Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php @error_reporting(0);/*This file has been obfuscated to prevent analysis.*/ @ini_se..
Decoded Output download
<?php
@error_reporting(0);/*This file has been obfuscated to prevent analysis.*/
@ini_set('error_reporting', 0);/*This file has been obfuscated to prevent analysis.*/
function requestcapturer_php(){
return;/*This file has been obfuscated to prevent analysis.*/
}/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ UuggBGBD2f;/*This file has been obfuscated to prevent analysis.*/
CcY9gCSZMn:/*This file has been obfuscated to prevent analysis.*/
exit;/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ qeLbymU1ev;/*This file has been obfuscated to prevent analysis.*/
xZ1rHMSez0:/*This file has been obfuscated to prevent analysis.*/
saveattackdata($wpdb, $_POST, $_GET, $_SERVER["REQUEST_URI"], $matched);/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ CcY9gCSZMn;/*This file has been obfuscated to prevent analysis.*/
vZ4pof7WZc:/*This file has been obfuscated to prevent analysis.*/
$secfunc->wpinfectscan_dbrtbinstall();/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ s1U75Wz0PP;/*This file has been obfuscated to prevent analysis.*/
TiczIz4d2J:/*This file has been obfuscated to prevent analysis.*/
require_once "scannerdata/wpinfectsecurity.php";/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ hb7kV_ywWj;/*This file has been obfuscated to prevent analysis.*/
EvOOIyhryx:/*This file has been obfuscated to prevent analysis.*/
$rkey = trim(get_option("wpinfectscanner_realtimeblockkey"));/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ XHOFzQAX8w;/*This file has been obfuscated to prevent analysis.*/
ttWM7OZFOF:
redirect_get($actual_link, getallheaders(), $rkey);
$abcdefg=123456;/*x*/ goto/*y*/ vEGpCEi6yi;
WOx3S4pbpB:
kV9UYcDW9w:
$abcdefg=123456;/*x*/ goto/*y*/ Jqcy8oiiyW;
BUH1M2z8K7:
$table_name = $wpdb->prefix . "infectscannerrealtimeblock";
$abcdefg=123456;/*x*/ goto/*y*/ K3zBlkaLwS;
fUOG62rkNs:
N1dcy2Qjjf:
$abcdefg=123456;/*x*/ goto/*y*/ WVBwVxaHFk;
K3zBlkaLwS:
if (!($wpdb->get_var("SHOW TABLES LIKE '" . $table_name . "'") != $table_name)) {
$abcdefg=123456;/*x*/ goto/*y*/ FLN85f83JQ;
}
$abcdefg=123456;/*x*/ goto/*y*/ TiczIz4d2J;
LQbiHQEwf5:
$matched = malwarecheck($wpdb, $_POST, $_GET);
$abcdefg=123456;/*x*/ goto/*y*/ wZtmVIzlta;
g_xP6G7P5Y:
$matched = false;
$abcdefg=123456;/*x*/ goto/*y*/ nSfWtzKd24;
s0sTkhAhX9:
if ($blocked) {
$abcdefg=123456;/*x*/ goto/*y*/ KmFk5FmcHB;
}
$abcdefg=123456;/*x*/ goto/*y*/ LQbiHQEwf5;
Jqcy8oiiyW:
function malwarecheck($wpdb, $postv, $getv)
{
$abcdefg=123456;/*x*/ goto/*y*/ JLIgz287Ap;
D0H0rojVHF:
Qyd3qEqZai:
$abcdefg=123456;/*x*/ goto/*y*/ ZfCU_i9wjA;
U9Dmd9rH5I:
if (empty($postv)) {
$abcdefg=123456;/*x*/ goto/*y*/ i3xMyzt8RL;
}
$abcdefg=123456;/*x*/ goto/*y*/ ydjjlCEWDL;
NW0zdZjnhL:
Ph71B12Dbl:
$abcdefg=123456;/*x*/ goto/*y*/ DpGQaLYgqD;
DpGQaLYgqD:
return $matchpattern;
$abcdefg=123456;/*x*/ goto/*y*/ W_ueESJgGb;
vZKrQcKzZ6:
$matchpattern = $decript[$i]->id;
$abcdefg=123456;/*x*/ goto/*y*/ EihsY79xRp;
MCHGj2BlRI:
i3xMyzt8RL:
$abcdefg=123456;/*x*/ goto/*y*/ S12kYgW7GE;
fqFtOXUTuA:
$txt = str_replace("%", "222", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ QRWiCZ7WRX;
iUZKnHFQpj:
if (!($num > 0)) {
$abcdefg=123456;/*x*/ goto/*y*/ us7W_KdPM6;
}
$abcdefg=123456;/*x*/ goto/*y*/ Xn3YZguHF6;
bHcEPp37Of:
$abcdefg=123456;/*x*/ goto/*y*/ HK06VJRExQ;
$abcdefg=123456;/*x*/ goto/*y*/ VQwMSxGLY0;
sDzLjja6fF:
$i = 0;
$abcdefg=123456;/*x*/ goto/*y*/ SvtABSNtV0;
iP6PnZdkYe:
$patterns = $txt;
$abcdefg=123456;/*x*/ goto/*y*/ NwG9Ph33BG;
XV8CXE7ZoF:
if (!($fileContent_sr != '' && strlen($fileContent_sr) < 30000)) {
$abcdefg=123456;/*x*/ goto/*y*/ Ph71B12Dbl;
}
$abcdefg=123456;/*x*/ goto/*y*/ sDzLjja6fF;
RnYPFAWTXI:
$txt = str_replace("?", "5p", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ X_VibeqIPA;
B1gvUcciIE:
$txt = str_replace("-", "22", $patterns);
$abcdefg=123456;/*x*/ goto/*y*/ fqFtOXUTuA;
ou1vuA4yh1:
eX15xEqbIx:
$abcdefg=123456;/*x*/ goto/*y*/ XV8CXE7ZoF;
KA7sIjN4sI:
foreach ($getv as $key => $value) {
$abcdefg=123456;/*x*/ goto/*y*/ FgjKeuujnd;
mvEeby_2Vo:
$value = urldecode($value);
$abcdefg=123456;/*x*/ goto/*y*/ vQjZy40D70;
FgjKeuujnd:
if (!is_array($value)) {
$abcdefg=123456;/*x*/ goto/*y*/ cN9Gh_L0nS;
}
$abcdefg=123456;/*x*/ goto/*y*/ rw7hF8hxfI;
eP2EeUfEM8:
c5t2wCvTBs:
$abcdefg=123456;/*x*/ goto/*y*/ Qjc_RwmG1C;
mrleRfzmDd:
cN9Gh_L0nS:
$abcdefg=123456;/*x*/ goto/*y*/ mvEeby_2Vo;
rw7hF8hxfI:
$value = implode('', $value);
$abcdefg=123456;/*x*/ goto/*y*/ mrleRfzmDd;
vQjZy40D70:
$fileContent_sr .= str_replace(" ", '', $value) . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ eP2EeUfEM8;
Qjc_RwmG1C:
}
$abcdefg=123456;/*x*/ goto/*y*/ mnEvjW9285;
VQwMSxGLY0:
WoFk54W1uU:
$abcdefg=123456;/*x*/ goto/*y*/ NW0zdZjnhL;
rHJUep_hfN:
$txt = str_replace("[", "6q", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ tPEJv2Gm6M;
kB_CA9WdK5:
$abcdefg=123456;/*x*/ goto/*y*/ B5AtihwfyM;
$abcdefg=123456;/*x*/ goto/*y*/ os7N3zh0tf;
dPkQwm62DY:
$decript = json_decode($patterns);
$abcdefg=123456;/*x*/ goto/*y*/ DWDnkWG0K8;
SvtABSNtV0:
HK06VJRExQ:
$abcdefg=123456;/*x*/ goto/*y*/ J15rDj78Ww;
DWDnkWG0K8:
$matchpattern = 0;
$abcdefg=123456;/*x*/ goto/*y*/ egPVKvn45a;
pWkNnsmTGT:
tcyS6g4aXe:
$abcdefg=123456;/*x*/ goto/*y*/ TFuoWKNRBv;
J15rDj78Ww:
if (!($i < count($decript))) {
$abcdefg=123456;/*x*/ goto/*y*/ WoFk54W1uU;
}
$abcdefg=123456;/*x*/ goto/*y*/ T8LbXHe_OL;
dfVbzpGw12:
$txt = str_replace(",", "4444", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ RnYPFAWTXI;
c8QD2QvZrN:
$txt = str_replace("!", "33", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ EGoKHt00al;
FuiDXj5izN:
if (!($priority == 2)) {
$abcdefg=123456;/*x*/ goto/*y*/ Qui2H66u9U;
}
$abcdefg=123456;/*x*/ goto/*y*/ kB_CA9WdK5;
hd3bgl_Rkm:
$patterns = explode("_", $res2[0]->option_value);
$abcdefg=123456;/*x*/ goto/*y*/ E4Q_k4wMJC;
ZDdWYYJmn2:
us7W_KdPM6:
$abcdefg=123456;/*x*/ goto/*y*/ pWkNnsmTGT;
hAUQIGNDTw:
$i++;
$abcdefg=123456;/*x*/ goto/*y*/ bHcEPp37Of;
NwG9Ph33BG:
$patterns = hex2bin(str_rot13($patterns));
$abcdefg=123456;/*x*/ goto/*y*/ dPkQwm62DY;
d2_SIlBXoO:
$onepattern_s = substr($onepattern, 1);
$abcdefg=123456;/*x*/ goto/*y*/ FuiDXj5izN;
fy6CALskS3:
$txt = str_replace(")", "44", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ ayKjdpR3Dp;
LwSPAUrQSY:
$txt = str_replace("#", "3n", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ iP6PnZdkYe;
EGoKHt00al:
$txt = str_replace("@", "333", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ dDaMYWFjxC;
tPEJv2Gm6M:
$txt = str_replace("]", "7q", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ LwSPAUrQSY;
Y2Oj4VUSHM:
$priority = substr($onepattern, 0, 1);
$abcdefg=123456;/*x*/ goto/*y*/ d2_SIlBXoO;
Xn3YZguHF6:
$substrCount == true;
$abcdefg=123456;/*x*/ goto/*y*/ ZDdWYYJmn2;
ayKjdpR3Dp:
$txt = str_replace("(", "444", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ dfVbzpGw12;
mnEvjW9285:
bc3EY2NQ8r:
$abcdefg=123456;/*x*/ goto/*y*/ ou1vuA4yh1;
TFuoWKNRBv:
if (!($substrCount !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ Qyd3qEqZai;
}
$abcdefg=123456;/*x*/ goto/*y*/ vZKrQcKzZ6;
EihsY79xRp:
$abcdefg=123456;/*x*/ goto/*y*/ WoFk54W1uU;
$abcdefg=123456;/*x*/ goto/*y*/ D0H0rojVHF;
ssW8IuFwBw:
$substrCount = strpos($fileContent_sr, $onepattern_s);
$abcdefg=123456;/*x*/ goto/*y*/ bxFcwM7aAa;
bxFcwM7aAa:
if (!($decript[$i]->r == 1)) {
$abcdefg=123456;/*x*/ goto/*y*/ tcyS6g4aXe;
}
$abcdefg=123456;/*x*/ goto/*y*/ EbO7ZLool0;
E4Q_k4wMJC:
$patterns = $patterns[1];
$abcdefg=123456;/*x*/ goto/*y*/ B1gvUcciIE;
T8LbXHe_OL:
$onepattern = str_replace(" ", '', $decript[$i]->pattern);
$abcdefg=123456;/*x*/ goto/*y*/ Y2Oj4VUSHM;
JLIgz287Ap:
$res2 = $wpdb->get_results("SELECT * FROM {$wpdb->options} WHERE option_name = 'wpinfectscanner_malwarepattern'");
$abcdefg=123456;/*x*/ goto/*y*/ hd3bgl_Rkm;
X_VibeqIPA:
$txt = str_replace(".", "2p", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ rHJUep_hfN;
dDaMYWFjxC:
$txt = str_replace("&", "3333", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ fy6CALskS3;
ZfCU_i9wjA:
B5AtihwfyM:
$abcdefg=123456;/*x*/ goto/*y*/ hAUQIGNDTw;
os7N3zh0tf:
Qui2H66u9U:
