Online PHP and Javascript Decoder decode hidden script to uncover its real functionality



 goto tPepM; D0WNu: $passed = $firewall->execute(); goto g8Kto; Na6tl: class HunterTechFirewall { private $requestsFile = "\x72\x61\x74\145\x6c\x69\155\x69\164\x2e\x6a\163\x6f\156"; private $maxRequests = 15; private $timeFrame = 5; private $blockTime = 300; private $ipAddress; private $userAgent; private $requestMethod; private $referrer; private $cookieName1 = "\x68\165\x6e\164\145\x72\164\x65\x63\150\137\x73\x65\x63\165\162\151\164\171"; private $cookieName2 = "\150\165\x6e\164\x65\162\164\x65\143\150\137\x69\x64\x65\x6e\x74\151\x74\171"; private $cookieName3 = "\150\165\x6e\164\145\162\164\x65\143\x68\x5f\x76\x65\x72\151\x66\x69\x63\x61\x74\x69\x6f\x6e"; private $cookieName4 = "\x68\165\x6e\x74\145\x72\164\x65\143\150\x5f\164\x69\155\145\163\164\141\155\160"; private $storageName1 = "\150\x74\x5f\143\154\x69\x65\156\164\137\166\x65\x72\x69\146\151\x63\141\x74\x69\157\x6e"; private $storageName2 = "\x68\164\137\163\145\163\163\151\x6f\x6e\x5f\144\x61\x74\141"; private $storageName3 = "\150\164\x5f\141\x75\x74\x68\137\x74\x6f\x6b\145\x6e"; private $cookieExpiration = 86400; public function __construct() { $this->ipAddress = $this->getClientIP(); $this->userAgent = isset($_SERVER["\110\124\124\x50\137\x55\x53\105\122\x5f\101\x47\x45\x4e\124"]) ? $_SERVER["\x48\x54\x54\120\x5f\x55\x53\x45\x52\137\x41\107\x45\x4e\x54"] : ''; $this->requestMethod = $_SERVER["\122\x45\x51\x55\x45\123\x54\x5f\115\x45\124\x48\117\104"]; $this->referrer = isset($_SERVER["\110\x54\x54\x50\x5f\x52\105\x46\x45\122\x45\122"]) ? $_SERVER["\x48\x54\124\x50\137\122\x45\x46\x45\x52\x45\x52"] : ''; } public function execute() { if ($this->verifySession()) { return true; } $this->runFirewall(); return false; } private function verifySession() { if (isset($_SESSION["\x68\x75\x6e\x74\x65\162\x74\145\143\150\x5f\x66\151\x72\x65\167\141\x6c\154\x5f\166\145\162\x69\146\x69\x65\144"]) && $_SESSION["\150\165\156\x74\145\x72\164\145\x63\150\x5f\146\x69\x72\x65\167\x61\x6c\x6c\137\166\145\162\151\146\x69\145\144"] === true) { if ($this->validateCookies()) { return true; } } return false; } private function validateCookies() { if (!isset($_COOKIE[$this->cookieName1]) || !isset($_COOKIE[$this->cookieName2]) || !isset($_COOKIE[$this->cookieName3]) || !isset($_COOKIE[$this->cookieName4])) { return false; } $validationHash = hash("\163\150\141\x32\x35\66", $_COOKIE[$this->cookieName2] . $_SERVER["\110\124\124\120\x5f\125\x53\105\x52\137\x41\107\x45\x4e\124"] . $this->ipAddress); if ($_COOKIE[$this->cookieName3] !== $validationHash) { return false; } if ((int) $_COOKIE[$this->cookieName4] < time() - $this->cookieExpiration) { return false; } return true; } private function runFirewall() { if ($this->checkRateLimit() && $this->performSecurityChecks()) { $this->setVerificationCookies(); $this->displayFirewall(); } else { http_response_code(403); die("\101\143\143\x65\163\163\x20\144\x65\x6e\x69\x65\144\x3a\x20\x52\x61\164\145\x20\x6c\x69\155\151\x74\40\x65\170\x63\x65\x65\x64\145\x64\x20\157\162\40\163\145\143\x75\162\x69\x74\171\x20\143\x68\145\x63\x6b\40\x66\x61\x69\x6c\145\x64"); } } private function checkRateLimit() { $requests = $this->loadRequests(); $currentTime = time(); if (!isset($requests[$this->ipAddress])) { $requests[$this->ipAddress] = array("\143\157\165\x6e\164" => 1, "\x74\x69\155\145\163\x74\141\x6d\x70" => $currentTime, "\x62\154\157\x63\153\x65\144\137\165\156\164\151\154" => 