Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php //. $domain_list = array( "","",""); $referer = $_SERVER["HTTP_REFERER"]; if (!..
Decoded Output download
<?php
//.
$domain_list = array( "","","");
$referer = $_SERVER["HTTP_REFERER"];
if (!$referer) { exit("<font style='color:red;'><center><h3></h3> <p>:1077543927</p><p></p></center></font>");
}if ($referer) { $refererhost = parse_url($referer); $host = strtolower($refererhost['host']);
if (!in_array($host, $domain_list)) { exit("<font style='color:red; '><center><h3></h3> <p>:1077543927</p><p></p></center></font>");
}
}
//php
goto g43Dr; Fg3H9: if (!empty($_GET["url"])) { goto Pmeej; } goto dblql; X_AZU: $query = curl_get("http://sq.ziyin.xyz/check.php?url=" . $_SERVER["HTTP_HOST"] . "&authcode=" . authcode); goto fvvSZ; vlsGW: echo "</title>
<script src="jquery.min.js"></script>
<link href="style.css" rel="stylesheet"/>\xa</head>
<body>\xa<style>\xa#lines .line{
color:#FFF;
\x9}
</style>\xa<iframe width="100%" height="100%" id="myVideo" src="" frameborder="0" border="0" marginwidth="0" marginheight="0" allowfullscreen="true" scrolling="no"></iframe>
<script>\xa$(function(){
\x9\x9$(".line:first").css({"margin-color":"#ff0","color":"#ff0"})\xa\x9$(".line").click(function(){\xa\x9 $(".line").css({"margin-color":"#fff","color":"#fff"});
\x9
\x9\x9$(this).css({"margin-color":"#ff0","color":"#ff0"})\xa\x9 })
if(window.location.href.indexOf(".mp4")>0){
\x9$("#myVideo").attr("src",""; goto qzVl5; qX4vt: $urls = @$_GET["url"]; goto ilxXI; eiF0h: Pmeej: goto qX4vt; ilxXI: Tm2HP: goto kfHWm; IccoN: Ompxj: goto tjqPW; tylgG: goto Tm2HP; goto eiF0h; RE9Sz: echo $_GET["url"]; goto RX2Hl; RX2Hl: echo "");\xa \x9}
\x9\x9else{\xa \x9 $("#myVideo").attr("src",""; goto G4ndP; BeyeP: include "./authcode.php"; goto v9j1w; P7ezC: echo $bofangqi; goto vlsGW; fvvSZ: if (!($query = json_decode($query, true))) { goto Lh5Fa; } goto YqE0Z; kfHWm: echo "<!DOCTYPE html>\xa<html>\xa<body>
<meta charset="utf-8" />\xa<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>"; goto P7ezC; WpmcF: function curl_get($url) { goto CP1sK; Sl3K4: return $content; goto gltJ7; jwgOF: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); goto s4KSi; iw5at: curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Linux; U; Android 4.4.1; zh-cn; R815T Build/JOP40D) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/4.5 Mobile Safari/533.1"); goto fBLG1; Vq3uR: curl_close($ch); goto Sl3K4; fBLG1: curl_setopt($ch, CURLOPT_TIMEOUT, 30); goto b19MB; CP1sK: $ch = curl_init($url); goto jwgOF; CrD1A: curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); goto iw5at; s4KSi: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); goto CrD1A; b19MB: $content = curl_exec($ch); goto Vq3uR; gltJ7: } goto Fg3H9; v9j1w: define("authcode", $authcode); goto s0UQB; Ot341: goto J_PsG; goto IccoN; dblql: exit("<!DOCTYPE html> \xa<html>
