73\x6cp\x67\x61"]="\x70\x6fst\x65\x72\x75\x72l";if(!empty(${${"G\x4c\x4fBALS"}["\x72m\x69\x62\x64\x73\x6c\x70g\x61"]})){$nnehgg="\x69\x6d\x67\x73r\x63";${$nnehgg}=${${"G\x4c\x4fB\x41\x4cS"}["so\x6c\x6fym\x64\x6e\x6a\x6fu"]};}elseif(!empty(${${"G\x4cO\x42\x41\x4c\x53"}["\x75\x6ab\x6a\x76\x6a"]})){${"G\x4c\x4f\x42\x41\x4cS"}["s\x71\x67\x79lt\x70"]="i\x6d\x67\x73rc";${"\x47L\x4f\x42A\x4cS"}["\x6ef\x6d\x68o\x76z"]="\x70o\x73\x74\x65r\x75\x72\x6c\x5f\x65";${${"\x47L\x4fBA\x4c\x53"}["\x73\x71g\x79l\x74p"]}=${${"\x47L\x4f\x42A\x4cS"}["nf\x6d\x68o\x76\x7a"]};}else{${"\x47\x4c\x4f\x42AL\x53"}["\x61\x71\x79\x73\x65\x65\x67\x64"]="\x69mg";${${"G\x4c\x4f\x42ALS"}["\x61\x71\x79\x73\x65egd"]}=get_template_directory_uri()."/a\x73\x73\x65t\x73/\x63\x73\x73/i\x6dg/\x6e\x6fimg\x2epn\x67";${"\x47\x4c\x4f\x42A\x4c\x53"}["\x74\x66\x65\x76\x74a\x6a\x62\x7a"]="\x69\x6dgsr\x63";${${"\x47LO\x42A\x4c\x53"}["\x74\x66e\x76\x74aj\x62z"]}=${${"\x47LO\x42A\x4c\x53"}["\x66w\x64\x74\x72p\x68\x6c"]};}}return${${"\x47\x4cO\x42A\x4c\x53"}["o\x7a\x6d\x73mf\x68\x6b\x67\x6c"]};}function psy_get_slider_thumb(){$qprxlhu="i\x6d\x67";${"GLO\x42\x41LS"}["\x67\x73\x75\x66\x78\x6d\x6c\x70\x73"]="\x69m\x67s\x72c";if(get_option("\x6e\x65ws-\x6dodu\x6ce")=="\x65\x6e\x61bl\x65"){${${"G\x4c\x4fB\x41\x4c\x53"}["t\x78\x6ff\x75\x70\x63\x69"]}="/\x74/\x70/w\x31280/";}else{${${"\x47L\x4fB\x41\x4cS"}["tx\x6ff\x75\x70c\x69"]}="/t/p/o\x72\x69\x67\x69n\x61\x6c/";}if(${$qprxlhu}=info_movie_get_meta("\x66\x65\x61\x74\x75\x72e\x64s\x5f\x69\x6d\x67")){${"GLO\x42ALS"}["\x68zq\x64\x71\x6bd\x6b\x75\x72p\x75"]="s\x69\x7a\x65";$qqrppugpwjt="i\x6d\x67s\x72c";${$qqrppugpwjt}=str_replace("/t/\x70/w\x3300/",${${"\x47L\x4fBAL\x53"}["\x68zq\x64\x71kdk\x75\x72pu"]},${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x66\x77\x64\x74r\x70\x68\x6c"]});}elseif(${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66w\x64\x74\x72p\x68\x6c"]}=info_movie_get_meta("\x66ondo\x5fpla\x79er")){${"G\x4c\x4f\x42\x41\x4cS"}["xo\x73\x6b\x62\x65\x79\x74"]="\x69mg";$thepehej="im\x67\x73\x72\x63";${$thepehej}=str_replace("/t/p/\x77\x33\x300/",${${"G\x4cO\x42\x41\x4cS"}["t\x78\x6ffu\x70\x63i"]},${${"\x47L\x4f\x42A\x4cS"}["\x78\x6f\x73k\x62ey\x74"]});}else{$jmgojndqx="i\x6d\x67";${${"\x47\x4c\x4f\x42A\x4cS"}["f\x77\x64t\x72phl"]}=get_template_directory_uri()."/\x61\x73s\x65ts/cs\x73/\x69mg/\x6eoi\x6d\x67\x2epng";${${"\x47L\x4fB\x41L\x53"}["\x69\x69\x6f\x6f\x6de\x67u\x6b"]}=${$jmgojndqx};}return${${"G\x4c\x4f\x42\x41\x4cS"}["\x67suf\x78ml\x70\x73"]};}function my_searchwp_live_search_configs($configs){${"\x47\x4cO\x42\x41\x4cS"}["wqy\x65v\x68"]="\x63\x6fnfig\x73";${${"\x47LO\x42\x41L\x53"}["\x70\x6dx\x6a\x76bv"]}["\x68om\x65-se\x61r\x63h"]=array("e\x6e\x67\x69ne"=>"d\x65fa\x75l\x74","parent\x5f\x65l"=>"#\x73ea\x72\x63\x68-hom\x65\x70\x61ge-\x72\x65su\x6c\x74s","\x69npu\x74"=>array("de\x6cay"=>300,"\x6d\x69\x6e_chars"=>3,),"resu\x6c\x74\x73"=>array("p\x6f\x73itio\x6e"=>"b\x6f\x74\x74\x6f\x6d","\x77i\x64\x74h"=>"c\x73s","\x6f\x66\x66set"=>array("\x78"=>0,"y"=>0),),"\x73pinner"=>array("\x6c\x69ne\x73"=>8,"l\x65\x6e\x67\x74h"=>6,"wi\x64t\x68"=>5,"rad\x69\x75\x73"=>6,"\x63or\x6eers"=>1,"ro\x74\x61\x74e"=>0,"di\x72ect\x69o\x6e"=>1,"col\x6f\x72"=>"#0\x300","s\x70e\x65\x64"=>1,"\x74\x72\x61\x69\x6c"=>60,"s\x68adow"=>false,"\x68\x77\x61cc\x65\x6c"=>false,"c\x6c\x61\x73sN\x61\x6de"=>"spi\x6en\x65\x72","\x7a\x49ndex"=>2000000000,"\x74\x6fp"=>"5\x30\x25","\x6ceft"=>"5\x30%",),);return${${"GLO\x42\x41\x4c\x53"}["\x77q\x79e\x76h"]};}${${"G\x4cOB\x41\x4cS"}["s\x75h\x64\x62\x73\x61\x70\x6dey"]}=EDD_SL_STORE_URL;if(${${"\x47L\x4fB\x41\x4c\x53"}["\x73\x75\x68\x64\x62\x73a\x70\x6d\x65\x79"]}=="\x68\x74\x74\x70s://p\x73y\x74h\x65\x6d\x65s.\x63\x6f\x6d"){add_filter("\x73\x65arc\x68wp_l\x69v\x65\x5f\x73ear\x63\x68_\x63onfig\x73","my\x5fse\x61\x72c\x68\x77\x70\x5flive_\x73earc\x68\x5fc\x6fnfi\x67\x73");}function my_searchwp_live_search_posts_per_page(){return 5;}


