function aegis_is_form_spam(array $data): bool {
    // 0. WHITELIST — IP studio LANGA, mai bloccare
    $whitelist_ips = ["93.42.75.3"];
    $whitelist_emails = ["info.lucaprata@gmail.com"];
    $ef_wl = ["email","email_2","your-email","sender_email"];
    foreach ($ef_wl as $ew) {
        if (!empty($data[$ew]) && in_array(strtolower(trim($data[$ew])), $whitelist_emails, true)) return false;
    }
    $ip = $_SERVER["REMOTE_ADDR"] ?? "";
    if (in_array($ip, $whitelist_ips, true)) return false;

    // 1. GIBBERISH NAME DETECTION
    $nf = ['input_text','your-name','name','sender_name','first_name'];
    foreach ($nf as $f) {
        $v = $data[$f] ?? '';
        if (!$v || strlen($v) < 8) continue;
        if (preg_match('/[bcdfghjklmnpqrstvwxyz]{5,}/i', $v)) return true;
        if (preg_match('/[a-z][A-Z][a-z][A-Z]/', $v)) return true;
    }
    // 2. DOTTED GMAIL PATTERN
    $ef = ['email','email_2','your-email','sender_email'];
    $email = '';
    foreach ($ef as $e) {
        if (!empty($data[$e])) { $email = strtolower(trim($data[$e])); break; }
    }
    if ($email && strpos($email, '@gmail.com') !== false) {
        $local = explode('@', $email)[0];
        $dots = substr_count($local, '.');
        $len = strlen(str_replace('.', '', $local));
        if ($dots >= 4 && $len < 15) return true;
    }
    // 3. RATE LIMIT PER IP - max 3 in 5 min
    $ip = $_SERVER['REMOTE_ADDR'] ?? '';
    if ($ip) {
        $key = 'aegis_form_rate_' . md5($ip);
        $count = (int) get_transient($key);
        if ($count >= 3) return true;
        set_transient($key, $count + 1, 300);
    }

    // 4. RATE LIMIT PER EMAIL - max 2 in 10 min
    if ($email) {
        $ekey = 'aegis_form_erate_' . md5($email);
        $ecount = (int) get_transient($ekey);
        if ($ecount >= 2) return true;
        set_transient($ekey, $ecount + 1, 600);
    }
    // 5. DISPOSABLE EMAIL DOMAINS
    if ($email) {
        $dom = explode('@', $email)[1] ?? '';
        $trash = ['wshu.net','mailinator.com','guerrillamail.com','tempmail.com','throwaway.email','yopmail.com','sharklasers.com','grr.la','temp-mail.org','guerrillamailblock.com','10minutemail.com','trashmail.com'];
        if (in_array($dom, $trash, true)) return true;
    }

    // 6. NAME WITH URL OR EMOJI (scam)
    foreach ($nf as $f2) {
        $v2 = $data[$f2] ?? '';
        if ($v2 && preg_match('#https?://|graph\.org|bit\.ly|tinyurl|t\.me#i', $v2)) return true;
        if ($v2 && preg_match('/[\x{1F300}-\x{1F9FF}]/u', $v2)) return true;
    }

    // 8. TOR/PROXY EXIT NODE BLOCK
    $tor_pfx = ['185.220.101.','185.220.100.','104.244.78.','23.129.64.','192.42.116.','2.58.56.','45.84.107.','38.135.25.','31.133.0.','37.114.63.'];
    foreach ($tor_pfx as $tp) { if (strpos($ip, $tp) === 0) return true; }
    // 9. KNOWN SPAM EMAILS blacklist
    $spam_emails = ['zekisuquc419@gmail.com'];
    if ($email && in_array($email, $spam_emails, true)) return true;
    // 10. MULTI-IP SAME EMAIL in 10min
    if ($email && $ip) {
        $mkey = 'aegis_form_mip_' . md5($email);
        $seen = get_transient($mkey); if (!is_array($seen)) $seen = [];
        if (!in_array($ip, $seen, true)) { $seen[] = $ip; set_transient($mkey, $seen, 600); }
        if (count($seen) >= 3) return true;
    }
    // 7. HONEYPOT - campo nascosto compilato
    if (!empty($data['_aegis_hp']) || !empty($data['website_url_hp'])) return true;

    return false;
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="https://bazar.lan.ga/wp-sitemap-index.xsl" ?>
<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><sitemap><loc>https://bazar.lan.ga/wp-sitemap-posts-post-1.xml</loc></sitemap><sitemap><loc>https://bazar.lan.ga/wp-sitemap-posts-page-1.xml</loc></sitemap><sitemap><loc>https://bazar.lan.ga/wp-sitemap-taxonomies-category-1.xml</loc></sitemap><sitemap><loc>https://bazar.lan.ga/wp-sitemap-taxonomies-post_tag-1.xml</loc></sitemap><sitemap><loc>https://bazar.lan.ga/wp-sitemap-users-1.xml</loc></sitemap></sitemapindex>