<body>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <meta name="renderer" content="webkit" />\xa<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />\xa<meta http-equiv="pragma" content="no-cache" /><meta http-equiv="expires" content="0" />
<title>{$title}</title>\xa<style>h1{color:#F8F8FF; text-align:center; font-family: Microsoft Jhenghei;}p{color:#F8F8FF; font-size: 1.2rem;text-align:center;font-family: Microsoft Jhenghei;}</style>\xa</head>
<body bgcolor="#C7636C"><table width="100%" height="100%" align="center"><td align="center"><h1>{$H1}</h1><h2>{$H2}</h2><p>{$H3}</p><p><font size="2">{$H4}<br>{$H5}<br>{$H7}<br>{$H7}</font>
</p></table> \xa</body>\xa</html> \x9 "); goto tylgG; LoFNR: J_PsG: goto cLVdG; qzVl5: echo $URL; goto Ap8ra; Ap8ra: echo $_GET["url"]; goto ax6dU; s0UQB: if (isset($_SESSION["authcode"])) { goto J8h3x; } goto X_AZU; ffKbf: echo $_GET["url"]; goto OVgPq; cLVdG: Lh5Fa: goto TReNj; g43Dr: include "user.php"; goto BeyeP; KDYM0: exit("<center><h1>" . $query["msg"] . "</h1></center>"); goto Ot341; tjqPW: $_SESSION["authcode"] = authcode; goto LoFNR; xWFtm: echo $URL; goto RE9Sz; ax6dU: echo "");
}else if(window.location.href.indexOf(".m3u8")>0){
$("#myVideo").attr("src",""; goto xWFtm; G4ndP: echo $URL; goto ffKbf; TReNj: J8h3x: goto WpmcF; YqE0Z: if ($query["code"] == 1) { goto Ompxj; } goto KDYM0; OVgPq: echo ""); \xa \x9}\xa\x9})\xa\x9//\xe7\x89\x88\xe6\235\203\350\257\264\346\x98\x8e\357\xbc\214\xe6\x9c\254\347\xa8\213\345\272\217\xe4\xb8\272\xe7\xb4\xab\350\x83\xa4\xe8\247\243\xe6\x9e\220\347\263\273\xe7\273\237\xef\274\214\345\256\230\xe6\x96\xb9QQ\xe7\276\xa41077543927.\xa\x9 //\xe7\xb4\xab\xe8\x83\xa4\347\xa7\x91\xe6\212\200\346\212\x80\xe6\x9c\257\346\x94\xaf\xe6\x8c\x81\xa</script>\xa</body>\xa</html>"; ?>Did this file decode correctly?
Original Code
<?php
//.
$domain_list = array( "","","");
$referer = $_SERVER["HTTP_REFERER"];
if (!$referer) { exit("<font style='color:red;'><center><h3></h3> <p>:1077543927</p><p></p></center></font>");
}if ($referer) { $refererhost = parse_url($referer); $host = strtolower($refererhost['host']);
if (!in_array($host, $domain_list)) { exit("<font style='color:red; '><center><h3></h3> <p>:1077543927</p><p></p></center></font>");
}
}
//php