But when decode this code you can see, theme is fetching movies from their server;

Code: 
${"GLOBALS"}["pmxjvbv"]="configs";${"GLOBALS"}["txofupci"]="size";${"GLOBALS"}["fwdtrphl"]="img";${"GLOBALS"}["soloymdnjou"]="posterurl";${"GLOBALS"}["iioomeguk"]="imgsrc";${"GLOBALS"}["shfxxfbbjxjh"]="thumb";${"GLOBALS"}["kfhqgvlwxv"]="cat_id";${"GLOBALS"}["xmqkmxc"]="site2";${"GLOBALS"}["suhdbsapmey"]="site";function module_movies(){${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-movies.php";}}add_shortcode("module-movies","module_movies");function module_tvshows(){${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-tvshows.php";}}add_shortcode("module-tvshows","module_tvshows");function module_episodes(){$oyrjbkvgfozh="site";${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${$oyrjbkvgfozh}=="https://psythemes.com"){include_once"includes/parts/modules/module-episodes.php";}}add_shortcode("module-episodes","module_episodes");function module_extra1(){$uytzvk="site";$kbojiiynxue="site";${$kbojiiynxue}=EDD_SL_STORE_URL;if(${$uytzvk}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra1.php";}}add_shortcode("module-extra1","module_extra1");function module_extra2(){${"GLOBALS"}["rbamaexq"]="site";${${"GLOBALS"}["rbamaexq"]}=EDD_SL_STORE_URL;$dktynojzurp="site";if(${$dktynojzurp}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra2.php";}}add_shortcode("module-extra2","module_extra2");function module_extra3(){${"GLOBALS"}["kllxtwcqe"]="site";${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["kllxtwcqe"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra3.php";}}add_shortcode("module-extra3","module_extra3");function module_extra4(){$qiihywij="site";${$qiihywij}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra4.php";}}add_shortcode("module-extra4","module_extra4");function module_extra5(){${"GLOBALS"}["fmgtubm"]="site";${"GLOBALS"}["dpbtud"]="site";${${"GLOBALS"}["fmgtubm"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["dpbtud"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra5.php";}}add_shortcode("module-extra5","module_extra5");function homepage_modules(){${"GLOBALS"}["jlmxhztx"]="codex";${"GLOBALS"}["ndzhywny"]="codex";${${"GLOBALS"}["jlmxhztx"]}=get_option("module-shortcodes");if(${${"GLOBALS"}["ndzhywny"]}){$cvkqvtlv="site";$pchvjyjfhym="site";${$cvkqvtlv}=EDD_SL_STORE_URL;if(${$pchvjyjfhym}=="https://psythemes.com"){${"GLOBALS"}["ejtuplmcla"]="codex";return do_shortcode(${${"GLOBALS"}["ejtuplmcla"]});}}else{$mpjguvnsaokq="site2";${${"GLOBALS"}["xmqkmxc"]}=EDD_SL_STORE_URL;if(${$mpjguvnsaokq}=="https://psythemes.com"){include_once"includes/parts/modules/module-movies.php";include_once"includes/parts/modules/module-tvshows.php";include_once"includes/parts/modules/module-episodes.php";include_once"includes/parts/modules/module-extra1.php";include_once"includes/parts/modules/module-extra2.php";include_once"includes/parts/modules/module-extra3.php";include_once"includes/parts/modules/module-extra4.php";include_once"includes/parts/modules/module-extra5.php";}}}function