diff --git a/README.md b/README.md
index 56ecd7f..fce627d 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ cat src/db.sql | mysql -D YOUR_DB -p
 ```
 
 ```
-location ~ "^\/[0-9a-z]{40}$" {
+location ~ "^\/[0-9a-z\.]{36,40}$" {
 	try_files $uri /src/php/download.php;
 }
 ```
\ No newline at end of file
diff --git a/src/php/api.php b/src/php/api.php
index 7fcb579..a05963f 100644
--- a/src/php/api.php
+++ b/src/php/api.php
@@ -17,6 +17,7 @@
 		case "config":
 		{
 			include_once("db.php");
+			include_once("functions.php");
 			
 			$db = new DB();
 			$rsp["stats"] = $db->GetStats();
@@ -25,6 +26,7 @@
 			$maxsize = (int)(str_replace('M', '', $maxsizeM) * 1000 * 1000);
 			$rsp["maxsize"] = $maxsize;
 			$rsp["expire"] = _FILE_EXPIRE_TIME;
+			//$rsp["tips"] = GetTipTotal();
 			break;
 		}
 		case "file": 
diff --git a/src/php/clamav.php b/src/php/clamav.php
new file mode 100644
index 0000000..304148d
--- /dev/null
+++ b/src/php/clamav.php
@@ -0,0 +1,48 @@
+<?php
+	function ScanStream($res, $slen) {
+		$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
+		socket_connect($socket, '127.0.0.1', 3310);
+		
+		$cs = 1 * 1000 * 1000; //1MB chunk size
+		$offset = 0;
+		
+		socket_write($socket, "zINSTREAM\0");
+        while ($chunk = fread($res, $cs)) {
+            $size = pack('N', strlen($chunk));
+            socket_write($socket, $size);
+            socket_write($socket, $chunk);
+        }
+        socket_write($socket, pack('N', 0));
+		rewind($res);
+		
+		$response = null;
+		do {
+			$data = socket_read($socket, 128);
+			if($data === "") {
+				break;
+			}
+			$response .= $data;
+			
+			if(substr($response, -1) === "\0"){
+				break;
+			}
+		}while(true);
+		
+		return substr($response, 0, -1);
+	}
+
+	
+	if(isset($_GET["check_test"])) {
+		
+		header("Content-Type: application/json");
+		
+		include_once("config.php");
+		include_once("db.php");
+		$redis = new Redis();
+		$redis->pconnect(_REDIS_SERVER);
+		$db = new DB();
+		
+		$f = $db->GetFile($_GET["check_test"]);
+		ScanStream(fopen($f->path, 'r'), $f->size);
+	}
+?>
\ No newline at end of file
diff --git a/src/php/cloudflare.php b/src/php/cloudflare.php
index 527306f..abe1d56 100644
--- a/src/php/cloudflare.php
+++ b/src/php/cloudflare.php
@@ -27,6 +27,9 @@
 		if($cfr['success'] == True){
 			$discord_data = array("content" => "[IP BLOCKED] " . $ip);
 			include_once("discord.php");
+		}else {
+			$discord_data = array("content" => "[IP BLOCK ERROR] " . $ip . "\n```json\n" . $result . "\n```");
+			include_once("discord.php");
 		}
 		
 		return $cfr;
diff --git a/src/php/db.php b/src/php/db.php
index 58835f6..338a807 100644
--- a/src/php/db.php
+++ b/src/php/db.php
@@ -46,6 +46,24 @@
 			return $res;
 		}
 		
+		function GuessHash($hash) {
+			//sometimes are making a request like this: lets just do a LIKE query to find it bf9fdaa217271f9e1f6ab88...f42bd0a538
+			//poor lost people i cri evry time
+			$res = null;
+			
+			$stmt = $this->mysqli->prepare("select hash160 from files where hash160 like ? limit 1");
+			if($stmt)
+			{
+				$stmt->bind_param("s", $hash);
+				$stmt->execute();
+				$stmt->bind_result($res);
+				$stmt->fetch();
+				$stmt->close();
+			}
+			
+			return $res;
+		}
+		
 		function GetFile($hash, $hc = "hash160")
 		{
 			$res = new FileUpload();
diff --git a/src/php/download.php b/src/php/download.php
index a9ff025..384219e 100644
--- a/src/php/download.php
+++ b/src/php/download.php
@@ -74,6 +74,17 @@
 	include_once('db.php');
 	include_once('virustotal.php');
 	$db = new DB();
+	
+	//try to guess the hash if the link was truncated with '...'