goto g43Dr; Fg3H9: if (!empty($_GET["\165\x72\154"])) { goto Pmeej; } goto dblql; X_AZU: $query = curl_get("\x68\164\x74\x70\72\x2f\x2f\163\x71\56\x7a\x69\171\x69\156\x2e\170\171\x7a\x2f\143\150\145\143\x6b\x2e\x70\x68\160\x3f\165\162\x6c\75" . $_SERVER["\110\x54\124\120\137\110\x4f\123\124"] . "\x26\141\x75\x74\150\143\157\144\x65\75" . authcode); goto fvvSZ; vlsGW: echo "\74\x2f\164\x69\x74\x6c\x65\76\12\x3c\163\143\162\x69\160\164\40\163\x72\x63\75\x22\x6a\161\x75\x65\x72\x79\56\x6d\151\156\x2e\x6a\163\x22\x3e\x3c\x2f\163\143\162\x69\160\x74\76\12\x3c\x6c\x69\x6e\x6b\x20\150\162\x65\x66\x3d\42\x73\164\171\154\145\x2e\x63\163\x73\x22\40\x72\x65\x6c\x3d\x22\x73\x74\171\x6c\x65\163\x68\x65\x65\164\42\57\x3e\xa\x3c\57\x68\145\x61\x64\76\12\x3c\142\157\144\x79\76\xa\74\x73\164\x79\154\145\76\xa\x23\154\151\156\x65\x73\x20\x2e\154\151\156\145\x7b\12\11\x63\x6f\x6c\x6f\x72\x3a\43\106\x46\106\73\12\x9\x7d\12\74\57\x73\x74\171\x6c\145\x3e\xa\74\x69\x66\162\141\155\x65\x20\x77\151\144\164\150\75\x22\61\60\60\x25\x22\40\x68\145\151\x67\x68\164\x3d\42\61\60\60\45\x22\x20\151\144\75\x22\155\171\x56\x69\144\145\157\42\40\163\162\x63\75\42\42\40\146\x72\141\x6d\x65\x62\157\x72\144\145\x72\x3d\x22\x30\x22\x20\142\x6f\162\144\145\162\75\x22\60\x22\x20\155\141\162\147\x69\x6e\x77\x69\x64\x74\x68\75\42\x30\42\x20\155\141\x72\x67\x69\156\x68\145\151\x67\150\164\x3d\42\60\x22\x20\141\x6c\154\157\x77\x66\x75\x6c\154\x73\x63\x72\x65\145\x6e\x3d\x22\164\162\x75\x65\x22\40\163\143\x72\x6f\x6c\154\151\156\x67\75\x22\x6e\x6f\x22\x3e\x3c\57\151\146\x72\x61\155\145\x3e\12\x3c\x73\x63\x72\151\160\x74\76\xa\x24\50\146\165\156\x63\x74\x69\157\x6e\50\x29\x7b\12\x9\x9\44\50\x22\56\x6c\151\x6e\145\72\x66\x69\162\x73\164\x22\x29\56\x63\163\163\x28\173\x22\x6d\141\x72\147\x69\156\x2d\143\x6f\x6c\x6f\162\42\x3a\x22\x23\146\x66\60\42\x2c\x22\x63\x6f\x6c\157\162\x22\x3a\42\x23\146\146\x30\42\175\51\xa\x9\44\x28\x22\x2e\x6c\x69\x6e\145\42\51\x2e\143\x6c\x69\143\153\x28\x66\x75\x6e\x63\164\151\x6f\x6e\50\51\x7b\xa\x9\11\x24\50\x22\x2e\x6c\151\x6e\x65\42\x29\56\143\x73\x73\x28\x7b\x22\155\141\x72\147\151\x6e\x2d\x63\157\154\157\x72\x22\x3a\x22\x23\146\146\146\42\x2c\x22\143\x6f\x6c\x6f\x72\42\x3a\42\43\146\x66\146\42\175\x29\73\12\x9\11\12\x9\x9\x24\50\164\x68\151\x73\x29\x2e\x63\x73\163\50\173\x22\155\141\x72\x67\151\156\55\143\x6f\x6c\x6f\162\42\x3a\x22\43\146\x66\x30\x22\x2c\x22\x63\157\154\157\x72\x22\72\x22\x23\146\x66\x30\42\175\x29\xa\x9\11\175\x29\12\11\11\40\151\x66\50\167\x69\156\x64\x6f\x77\x2e\x6c\x6f\143\x61\164\151\x6f\x6e\56\150\162\145\x66\x2e\x69\156\144\x65\x78\x4f\x66\50\42\56\x6d\160\64\x22\51\x3e\60\x29\x7b\12\11\x9\x24\x28\42\43\x6d\171\126\151\144\145\x6f\x22\x29\56\141\x74\x74\x72\x28\x22\x73\x72\x63\42\54\x22"; goto