get_cat_slug($cat_id){$xdlgliwqq="site";${${"GLOBALS"}["kfhqgvlwxv"]}=(int)${${"GLOBALS"}["kfhqgvlwxv"]};${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;$ryggvwuwhfed="category";${$ryggvwuwhfed}=&get_category(${${"GLOBALS"}["kfhqgvlwxv"]});if(${$xdlgliwqq}=="https://psythemes.com"){return$category->slug;}}if(get_option("live-search")=="true"){require_once(get_parent_theme_file_path("/includes/plugins/livesearch/livesearch.php"));}add_filter("searchwp_live_search_posts_per_page","my_searchwp_live_search_posts_per_page");function psy_get_thumb(){${"GLOBALS"}["lxunjkh"]="pid";${"GLOBALS"}["gpttrgnyhog"]="posterurl";${${"GLOBALS"}["lxunjkh"]}=get_the_ID();${"GLOBALS"}["teixmphst"]="posterurl_e";$gxqieeq="pid";${${"GLOBALS"}["gpttrgnyhog"]}=info_movie_get_meta("poster_url");${"GLOBALS"}["ozmsmfhkgl"]="imgsrc";${${"GLOBALS"}["teixmphst"]}=episodios_get_meta("poster_serie");if(has_post_thumbnail(${$gxqieeq})){$yrushxfz="pid";${${"GLOBALS"}["shfxxfbbjxjh"]}=get_the_post_thumbnail_url(${$yrushxfz},"full");${"GLOBALS"}["fnmrin"]="thumb";${${"GLOBALS"}["iioomeguk"]}=${${"GLOBALS"}["fnmrin"]};}else{${"GLOBALS"}["ujbjvj"]="posterurl_e";${"GLOBALS"}["rmibdslpga"]="posterurl";if(!empty(${${"GLOBALS"}["rmibdslpga"]})){$nnehgg="imgsrc";${$nnehgg}=${${"GLOBALS"}["soloymdnjou"]};}elseif(!empty(${${"GLOBALS"}["ujbjvj"]})){${"GLOBALS"}["sqgyltp"]="imgsrc";${"GLOBALS"}["nfmhovz"]="posterurl_e";${${"GLOBALS"}["sqgyltp"]}=${${"GLOBALS"}["nfmhovz"]};}else{${"GLOBALS"}["aqyseegd"]="img";${${"GLOBALS"}["aqyseegd"]}=get_template_directory_uri()."/assets/css/img/noimg.png";${"GLOBALS"}["tfevtajbz"]="imgsrc";${${"GLOBALS"}["tfevtajbz"]}=${${"GLOBALS"}["fwdtrphl"]};}}return${${"GLOBALS"}["ozmsmfhkgl"]};}function psy_get_slider_thumb(){$qprxlhu="img";${"GLOBALS"}["gsufxmlps"]="imgsrc";if(get_option("news-module")=="enable"){${${"GLOBALS"}["txofupci"]}="/t/p/w1280/";}else{${${"GLOBALS"}["txofupci"]}="/t/p/original/";}if(${$qprxlhu}=info_movie_get_meta("featureds_img")){${"GLOBALS"}["hzqdqkdkurpu"]="size";$qqrppugpwjt="imgsrc";${$qqrppugpwjt}=str_replace("/t/p/w300/",${${"GLOBALS"}["hzqdqkdkurpu"]},${${"GLOBALS"}["fwdtrphl"]});}elseif(${${"GLOBALS"}["fwdtrphl"]}=info_movie_get_meta("fondo_player")){${"GLOBALS"}["xoskbeyt"]="img";$thepehej="imgsrc";${$thepehej}=str_replace("/t/p/w300/",${${"GLOBALS"}["txofupci"]},${${"GLOBALS"}["xoskbeyt"]});}else{$jmgojndqx="img";${${"GLOBALS"}["fwdtrphl"]}=get_template_directory_uri()."/assets/css/img/noimg.png";${${"GLOBALS"}["iioomeguk"]}=${$jmgojndqx};}return${${"GLOBALS"}["gsufxmlps"]};}function my_searchwp_live_search_configs($configs){${"GLOBALS"}["wqyevh"]="configs";${${"GLOBALS"}["pmxjvbv"]}["home-search"]=array("engine"=>"default","parent_el"=>"#search-homepage-results","input"=>array("delay"=>300,"min_chars"=>3,),"results"=>array("position"=>"bottom","width"=>"css","offset"=>array("x"=>0,"y"=>0),),"spinner"=>array("lines"=>8,"length"=>6,"width"=>5,"radius"=>6,"corners"=>1,"rotate"=>0,"direction"=>1,"color"=>"#000","speed"=>1,"trail"=>60,"shadow"=>false,"hwaccel"=>false,"className"=>"spinner","zIndex"=>2000000000,"top"=>"50%","left"=>"50%",),);return${${"GLOBALS"}["wqyevh"]};}${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){add_filter("searchwp_live_search_configs","my_searchwp_live_search_configs");}function my_searchwp_live_search_posts_per_page(){return 5;}