+	if(strpos($hash, "...") !== false) {
+		$nh = str_replace("...", "%", $hash);
+		$gh = $db->GuessHash($nh);
+		if($gh !== null) {
+			header('location: ' . _SITEURL . $gh);
+			exit();
+		}
+	}
+	
 	$f = $db->GetFile($hash);
 	if($f->hash160 != NULL){
 		$vtr = CheckVirusTotalCached($redis, $f->hash256);
diff --git a/src/php/ga.php b/src/php/ga.php
index e78ff10..6225569 100644
--- a/src/php/ga.php
+++ b/src/php/ga.php
@@ -22,7 +22,7 @@
 		$msg = http_build_query(array(
 			"v" => "1",
 			"tid" => _GA_SITE_CODE,
-			"cid" => $_COOKIE["VC:UID"],
+			"cid" => isset($_COOKIE["VC:UID"]) ? $_COOKIE["VC:UID"] : uniqid(),
 			"t" => "pageview",
 			"dh" => $_SERVER['HTTP_HOST'],
 			"dp" => $_SERVER['REQUEST_URI'],
diff --git a/src/php/lightning-tip.php b/src/php/lightning-tip.php
index 4cb45fb..233cd43 100644
--- a/src/php/lightning-tip.php
+++ b/src/php/lightning-tip.php
@@ -1,6 +1,7 @@
 <!doctype html>
 <html>
 	<head>
+		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<title>⚡ Tip! ⚡</title>
 		<style>
 			html, body {
@@ -22,6 +23,37 @@
 				padding: 10px;
 			}
 			
+			div.body pre {
+				word-wrap: break-word;
+				margin: 10px;
+				padding: 10px;
+				border: 1px solid #aaa;
+				border-radius: 3px;
+				background-color: #eee;
+				white-space: normal;
+			}
+			
+			div.body img.qr {
+				width: 300px;
+				margin-left: auto;
+				margin-right: auto; 
+				display: block;
+			}
+			
+			@media screen and (max-width: 720px) {
+				html, body {
+					font-size: 20px;
+				}
+				
+				div.body {
+					width: auto;
+					margin: 0;
+				}
+				
+				div.body img.qr {
+					width: 100%;
+				}
+			}
 		</style>
 	</head>
 	<body>
@@ -30,22 +62,31 @@
 				include_once("config.php");
 				include_once("functions.php");
 				
-				$id = uniqid();
-				$inv = ln_query("invoice", array("any", $id, "void.cat tip"));
-				
-				if(isset($inv->result)) {
-					echo "wip...";
+				if(!isset($_GET["label"])) {
+					$id = uniqid();
+					$inv = ln_query("invoice", array("any", $id, "void.cat tip"));
 					
-					echo "<pre>" . $inv->result->bolt11 . "</pre>";
-					
-					$cmd = "/usr/local/bin/myqr lightning:" . $inv->result->bolt11 . " -n " . $id . ".png -c -d /tmp/ 2>&1";
-					
-					$qr = shell_exec($cmd);
-					$img_b64 = base64_encode(file_get_contents(substr(explode(", ", substr(explode("\n", $qr)[1], 1, -1))[3], 1, -1)));
-					
-					echo "<img style=\"width: 300px\" src=\"data:image/png;base64," . $img_b64 . "\"/>";
-				}else{
-					echo "<pre>" . json_encode($inv) . "</pre>";
+					if(isset($inv->result)) {
+						header("location: /src/php/lightning-tip.php?label=" . $id);
+					} else {
+						echo "<pre>" . json_encode($inv) . "</pre>";
+					}
+				} else {
+					$id = $_GET["label"];
+					$inv = ln_query("listinvoices", array($id));
+					if(isset($inv->result) && isset($inv->result->invoices[0])) {
+						$i = $inv->result->invoices[0];
+						
+						echo "<pre>" . $i->bolt11 . "</pre>";
+						
+						$cmd = "/usr/local/bin/myqr lightning:" . $i->bolt11 . " -n " . $id . ".png -c -d /tmp/ 2>&1";						
+						$qr = shell_exec($cmd);
+						$img_b64 = base64_encode(file_get_contents(substr(explode(", ", substr(explode("\n", $qr)[1], 1, -1))[3], 1, -1)));
+						
+						echo "<img class=\"qr\" src=\"data:image/png;base64," . $img_b64 . "\"/>";
+					} else {
+						echo "<pre>" . json_encode($inv) . "</pre>";
+					}
 				}
 			?>
 		</div>