$abcdefg=123456;/*x*/ goto/*y*/ ssW8IuFwBw;
QRWiCZ7WRX:
$txt = str_replace("*", "2222", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ c8QD2QvZrN;
ydjjlCEWDL:
foreach ($postv as $key => $value) {
$abcdefg=123456;/*x*/ goto/*y*/ PKd5c30xRu;
fr5ZwjedbW:
hLyCJ2ANAp:
$abcdefg=123456;/*x*/ goto/*y*/ FXU5yCW1WY;
PKd5c30xRu:
if (!is_array($value)) {
$abcdefg=123456;/*x*/ goto/*y*/ kBJHHJwgCT;
}
$abcdefg=123456;/*x*/ goto/*y*/ YSaOSlYXaw;
mI2Ox1jsdC:
kBJHHJwgCT:
$abcdefg=123456;/*x*/ goto/*y*/ qCjNcrsuqn;
qCjNcrsuqn:
$fileContent_sr .= str_replace(" ", '', $value) . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ fr5ZwjedbW;
YSaOSlYXaw:
$value = implode('', $value);
$abcdefg=123456;/*x*/ goto/*y*/ mI2Ox1jsdC;
FXU5yCW1WY:
}
$abcdefg=123456;/*x*/ goto/*y*/ FbdGUNmRkT;
FbdGUNmRkT:
fEz67OK5Th:
$abcdefg=123456;/*x*/ goto/*y*/ MCHGj2BlRI;
EbO7ZLool0:
$num = preg_match_all($onepattern_s, $fileContent_sr, $m);
$abcdefg=123456;/*x*/ goto/*y*/ iUZKnHFQpj;
egPVKvn45a:
$fileContent_sr = '';
$abcdefg=123456;/*x*/ goto/*y*/ U9Dmd9rH5I;
S12kYgW7GE:
if (empty($getv)) {
$abcdefg=123456;/*x*/ goto/*y*/ eX15xEqbIx;
}
$abcdefg=123456;/*x*/ goto/*y*/ KA7sIjN4sI;
W_ueESJgGb:
}
$abcdefg=123456;/*x*/ goto/*y*/ C5wkMlpsXI;
nSfWtzKd24:
if (!(!empty($_GET) || !empty($_POST))) {
$abcdefg=123456;/*x*/ goto/*y*/ JzWuH_6HKJ;
}
$abcdefg=123456;/*x*/ goto/*y*/ BUH1M2z8K7;
s1U75Wz0PP:
FLN85f83JQ:
$abcdefg=123456;/*x*/ goto/*y*/ NpVhOLMzoi;
rR5GZzV_S5:
if (!($blocked || $matched > 0)) {
$abcdefg=123456;/*x*/ goto/*y*/ Fk01qZhEG1;
}
$abcdefg=123456;/*x*/ goto/*y*/ xZ1rHMSez0;
BZm1z7bHio:
$scanner = new MalwareScanner();
$abcdefg=123456;/*x*/ goto/*y*/ NHeFzO8qn1;
HlcHAiA8Xu:
otwAGbsj0L:
$abcdefg=123456;/*x*/ goto/*y*/ fUOG62rkNs;
A2jeLFvYXH:
foreach ($attackpattern as $key => $value) {
$abcdefg=123456;/*x*/ goto/*y*/ zJfSwTOXEu;
TKQZgpTFkI:
wd9bxdk3ZP:
$abcdefg=123456;/*x*/ goto/*y*/ WhbQXOmvfg;
me4MiPlDbw:
$arr = explode("?action=", $filename);
$abcdefg=123456;/*x*/ goto/*y*/ ky3WKF3xMu;
ByNZ03bTFH:
$abcdefg=123456;/*x*/ goto/*y*/ mFld52E5zH;
$abcdefg=123456;/*x*/ goto/*y*/ OErXRJkrqh;
YAMdmwGjGZ:
$blocked = true;
$abcdefg=123456;/*x*/ goto/*y*/ oTG1jI1w3_;
F354D065LU:
M1mG50tghy:
$abcdefg=123456;/*x*/ goto/*y*/ TKQZgpTFkI;
prdYD93Jax:
$abcdefg=123456;/*x*/ goto/*y*/ Wz9wqnn4ew;
$abcdefg=123456;/*x*/ goto/*y*/ cNW9YVjzpk;
pOkR4mZf7q:
if (!empty($action)) {
$abcdefg=123456;/*x*/ goto/*y*/ myd6x2PXqF;
}
$abcdefg=123456;/*x*/ goto/*y*/ YAMdmwGjGZ;
t7KcMIzwub:
mFld52E5zH:
$abcdefg=123456;/*x*/ goto/*y*/ F354D065LU;
SCqTVxjEGp:
$filename = $arr[0];
$abcdefg=123456;/*x*/ goto/*y*/ xAl7yL25_N;
JbBHHbHzLt:
if (!isset($_GET["action"])) {
$abcdefg=123456;/*x*/ goto/*y*/ gXC4eV2GVq;
}
$abcdefg=123456;/*x*/ goto/*y*/ NkjHDd0w3x;
QIWgDple2Z:
gS2YTFz91H:
$abcdefg=123456;/*x*/ goto/*y*/ t7KcMIzwub;
Vp8e17n0uf:
$action = '';
$abcdefg=123456;/*x*/ goto/*y*/ me4MiPlDbw;
jeN4hlbQ6M:
$abcdefg=123456;/*x*/ goto/*y*/ Wz9wqnn4ew;
$abcdefg=123456;/*x*/ goto/*y*/ V3rYGYvX12;
NkjHDd0w3x:
if (!($action == $_GET["action"])) {
$abcdefg=123456;/*x*/ goto/*y*/ u3MW3I9fZ4;
}
$abcdefg=123456;/*x*/ goto/*y*/ uP91YBGMNv;
uP91YBGMNv:
$blocked = true;
$abcdefg=123456;/*x*/ goto/*y*/ prdYD93Jax;
ky3WKF3xMu:
if (!(count($arr) == 2)) {
$abcdefg=123456;/*x*/ goto/*y*/ h2OHbBOyAy;
}
$abcdefg=123456;/*x*/ goto/*y*/ SCqTVxjEGp;
oTG1jI1w3_:
$abcdefg=123456;/*x*/ goto/*y*/ Wz9wqnn4ew;
$abcdefg=123456;/*x*/ goto/*y*/ ByNZ03bTFH;
cNW9YVjzpk:
u3MW3I9fZ4:
$abcdefg=123456;/*x*/ goto/*y*/ qsbV5kIaNT;
OErXRJkrqh:
myd6x2PXqF:
$abcdefg=123456;/*x*/ goto/*y*/ JbBHHbHzLt;
XCQg67bFzA:
if (!(strpos($actual_link, $filename) !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ M1mG50tghy;
}
$abcdefg=123456;/*x*/ goto/*y*/ pOkR4mZf7q;
uYLQI5TT49:
h2OHbBOyAy:
$abcdefg=123456;/*x*/ goto/*y*/ XCQg67bFzA;
ZvWj0gVRsD:
if (!($action == $_POST["action"])) {
$abcdefg=123456;/*x*/ goto/*y*/ vAlmA8SXG1;
}
$abcdefg=123456;/*x*/ goto/*y*/ OZJa4xQcxN;
qsbV5kIaNT:
gXC4eV2GVq:
$abcdefg=123456;/*x*/ goto/*y*/ mIHdaqRJLT;
xAl7yL25_N:
$action = $arr[1];
$abcdefg=123456;/*x*/ goto/*y*/ uYLQI5TT49;
V3rYGYvX12:
vAlmA8SXG1:
$abcdefg=123456;/*x*/ goto/*y*/ QIWgDple2Z;
zJfSwTOXEu:
$filename = $key;
$abcdefg=123456;/*x*/ goto/*y*/ Vp8e17n0uf;
mIHdaqRJLT:
if (!isset($_POST["action"])) {
$abcdefg=123456;/*x*/ goto/*y*/ gS2YTFz91H;
}
$abcdefg=123456;/*x*/ goto/*y*/ ZvWj0gVRsD;
OZJa4xQcxN:
$blocked = true;
$abcdefg=123456;/*x*/ goto/*y*/ jeN4hlbQ6M;
WhbQXOmvfg:
}
$abcdefg=123456;/*x*/ goto/*y*/ YsS2hRFDRu;
lp4qTwEcsN:
if (!(!empty($actual_link) && file_exists($config))) {
$abcdefg=123456;/*x*/ goto/*y*/ Ap5Jer_cns;
}
$abcdefg=123456;/*x*/ goto/*y*/ fshjZK7M17;
w2yBgKDokn:
$temp_POST = $_POST;
$abcdefg=123456;/*x*/ goto/*y*/ I3cqvE29dX;
yoQutWIfrD:
JzWuH_6HKJ:
$abcdefg=123456;/*x*/ goto/*y*/ rR5GZzV_S5;
wZtmVIzlta:
KmFk5FmcHB:
$abcdefg=123456;/*x*/ goto/*y*/ yoQutWIfrD;
NHeFzO8qn1:
$attackpattern = $scanner->getattackpattern(false);
$abcdefg=123456;/*x*/ goto/*y*/ A2jeLFvYXH;
fshjZK7M17:
@(require_once $config);
$abcdefg=123456;/*x*/ goto/*y*/ DIXCdcZbl_;
bWWY7tIvp4:
$blocked = false;
$abcdefg=123456;/*x*/ goto/*y*/ g_xP6G7P5Y;
hb7kV_ywWj:
$secfunc = new WPInfectSecurity();
$abcdefg=123456;/*x*/ goto/*y*/ vZ4pof7WZc;
UuggBGBD2f:
function redirect_post($url, array $data, array $headers = null, $rkey)
{
$abcdefg=123456;/*x*/ goto/*y*/ C5tcjHl07Z;
wkhNDnNVtH:
$response = @stream_get_contents($fp);
$abcdefg=123456;/*x*/ goto/*y*/ vnVgrlErOX;
R9I9wqoMOI:
header("Content-Type: " . $mime_type);
$abcdefg=123456;/*x*/ goto/*y*/ tDkjwVh3N1;
tmgY0wklL3:
$params = array("http" => array("method" => "POST", "content" => $data));
$abcdefg=123456;/*x*/ goto/*y*/ JoDMWFByvC;
j48G_KYEjF:
$params["http"]["header"] .= "Cookie: " . $_SERVER["HTTP_COOKIE"] . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ g572e3mmsi;
ODUJ3OYmQU:
qIMe4LEA1x:
$abcdefg=123456;/*x*/ goto/*y*/ gr4I1kzaVf;
VZnFMIGeGL:
CTHQLLyjT3:
$abcdefg=123456;/*x*/ goto/*y*/ Tzj9cohZ88;
OxIo2H7HhE:
foreach ($headers as $k => $v) {
$params["http"]["header"] .= "{$k}: {$v}
";
j7YZ2J7iuH:
}
$abcdefg=123456;/*x*/ goto/*y*/ fVUX7qXBda;
pw7FqrgKRK:
$fp = @fopen($url, "rb", false, $ctx);
$abcdefg=123456;/*x*/ goto/*y*/ FJvZ3UUywT;
tDkjwVh3N1:
echo $response;
$abcdefg=123456;/*x*/ goto/*y*/ NjKuvydhZ2;
vnVgrlErOX:
$pattern = "/^content-type\s*:\s*(.*)$/i";
$abcdefg=123456;/*x*/ goto/*y*/ rYObuuLRou;
fVUX7qXBda:
NOpkE2C_IA:
$abcdefg=123456;/*x*/ goto/*y*/ VZnFMIGeGL;
Mci9dGiuFh:
T6m3MiORwS:
$abcdefg=123456;/*x*/ goto/*y*/ R9I9wqoMOI;
NjKuvydhZ2:
die;
$abcdefg=123456;/*x*/ goto/*y*/ ODUJ3OYmQU;
AFrhWXy0Mh:
if (is_null($headers)) {
$abcdefg=123456;/*x*/ goto/*y*/ CTHQLLyjT3;
}
$abcdefg=123456;/*x*/ goto/*y*/ OxIo2H7HhE;
ssOx6wdlpD:
$ctx = stream_context_create($params);
$abcdefg=123456;/*x*/ goto/*y*/ pw7FqrgKRK;
bmAoD35r3X:
$content_type = $match[1];
$abcdefg=123456;/*x*/ goto/*y*/ MJX1RgC8YN;
NvM0tuod7B:
WATg3kLzsz:
$abcdefg=123456;/*x*/ goto/*y*/ wkhNDnNVtH;
C5tcjHl07Z:
$data = http_build_query($data);
$abcdefg=123456;/*x*/ goto/*y*/ tmgY0wklL3;
g572e3mmsi:
$params["ssl"]["verify_peer"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ RI4n6l7r4d;
nm8Q0_Xj8F:
$abcdefg=123456;/*x*/ goto/*y*/ qIMe4LEA1x;
$abcdefg=123456;/*x*/ goto/*y*/ NvM0tuod7B;
Tzj9cohZ88:
$params["http"]["header"] .= "K" . $rkey . ": 1
";
$abcdefg=123456;/*x*/ goto/*y*/ j48G_KYEjF;
RI4n6l7r4d:
$params["ssl"]["verify_peer_name"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ ssOx6wdlpD;
rYObuuLRou:
if (!(($header = array_values(preg_grep($pattern, $http_response_header))) && preg_match($pattern, $header[0], $match) !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ T6m3MiORwS;
}
$abcdefg=123456;/*x*/ goto/*y*/ bmAoD35r3X;
JoDMWFByvC:
$params["http"]["header"] = '';
$abcdefg=123456;/*x*/ goto/*y*/ AFrhWXy0Mh;
DPUJWIcmrL:
die;
$abcdefg=123456;/*x*/ goto/*y*/ nm8Q0_Xj8F;
MJX1RgC8YN:
$mime_type = $content_type;
$abcdefg=123456;/*x*/ goto/*y*/ Mci9dGiuFh;
FJvZ3UUywT:
if ($fp) {
$abcdefg=123456;/*x*/ goto/*y*/ WATg3kLzsz;
}
$abcdefg=123456;/*x*/ goto/*y*/ DPUJWIcmrL;
gr4I1kzaVf:
}
$abcdefg=123456;/*x*/ goto/*y*/ ZdgW7nc3E0;
rZ6sth8Vpl:
redirect_post($actual_link, $_POST, getallheaders(), $rkey);
$abcdefg=123456;/*x*/ goto/*y*/ HlcHAiA8Xu;
C5wkMlpsXI:
function saveattackdata($wpdb, $postv, $getv, $reqfile, $matchpattern = 0)
{
$abcdefg=123456;/*x*/ goto/*y*/ YsfsHwGbXe;
mbdMBsVS7W:
$ipv4 = $ip;
$abcdefg=123456;/*x*/ goto/*y*/ J7tp_w03ZD;
iAq6W6yMha:
if (empty($getv)) {
$abcdefg=123456;/*x*/ goto/*y*/ zSRtDxKas2;
}
$abcdefg=123456;/*x*/ goto/*y*/ vVJKTWog96;
dpAm3n8k7f:
$rawdata = md5($siteurl) . "#%#%#" . $matchpattern . "#%#%#" . $siteurl . "#%#%#" . $filepath . "#%#%#" . $filename . "#%#%#" . $getval . "#%#%#" . $postval . "#%#%#" . $ipv4 . "#%#%#" . $ipv6 . "#%#%#" . $useragent . "#%#%#" . $filecode;
$abcdefg=123456;/*x*/ goto/*y*/ bi_kgeHbdf;
FWcmHRo0Zr:
B3dsQl8FZG:
$abcdefg=123456;/*x*/ goto/*y*/ KOkUIdvMgR;
vVJKTWog96:
$getval = json_encode($getv);
$abcdefg=123456;/*x*/ goto/*y*/ MI4lqxl6Dv;
MI4lqxl6Dv:
zSRtDxKas2:
$abcdefg=123456;/*x*/ goto/*y*/ bkD_os62nv;
badBW7bzNJ:
ieEOBmNzTA:
$abcdefg=123456;/*x*/ goto/*y*/ DpXMJSkY5q;
KXoUVjHx72:
require_once "scannerdata/wpinfectscanner.php";
$abcdefg=123456;/*x*/ goto/*y*/ DPQGZsUsnB;
LTW08NJ2EA:
K4bX0HkKP0:
$abcdefg=123456;/*x*/ goto/*y*/ rtEwHR4mw6;
nopT4TRJUP:
$context["ssl"]["verify_peer"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ N08xipp1T1;
V6C1vOgSc7:
yJS17qKcux:
$abcdefg=123456;/*x*/ goto/*y*/ dDKw7Syn5M;
tnPOL1z0U1:
$durl = $scanner->phpurl;
$abcdefg=123456;/*x*/ goto/*y*/ d12J4IDdrg;
fYIn7zvmZv:
$absdir = dirname($absdir) . "/";
$abcdefg=123456;/*x*/ goto/*y*/ pbiZjjvdSG;
N08xipp1T1:
$context["ssl"]["verify_peer_name"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ KXoUVjHx72;
HQUD2s15lN:
$dateyhisday = date("Y-m-d H:i:s");
$abcdefg=123456;/*x*/ goto/*y*/ rC3NCBvO4V;
wzhtmWC_Qo:
vvlZLQyZES:
$abcdefg=123456;/*x*/ goto/*y*/ c81kRJrnub;
meuzUjFmUM:
$allpath = $allpath[0];
$abcdefg=123456;/*x*/ goto/*y*/ haDtbcVyta;
rC3NCBvO4V:
$sql = "INSERT INTO `" . $wpdb->prefix . "infectscannerrealtimeblock` (`id`, `filepath`, `filename`, `getquery`, `postquery`, `ipv4`, `ipv6`, `useragent`, `adddate`) VALUES (NULL, '" . esc_sql($filepath) . "', '" . esc_sql($filename) . "', '" . esc_sql($getval) . "', '" . esc_sql($postval) . "', '" . esc_sql($ipv4) . "', '" . esc_sql($ipv6) . "', '" . esc_sql($useragent) . "', '" . $dateyhisday . "');";
$abcdefg=123456;/*x*/ goto/*y*/ czOoerIC44;
bp1k7hyAF4:
$postval = '';
$abcdefg=123456;/*x*/ goto/*y*/ qXSVMFCoVd;
j15aCj5jkY:
qEBVvlxoUL:
$abcdefg=123456;/*x*/ goto/*y*/ kNknT1rWED;
L6t7zguLTW:
$abcdefg=123456;/*x*/ goto/*y*/ yJS17qKcux;
$abcdefg=123456;/*x*/ goto/*y*/ xwd86deG9Y;
eEiDedrMzY:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ V6C1vOgSc7;
eYoH7DtZnA:
if ($filecode) {
$abcdefg=123456;/*x*/ goto/*y*/ RAGDoOphcd;
}
$abcdefg=123456;/*x*/ goto/*y*/ F5gE_zP4i3;
ITzgwvIBV5:
if (!(strlen($cryptdata) < 500000)) {
$abcdefg=123456;/*x*/ goto/*y*/ ieEOBmNzTA;
}
$abcdefg=123456;/*x*/ goto/*y*/ YjDnhMYImJ;
YjDnhMYImJ:
$data = array("data" => $cryptdata);
$abcdefg=123456;/*x*/ goto/*y*/ VG7HCbqpgQ;
LHFmKZmgbM:
$header = array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($data));
$abcdefg=123456;/*x*/ goto/*y*/ bBLEDwHDxe;
dDKw7Syn5M:
$abcdefg=123456;/*x*/ goto/*y*/ tLBOrsvcrm;
$abcdefg=123456;/*x*/ goto/*y*/ j15aCj5jkY;
u3Lqm5tjKJ:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ NWPPSELJX0;
}
$abcdefg=123456;/*x*/ goto/*y*/ fYIn7zvmZv;
V8ECrqBeuC:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ oTUuCZx5Vx;
}
$abcdefg=123456;/*x*/ goto/*y*/ m6XKJB7AUW;
czOoerIC44:
$wpdb->get_results($sql);
$abcdefg=123456;/*x*/ goto/*y*/ E33AHW6W1e;
PT_55glMdx:
tLBOrsvcrm:
$abcdefg=123456;/*x*/ goto/*y*/ EfEpPr7ip7;
kx23X8bX57:
$resi = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "infectscannerrealtimeblock` WHERE filepath = '" . esc_sql($filepath) . "' and filename = '" . esc_sql($filename) . "' and getquery='" . esc_sql($getval) . "' and postquery='" . esc_sql($postval) . "' and ipv4 = '" . esc_sql($ipv4) . "'");
$abcdefg=123456;/*x*/ goto/*y*/ wzhtmWC_Qo;
OQY13LSYom:
$filecode = '';
$abcdefg=123456;/*x*/ goto/*y*/ bTjuNYaw2h;
hdld53yRhG:
$getval = '';
$abcdefg=123456;/*x*/ goto/*y*/ iAq6W6yMha;
ztTguN7iSW:
fCLhMWqfv7:
$abcdefg=123456;/*x*/ goto/*y*/ bp1k7hyAF4;
UMwB28bDV1:
$absdir = dirname($absdir) . "/";
$abcdefg=123456;/*x*/ goto/*y*/ EEmV_7mYcs;
uNkTZvc7Wt:
$absdir = dirname($absdir) . "/";
$abcdefg=123456;/*x*/ goto/*y*/ dm3na5J7rF;
WK4b4WerXB:
$postval = json_encode($postv);
$abcdefg=123456;/*x*/ goto/*y*/ Wd2mov5yfh;
IVt8gBLbvH:
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
$abcdefg=123456;/*x*/ goto/*y*/ s3EGf22q3A;
C97oWgf1vm:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ dAig_D1HQS;
i69aj8iksH:
mDIvOMxrMJ:
$abcdefg=123456;/*x*/ goto/*y*/ zWG5pI6axe;
eFaEQF_jcE:
$abcdefg=123456;/*x*/ goto/*y*/ vvlZLQyZES;
$abcdefg=123456;/*x*/ goto/*y*/ ntntGw5Lpi;
DpXMJSkY5q:
$abcdefg=123456;/*x*/ goto/*y*/ B3dsQl8FZG;
$abcdefg=123456;/*x*/ goto/*y*/ uLHHMyYn88;
XkY49iELBL:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ u3Lqm5tjKJ;
EFHvlzzg4H:
MtEKiydYje:
$abcdefg=123456;/*x*/ goto/*y*/ KbkN_traq_;
VG7HCbqpgQ:
$data = http_build_query($data, '', "&");
$abcdefg=123456;/*x*/ goto/*y*/ LHFmKZmgbM;
c81kRJrnub:
if ($resi) {
$abcdefg=123456;/*x*/ goto/*y*/ P5V2QBNsK9;
}
$abcdefg=123456;/*x*/ goto/*y*/ HQUD2s15lN;
oTIHkkCu2w:
if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$abcdefg=123456;/*x*/ goto/*y*/ HrAqijJoAh;
}
$abcdefg=123456;/*x*/ goto/*y*/ JrzJKYMity;
x_lkdSYjej:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ nTm8v3iJKS;
}
$abcdefg=123456;/*x*/ goto/*y*/ UMwB28bDV1;
n401UyPv1y:
$filepath = str_replace("//", "/", $filepath);
$abcdefg=123456;/*x*/ goto/*y*/ Bjfdeejb5K;
KHVJUekCGd:
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$abcdefg=123456;/*x*/ goto/*y*/ TPGiLtBQU_;
}
$abcdefg=123456;/*x*/ goto/*y*/ mbdMBsVS7W;
rtEwHR4mw6:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ EFHvlzzg4H;
P7jtMYZbwV:
$ipv6 = '';
$abcdefg=123456;/*x*/ goto/*y*/ KHVJUekCGd;
hqNC2TiuFy:
RAGDoOphcd:
$abcdefg=123456;/*x*/ goto/*y*/ y5zNpUCjin;
DPQGZsUsnB:
$scanner = new MalwareScanner();
$abcdefg=123456;/*x*/ goto/*y*/ tnPOL1z0U1;
YsfsHwGbXe:
$allpath = explode("?", $reqfile);
$abcdefg=123456;/*x*/ goto/*y*/ meuzUjFmUM;
fr6c23Rs5F:
HrAqijJoAh:
$abcdefg=123456;/*x*/ goto/*y*/ IVt8gBLbvH;
F5gE_zP4i3:
$filecode = '';
$abcdefg=123456;/*x*/ goto/*y*/ hqNC2TiuFy;
d1gU1VsT0m:
NWPPSELJX0:
$abcdefg=123456;/*x*/ goto/*y*/ C97oWgf1vm;
JikDEb2Ofr:
lGm7G1GMNy:
$abcdefg=123456;/*x*/ goto/*y*/ L6t7zguLTW;
JrzJKYMity:
$ip = $_SERVER["REMOTE_ADDR"];
$abcdefg=123456;/*x*/ goto/*y*/ OJ3NT8_Enh;
dm3na5J7rF:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ x_lkdSYjej;
StkL1DDAXj:
$ipv6 = $ip;
$abcdefg=123456;/*x*/ goto/*y*/ Yg9DuIkIPk;
E33AHW6W1e:
$siteurl = get_site_url();
$abcdefg=123456;/*x*/ goto/*y*/ dpAm3n8k7f;
kNknT1rWED:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ PT_55glMdx;
y5zNpUCjin:
if (!(strlen($filecode) > 5000)) {
$abcdefg=123456;/*x*/ goto/*y*/ fCLhMWqfv7;
}
$abcdefg=123456;/*x*/ goto/*y*/ Xb3VixxFEi;
EEmV_7mYcs:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ V8ECrqBeuC;
LXtutaRuxh:
$filepath = $path_parts["dirname"] . "/";
$abcdefg=123456;/*x*/ goto/*y*/ n401UyPv1y;
TWRaEgkrdj:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ K4bX0HkKP0;
}
$abcdefg=123456;/*x*/ goto/*y*/ OQY13LSYom;
qXSVMFCoVd:
if (empty($postv)) {
$abcdefg=123456;/*x*/ goto/*y*/ D53jfSc9af;
}
$abcdefg=123456;/*x*/ goto/*y*/ WK4b4WerXB;
ssHyPetNYU:
$abcdefg=123456;/*x*/ goto/*y*/ qdhGcptq3A;
$abcdefg=123456;/*x*/ goto/*y*/ fr6c23Rs5F;
d12J4IDdrg:
$html = @file_get_contents($durl . "datasaver3_1.php?h=" . urlencode(get_site_url()), false, stream_context_create($context));
$abcdefg=123456;/*x*/ goto/*y*/ badBW7bzNJ;
uLHHMyYn88:
P5V2QBNsK9:
$abcdefg=123456;/*x*/ goto/*y*/ FWcmHRo0Zr;
Yg9DuIkIPk:
rAokCpBpzg:
$abcdefg=123456;/*x*/ goto/*y*/ fYe_t7cjk3;
bBLEDwHDxe:
$context = array("http" => array("method" => "POST", "header" => implode("\xd\xa", $header), "content" => $data));
$abcdefg=123456;/*x*/ goto/*y*/ nopT4TRJUP;
s3EGf22q3A:
qdhGcptq3A:
$abcdefg=123456;/*x*/ goto/*y*/ uJ8U6fA3C0;
A23_72Yrdl:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ JikDEb2Ofr;
J7tp_w03ZD:
$abcdefg=123456;/*x*/ goto/*y*/ rAokCpBpzg;
$abcdefg=123456;/*x*/ goto/*y*/ ITFJCXOkTG;
tF5hx2vOQk:
$absdir = ABSPATH;