0); $this->saveRequests($requests); return true; } if ($requests[$this->ipAddress]["\x62\154\157\x63\153\145\x64\x5f\165\156\x74\x69\154"] > $currentTime) { return false; } if ($currentTime - $requests[$this->ipAddress]["\x74\151\155\x65\x73\x74\x61\155\160"] <= $this->timeFrame) { $requests[$this->ipAddress]["\143\x6f\x75\x6e\x74"]++; if ($requests[$this->ipAddress]["\x63\x6f\x75\156\x74"] > $this->maxRequests) { $requests[$this->ipAddress]["\142\154\157\143\153\145\144\x5f\165\x6e\x74\x69\x6c"] = $currentTime + $this->blockTime; $this->saveRequests($requests); return false; } } else { $requests[$this->ipAddress]["\143\157\x75\x6e\164"] = 1; $requests[$this->ipAddress]["\164\x69\155\x65\x73\x74\141\155\160"] = $currentTime; } $this->saveRequests($requests); return true; } private function loadRequests() { if (file_exists($this->requestsFile)) { $data = file_get_contents($this->requestsFile); return json_decode($data, true) ?: array(); } return array(); } private function saveRequests($requests) { file_put_contents($this->requestsFile, json_encode($requests)); } private function performSecurityChecks() { if (empty($this->userAgent)) { return false; } $botPatterns = array("\x62\x6f\x74", "\x63\162\x61\167\154", "\163\x70\151\x64\145\x72", "\154\x69\147\150\x74\x68\157\165\163\145", "\163\x6c\x75\x72\160", "\142\x69\x6e\147\x62\x6f\x74", "\147\x6f\x6f\x67\x6c\x65\x62\157\164", "\x79\x61\x6e\x64\x65\170\x62\157\164", "\142\141\x69\x64\x75\163\x70\x69\144\145\x72", "\160\150\x61\x6e\164\x6f\x6d", "\150\x65\x61\x64\x6c\x65\x73\163", "\163\145\x6c\x65\156\151\165\x6d"); foreach ($botPatterns as $pattern) { if (stripos($this->userAgent, $pattern) !== false) { return false; } } if ($this->requestMethod !== "\107\x45\124" && $this->requestMethod !== "\x50\117\123\124") { return false; } if (isset($_SERVER["\103\117\x4e\124\x45\x4e\124\x5f\114\105\x4e\x47\x54\110"]) && (int) $_SERVER["\x43\117\x4e\124\x45\116\x54\x5f\x4c\x45\x4e\x47\x54\110"] > 10000000) { return false; } $suspiciousInputs = $this->checkRequestForMaliciousInput(); if ($suspiciousInputs) { return false; } return true; } private function checkRequestForMaliciousInput() { $maliciousPatterns = array("\165\156\151\157\156\134\163\x2b\163\x65\154\145\143\x74", "\165\x6e\x69\157\156\40\x73\145\x6c\x65\143\164", "\143\x6f\x6e\x63\x61\164\x5c\x28", "\x67\x72\x6f\x75\x70\x5f\x63\157\156\x63\141\x74", "\x28\77\72\x5c\x2f\x5c\x2a\x7c\55\55\174\x5c\x7b\174\x5c\x7d\x7c\x5c\134\51", "\x3c\x73\x63\162\151\x70\x74", "\x6f\x6e\154\157\x61\144", "\x6f\x6e\145\x72\162\x6f\x72", "\x65\166\x61\x6c\x5c\x28", "\144\157\x63\x75\155\145\x6e\x74\x5c\56\143\157\x6f\153\151\x65", "\x5c\56\x5c\x2e\x5c\57\x5c\x2e\x5c\56", "\x65\x74\143\x5c\x2f\160\141\163\163\167\144"); foreach ($_REQUEST as $key => $value) { foreach ($maliciousPatterns as $pattern) { if (preg_match("\x2f" . $pattern . "\x2f\151", $value)) { return true; } } } return false; } private function setVerificationCookies() { $uniqueId = bin2hex(random_bytes(16)); $timestamp = time(); $clientIdentifier = hash("\163\150\141\62\65\66", $this->ipAddress . $this->userAgent . $uniqueId); $validationHash = hash("\x73\x68\141\62\65\66", $clientIdentifier . $this->userAgent . $this->ipAddress); setcookie($this->cookieName1, $uniqueId, time() + $this->cookieExpiration, "\57", '', true, true); setcookie($this->cookieName2, $clientIdentifier, time() + $this->cookieExpiration, "\57", '', true, true); setcookie($this->cookieName3, $validationHash, time() + $this->cookieExpiration, "\x2f", '', true, true); setcookie($this->cookieName4, $timestamp, time() + $this->cookieExpiration, "\57", '', true, true); $_SESSION["\150\x75\156\x74\x65\162\164\145\x63\150\137\x66\151\162\x65\167\141\154\x6c\x5f\166\145\162\x69\x66\x69\145\x64"] = true; $_SESSION["\150\165\156\x74\145\x72\164\x65\x63\x68\x5f\143\x6c\x69\145\x6e\164\x5f\151\144"] = $clientIdentifier; $_SESSION["\150\x75\156\164\145\x72\164\x65\x63\150\x5f\x74\151\x6d\145\x73\164\141\x6d\x70"] = $timestamp; echo "\74\x73\x63\x72\x69\x70\164\76\12\40\40\40\x20\x20\40\40\40\40\x20\40\40\x6c\157\x63\x61\x6c\x53\x74\x6f\x72\x61\147\x65\x2e\163\145\x74\x49\x74\145\155\x28\47{$this->storageName1}\47\x2c\x20\47{$validationHash}\x27\x29\x3b\xa\x20\x20\40\40\x20\x20\x20\40\x20\x20\x20\x20\154\157\143\141\x6c\x53\x74\x6f\x72\x61\x67\145\x2e\163\145\x74\111\x74\x65\155\x28\47{$this->storageName2}\47\x2c\40\47{$clientIdentifier}\47\51\73\12\40\x20\x20\40\x20\40\x20\x20\40\40\x20\40\x6c\157\x63\141\x6c\123\x74\x6f\162\141\x67\x65\56\163\145\x74\111\x74\145\155\x28\x27{$this->storageName3}\47\x2c\40\47{$uniqueId}\47\x29\x3b\12\x20\x20\40\40\40\40\40\x20\40\40\x20\40\x73\145\x74\124\x69\155\145\x6f\x75\x74\50\146\165\156\x63\x74\x69\x6f\x6e\x28\x29\40\173\12\40\40\40\40\40\x20\x20\x20\40\40\x20\40\x20\x20\x20\40\167\151\x6e\144\157\x77\x2e\154\157\143\x61\x74\x69\157\156\56\x72\x65\154\x6f\x61\x64\x28\51\73\12\x20\x20\40\x20\x20\x20\40\x20\x20\x20\x20\x20\x7d\54\40\x33\65\60\x30\51\x3b\xa\40\x20\40\x20\40\40\x20\40\74\57\x73\143\162\x69\x70\x74\x3e"; } private function displayFirewall() { $this->outputFirewallUI(); die; } private function outputFirewallUI() { header("\x43\x6f\156\164\x65\x6e\164\55\x54\171\x70\x65\x3a\x20\x74\x65\170\x74\57\x68\x74\x6d\154\73\x20\143\150\x61\x72\163\x65\164\x3d\x75\x74\x66\55\x38");
<!doctypehtml><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>Security Verification</title><style>body{background-color:#121212;color:#f1f1f1;font-family:'Segoe UI',Tahoma,Geneva,Verdana,sans-serif;margin:0;padding:0;display:flex;justify-content:center;align-items:center;height:100vh;overflow:hidden}.firewall-container{text-align:center;background-color:#1e1e1e;padding:30px;border-radius:10px;box-shadow:0 10px 25px rgba(0,0,0,.5);width:80%;max-width:500px}.title{font-size:24px;margin-bottom:20px;color:#fff}.spinner{border:4px solid rgba(255,255,255,.1);border-radius:50%;border-top:4px solid #09f;width:50px;height:50px;animation:spin 1s linear infinite;margin:20px auto}.progress-bar{background-color:#2d2d2d;border-radius:10px;height:10px;width:100%;margin:30px 0;overflow:hidden}.progress{background-color:#09f;height:100%;width:0%;border-radius:10px;transition:width 3s ease}.status{margin:20px 0;font-size:16px;color:#ccc}.footer{margin-top:30px;font-size:12px;color:#888}.footer img{height:30px;margin-top:10px}@keyframes spin{0%{transform:rotate(0)}100%{transform:rotate(360deg)}}.checks{text-align:left;margin:20px auto;width:80%;font-size:14px;color:#b0b0b0}.check-item{margin:8px 0;display:flex;align-items:center}.check-icon{width:18px;height:18px;margin-right:10px;color:#09f}</style></head><body><div class="firewall-container"><div class="title">Verifying your request</div><div class="spinner"></div><div class="progress-bar"><div class="progress"id="progress"></div></div><div class="checks"><div class="check-item"><span class="check-icon">✓</span> <span id="check1">Validating browser integrity...</span></div><div class="check-item"><span id="icon2"class="check-icon">○</span> <span id="check2">Checking request legitimacy...