diff --git a/src/php/tip-list.php b/src/php/tip-list.php
new file mode 100644
index 0000000..779ab17
--- /dev/null
+++ b/src/php/tip-list.php
@@ -0,0 +1,65 @@
+<?php
+	include_once("config.php");
+	include_once("functions.php");
+	
+	$tips = ln_query("listinvoices", array())->result;
+	$sp = GetBTCPrice();
+?>
+<!doctype html>
+<html>
+	<head>
+		<title>Tip List</title>
+		<style>
+			html, body {
+				margin: 0;
+				padding: 0;
+				font-family: Arial;
+				font-size: 14px;
+			}
+			
+			table {
+				border-collapse: collapse;
+			}
+			
+			th,td {
+				border: 1px solid #333;
+				padding: 5px;
+			}
+		</style>
+	</head>
+	<body>
+		<h3>BTC price: $<?php echo $sp; ?></h3>
+		<table>
+			<thead>
+				<tr>
+					<th>id</th>
+					<th>msatoshi</th>
+					<th>USD</th>
+					<th>status</th>
+					<th>paid</th>
+				</tr>
+			</thead>
+			<tbody>
+			<?php
+				$total = 0;
+				
+				foreach($tips->invoices as $inv) 
+				{
+					$col = "";
+					switch($inv->status) {
+						case "paid": $col = "#00ff00"; break;
+						case "unpaid": $col = "#ffb100"; break;
+					}
+					
+					$val = isset($inv->msatoshi_received) ? $inv->msatoshi_received : 0;
+					if($inv->status === "paid") {
+						$total += $val;
+					}
+					echo "<tr style=\"background-color: " . $col . ";\"><td>" . $inv->label . "</td><td>" . number_format($val, 8) . "</td><td>" . number_format($val * $sp * MSAT, 4) . "</td><td>" . $inv->status . "</td><td>" . (isset($inv->paid_at) ? date('Y/m/d H:i:s', $inv->paid_at) : "") . "</td></tr>";
+				}
+			?>
+			</tbody>
+		</table>
+		<?php echo "<h3>Total: $" . number_format($total * $sp * MSAT, 4) . " (BTC " . number_format($total * MSAT, 8) . ")</h3>"; ?>
+	</body>
+</html>
diff --git a/src/php/tip-me.php b/src/php/tip-me.php
index cd4811b..9a19bac 100644
--- a/src/php/tip-me.php
+++ b/src/php/tip-me.php
@@ -31,6 +31,7 @@
 <!doctype html>
 <html>
 	<head>
+		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<title>Tips</title>
 		<style>
 			html, body {
@@ -76,6 +77,16 @@
 			div.body div.tip-row div.bal {
 				float: right;
 			}
+			
+			@media screen and (max-width: 720px) {
+				div.body {
+					width: auto;
+					margin: 0;
+				}
+				div.body div.tip-row div.bal {
+					display: none;
+				}
+			}
 		</style>
 	</head>
 	<body>
diff --git a/src/php/upload.php b/src/php/upload.php
index b4f4afd..49f499b 100644
--- a/src/php/upload.php
+++ b/src/php/upload.php
@@ -8,7 +8,8 @@
 		"publichash" => null,
 		"link" => null,
 		"mime" => null,
-		"filename" => null
+		"filename" => null,
+		"upload" => json_encode($_FILES)
 	);
 	
 	$isMultipart = strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== False;
@@ -99,7 +100,32 @@
 		}
 		else
 		{
+			/*
 			//file does not exist
+			//check clamav
+			include_once('clamav.php');
+			$sr = ScanStream($tmpf, $fsize);
+			if($sr !== "stream: OK"){
+				$discord_data = array("content" => $sr);
+				include("discord.php");
+			}else{
+				$response["clamav"] = $sr;
+			}*/
+			
+			//check with VT (max upload is 32MB)
+			/*if($fsize < 32 * 1000 * 1000) {
+				$redis = new Redis();
+				$redis->pconnect(_REDIS_SERVER);
+		
+				include_once('virustotal.php');
+				$vtr = CheckVirusTotalCached($redis, $fh);
+				if($vtr != null && isset($vtr->response_code) && $vtr->response_code == 0) {
+					$sr = ScanFile($tmpf);
+					$discord_data = array("content" => $sr->verbose_msg);
+					include("discord.php");
+				}
+			}*/
+			
 			//generate public hash