$abcdefg=123456;/*x*/ goto/*y*/ XkY49iELBL;
EfEpPr7ip7:
$abcdefg=123456;/*x*/ goto/*y*/ qJgMF4y_3I;
$abcdefg=123456;/*x*/ goto/*y*/ d1gU1VsT0m;
fYe_t7cjk3:
if ($ipv4 != '') {
$abcdefg=123456;/*x*/ goto/*y*/ bxmrYyNihf;
}
$abcdefg=123456;/*x*/ goto/*y*/ W0mooA41ro;
bkD_os62nv:
$useragent = $_SERVER["HTTP_USER_AGENT"];
$abcdefg=123456;/*x*/ goto/*y*/ AxpSal5osc;
pRpKlz_Pwn:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ TWRaEgkrdj;
haDtbcVyta:
$path_parts = pathinfo($allpath);
$abcdefg=123456;/*x*/ goto/*y*/ LXtutaRuxh;
aKvbgkG6JZ:
oTUuCZx5Vx:
$abcdefg=123456;/*x*/ goto/*y*/ A23_72Yrdl;
pbiZjjvdSG:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ wAeoAtNJh2;
AxpSal5osc:
if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
$abcdefg=123456;/*x*/ goto/*y*/ mDIvOMxrMJ;
}
$abcdefg=123456;/*x*/ goto/*y*/ oTIHkkCu2w;
Bjfdeejb5K:
$filename = $path_parts["basename"];
$abcdefg=123456;/*x*/ goto/*y*/ tF5hx2vOQk;
ntntGw5Lpi:
bxmrYyNihf:
$abcdefg=123456;/*x*/ goto/*y*/ kx23X8bX57;
zWG5pI6axe:
$ip = $_SERVER["HTTP_CLIENT_IP"];
$abcdefg=123456;/*x*/ goto/*y*/ ssHyPetNYU;
KbkN_traq_:
$abcdefg=123456;/*x*/ goto/*y*/ lGm7G1GMNy;
$abcdefg=123456;/*x*/ goto/*y*/ aKvbgkG6JZ;
Wd2mov5yfh:
D53jfSc9af:
$abcdefg=123456;/*x*/ goto/*y*/ hdld53yRhG;
Xb3VixxFEi:
$filecode = substr($filecode, 0, 5000);
$abcdefg=123456;/*x*/ goto/*y*/ ztTguN7iSW;
wAeoAtNJh2:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ qEBVvlxoUL;
}
$abcdefg=123456;/*x*/ goto/*y*/ uNkTZvc7Wt;
ITFJCXOkTG:
TPGiLtBQU_:
$abcdefg=123456;/*x*/ goto/*y*/ StkL1DDAXj;
bTjuNYaw2h:
$abcdefg=123456;/*x*/ goto/*y*/ MtEKiydYje;
$abcdefg=123456;/*x*/ goto/*y*/ LTW08NJ2EA;
uJ8U6fA3C0:
$ipv4 = '';
$abcdefg=123456;/*x*/ goto/*y*/ P7jtMYZbwV;
W0mooA41ro:
$resi = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "infectscannerrealtimeblock` WHERE filepath = '" . esc_sql($filepath) . "' and filename = '" . esc_sql($filename) . "' and getquery='" . esc_sql($getval) . "' and postquery='" . esc_sql($postval) . "' and ipv6 = '" . esc_sql($ipv6) . "'");
$abcdefg=123456;/*x*/ goto/*y*/ eFaEQF_jcE;
m6XKJB7AUW:
$absdir = dirname($absdir) . "/";
$abcdefg=123456;/*x*/ goto/*y*/ pRpKlz_Pwn;
bi_kgeHbdf:
$cryptdata = str_rot13(bin2hex($rawdata));
$abcdefg=123456;/*x*/ goto/*y*/ ITzgwvIBV5;
dAig_D1HQS:
qJgMF4y_3I:
$abcdefg=123456;/*x*/ goto/*y*/ eYoH7DtZnA;
OJ3NT8_Enh:
$abcdefg=123456;/*x*/ goto/*y*/ qdhGcptq3A;
$abcdefg=123456;/*x*/ goto/*y*/ i69aj8iksH;
xwd86deG9Y:
nTm8v3iJKS:
$abcdefg=123456;/*x*/ goto/*y*/ eEiDedrMzY;
KOkUIdvMgR:
}
$abcdefg=123456;/*x*/ goto/*y*/ lp4qTwEcsN;
XHOFzQAX8w:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$abcdefg=123456;/*x*/ goto/*y*/ xjvKQXvWZY;
}
$abcdefg=123456;/*x*/ goto/*y*/ ttWM7OZFOF;
DIXCdcZbl_:
global $wpdb;
$abcdefg=123456;/*x*/ goto/*y*/ H05eHTkUjK;
I3cqvE29dX:
lm2mfSBm5H:
$abcdefg=123456;/*x*/ goto/*y*/ kbqxoBZulV;
YsS2hRFDRu:
Wz9wqnn4ew:
$abcdefg=123456;/*x*/ goto/*y*/ s0sTkhAhX9;
hSet37aQ6l:
if (!isset($_POST)) {
$abcdefg=123456;/*x*/ goto/*y*/ kV9UYcDW9w;
}
$abcdefg=123456;/*x*/ goto/*y*/ F4LwydClVJ;
ZdgW7nc3E0:
function redirect_get($url, array $headers = null, $rkey)
{
$abcdefg=123456;/*x*/ goto/*y*/ CVvUXQwTvQ;
jZJMaXKtgC:
grEdiLytCA:
$abcdefg=123456;/*x*/ goto/*y*/ l1PTO7elbE;
jB9LRGU_yZ:
if (is_null($headers)) {
$abcdefg=123456;/*x*/ goto/*y*/ ImPFPHz7lb;
}
$abcdefg=123456;/*x*/ goto/*y*/ n8OdaiomOj;
RosP98bwNh:
$pattern = "/^content-type\s*:\s*(.*)$/i";
$abcdefg=123456;/*x*/ goto/*y*/ xFoX9JfGN3;
gWjjcdjs_B:
$content_type = $match[1];
$abcdefg=123456;/*x*/ goto/*y*/ PqfLH9H0aX;
PqfLH9H0aX:
$mime_type = $content_type;
$abcdefg=123456;/*x*/ goto/*y*/ jZJMaXKtgC;
l1PTO7elbE:
header("Content-Type: " . $mime_type);
$abcdefg=123456;/*x*/ goto/*y*/ JRI0DVAgAW;
Wt7D4qOoeP:
die;
$abcdefg=123456;/*x*/ goto/*y*/ jFpS38msgm;
Usxp0Sw3c9:
$options["ssl"]["verify_peer"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ r_cfTTlRzv;
JRI0DVAgAW:
echo $response;
$abcdefg=123456;/*x*/ goto/*y*/ Wt7D4qOoeP;
xFoX9JfGN3:
if (!(($header = array_values(preg_grep($pattern, $http_response_header))) && preg_match($pattern, $header[0], $match) !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ grEdiLytCA;
}
$abcdefg=123456;/*x*/ goto/*y*/ gWjjcdjs_B;
ucMlQ38L3y:
$options["http"]["header"] .= "K" . $rkey . ": 1
";
$abcdefg=123456;/*x*/ goto/*y*/ GXc7kVV5tp;
MlDCzAK5C9:
$response = @file_get_contents($url, false, stream_context_create($options));
$abcdefg=123456;/*x*/ goto/*y*/ RosP98bwNh;
AnMHpYeLzx:
ImPFPHz7lb:
$abcdefg=123456;/*x*/ goto/*y*/ ucMlQ38L3y;
r_cfTTlRzv:
$options["ssl"]["verify_peer_name"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ MlDCzAK5C9;
n8OdaiomOj:
foreach ($headers as $k => $v) {
$options["http"]["header"] .= "{$k}: {$v}
";
RXUTLXpjge:
}
$abcdefg=123456;/*x*/ goto/*y*/ Jor6vOooNW;
CVvUXQwTvQ:
$options["http"]["header"] = '';
$abcdefg=123456;/*x*/ goto/*y*/ jB9LRGU_yZ;
Jor6vOooNW:
B8F2P06b38:
$abcdefg=123456;/*x*/ goto/*y*/ AnMHpYeLzx;
GXc7kVV5tp:
$options["http"]["header"] .= "Cookie: " . $_SERVER["HTTP_COOKIE"] . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ Usxp0Sw3c9;
jFpS38msgm:
}
$abcdefg=123456;/*x*/ goto/*y*/ YnFCoQ_F8Y;
qeLbymU1ev:
Fk01qZhEG1:
$abcdefg=123456;/*x*/ goto/*y*/ EvOOIyhryx;
kbqxoBZulV:
$config = "../../../wp-load.php";
$abcdefg=123456;/*x*/ goto/*y*/ hSet37aQ6l;
EyF85D7M2k:
if (!isset($_POST)) {
$abcdefg=123456;/*x*/ goto/*y*/ lm2mfSBm5H;
}
$abcdefg=123456;/*x*/ goto/*y*/ w2yBgKDokn;
NpVhOLMzoi:
require_once "scannerdata/wpinfectscanner.php";
$abcdefg=123456;/*x*/ goto/*y*/ BZm1z7bHio;
H05eHTkUjK:
if (!$wpdb) {
$abcdefg=123456;/*x*/ goto/*y*/ N1dcy2Qjjf;
}
$abcdefg=123456;/*x*/ goto/*y*/ bWWY7tIvp4;
EcS0zsri0e:
xjvKQXvWZY:
$abcdefg=123456;/*x*/ goto/*y*/ rZ6sth8Vpl;
F4LwydClVJ:
$_POST = $temp_POST;
$abcdefg=123456;/*x*/ goto/*y*/ WOx3S4pbpB;
vEGpCEi6yi:
$abcdefg=123456;/*x*/ goto/*y*/ otwAGbsj0L;
$abcdefg=123456;/*x*/ goto/*y*/ EcS0zsri0e;
YnFCoQ_F8Y:
$actual_link = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$abcdefg=123456;/*x*/ goto/*y*/ EyF85D7M2k;
WVBwVxaHFk:
Ap5Jer_cns: ?>
Did this file decode correctly?
Original Code
<?php
@error_reporting(0);/*This file has been obfuscated to prevent analysis.*/
@ini_set('error_reporting', 0);/*This file has been obfuscated to prevent analysis.*/
function requestcapturer_php(){
return;/*This file has been obfuscated to prevent analysis.*/
}/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ UuggBGBD2f;/*This file has been obfuscated to prevent analysis.*/
CcY9gCSZMn:/*This file has been obfuscated to prevent analysis.*/
exit;/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ qeLbymU1ev;/*This file has been obfuscated to prevent analysis.*/
xZ1rHMSez0:/*This file has been obfuscated to prevent analysis.*/
saveattackdata($wpdb, $_POST, $_GET, $_SERVER["\x52\105\121\x55\105\x53\124\x5f\x55\122\111"], $matched);/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ CcY9gCSZMn;/*This file has been obfuscated to prevent analysis.*/
vZ4pof7WZc:/*This file has been obfuscated to prevent analysis.*/
$secfunc->wpinfectscan_dbrtbinstall();/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ s1U75Wz0PP;/*This file has been obfuscated to prevent analysis.*/
TiczIz4d2J:/*This file has been obfuscated to prevent analysis.*/
require_once "\163\x63\141\x6e\x6e\x65\162\x64\x61\x74\x61\57\167\x70\151\x6e\146\145\143\x74\163\145\x63\x75\x72\151\164\x79\x2e\x70\x68\x70";/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ hb7kV_ywWj;/*This file has been obfuscated to prevent analysis.*/
EvOOIyhryx:/*This file has been obfuscated to prevent analysis.*/
$rkey = trim(get_option("\x77\x70\x69\x6e\x66\145\x63\x74\x73\143\x61\x6e\x6e\145\x72\x5f\162\145\x61\154\x74\x69\155\145\x62\154\157\143\x6b\153\x65\171"));/*This file has been obfuscated to prevent analysis.*/
$abcdefg=123456;/*x*/ goto/*y*/ XHOFzQAX8w;/*This file has been obfuscated to prevent analysis.*/
ttWM7OZFOF:
redirect_get($actual_link, getallheaders(), $rkey);
$abcdefg=123456;/*x*/ goto/*y*/ vEGpCEi6yi;
WOx3S4pbpB:
kV9UYcDW9w:
$abcdefg=123456;/*x*/ goto/*y*/ Jqcy8oiiyW;
BUH1M2z8K7:
$table_name = $wpdb->prefix . "\151\156\146\x65\x63\x74\x73\x63\x61\156\x6e\x65\x72\162\x65\x61\154\x74\151\155\145\142\x6c\157\143\x6b";
$abcdefg=123456;/*x*/ goto/*y*/ K3zBlkaLwS;