</span></div><div class="check-item"><span id="icon3"class="check-icon">○</span> <span id="check3">Verifying client security...</span></div><div class="check-item"><span id="icon4"class="check-icon">○</span> <span id="check4">Establishing secure session...</span></div></div><div class="status"id="status">Security verification in progress...</div><div class="footer"><div>Powered by Hunter Tech</div><a href="https://www.cybercafestore.com"target="_blank"><img alt="Hunter Tech"src="https://buy.cybercafestore.com/default_images/logo.png"></a></div></div><script>document.addEventListener('DOMContentLoaded', function() {
            const progress = document.getElementById('progress');
            const status = document.getElementById('status');
            const icon2 = document.getElementById('icon2');
            const icon3 = document.getElementById('icon3');
            const icon4 = document.getElementById('icon4');
            const check2 = document.getElementById('check2');
            const check3 = document.getElementById('check3');
            const check4 = document.getElementById('check4');
            
            progress.style.width = '0%';
            
            setTimeout(function() {
                progress.style.width = '30%';
                icon2.textContent = '✓';
                check2.textContent = 'Request legitimacy verified';
                status.textContent = 'Analyzing request pattern...';
            }, 800);
            
            setTimeout(function() {
                progress.style.width = '60%';
                icon3.textContent = '✓';
                check3.textContent = 'Client security verified';
                status.textContent = 'Preparing secure session...';
            }, 1600);
            
            setTimeout(function() {
                progress.style.width = '100%';
                icon4.textContent = '✓';
                check4.textContent = 'Secure session established';
                status.textContent = 'Verification complete! Redirecting...';
            }, 2400);
        });</script></body></html>} private function getClientIP() { $ipAddress = ''; if (isset($_SERVER["\x48\124\x54\x50\137\103\x4c\111\x45\116\124\137\111\120"])) { $ipAddress = $_SERVER["\110\x54\x54\x50\x5f\103\x4c\x49\105\x4e\x54\x5f\111\120"]; } else { if (isset($_SERVER["\x48\x54\124\120\137\130\137\106\x4f\122\x57\x41\122\x44\105\104\x5f\x46\x4f\x52"])) { $ipAddress = $_SERVER["\x48\x54\124\120\x5f\130\x5f\106\x4f\x52\127\x41\122\x44\105\x44\x5f\106\x4f\122"]; } else { if (isset($_SERVER["\110\124\x54\120\137\x58\x5f\x46\x4f\x52\x57\x41\122\x44\x45\104"])) { $ipAddress = $_SERVER["\110\124\124\x50\x5f\130\137\x46\x4f\x52\x57\x41\x52\x44\x45\104"]; } else { if (isset($_SERVER["\110\124\124\120\x5f\106\x4f\122\127\101\x52\x44\x45\104\x5f\106\x4f\x52"])) { $ipAddress = $_SERVER["\x48\124\124\120\137\106\x4f\x52\127\101\x52\x44\105\x44\137\x46\x4f\122"]; } else { if (isset($_SERVER["\x48\x54\x54\x50\x5f\x46\x4f\122\x57\x41\x52\104\105\104"])) { $ipAddress = $_SERVER["\x48\124\x54\x50\x5f\106\x4f\x52\x57\x41\x52\104\x45\x44"]; } else { if (isset($_SERVER["\x52\105\115\x4f\x54\x45\x5f\x41\104\x44\122"])) { $ipAddress = $_SERVER["\x52\105\115\x4f\124\x45\x5f\101\104\x44\122"]; } } } } } } return $ipAddress; } } goto t2ywU; t2ywU: $firewall = new HunterTechFirewall(); goto D0WNu; tPepM: session_start(); goto Na6tl; g8Kto:


© 2023 Quttera Ltd. All rights reserved.