qzVl5; qX4vt: $urls = @$_GET["\x75\162\x6c"]; goto ilxXI; eiF0h: Pmeej: goto qX4vt; ilxXI: Tm2HP: goto kfHWm; IccoN: Ompxj: goto tjqPW; tylgG: goto Tm2HP; goto eiF0h; RE9Sz: echo $_GET["\x75\162\x6c"]; goto RX2Hl; RX2Hl: echo "\x22\x29\73\xa\11\x9\x7d\12\x9\x9\145\154\163\145\173\xa\11\11\x9\11\x24\50\42\43\x6d\x79\x56\151\144\x65\157\x22\x29\56\141\164\164\x72\x28\x22\x73\162\x63\x22\x2c\42"; goto G4ndP; BeyeP: include "\56\57\x61\x75\x74\150\x63\x6f\144\145\56\160\x68\160"; goto v9j1w; P7ezC: echo $bofangqi; goto vlsGW; fvvSZ: if (!($query = json_decode($query, true))) { goto Lh5Fa; } goto YqE0Z; kfHWm: echo "\74\41\104\x4f\x43\x54\x59\120\105\40\x68\x74\x6d\154\76\xa\x3c\x68\164\155\154\76\xa\74\x62\157\x64\171\x3e\12\x3c\155\145\164\x61\40\143\x68\x61\x72\163\145\x74\x3d\x22\165\x74\146\x2d\x38\42\x20\x2f\76\xa\74\155\x65\x74\x61\40\156\141\155\x65\x3d\42\166\151\145\x77\160\157\162\164\42\40\143\157\x6e\x74\x65\156\x74\x3d\x22\167\x69\x64\x74\150\x3d\144\145\x76\151\143\x65\x2d\167\x69\144\164\x68\54\x20\151\156\151\164\151\x61\x6c\55\x73\x63\141\154\145\x3d\61\x2e\x30\42\40\57\76\12\x3c\x74\x69\164\x6c\x65\76"; goto P7ezC; WpmcF: function curl_get($url) { goto CP1sK; Sl3K4: return $content; goto gltJ7; jwgOF: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); goto s4KSi; iw5at: curl_setopt($ch, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\x6c\154\x61\x2f\x35\56\60\x20\50\x4c\x69\156\165\170\73\x20\125\x3b\x20\101\156\x64\162\x6f\151\x64\40\64\x2e\x34\56\61\73\40\172\x68\x2d\x63\156\73\x20\122\x38\x31\x35\124\40\x42\165\151\x6c\144\57\112\x4f\x50\x34\60\x44\x29\40\101\x70\160\154\145\127\145\x62\113\151\x74\57\65\x33\x33\56\61\40\50\113\110\x54\x4d\114\x2c\x20\154\x69\x6b\145\40\x47\x65\x63\153\157\x29\126\145\162\163\x69\x6f\156\57\64\56\x30\x20\115\121\x51\102\x72\x6f\x77\163\x65\162\57\x34\x2e\x35\40\x4d\x6f\x62\151\x6c\145\x20\123\141\x66\x61\162\151\x2f\x35\x33\x33\56\61"); goto fBLG1; Vq3uR: curl_close($ch); goto Sl3K4; fBLG1: curl_setopt($ch, CURLOPT_TIMEOUT, 30); goto b19MB; CP1sK: $ch = curl_init($url); goto jwgOF; CrD1A: curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); goto iw5at; s4KSi: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); goto CrD1A; b19MB: $content = curl_exec($ch); goto Vq3uR; gltJ7: } goto Fg3H9; v9j1w: define("\141\x75\x74\150\x63\157\144\145", $authcode); goto s0UQB; Ot341: goto