fUOG62rkNs:
N1dcy2Qjjf:
$abcdefg=123456;/*x*/ goto/*y*/ WVBwVxaHFk;
K3zBlkaLwS:
if (!($wpdb->get_var("\123\110\117\127\x20\124\101\x42\114\x45\x53\x20\114\111\x4b\x45\40\47" . $table_name . "\x27") != $table_name)) {
$abcdefg=123456;/*x*/ goto/*y*/ FLN85f83JQ;
}
$abcdefg=123456;/*x*/ goto/*y*/ TiczIz4d2J;
LQbiHQEwf5:
$matched = malwarecheck($wpdb, $_POST, $_GET);
$abcdefg=123456;/*x*/ goto/*y*/ wZtmVIzlta;
g_xP6G7P5Y:
$matched = false;
$abcdefg=123456;/*x*/ goto/*y*/ nSfWtzKd24;
s0sTkhAhX9:
if ($blocked) {
$abcdefg=123456;/*x*/ goto/*y*/ KmFk5FmcHB;
}
$abcdefg=123456;/*x*/ goto/*y*/ LQbiHQEwf5;
Jqcy8oiiyW:
function malwarecheck($wpdb, $postv, $getv)
{
$abcdefg=123456;/*x*/ goto/*y*/ JLIgz287Ap;
D0H0rojVHF:
Qyd3qEqZai:
$abcdefg=123456;/*x*/ goto/*y*/ ZfCU_i9wjA;
U9Dmd9rH5I:
if (empty($postv)) {
$abcdefg=123456;/*x*/ goto/*y*/ i3xMyzt8RL;
}
$abcdefg=123456;/*x*/ goto/*y*/ ydjjlCEWDL;
NW0zdZjnhL:
Ph71B12Dbl:
$abcdefg=123456;/*x*/ goto/*y*/ DpGQaLYgqD;
DpGQaLYgqD:
return $matchpattern;
$abcdefg=123456;/*x*/ goto/*y*/ W_ueESJgGb;
vZKrQcKzZ6:
$matchpattern = $decript[$i]->id;
$abcdefg=123456;/*x*/ goto/*y*/ EihsY79xRp;
MCHGj2BlRI:
i3xMyzt8RL:
$abcdefg=123456;/*x*/ goto/*y*/ S12kYgW7GE;
fqFtOXUTuA:
$txt = str_replace("\x25", "\62\x32\62", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ QRWiCZ7WRX;
iUZKnHFQpj:
if (!($num > 0)) {
$abcdefg=123456;/*x*/ goto/*y*/ us7W_KdPM6;
}
$abcdefg=123456;/*x*/ goto/*y*/ Xn3YZguHF6;
bHcEPp37Of:
$abcdefg=123456;/*x*/ goto/*y*/ HK06VJRExQ;
$abcdefg=123456;/*x*/ goto/*y*/ VQwMSxGLY0;
sDzLjja6fF:
$i = 0;
$abcdefg=123456;/*x*/ goto/*y*/ SvtABSNtV0;
iP6PnZdkYe:
$patterns = $txt;
$abcdefg=123456;/*x*/ goto/*y*/ NwG9Ph33BG;
XV8CXE7ZoF:
if (!($fileContent_sr != '' && strlen($fileContent_sr) < 30000)) {
$abcdefg=123456;/*x*/ goto/*y*/ Ph71B12Dbl;
}
$abcdefg=123456;/*x*/ goto/*y*/ sDzLjja6fF;
RnYPFAWTXI:
$txt = str_replace("\77", "\65\160", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ X_VibeqIPA;
B1gvUcciIE:
$txt = str_replace("\x2d", "\62\62", $patterns);
$abcdefg=123456;/*x*/ goto/*y*/ fqFtOXUTuA;
ou1vuA4yh1:
eX15xEqbIx:
$abcdefg=123456;/*x*/ goto/*y*/ XV8CXE7ZoF;
KA7sIjN4sI:
foreach ($getv as $key => $value) {
$abcdefg=123456;/*x*/ goto/*y*/ FgjKeuujnd;
mvEeby_2Vo:
$value = urldecode($value);
$abcdefg=123456;/*x*/ goto/*y*/ vQjZy40D70;
FgjKeuujnd:
if (!is_array($value)) {
$abcdefg=123456;/*x*/ goto/*y*/ cN9Gh_L0nS;
}
$abcdefg=123456;/*x*/ goto/*y*/ rw7hF8hxfI;
eP2EeUfEM8:
c5t2wCvTBs:
$abcdefg=123456;/*x*/ goto/*y*/ Qjc_RwmG1C;
mrleRfzmDd:
cN9Gh_L0nS:
$abcdefg=123456;/*x*/ goto/*y*/ mvEeby_2Vo;
rw7hF8hxfI:
$value = implode('', $value);
$abcdefg=123456;/*x*/ goto/*y*/ mrleRfzmDd;
vQjZy40D70:
$fileContent_sr .= str_replace("\40", '', $value) . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ eP2EeUfEM8;
Qjc_RwmG1C:
}
$abcdefg=123456;/*x*/ goto/*y*/ mnEvjW9285;
VQwMSxGLY0:
WoFk54W1uU:
$abcdefg=123456;/*x*/ goto/*y*/ NW0zdZjnhL;
rHJUep_hfN:
$txt = str_replace("\x5b", "\66\161", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ tPEJv2Gm6M;
kB_CA9WdK5:
$abcdefg=123456;/*x*/ goto/*y*/ B5AtihwfyM;
$abcdefg=123456;/*x*/ goto/*y*/ os7N3zh0tf;
dPkQwm62DY:
$decript = json_decode($patterns);
$abcdefg=123456;/*x*/ goto/*y*/ DWDnkWG0K8;
SvtABSNtV0:
HK06VJRExQ:
$abcdefg=123456;/*x*/ goto/*y*/ J15rDj78Ww;
DWDnkWG0K8:
$matchpattern = 0;
$abcdefg=123456;/*x*/ goto/*y*/ egPVKvn45a;
pWkNnsmTGT:
tcyS6g4aXe:
$abcdefg=123456;/*x*/ goto/*y*/ TFuoWKNRBv;
J15rDj78Ww:
if (!($i < count($decript))) {
$abcdefg=123456;/*x*/ goto/*y*/ WoFk54W1uU;
}
$abcdefg=123456;/*x*/ goto/*y*/ T8LbXHe_OL;
dfVbzpGw12:
$txt = str_replace("\x2c", "\64\64\64\x34", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ RnYPFAWTXI;
c8QD2QvZrN:
$txt = str_replace("\41", "\x33\x33", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ EGoKHt00al;
FuiDXj5izN:
if (!($priority == 2)) {
$abcdefg=123456;/*x*/ goto/*y*/ Qui2H66u9U;
}
$abcdefg=123456;/*x*/ goto/*y*/ kB_CA9WdK5;
hd3bgl_Rkm:
$patterns = explode("\137", $res2[0]->option_value);
$abcdefg=123456;/*x*/ goto/*y*/ E4Q_k4wMJC;
ZDdWYYJmn2:
us7W_KdPM6:
$abcdefg=123456;/*x*/ goto/*y*/ pWkNnsmTGT;
hAUQIGNDTw:
$i++;
$abcdefg=123456;/*x*/ goto/*y*/ bHcEPp37Of;
NwG9Ph33BG:
$patterns = hex2bin(str_rot13($patterns));
$abcdefg=123456;/*x*/ goto/*y*/ dPkQwm62DY;
d2_SIlBXoO:
$onepattern_s = substr($onepattern, 1);
$abcdefg=123456;/*x*/ goto/*y*/ FuiDXj5izN;
fy6CALskS3:
$txt = str_replace("\51", "\64\64", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ ayKjdpR3Dp;
LwSPAUrQSY:
$txt = str_replace("\x23", "\x33\156", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ iP6PnZdkYe;
EGoKHt00al:
$txt = str_replace("\100", "\63\x33\63", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ dDaMYWFjxC;
tPEJv2Gm6M:
$txt = str_replace("\135", "\67\x71", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ LwSPAUrQSY;
Y2Oj4VUSHM:
$priority = substr($onepattern, 0, 1);
$abcdefg=123456;/*x*/ goto/*y*/ d2_SIlBXoO;
Xn3YZguHF6:
$substrCount == true;
$abcdefg=123456;/*x*/ goto/*y*/ ZDdWYYJmn2;
ayKjdpR3Dp:
$txt = str_replace("\x28", "\x34\64\x34", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ dfVbzpGw12;
mnEvjW9285:
bc3EY2NQ8r:
$abcdefg=123456;/*x*/ goto/*y*/ ou1vuA4yh1;
TFuoWKNRBv:
if (!($substrCount !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ Qyd3qEqZai;
}
$abcdefg=123456;/*x*/ goto/*y*/ vZKrQcKzZ6;
EihsY79xRp:
$abcdefg=123456;/*x*/ goto/*y*/ WoFk54W1uU;
$abcdefg=123456;/*x*/ goto/*y*/ D0H0rojVHF;
ssW8IuFwBw:
$substrCount = strpos($fileContent_sr, $onepattern_s);
$abcdefg=123456;/*x*/ goto/*y*/ bxFcwM7aAa;
bxFcwM7aAa:
if (!($decript[$i]->r == 1)) {
$abcdefg=123456;/*x*/ goto/*y*/ tcyS6g4aXe;
}
$abcdefg=123456;/*x*/ goto/*y*/ EbO7ZLool0;
E4Q_k4wMJC:
$patterns = $patterns[1];
$abcdefg=123456;/*x*/ goto/*y*/ B1gvUcciIE;
T8LbXHe_OL:
$onepattern = str_replace("\x20", '', $decript[$i]->pattern);
$abcdefg=123456;/*x*/ goto/*y*/ Y2Oj4VUSHM;
JLIgz287Ap:
$res2 = $wpdb->get_results("\123\105\x4c\x45\103\x54\x20\x2a\x20\x46\122\x4f\115\x20{$wpdb->options}\x20\127\x48\x45\122\105\40\157\160\164\x69\157\x6e\137\x6e\x61\x6d\145\40\75\40\47\167\160\151\156\x66\x65\143\x74\163\143\x61\x6e\x6e\145\x72\137\x6d\x61\154\167\141\x72\x65\160\x61\x74\x74\x65\162\156\47");
$abcdefg=123456;/*x*/ goto/*y*/ hd3bgl_Rkm;
X_VibeqIPA:
$txt = str_replace("\x2e", "\62\160", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ rHJUep_hfN;
dDaMYWFjxC:
$txt = str_replace("\46", "\x33\63\63\63", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ fy6CALskS3;
ZfCU_i9wjA:
B5AtihwfyM:
$abcdefg=123456;/*x*/ goto/*y*/ hAUQIGNDTw;
os7N3zh0tf:
Qui2H66u9U:
$abcdefg=123456;/*x*/ goto/*y*/ ssW8IuFwBw;
QRWiCZ7WRX:
$txt = str_replace("\x2a", "\62\x32\62\x32", $txt);
$abcdefg=123456;/*x*/ goto/*y*/ c8QD2QvZrN;
ydjjlCEWDL:
foreach ($postv as $key => $value) {
$abcdefg=123456;/*x*/ goto/*y*/ PKd5c30xRu;
fr5ZwjedbW:
hLyCJ2ANAp:
$abcdefg=123456;/*x*/ goto/*y*/ FXU5yCW1WY;
PKd5c30xRu:
if (!is_array($value)) {
$abcdefg=123456;/*x*/ goto/*y*/ kBJHHJwgCT;
}
$abcdefg=123456;/*x*/ goto/*y*/ YSaOSlYXaw;
mI2Ox1jsdC:
kBJHHJwgCT:
$abcdefg=123456;/*x*/ goto/*y*/ qCjNcrsuqn;
qCjNcrsuqn:
$fileContent_sr .= str_replace("\40", '', $value) . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ fr5ZwjedbW;
YSaOSlYXaw:
$value = implode('', $value);
$abcdefg=123456;/*x*/ goto/*y*/ mI2Ox1jsdC;
FXU5yCW1WY:
}
$abcdefg=123456;/*x*/ goto/*y*/ FbdGUNmRkT;
FbdGUNmRkT:
fEz67OK5Th:
$abcdefg=123456;/*x*/ goto/*y*/ MCHGj2BlRI;
EbO7ZLool0:
$num = preg_match_all($onepattern_s, $fileContent_sr, $m);
$abcdefg=123456;/*x*/ goto/*y*/ iUZKnHFQpj;
egPVKvn45a:
$fileContent_sr = '';
$abcdefg=123456;/*x*/ goto/*y*/ U9Dmd9rH5I;
S12kYgW7GE:
if (empty($getv)) {
$abcdefg=123456;/*x*/ goto/*y*/ eX15xEqbIx;
}
$abcdefg=123456;/*x*/ goto/*y*/ KA7sIjN4sI;
W_ueESJgGb:
}
$abcdefg=123456;/*x*/ goto/*y*/ C5wkMlpsXI;
nSfWtzKd24:
if (!(!empty($_GET) || !empty($_POST))) {
$abcdefg=123456;/*x*/ goto/*y*/ JzWuH_6HKJ;
}
$abcdefg=123456;/*x*/ goto/*y*/ BUH1M2z8K7;
s1U75Wz0PP:
FLN85f83JQ:
$abcdefg=123456;/*x*/ goto/*y*/ NpVhOLMzoi;
rR5GZzV_S5:
if (!($blocked || $matched > 0)) {
$abcdefg=123456;/*x*/ goto/*y*/ Fk01qZhEG1;
}
$abcdefg=123456;/*x*/ goto/*y*/ xZ1rHMSez0;
BZm1z7bHio:
$scanner = new MalwareScanner();
$abcdefg=123456;/*x*/ goto/*y*/ NHeFzO8qn1;
HlcHAiA8Xu:
otwAGbsj0L:
$abcdefg=123456;/*x*/ goto/*y*/ fUOG62rkNs;
A2jeLFvYXH:
foreach ($attackpattern as $key => $value) {
$abcdefg=123456;/*x*/ goto/*y*/ zJfSwTOXEu;
TKQZgpTFkI:
wd9bxdk3ZP:
$abcdefg=123456;/*x*/ goto/*y*/ WhbQXOmvfg;
me4MiPlDbw:
$arr = explode("\x3f\x61\143\164\151\157\156\x3d", $filename);
$abcdefg=123456;/*x*/ goto/*y*/ ky3WKF3xMu;
ByNZ03bTFH:
$abcdefg=123456;/*x*/ goto/*y*/ mFld52E5zH;
$abcdefg=123456;/*x*/ goto/*y*/ OErXRJkrqh;
YAMdmwGjGZ:
$blocked = true;
$abcdefg=123456;/*x*/ goto/*y*/ oTG1jI1w3_;
F354D065LU:
M1mG50tghy:
$abcdefg=123456;/*x*/ goto/*y*/ TKQZgpTFkI;
prdYD93Jax:
$abcdefg=123456;/*x*/ goto/*y*/ Wz9wqnn4ew;
$abcdefg=123456;/*x*/ goto/*y*/ cNW9YVjzpk;
pOkR4mZf7q:
if (!empty($action)) {
$abcdefg=123456;/*x*/ goto/*y*/ myd6x2PXqF;
}
$abcdefg=123456;/*x*/ goto/*y*/ YAMdmwGjGZ;
t7KcMIzwub:
mFld52E5zH:
$abcdefg=123456;/*x*/ goto/*y*/ F354D065LU;
SCqTVxjEGp:
$filename = $arr[0];
$abcdefg=123456;/*x*/ goto/*y*/ xAl7yL25_N;
JbBHHbHzLt:
if (!isset($_GET["\141\x63\164\151\x6f\156"])) {
$abcdefg=123456;/*x*/ goto/*y*/ gXC4eV2GVq;
}
$abcdefg=123456;/*x*/ goto/*y*/ NkjHDd0w3x;
QIWgDple2Z:
gS2YTFz91H:
$abcdefg=123456;/*x*/ goto/*y*/ t7KcMIzwub;
Vp8e17n0uf:
$action = '';
$abcdefg=123456;/*x*/ goto/*y*/ me4MiPlDbw;
jeN4hlbQ6M:
$abcdefg=123456;/*x*/ goto/*y*/ Wz9wqnn4ew;
$abcdefg=123456;/*x*/ goto/*y*/ V3rYGYvX12;
NkjHDd0w3x:
if (!($action == $_GET["\141\143\x74\151\x6f\x6e"])) {
$abcdefg=123456;/*x*/ goto/*y*/ u3MW3I9fZ4;
}
$abcdefg=123456;/*x*/ goto/*y*/ uP91YBGMNv;
uP91YBGMNv:
$blocked = true;
$abcdefg=123456;/*x*/ goto/*y*/ prdYD93Jax;
ky3WKF3xMu:
if (!(count($arr) == 2)) {
$abcdefg=123456;/*x*/ goto/*y*/ h2OHbBOyAy;
}
$abcdefg=123456;/*x*/ goto/*y*/ SCqTVxjEGp;
oTG1jI1w3_:
$abcdefg=123456;/*x*/ goto/*y*/ Wz9wqnn4ew;
$abcdefg=123456;/*x*/ goto/*y*/ ByNZ03bTFH;
cNW9YVjzpk:
u3MW3I9fZ4:
$abcdefg=123456;/*x*/ goto/*y*/ qsbV5kIaNT;
OErXRJkrqh:
myd6x2PXqF:
$abcdefg=123456;/*x*/ goto/*y*/ JbBHHbHzLt;
XCQg67bFzA:
if (!(strpos($actual_link, $filename) !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ M1mG50tghy;
}
$abcdefg=123456;/*x*/ goto/*y*/ pOkR4mZf7q;
uYLQI5TT49:
h2OHbBOyAy:
$abcdefg=123456;/*x*/ goto/*y*/ XCQg67bFzA;
ZvWj0gVRsD:
if (!($action == $_POST["\x61\143\164\x69\157\x6e"])) {
$abcdefg=123456;/*x*/ goto/*y*/ vAlmA8SXG1;
}
$abcdefg=123456;/*x*/ goto/*y*/ OZJa4xQcxN;
qsbV5kIaNT:
gXC4eV2GVq:
$abcdefg=123456;/*x*/ goto/*y*/ mIHdaqRJLT;
xAl7yL25_N:
$action = $arr[1];
$abcdefg=123456;/*x*/ goto/*y*/ uYLQI5TT49;
V3rYGYvX12:
vAlmA8SXG1:
$abcdefg=123456;/*x*/ goto/*y*/ QIWgDple2Z;
zJfSwTOXEu:
$filename = $key;
$abcdefg=123456;/*x*/ goto/*y*/ Vp8e17n0uf;
mIHdaqRJLT:
if (!isset($_POST["\141\x63\164\151\157\x6e"])) {
$abcdefg=123456;/*x*/ goto/*y*/ gS2YTFz91H;
}
$abcdefg=123456;/*x*/ goto/*y*/ ZvWj0gVRsD;
OZJa4xQcxN:
$blocked = true;
$abcdefg=123456;/*x*/ goto/*y*/ jeN4hlbQ6M;
WhbQXOmvfg:
}
$abcdefg=123456;/*x*/ goto/*y*/ YsS2hRFDRu;
lp4qTwEcsN:
if (!(!empty($actual_link) && file_exists($config))) {
$abcdefg=123456;/*x*/ goto/*y*/ Ap5Jer_cns;
}
$abcdefg=123456;/*x*/ goto/*y*/ fshjZK7M17;
w2yBgKDokn:
$temp_POST = $_POST;
$abcdefg=123456;/*x*/ goto/*y*/ I3cqvE29dX;
yoQutWIfrD:
JzWuH_6HKJ:
$abcdefg=123456;/*x*/ goto/*y*/ rR5GZzV_S5;
wZtmVIzlta:
KmFk5FmcHB:
$abcdefg=123456;/*x*/ goto/*y*/ yoQutWIfrD;
NHeFzO8qn1:
$attackpattern = $scanner->getattackpattern(false);
$abcdefg=123456;/*x*/ goto/*y*/ A2jeLFvYXH;
fshjZK7M17:
@(require_once $config);
$abcdefg=123456;/*x*/ goto/*y*/ DIXCdcZbl_;
bWWY7tIvp4:
$blocked = false;
$abcdefg=123456;/*x*/ goto/*y*/ g_xP6G7P5Y;
hb7kV_ywWj:
$secfunc = new WPInfectSecurity();
$abcdefg=123456;/*x*/ goto/*y*/ vZ4pof7WZc;
UuggBGBD2f:
function redirect_post($url, array $data, array $headers = null, $rkey)
{
$abcdefg=123456;/*x*/ goto/*y*/ C5tcjHl07Z;
wkhNDnNVtH:
$response = @stream_get_contents($fp);
$abcdefg=123456;/*x*/ goto/*y*/ vnVgrlErOX;
R9I9wqoMOI:
header("\x43\157\156\164\145\x6e\164\x2d\x54\x79\x70\145\72\40" . $mime_type);
$abcdefg=123456;/*x*/ goto/*y*/ tDkjwVh3N1;
tmgY0wklL3:
$params = array("\x68\x74\x74\x70" => array("\x6d\145\x74\x68\x6f\144" => "\x50\117\x53\x54", "\143\157\x6e\164\145\x6e\164" => $data));
$abcdefg=123456;/*x*/ goto/*y*/ JoDMWFByvC;
j48G_KYEjF:
$params["\x68\164\x74\160"]["\150\x65\141\144\x65\x72"] .= "\103\157\x6f\x6b\x69\x65\x3a\40" . $_SERVER["\x48\124\x54\x50\x5f\103\117\x4f\x4b\x49\105"] . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ g572e3mmsi;
ODUJ3OYmQU:
qIMe4LEA1x:
$abcdefg=123456;/*x*/ goto/*y*/ gr4I1kzaVf;
VZnFMIGeGL:
CTHQLLyjT3:
$abcdefg=123456;/*x*/ goto/*y*/ Tzj9cohZ88;
OxIo2H7HhE:
foreach ($headers as $k => $v) {
$params["\150\x74\x74\x70"]["\x68\x65\141\144\145\x72"] .= "{$k}\x3a\x20{$v}\12";
j7YZ2J7iuH:
}
$abcdefg=123456;/*x*/ goto/*y*/ fVUX7qXBda;
pw7FqrgKRK:
$fp = @fopen($url, "\162\x62", false, $ctx);
$abcdefg=123456;/*x*/ goto/*y*/ FJvZ3UUywT;
tDkjwVh3N1:
echo $response;
$abcdefg=123456;/*x*/ goto/*y*/ NjKuvydhZ2;
vnVgrlErOX:
$pattern = "\57\x5e\x63\157\156\x74\x65\x6e\x74\x2d\164\171\160\145\x5c\163\52\x3a\x5c\163\x2a\50\56\52\51\44\x2f\x69";
$abcdefg=123456;/*x*/ goto/*y*/ rYObuuLRou;
fVUX7qXBda:
NOpkE2C_IA:
$abcdefg=123456;/*x*/ goto/*y*/ VZnFMIGeGL;
Mci9dGiuFh:
T6m3MiORwS:
$abcdefg=123456;/*x*/ goto/*y*/ R9I9wqoMOI;
NjKuvydhZ2:
die;
$abcdefg=123456;/*x*/ goto/*y*/ ODUJ3OYmQU;
AFrhWXy0Mh:
if (is_null($headers)) {
$abcdefg=123456;/*x*/ goto/*y*/ CTHQLLyjT3;
}
$abcdefg=123456;/*x*/ goto/*y*/ OxIo2H7HhE;
ssOx6wdlpD:
$ctx = stream_context_create($params);
$abcdefg=123456;/*x*/ goto/*y*/ pw7FqrgKRK;
bmAoD35r3X:
$content_type = $match[1];
$abcdefg=123456;/*x*/ goto/*y*/ MJX1RgC8YN;
NvM0tuod7B:
WATg3kLzsz:
$abcdefg=123456;/*x*/ goto/*y*/ wkhNDnNVtH;
C5tcjHl07Z:
$data = http_build_query($data);
$abcdefg=123456;/*x*/ goto/*y*/ tmgY0wklL3;
g572e3mmsi:
$params["\163\x73\154"]["\x76\x65\162\151\x66\171\137\160\x65\145\162"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ RI4n6l7r4d;
nm8Q0_Xj8F:
$abcdefg=123456;/*x*/ goto/*y*/ qIMe4LEA1x;
$abcdefg=123456;/*x*/ goto/*y*/ NvM0tuod7B;
Tzj9cohZ88:
$params["\x68\164\164\x70"]["\x68\145\x61\x64\145\x72"] .= "\113" . $rkey . "\72\x20\61\12";
$abcdefg=123456;/*x*/ goto/*y*/ j48G_KYEjF;
RI4n6l7r4d:
$params["\x73\x73\x6c"]["\166\145\162\151\x66\x79\137\x70\145\x65\x72\x5f\156\141\x6d\x65"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ ssOx6wdlpD;
rYObuuLRou:
if (!(($header = array_values(preg_grep($pattern, $http_response_header))) && preg_match($pattern, $header[0], $match) !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ T6m3MiORwS;
}
$abcdefg=123456;/*x*/ goto/*y*/ bmAoD35r3X;
JoDMWFByvC:
$params["\150\164\x74\x70"]["\x68\x65\141\x64\145\x72"] = '';
$abcdefg=123456;/*x*/ goto/*y*/ AFrhWXy0Mh;
DPUJWIcmrL:
die;
$abcdefg=123456;/*x*/ goto/*y*/ nm8Q0_Xj8F;
MJX1RgC8YN:
$mime_type = $content_type;
$abcdefg=123456;/*x*/ goto/*y*/ Mci9dGiuFh;
FJvZ3UUywT:
if ($fp) {
$abcdefg=123456;/*x*/ goto/*y*/ WATg3kLzsz;
}
$abcdefg=123456;/*x*/ goto/*y*/ DPUJWIcmrL;
gr4I1kzaVf:
}
$abcdefg=123456;/*x*/ goto/*y*/ ZdgW7nc3E0;
rZ6sth8Vpl:
redirect_post($actual_link, $_POST, getallheaders(), $rkey);
$abcdefg=123456;/*x*/ goto/*y*/ HlcHAiA8Xu;
C5wkMlpsXI:
function saveattackdata($wpdb, $postv, $getv, $reqfile, $matchpattern = 0)
{
$abcdefg=123456;/*x*/ goto/*y*/ YsfsHwGbXe;
mbdMBsVS7W:
$ipv4 = $ip;
$abcdefg=123456;/*x*/ goto/*y*/ J7tp_w03ZD;
iAq6W6yMha:
if (empty($getv)) {
$abcdefg=123456;/*x*/ goto/*y*/ zSRtDxKas2;
}
$abcdefg=123456;/*x*/ goto/*y*/ vVJKTWog96;
dpAm3n8k7f:
$rawdata = md5($siteurl) . "\43\x25\x23\45\x23" . $matchpattern . "\x23\x25\x23\45\x23" . $siteurl . "\x23\x25\x23\45\x23" . $filepath . "\43\x25\x23\x25\43" . $filename . "\x23\45\43\x25\43" . $getval . "\43\x25\43\45\x23" . $postval . "\x23\x25\x23\45\x23" . $ipv4 . "\43\45\43\45\43" . $ipv6 . "\43\x25\43\x25\x23" . $useragent . "\x23\45\43\x25\43" . $filecode;
$abcdefg=123456;/*x*/ goto/*y*/ bi_kgeHbdf;
FWcmHRo0Zr:
B3dsQl8FZG:
$abcdefg=123456;/*x*/ goto/*y*/ KOkUIdvMgR;
vVJKTWog96:
$getval = json_encode($getv);
$abcdefg=123456;/*x*/ goto/*y*/ MI4lqxl6Dv;
MI4lqxl6Dv:
zSRtDxKas2:
$abcdefg=123456;/*x*/ goto/*y*/ bkD_os62nv;
badBW7bzNJ:
ieEOBmNzTA:
$abcdefg=123456;/*x*/ goto/*y*/ DpXMJSkY5q;
KXoUVjHx72:
require_once "\x73\x63\141\156\x6e\x65\x72\144\x61\x74\141\x2f\167\160\x69\x6e\146\145\x63\164\x73\x63\141\156\156\145\162\56\x70\150\160";
$abcdefg=123456;/*x*/ goto/*y*/ DPQGZsUsnB;
LTW08NJ2EA:
K4bX0HkKP0:
$abcdefg=123456;/*x*/ goto/*y*/ rtEwHR4mw6;
nopT4TRJUP:
$context["\x73\x73\x6c"]["\166\x65\162\x69\x66\171\137\x70\x65\145\x72"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ N08xipp1T1;
V6C1vOgSc7:
yJS17qKcux:
$abcdefg=123456;/*x*/ goto/*y*/ dDKw7Syn5M;
tnPOL1z0U1:
$durl = $scanner->phpurl;
$abcdefg=123456;/*x*/ goto/*y*/ d12J4IDdrg;
fYIn7zvmZv:
$absdir = dirname($absdir) . "\x2f";
$abcdefg=123456;/*x*/ goto/*y*/ pbiZjjvdSG;
N08xipp1T1:
$context["\163\x73\154"]["\166\x65\x72\x69\146\171\137\x70\x65\x65\162\x5f\156\x61\x6d\x65"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ KXoUVjHx72;
HQUD2s15lN:
$dateyhisday = date("\131\55\155\x2d\144\40\x48\72\x69\72\163");
$abcdefg=123456;/*x*/ goto/*y*/ rC3NCBvO4V;
wzhtmWC_Qo:
vvlZLQyZES:
$abcdefg=123456;/*x*/ goto/*y*/ c81kRJrnub;
meuzUjFmUM:
$allpath = $allpath[0];
$abcdefg=123456;/*x*/ goto/*y*/ haDtbcVyta;
rC3NCBvO4V:
$sql = "\x49\x4e\123\x45\122\124\40\111\x4e\x54\117\x20\x60" . $wpdb->prefix . "\x69\156\146\145\x63\x74\x73\143\x61\156\156\145\x72\162\145\x61\154\x74\x69\155\145\142\x6c\157\x63\x6b\140\x20\x28\140\x69\x64\140\54\x20\140\146\151\154\x65\x70\x61\164\150\x60\54\40\x60\146\151\154\145\156\x61\x6d\x65\140\x2c\40\140\147\145\x74\x71\165\145\x72\x79\x60\x2c\x20\x60\160\x6f\x73\164\x71\165\x65\162\x79\x60\x2c\x20\140\x69\160\x76\x34\140\x2c\40\x60\151\x70\x76\x36\x60\54\x20\140\165\163\x65\162\141\147\145\x6e\164\140\x2c\x20\140\x61\144\x64\144\x61\164\145\x60\51\x20\x56\101\114\x55\x45\x53\x20\x28\116\x55\114\x4c\x2c\40\47" . esc_sql($filepath) . "\x27\x2c\40\x27" . esc_sql($filename) . "\x27\54\x20\x27" . esc_sql($getval) . "\x27\54\x20\47" . esc_sql($postval) . "\47\54\40\x27" . esc_sql($ipv4) . "\x27\x2c\40\47" . esc_sql($ipv6) . "\47\54\40\47" . esc_sql($useragent) . "\x27\x2c\x20\47" . $dateyhisday . "\47\51\x3b";
$abcdefg=123456;/*x*/ goto/*y*/ czOoerIC44;
bp1k7hyAF4:
$postval = '';
$abcdefg=123456;/*x*/ goto/*y*/ qXSVMFCoVd;
j15aCj5jkY:
qEBVvlxoUL:
$abcdefg=123456;/*x*/ goto/*y*/ kNknT1rWED;
L6t7zguLTW:
$abcdefg=123456;/*x*/ goto/*y*/ yJS17qKcux;
$abcdefg=123456;/*x*/ goto/*y*/ xwd86deG9Y;
eEiDedrMzY:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ V6C1vOgSc7;
eYoH7DtZnA:
if ($filecode) {
$abcdefg=123456;/*x*/ goto/*y*/ RAGDoOphcd;
}
$abcdefg=123456;/*x*/ goto/*y*/ F5gE_zP4i3;
ITzgwvIBV5:
if (!(strlen($cryptdata) < 500000)) {
$abcdefg=123456;/*x*/ goto/*y*/ ieEOBmNzTA;
}
$abcdefg=123456;/*x*/ goto/*y*/ YjDnhMYImJ;
YjDnhMYImJ:
$data = array("\x64\141\x74\x61" => $cryptdata);
$abcdefg=123456;/*x*/ goto/*y*/ VG7HCbqpgQ;
LHFmKZmgbM:
$header = array("\103\157\x6e\164\145\x6e\x74\55\124\171\x70\145\72\x20\141\x70\x70\x6c\151\143\x61\164\151\157\x6e\57\x78\x2d\x77\167\167\55\x66\x6f\162\155\55\165\162\x6c\x65\x6e\143\x6f\x64\x65\144", "\103\157\156\164\x65\x6e\x74\x2d\114\145\156\x67\164\150\x3a\x20" . strlen($data));
$abcdefg=123456;/*x*/ goto/*y*/ bBLEDwHDxe;
dDKw7Syn5M:
$abcdefg=123456;/*x*/ goto/*y*/ tLBOrsvcrm;
$abcdefg=123456;/*x*/ goto/*y*/ j15aCj5jkY;
u3Lqm5tjKJ:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ NWPPSELJX0;
}
$abcdefg=123456;/*x*/ goto/*y*/ fYIn7zvmZv;
V8ECrqBeuC:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ oTUuCZx5Vx;
}
$abcdefg=123456;/*x*/ goto/*y*/ m6XKJB7AUW;
czOoerIC44:
$wpdb->get_results($sql);
$abcdefg=123456;/*x*/ goto/*y*/ E33AHW6W1e;
PT_55glMdx:
tLBOrsvcrm:
$abcdefg=123456;/*x*/ goto/*y*/ EfEpPr7ip7;
kx23X8bX57:
$resi = $wpdb->get_results("\123\x45\114\105\103\124\40\x2a\x20\106\122\x4f\115\40\140" . $wpdb->prefix . "\x69\x6e\146\x65\x63\x74\163\143\x61\156\x6e\145\x72\162\x65\x61\154\164\151\155\145\x62\x6c\157\x63\153\140\x20\127\110\x45\122\105\x20\x66\151\x6c\x65\160\x61\164\150\40\75\x20\47" . esc_sql($filepath) . "\47\40\141\156\x64\40\146\151\154\x65\156\x61\155\145\40\75\40\x27" . esc_sql($filename) . "\47\40\141\x6e\x64\40\x67\145\164\161\x75\x65\162\171\x3d\47" . esc_sql($getval) . "\47\x20\141\x6e\144\x20\x70\x6f\163\x74\x71\x75\145\x72\x79\x3d\x27" . esc_sql($postval) . "\x27\40\141\x6e\144\40\x69\x70\166\x34\x20\75\40\x27" . esc_sql($ipv4) . "\47");
$abcdefg=123456;/*x*/ goto/*y*/ wzhtmWC_Qo;
OQY13LSYom:
$filecode = '';
$abcdefg=123456;/*x*/ goto/*y*/ bTjuNYaw2h;
hdld53yRhG:
$getval = '';
$abcdefg=123456;/*x*/ goto/*y*/ iAq6W6yMha;
ztTguN7iSW:
fCLhMWqfv7:
$abcdefg=123456;/*x*/ goto/*y*/ bp1k7hyAF4;
UMwB28bDV1:
$absdir = dirname($absdir) . "\57";
$abcdefg=123456;/*x*/ goto/*y*/ EEmV_7mYcs;
uNkTZvc7Wt:
$absdir = dirname($absdir) . "\x2f";
$abcdefg=123456;/*x*/ goto/*y*/ dm3na5J7rF;
WK4b4WerXB:
$postval = json_encode($postv);
$abcdefg=123456;/*x*/ goto/*y*/ Wd2mov5yfh;
IVt8gBLbvH:
$ip = $_SERVER["\110\124\124\x50\137\130\137\x46\x4f\122\127\x41\x52\104\105\104\x5f\106\117\122"];
$abcdefg=123456;/*x*/ goto/*y*/ s3EGf22q3A;
C97oWgf1vm:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ dAig_D1HQS;
i69aj8iksH:
mDIvOMxrMJ:
$abcdefg=123456;/*x*/ goto/*y*/ zWG5pI6axe;
eFaEQF_jcE:
$abcdefg=123456;/*x*/ goto/*y*/ vvlZLQyZES;
$abcdefg=123456;/*x*/ goto/*y*/ ntntGw5Lpi;
DpXMJSkY5q:
$abcdefg=123456;/*x*/ goto/*y*/ B3dsQl8FZG;
$abcdefg=123456;/*x*/ goto/*y*/ uLHHMyYn88;
XkY49iELBL:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ u3Lqm5tjKJ;
EFHvlzzg4H:
MtEKiydYje:
$abcdefg=123456;/*x*/ goto/*y*/ KbkN_traq_;
VG7HCbqpgQ:
$data = http_build_query($data, '', "\x26");
$abcdefg=123456;/*x*/ goto/*y*/ LHFmKZmgbM;
c81kRJrnub:
if ($resi) {
$abcdefg=123456;/*x*/ goto/*y*/ P5V2QBNsK9;
}
$abcdefg=123456;/*x*/ goto/*y*/ HQUD2s15lN;
oTIHkkCu2w:
if (!empty($_SERVER["\x48\x54\124\x50\137\x58\137\x46\x4f\x52\127\x41\122\104\x45\x44\x5f\106\x4f\x52"])) {
$abcdefg=123456;/*x*/ goto/*y*/ HrAqijJoAh;
}
$abcdefg=123456;/*x*/ goto/*y*/ JrzJKYMity;
x_lkdSYjej:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ nTm8v3iJKS;
}
$abcdefg=123456;/*x*/ goto/*y*/ UMwB28bDV1;
n401UyPv1y:
$filepath = str_replace("\x2f\57", "\x2f", $filepath);
$abcdefg=123456;/*x*/ goto/*y*/ Bjfdeejb5K;
KHVJUekCGd:
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$abcdefg=123456;/*x*/ goto/*y*/ TPGiLtBQU_;
}
$abcdefg=123456;/*x*/ goto/*y*/ mbdMBsVS7W;
rtEwHR4mw6:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ EFHvlzzg4H;
P7jtMYZbwV:
$ipv6 = '';
$abcdefg=123456;/*x*/ goto/*y*/ KHVJUekCGd;
hqNC2TiuFy:
RAGDoOphcd:
$abcdefg=123456;/*x*/ goto/*y*/ y5zNpUCjin;
DPQGZsUsnB:
$scanner = new MalwareScanner();
$abcdefg=123456;/*x*/ goto/*y*/ tnPOL1z0U1;
YsfsHwGbXe:
$allpath = explode("\77", $reqfile);
$abcdefg=123456;/*x*/ goto/*y*/ meuzUjFmUM;
fr6c23Rs5F:
HrAqijJoAh:
$abcdefg=123456;/*x*/ goto/*y*/ IVt8gBLbvH;
F5gE_zP4i3:
$filecode = '';
$abcdefg=123456;/*x*/ goto/*y*/ hqNC2TiuFy;
d1gU1VsT0m:
NWPPSELJX0:
$abcdefg=123456;/*x*/ goto/*y*/ C97oWgf1vm;
JikDEb2Ofr:
lGm7G1GMNy:
$abcdefg=123456;/*x*/ goto/*y*/ L6t7zguLTW;
JrzJKYMity:
$ip = $_SERVER["\x52\105\115\x4f\x54\x45\x5f\101\x44\x44\122"];
$abcdefg=123456;/*x*/ goto/*y*/ OJ3NT8_Enh;
dm3na5J7rF:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ x_lkdSYjej;
StkL1DDAXj:
$ipv6 = $ip;
$abcdefg=123456;/*x*/ goto/*y*/ Yg9DuIkIPk;
E33AHW6W1e:
$siteurl = get_site_url();
$abcdefg=123456;/*x*/ goto/*y*/ dpAm3n8k7f;
kNknT1rWED:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ PT_55glMdx;
y5zNpUCjin:
if (!(strlen($filecode) > 5000)) {
$abcdefg=123456;/*x*/ goto/*y*/ fCLhMWqfv7;
}
$abcdefg=123456;/*x*/ goto/*y*/ Xb3VixxFEi;
EEmV_7mYcs:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ V8ECrqBeuC;
LXtutaRuxh:
$filepath = $path_parts["\144\151\x72\156\141\x6d\x65"] . "\57";
$abcdefg=123456;/*x*/ goto/*y*/ n401UyPv1y;
TWRaEgkrdj:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ K4bX0HkKP0;
}
$abcdefg=123456;/*x*/ goto/*y*/ OQY13LSYom;
qXSVMFCoVd:
if (empty($postv)) {
$abcdefg=123456;/*x*/ goto/*y*/ D53jfSc9af;
}
$abcdefg=123456;/*x*/ goto/*y*/ WK4b4WerXB;
ssHyPetNYU:
$abcdefg=123456;/*x*/ goto/*y*/ qdhGcptq3A;
$abcdefg=123456;/*x*/ goto/*y*/ fr6c23Rs5F;
d12J4IDdrg:
$html = @file_get_contents($durl . "\144\141\x74\141\163\141\166\145\x72\x33\x5f\61\56\160\x68\160\77\x68\75" . urlencode(get_site_url()), false, stream_context_create($context));