 			$phc = hash_init('ripemd160');
 			hash_update($phc, $fh);
@@ -123,7 +149,7 @@
 				
 				$db->InsertFile($f_e);
 				$discord_data = array("content" => _SITEURL . '#' . $f_e->hash160);
-				include_once("discord.php");
+				include("discord.php");
 				
 				$response["status"] = 200;
 				$response["link"] = _SITEURL . $f_e->hash160; 
diff --git a/src/php/virustotal.php b/src/php/virustotal.php
index e47e8a1..f90033a 100644
--- a/src/php/virustotal.php
+++ b/src/php/virustotal.php
@@ -4,13 +4,12 @@
 		$ch = curl_init();
 		curl_setopt($ch, CURLOPT_URL, 'https://www.virustotal.com/vtapi/v2/file/report');
 		curl_setopt($ch, CURLOPT_POST,1);
-		curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate'); // please compress data
+		curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
 		curl_setopt($ch, CURLOPT_USERAGENT, "gzip, void.cat virus check");
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER ,true);
 		curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
 		 
 		$result = curl_exec ($ch);
-		$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
 		curl_close ($ch);
 		
 		$vtr = json_decode($result, true);
@@ -23,13 +22,43 @@
 		return $vtr;
 	}
 	
+	function ScanFile($res) {
+		$ch = curl_init();
+		$bnd_id = "---------------------------735323031399963166993862150";
+		
+		$post_data = "--$bnd_id\r\nContent-Disposition: form-data; name='apikey'\r\n\r\n" . _VIRUSTOTAL_KEY . "\r\n--$bnd_id\r\nContent-Disposition: form-data; name='file'; filename='binary'\r\nContent-Type: application/octet-stream\r\n\r\n" . stream_get_contents($res) . "\r\n--$bnd_id--";
+		$options = array(
+			CURLOPT_URL => "https://www.virustotal.com/vtapi/v2/file/scan",
+			CURLOPT_RETURNTRANSFER => true,
+			CURLOPT_ENCODING => "gzip,deflate",
+			CURLOPT_USERAGENT => "gzip, void.cat virus check",
+			CURLOPT_VERBOSE => true,
+			CURLOPT_HTTPHEADER => array(
+				"Content-Type: multipart/form-data; boundary=$bnd_id"
+			),
+			CURLOPT_POST => true,
+			CURLOPT_POSTFIELDS => $post_data
+		);
+		curl_setopt_array($ch, $options);
+		
+		$result = curl_exec($ch);
+		$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+		curl_close($ch);
+		
+		if($status_code != 200) {
+			return json_encode(array('response_code' => 0, 'verbose_msg' => 'Error, got status code: ' . $status_code), true);
+		} else {
+			return json_decode($result, true);
+		}
+	}
+	
 	function CheckVirusTotalCached($redis, $h256) {
 		$vr = $redis->get("VC:VT:" . $h256);
 		if($vr != FALSE) {
 			return json_decode($vr);
 		}else {
 			$vtr = CheckVirusTotal($h256);
-			$redis->set("VC:VT:" . $h256, json_encode($vtr));
+			$redis->setEx("VC:VT:" . $h256, 60 * 60 * 24, json_encode($vtr));
 			return $vtr;
 		}
 	}
@@ -41,4 +70,25 @@
 		header("Content-Type: application/json");
 		echo json_encode(CheckVirusTotalCached($redis, $_GET["hash"]));
 	}
+	
+	if(isset($_GET["check_test"])) {
+		
+		header("Content-Type: application/json");
+		
+		include_once("config.php");
+		include_once("db.php");
+		$redis = new Redis();
+		$redis->pconnect(_REDIS_SERVER);
+		$db = new DB();
+		
+		$f = $db->GetFile($_GET["check_test"]);
+		if($f) {
+			$vtr = CheckVirusTotalCached($redis, $f->hash256);
+			echo json_encode($vtr);
+			if($vtr != null && isset($vtr->response_code) && $vtr->response_code == 0) {
+				$sr = ScanFile(fopen($f->path, 'r'));
+				echo json_encode($sr);
+			}
+		}
+	}
 ?>
\ No newline at end of file