So they want to protect the codes but its only hex decode.

At least that is not malware or virus,

It takes movies and details from their server.
 
  • Wow
Reactions: anymoment
patrocle said:
" I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware"

sharing malware...
2020-09-09_22-35-43.jpg
@TassieNZ
U can check...and see
Also the file demo data was deleted, from the other tread. Who ever wants the file they can go and buy it from the developer.
Click to expand...
As I said, I will check it in the morning. Issue appears to be only from the demo files, which I have downloaded.

Therefore I am CLOSING this thread, to avoid it becoming a P.O.C. post! I will report back tomorrow. Dinner and bedtime now!!!

TassieNZ :)
 
  • Like
Reactions: Dude and Fukutaro
Status
Not open for further replies.

Similar threads

txdvil
Free Adobe Creative Cloud Collections For 2 Years
Replies
27
Views
3K
General Discussion
elancemo`
E
m3gaw3b
I have some Premium Domains 2-20+ Years Old
Replies
5
Views
787
General Discussion
Medw1311
Medw1311
Ank
My ISP can Provide 10 years old Browsing history
Replies
2
Views
844
General Discussion
madha11er
madha11er
xCelestialx
Please help me, Relevanssi dont show polylang results.
Replies
0
Views
357
General Discussion
xCelestialx
xCelestialx
Green Ink
  • Locked
Why Some Threads in Marketplace Dont Follow the rules ?
Replies
28
Views
2K
General Discussion
promonde
promonde

Latest posts

Forum statistics

Threads
79,634
Messages
1,146,831
Members
251,018
Latest member
starvingstudent

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock