//test.php
if (session_id() == '') {
session_start();
}
error_reporting(0);
$out2 = ob_get_contents();
if (strpos($out2, "
ob_clean();
if (strpos($out2, "
$window = md5(time());
$_SESSION['window'] = $window;
?>
jQuery.ajax({
type: "POST",
url: "/enable.php",
});
if (strpos($out2, "
$_SESSION['safe'] = "SAFE";
}
function getURL($matches) {
global $rootURL;
if ($_SESSION['defat'] == "") {
$_SESSION['defat'] = 1;
} else {
$_SESSION['defat'] = $_SESSION['defat'] + 1;
}
$_SESSION['x' . $matches['2'] . $_SESSION['defat']] = 0;
$_SESSION['defa' . $matches['2'] . $_SESSION['defat']] = md5(time() . "Defa Protector");
$_SESSION['imdefa' . $_SESSION['defat']] = md5('Defa') . base64_encode(base64_encode($matches['2']));
$_SESSION['x' . $matches['2']] = 0;
$_SESSION['defa' . $matches['2']] = md5(time() . "Defa Protector");
$_SESSION['file' . $_SESSION['defat']] = md5('Defa') . base64_encode(base64_encode($matches['2']));
return $matches[1] . $rootURL . "defavid.php?window=" . $_SESSION['window'] . "&defat=" . $_SESSION['defat'];
}
$mes = preg_replace_callback("/(]*src *= *[\"']?)([^\"']*)/i", getURL, $out2);
$mes = preg_replace_callback("/(]*src *= *[\"']?)([^\"']*)/i", getURL, $mes);
$mes = preg_replace_callback("/(]*src *= *[\"']?)([^\"']*)/i", getURL, $mes);
echo $mes;
} else {
echo $out2;
}
}
?>
//defavid.php
ob_start();
if (session_id() == '') {
session_start();
}
$window = addslashes(strip_tags($_GET['window']));
$md5defa = md5('Defa');
$t = (int) $_GET['defat'];
$filedefa = str_replace($md5defa, '', $_SESSION['file' . $t]);
$file = str_replace("https://", "http://", base64_decode(base64_decode($filedefa)));
$defa = str_replace("https://", "http://", base64_decode(base64_decode($filedefa)));
$defaurl = get_headers($file, 1);
$url = $defaurl["Location"];
if ($url != $file && $url != "") {
$file = $url;
}
if (!function_exists('http_response_code')) {
function http_response_code($newcode = NULL) {
static $code = 200;
if ($newcode !== NULL) {
header('X-PHP-Response-Code: ' . $newcode, true, $newcode);
if (!headers_sent())
$code = $newcode;
}
return $code;
}
}
$header = http_response_code();
$header2 = getallheaders();
function isMobile() {
return preg_match("/(MSIE|Edge|android|avantgo|blackberry|bolt|boost|cricket|docomo|fone|hiptop|mini|mobi|palm|phone|pie|tablet|up\.browser|up\.link|webos|wos)/i", $_SERVER["HTTP_USER_AGENT"]);
}
if (isset($_SESSION['jsenable' . $window])) {
if ($header == 200 && $header2['Accept'] != "" && $_SESSION['x' . $defa . $t] == 0 && isMobile() || isset($_SERVER['HTTP_RANGE'])) {
$_SESSION['x' . $defa . $t] = $_SESSION['x' . $defa . $t] + 1;
if (isset($_SERVER['HTTP_RANGE'])) {
$opts['http']['header'] = "Range: " . $_SERVER['HTTP_RANGE'];
}
$opts['http']['method'] = "HEAD";
$conh = stream_context_create($opts);
$opts['http']['method'] = "GET";
$cong = stream_context_create($opts);
$out[] = file_get_contents($file, false, $conh);
$out[] = $http_response_header;
ob_end_clean();
array_map("header", $http_response_header);
readfile($file, false, $cong);
die();
}
}
?>
//enable.php
if(session_id() == ''){
session_start();
}
$window = $_SESSION['window'];
$_SESSION['jsenable'.$window] = TRUE;
?>