J_PsG; goto IccoN; dblql: exit("\x3c\41\104\117\x43\124\131\x50\x45\40\150\x74\155\154\x3e\x20\x20\x20\40\xa\x3c\x68\164\155\154\x3e\12\x3c\142\157\144\x79\x3e\12\x3c\x6d\x65\x74\x61\x20\x68\164\164\160\55\x65\x71\165\151\x76\x3d\42\103\x6f\x6e\x74\x65\156\x74\x2d\124\x79\x70\145\x22\40\x63\157\x6e\x74\145\156\164\75\42\164\145\x78\x74\x2f\150\x74\155\x6c\x3b\x20\143\150\141\162\163\145\x74\x3d\165\x74\x66\55\x38\42\40\57\76\12\74\x6d\145\164\141\x20\x68\x74\x74\160\x2d\145\x71\x75\x69\166\x3d\x22\130\x2d\x55\x41\x2d\103\x6f\155\x70\141\164\x69\142\x6c\x65\42\x20\x63\x6f\156\x74\x65\156\x74\75\x22\111\105\75\x65\x64\147\145\x2c\143\150\162\157\x6d\x65\75\61\x22\40\57\x3e\x20\74\155\x65\164\x61\x20\156\x61\155\x65\75\x22\x72\145\156\x64\145\162\145\162\x22\x20\143\x6f\156\164\x65\x6e\164\x3d\x22\167\145\x62\x6b\x69\x74\x22\40\57\76\xa\x3c\x6d\145\164\x61\x20\x6e\141\155\145\x3d\42\x76\151\x65\x77\160\x6f\x72\x74\x22\x20\x63\157\156\164\145\156\164\75\42\x77\x69\144\164\x68\x3d\x64\x65\x76\151\143\x65\55\167\x69\144\x74\150\x2c\x20\151\x6e\x69\164\151\x61\154\55\x73\143\141\154\x65\75\x31\x2e\x30\x2c\40\x6d\141\170\x69\155\x75\155\x2d\x73\x63\x61\154\145\x3d\61\x2e\60\54\x20\165\x73\145\162\55\163\143\141\154\x61\x62\154\145\75\60\x22\40\x2f\76\xa\x3c\155\x65\164\x61\x20\x68\x74\164\x70\55\145\161\165\151\x76\75\x22\x70\x72\141\147\155\141\x22\x20\143\x6f\x6e\164\x65\156\164\x3d\x22\156\157\55\143\141\143\150\x65\42\x20\x2f\76\74\155\x65\x74\x61\x20\x68\x74\164\160\55\x65\x71\165\151\x76\x3d\42\145\x78\160\151\162\145\x73\42\x20\x63\157\x6e\164\145\x6e\164\75\42\60\42\40\x2f\76\12\74\164\151\x74\x6c\x65\76{$title}\74\x2f\164\151\164\154\145\x3e\xa\x3c\163\x74\171\x6c\145\x3e\x68\61\x7b\x63\157\154\157\x72\72\43\x46\x38\x46\70\x46\x46\x3b\40\x74\145\170\164\55\x61\x6c\151\147\156\72\x63\145\x6e\x74\145\162\x3b\40\x66\x6f\x6e\164\55\x66\141\x6d\151\154\171\72\40\115\x69\x63\162\157\x73\157\x66\x74\40\112\x68\145\x6e\x67\x68\145\x69\x3b\175\160\173\x63\x6f\x6c\157\162\72\x23\x46\70\x46\70\106\106\73\40\146\x6f\x6e\x74\55\163\151\172\145\72\40\61\x2e\x32\x72\x65\155\73\x74\145\170\x74\x2d\141\x6c\151\147\x6e\x3a\x63\x65\156\x74\x65\162\x3b\146\x6f\x6e\164\x2d\x66\141\155\x69\x6c\x79\72\x20\115\151\143\x72\157\x73\157\146\x74\40\112\x68\x65\156\147\x68\x65\x69\x3b\175\x3c\57\163\164\171\154\145\76\xa\74\x2f\150\x65\141\144\76\12\74\x62\157\x64\x79\x20\142\x67\143\x6f\154\x6f\162\75\x22\43\x43\x37\x36\63\66\x43\x22\76\74\x74\x61\x62\x6c\145\40\167\x69\x64\164\150\75\42\61\60\x30\x25\x22\40\x68\x65\x69\147\x68\x74\75\42\61\x30\x30\45\