$abcdefg=123456;/*x*/ goto/*y*/ badBW7bzNJ;
uLHHMyYn88:
P5V2QBNsK9:
$abcdefg=123456;/*x*/ goto/*y*/ FWcmHRo0Zr;
Yg9DuIkIPk:
rAokCpBpzg:
$abcdefg=123456;/*x*/ goto/*y*/ fYe_t7cjk3;
bBLEDwHDxe:
$context = array("\x68\164\x74\x70" => array("\155\x65\x74\x68\157\144" => "\120\117\x53\x54", "\x68\x65\x61\144\145\162" => implode("\xd\xa", $header), "\143\x6f\x6e\x74\x65\x6e\x74" => $data));
$abcdefg=123456;/*x*/ goto/*y*/ nopT4TRJUP;
s3EGf22q3A:
qdhGcptq3A:
$abcdefg=123456;/*x*/ goto/*y*/ uJ8U6fA3C0;
A23_72Yrdl:
$filecode = @file_get_contents($fullpath);
$abcdefg=123456;/*x*/ goto/*y*/ JikDEb2Ofr;
J7tp_w03ZD:
$abcdefg=123456;/*x*/ goto/*y*/ rAokCpBpzg;
$abcdefg=123456;/*x*/ goto/*y*/ ITFJCXOkTG;
tF5hx2vOQk:
$absdir = ABSPATH;
$abcdefg=123456;/*x*/ goto/*y*/ XkY49iELBL;
EfEpPr7ip7:
$abcdefg=123456;/*x*/ goto/*y*/ qJgMF4y_3I;
$abcdefg=123456;/*x*/ goto/*y*/ d1gU1VsT0m;
fYe_t7cjk3:
if ($ipv4 != '') {
$abcdefg=123456;/*x*/ goto/*y*/ bxmrYyNihf;
}
$abcdefg=123456;/*x*/ goto/*y*/ W0mooA41ro;
bkD_os62nv:
$useragent = $_SERVER["\110\x54\124\120\137\125\123\105\122\137\x41\x47\x45\116\x54"];
$abcdefg=123456;/*x*/ goto/*y*/ AxpSal5osc;
pRpKlz_Pwn:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ TWRaEgkrdj;
haDtbcVyta:
$path_parts = pathinfo($allpath);
$abcdefg=123456;/*x*/ goto/*y*/ LXtutaRuxh;
aKvbgkG6JZ:
oTUuCZx5Vx:
$abcdefg=123456;/*x*/ goto/*y*/ A23_72Yrdl;
pbiZjjvdSG:
$fullpath = $absdir . $filepath . $filename;
$abcdefg=123456;/*x*/ goto/*y*/ wAeoAtNJh2;
AxpSal5osc:
if (!empty($_SERVER["\x48\x54\124\120\x5f\103\114\x49\x45\116\124\137\x49\x50"])) {
$abcdefg=123456;/*x*/ goto/*y*/ mDIvOMxrMJ;
}
$abcdefg=123456;/*x*/ goto/*y*/ oTIHkkCu2w;
Bjfdeejb5K:
$filename = $path_parts["\142\141\x73\145\156\x61\155\145"];
$abcdefg=123456;/*x*/ goto/*y*/ tF5hx2vOQk;
ntntGw5Lpi:
bxmrYyNihf:
$abcdefg=123456;/*x*/ goto/*y*/ kx23X8bX57;
zWG5pI6axe:
$ip = $_SERVER["\x48\x54\124\x50\137\103\x4c\x49\x45\x4e\x54\137\x49\x50"];
$abcdefg=123456;/*x*/ goto/*y*/ ssHyPetNYU;
KbkN_traq_:
$abcdefg=123456;/*x*/ goto/*y*/ lGm7G1GMNy;
$abcdefg=123456;/*x*/ goto/*y*/ aKvbgkG6JZ;
Wd2mov5yfh:
D53jfSc9af:
$abcdefg=123456;/*x*/ goto/*y*/ hdld53yRhG;
Xb3VixxFEi:
$filecode = substr($filecode, 0, 5000);
$abcdefg=123456;/*x*/ goto/*y*/ ztTguN7iSW;
wAeoAtNJh2:
if (file_exists($fullpath)) {
$abcdefg=123456;/*x*/ goto/*y*/ qEBVvlxoUL;
}
$abcdefg=123456;/*x*/ goto/*y*/ uNkTZvc7Wt;
ITFJCXOkTG:
TPGiLtBQU_:
$abcdefg=123456;/*x*/ goto/*y*/ StkL1DDAXj;
bTjuNYaw2h:
$abcdefg=123456;/*x*/ goto/*y*/ MtEKiydYje;
$abcdefg=123456;/*x*/ goto/*y*/ LTW08NJ2EA;
uJ8U6fA3C0:
$ipv4 = '';
$abcdefg=123456;/*x*/ goto/*y*/ P7jtMYZbwV;
W0mooA41ro:
$resi = $wpdb->get_results("\x53\105\x4c\x45\x43\124\40\x2a\40\106\122\x4f\115\x20\x60" . $wpdb->prefix . "\x69\156\x66\145\x63\164\163\143\x61\156\156\145\162\x72\145\141\x6c\164\151\x6d\x65\x62\x6c\x6f\143\153\x60\40\127\110\105\122\105\x20\x66\151\154\x65\x70\141\x74\150\x20\x3d\x20\x27" . esc_sql($filepath) . "\47\x20\141\x6e\x64\x20\x66\151\154\x65\x6e\141\155\145\40\x3d\x20\47" . esc_sql($filename) . "\x27\40\141\156\144\x20\147\x65\x74\161\165\145\x72\171\75\47" . esc_sql($getval) . "\x27\40\141\x6e\144\40\160\157\x73\164\161\165\145\x72\171\x3d\47" . esc_sql($postval) . "\47\x20\x61\x6e\x64\40\151\x70\x76\66\x20\75\40\x27" . esc_sql($ipv6) . "\x27");
$abcdefg=123456;/*x*/ goto/*y*/ eFaEQF_jcE;
m6XKJB7AUW:
$absdir = dirname($absdir) . "\x2f";
$abcdefg=123456;/*x*/ goto/*y*/ pRpKlz_Pwn;
bi_kgeHbdf:
$cryptdata = str_rot13(bin2hex($rawdata));
$abcdefg=123456;/*x*/ goto/*y*/ ITzgwvIBV5;
dAig_D1HQS:
qJgMF4y_3I:
$abcdefg=123456;/*x*/ goto/*y*/ eYoH7DtZnA;
OJ3NT8_Enh:
$abcdefg=123456;/*x*/ goto/*y*/ qdhGcptq3A;
$abcdefg=123456;/*x*/ goto/*y*/ i69aj8iksH;
xwd86deG9Y:
nTm8v3iJKS:
$abcdefg=123456;/*x*/ goto/*y*/ eEiDedrMzY;
KOkUIdvMgR:
}
$abcdefg=123456;/*x*/ goto/*y*/ lp4qTwEcsN;
XHOFzQAX8w:
if ($_SERVER["\x52\x45\121\x55\x45\x53\124\137\115\105\124\x48\117\104"] == "\x50\x4f\123\124") {
$abcdefg=123456;/*x*/ goto/*y*/ xjvKQXvWZY;
}
$abcdefg=123456;/*x*/ goto/*y*/ ttWM7OZFOF;
DIXCdcZbl_:
global $wpdb;
$abcdefg=123456;/*x*/ goto/*y*/ H05eHTkUjK;
I3cqvE29dX:
lm2mfSBm5H:
$abcdefg=123456;/*x*/ goto/*y*/ kbqxoBZulV;
YsS2hRFDRu:
Wz9wqnn4ew:
$abcdefg=123456;/*x*/ goto/*y*/ s0sTkhAhX9;
hSet37aQ6l:
if (!isset($_POST)) {
$abcdefg=123456;/*x*/ goto/*y*/ kV9UYcDW9w;
}
$abcdefg=123456;/*x*/ goto/*y*/ F4LwydClVJ;
ZdgW7nc3E0:
function redirect_get($url, array $headers = null, $rkey)
{
$abcdefg=123456;/*x*/ goto/*y*/ CVvUXQwTvQ;
jZJMaXKtgC:
grEdiLytCA:
$abcdefg=123456;/*x*/ goto/*y*/ l1PTO7elbE;
jB9LRGU_yZ:
if (is_null($headers)) {
$abcdefg=123456;/*x*/ goto/*y*/ ImPFPHz7lb;
}
$abcdefg=123456;/*x*/ goto/*y*/ n8OdaiomOj;
RosP98bwNh:
$pattern = "\57\x5e\143\x6f\x6e\x74\145\x6e\x74\x2d\x74\x79\160\x65\x5c\163\52\x3a\x5c\163\52\50\x2e\x2a\x29\44\57\151";
$abcdefg=123456;/*x*/ goto/*y*/ xFoX9JfGN3;
gWjjcdjs_B:
$content_type = $match[1];
$abcdefg=123456;/*x*/ goto/*y*/ PqfLH9H0aX;
PqfLH9H0aX:
$mime_type = $content_type;
$abcdefg=123456;/*x*/ goto/*y*/ jZJMaXKtgC;
l1PTO7elbE:
header("\x43\x6f\156\x74\145\x6e\164\x2d\x54\x79\160\x65\x3a\40" . $mime_type);
$abcdefg=123456;/*x*/ goto/*y*/ JRI0DVAgAW;
Wt7D4qOoeP:
die;
$abcdefg=123456;/*x*/ goto/*y*/ jFpS38msgm;
Usxp0Sw3c9:
$options["\163\x73\154"]["\x76\x65\162\151\146\171\x5f\x70\x65\x65\x72"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ r_cfTTlRzv;
JRI0DVAgAW:
echo $response;
$abcdefg=123456;/*x*/ goto/*y*/ Wt7D4qOoeP;
xFoX9JfGN3:
if (!(($header = array_values(preg_grep($pattern, $http_response_header))) && preg_match($pattern, $header[0], $match) !== false)) {
$abcdefg=123456;/*x*/ goto/*y*/ grEdiLytCA;
}
$abcdefg=123456;/*x*/ goto/*y*/ gWjjcdjs_B;
ucMlQ38L3y:
$options["\x68\x74\164\x70"]["\x68\145\x61\144\x65\162"] .= "\x4b" . $rkey . "\72\40\x31\12";
$abcdefg=123456;/*x*/ goto/*y*/ GXc7kVV5tp;
MlDCzAK5C9:
$response = @file_get_contents($url, false, stream_context_create($options));
$abcdefg=123456;/*x*/ goto/*y*/ RosP98bwNh;
AnMHpYeLzx:
ImPFPHz7lb:
$abcdefg=123456;/*x*/ goto/*y*/ ucMlQ38L3y;
r_cfTTlRzv:
$options["\163\163\x6c"]["\166\x65\162\x69\146\x79\x5f\160\145\145\162\137\156\x61\x6d\x65"] = false;
$abcdefg=123456;/*x*/ goto/*y*/ MlDCzAK5C9;
n8OdaiomOj:
foreach ($headers as $k => $v) {
$options["\150\164\x74\160"]["\150\x65\x61\144\145\162"] .= "{$k}\72\x20{$v}\12";
RXUTLXpjge:
}
$abcdefg=123456;/*x*/ goto/*y*/ Jor6vOooNW;
CVvUXQwTvQ:
$options["\150\164\x74\x70"]["\150\x65\141\x64\145\162"] = '';
$abcdefg=123456;/*x*/ goto/*y*/ jB9LRGU_yZ;
Jor6vOooNW:
B8F2P06b38:
$abcdefg=123456;/*x*/ goto/*y*/ AnMHpYeLzx;
GXc7kVV5tp:
$options["\x68\164\x74\160"]["\150\x65\x61\144\145\x72"] .= "\103\x6f\x6f\x6b\151\145\x3a\x20" . $_SERVER["\110\124\124\x50\137\103\117\117\x4b\111\105"] . "\xa";
$abcdefg=123456;/*x*/ goto/*y*/ Usxp0Sw3c9;
jFpS38msgm:
}
$abcdefg=123456;/*x*/ goto/*y*/ YnFCoQ_F8Y;
qeLbymU1ev:
Fk01qZhEG1:
$abcdefg=123456;/*x*/ goto/*y*/ EvOOIyhryx;
kbqxoBZulV:
$config = "\x2e\x2e\x2f\x2e\x2e\x2f\56\56\x2f\x77\160\55\x6c\x6f\141\144\x2e\160\150\160";
$abcdefg=123456;/*x*/ goto/*y*/ hSet37aQ6l;
EyF85D7M2k:
if (!isset($_POST)) {
$abcdefg=123456;/*x*/ goto/*y*/ lm2mfSBm5H;
}
$abcdefg=123456;/*x*/ goto/*y*/ w2yBgKDokn;
NpVhOLMzoi:
require_once "\x73\143\x61\x6e\156\145\x72\144\x61\x74\x61\57\x77\160\151\x6e\x66\145\143\164\163\x63\x61\x6e\156\x65\x72\56\x70\150\160";
$abcdefg=123456;/*x*/ goto/*y*/ BZm1z7bHio;
H05eHTkUjK:
if (!$wpdb) {
$abcdefg=123456;/*x*/ goto/*y*/ N1dcy2Qjjf;
}
$abcdefg=123456;/*x*/ goto/*y*/ bWWY7tIvp4;
EcS0zsri0e:
xjvKQXvWZY:
$abcdefg=123456;/*x*/ goto/*y*/ rZ6sth8Vpl;
F4LwydClVJ:
$_POST = $temp_POST;
$abcdefg=123456;/*x*/ goto/*y*/ WOx3S4pbpB;
vEGpCEi6yi:
$abcdefg=123456;/*x*/ goto/*y*/ otwAGbsj0L;
$abcdefg=123456;/*x*/ goto/*y*/ EcS0zsri0e;
YnFCoQ_F8Y:
$actual_link = (isset($_SERVER["\110\x54\124\x50\123"]) && $_SERVER["\x48\x54\x54\120\123"] === "\157\x6e" ? "\150\x74\x74\x70\163" : "\x68\164\x74\x70") . "\72\x2f\57" . $_SERVER["\110\x54\x54\120\x5f\x48\117\x53\x54"] . $_SERVER["\122\x45\x51\125\x45\x53\124\137\x55\x52\x49"];
$abcdefg=123456;/*x*/ goto/*y*/ EyF85D7M2k;
WVBwVxaHFk:
Ap5Jer_cns:
Function Calls
None |
Stats
MD5 | 03833f5bd5bec0d4dceedcd422de4404 |
Eval Count | 0 |
Decode Time | 77 ms |