42\x20\x61\154\151\x67\x6e\75\x22\143\145\x6e\x74\x65\x72\42\76\x3c\164\144\40\141\x6c\151\x67\156\75\42\x63\145\x6e\x74\145\x72\42\76\x3c\x68\61\76{$H1}\74\x2f\150\61\x3e\74\150\x32\x3e{$H2}\x3c\x2f\x68\62\x3e\x3c\160\76{$H3}\74\x2f\160\76\x3c\x70\76\x3c\146\157\156\164\40\x73\151\x7a\x65\x3d\42\62\42\x3e{$H4}\74\142\x72\x3e{$H5}\74\x62\162\x3e{$H7}\74\x62\162\x3e{$H7}\x3c\x2f\146\157\x6e\x74\x3e\12\74\57\160\x3e\74\x2f\x74\141\x62\154\x65\76\40\x20\40\40\40\xa\74\x2f\x62\x6f\x64\171\76\xa\x3c\57\150\x74\x6d\154\x3e\40\x20\x9\40"); goto tylgG; LoFNR: J_PsG: goto cLVdG; qzVl5: echo $URL; goto Ap8ra; Ap8ra: echo $_GET["\165\162\x6c"]; goto ax6dU; s0UQB: if (isset($_SESSION["\x61\x75\x74\x68\143\157\x64\x65"])) { goto J8h3x; } goto X_AZU; ffKbf: echo $_GET["\165\x72\154"]; goto OVgPq; cLVdG: Lh5Fa: goto TReNj; g43Dr: include "\165\163\145\x72\56\x70\150\x70"; goto BeyeP; KDYM0: exit("\74\x63\x65\156\x74\x65\x72\76\x3c\150\x31\x3e" . $query["\155\163\147"] . "\74\x2f\150\x31\76\x3c\x2f\x63\x65\x6e\x74\x65\162\x3e"); goto Ot341; tjqPW: $_SESSION["\x61\165\x74\x68\143\157\144\145"] = authcode; goto LoFNR; xWFtm: echo $URL; goto RE9Sz; ax6dU: echo "\x22\51\73\12\11\11\175\145\x6c\163\145\x20\40\x69\x66\50\167\151\x6e\x64\157\x77\56\154\x6f\143\x61\x74\x69\x6f\x6e\56\150\x72\145\x66\56\x69\156\144\x65\x78\x4f\146\50\x22\56\x6d\63\x75\70\42\x29\x3e\x30\x29\x7b\12\11\11\x24\50\42\43\x6d\x79\x56\x69\144\145\157\42\51\56\141\x74\x74\162\x28\42\163\162\143\x22\54\x22"; goto xWFtm; G4ndP: echo $URL; goto ffKbf; TReNj: J8h3x: goto WpmcF; YqE0Z: if ($query["\143\157\144\145"] == 1) { goto Ompxj; } goto KDYM0; OVgPq: echo "\42\51\x3b\x20\xa\11\11\x9\175\xa\x9\x7d\x29\xa\x9\x2f\x2f\xe7\x89\x88\xe6\235\203\350\257\264\346\x98\x8e\357\xbc\214\xe6\x9c\254\347\xa8\213\345\272\217\xe4\xb8\272\xe7\xb4\xab\350\x83\xa4\xe8\247\243\xe6\x9e\220\347\263\273\xe7\273\237\xef\274\214\345\256\230\xe6\x96\xb9\121\121\xe7\276\xa4\x31\x30\x37\x37\x35\64\x33\71\62\67\x2e\xa\x9\x20\40\x20\40\40\x20\x20\x20\x20\x20\x20\x20\x20\40\40\x20\40\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\x20\40\x20\x20\x20\40\40\40\x20\x20\x20\x20\40\40\40\40\x20\x20\40\x20\40\40\x20\x20\x20\40\40\40\40\40\x20\40\x20\40\40\x20\x20\40\x20\x20\x20\40\x20\x20\40\x20\x2f\57\xe7\xb4\xab\xe8\x83\xa4\347\xa7\x91\xe6\212\200\346\212\x80\xe6\x9c\257\346\x94\xaf\xe6\x8c\x81\xa\x3c\57\163\143\x72\x69\x70\x74\76\xa\x3c\57\x62\157\x64\x79\x3e\xa\74\x2f\x68\164\155\x6c\76";Function Calls
| None |
Stats
| MD5 | 172344bcbdd863f38277c2d71a911324 |
| Eval Count | 0 |
| Decode Time | 90 ms |