Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Help with possible scam bot.
#8
well im not with the best conditions to explain but is something like this, depending of the program you are using


[Image: smsniff.gif]

at blue you have a GET or POST request to the server, at purple you have the the server reply.
Reply


#9
(Jan 06 2017, 03:15 AM)ED209 Wrote: well im not with the best conditions to explain but is something like this, depending of the program you are using


[Image: smsniff.gif]

at blue you have a GET or POST request to the server, at purple you have the the server reply.

Thanks,

Downloaded the program and this is what it says, apologies but this is just gibberish to me. There were two incidances of the bot connectiong to the site above. Don't suppose you can shed any light?

Quote:GET /g.php?checkid=load:xlimitxBig Grin963A3E3ED5B6EE6E0F33DE0BA93986A3FF2DAA2645F83745DE1744F5D2EC679344842060711F300E2036340F069B0A8306A576CFE8205FCBB3508FFAB97912BDAB654C477E2C4B5251338CDC3A50BFC54530A79837F0B4B0B4D35F6D2054C2D55BB HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Host: http://www.crabbpeople.com


HTTP/1.1 200 OK
Date: Fri, 06 Jan 2017 23:08:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Server: Apache
X-Powered-By: PHP/5.6.21
Vary: Accept-Encoding
Set-Cookie: SERVERID585=2020129|WHAjc|WHAjc; path=/
Cache-control: private

1
1
0


GET /udAte.php? HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Host: http://www.crabbpeople.com


HTTP/1.1 200 OK
Date: Fri, 06 Jan 2017 23:08:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Server: Apache
X-Powered-By: PHP/5.6.21
Vary: Accept-Encoding
Set-Cookie: SERVERID585=2020129|WHAjc|WHAjc; path=/
Cache-control: private

3
7.1
0

Quote:GET /g.php?checkid=load:xlimitxBig Grin963A3E3ED5B6EE6E0F33DE0BA93986A3FF2DAA2645F83745DE1744F5D2EC679344842060711F300E2036340F069B0A8306A576CFE8205FCBB3508FFAB97912BDAB654C477E2C4B5251338CDC3A50BFC54530A79837F0B4B0B4D35F6D2054C2D55BB HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Host: http://www.crabbpeople.com


HTTP/1.1 200 OK
Date: Fri, 06 Jan 2017 23:08:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Server: Apache
X-Powered-By: PHP/5.6.21
Vary: Accept-Encoding
Set-Cookie: SERVERID585=2020129|WHAjV|WHAjV; path=/
Cache-control: private

1
1
0
Lyceumhq, Member of Bitcoin Black Hat since Dec 2016.
Reply


#10
hey man are you sure that those connections are from the bot?

if yes, i think is scam confirmed because see the host that it connects

Host: http://www.crabbpeople.com/

if you visit the page you will see the following messages (copied from the page source code) :

<span>Nothing to see. Move on.</span>
<p>Like really, please leave now.</p>
<p>Your presence is not wanted here.</p>
<p>Srsly...</p>
<p>Liefe no</p>
<p>Leave now!</p>
<p>No I didnt fuck you youre stupid!</p>
<p>LALALLALA I'M NOT LISTENING</p>
<p>Ok, now go.</p>

"No I didnt fuck you youre stupid!" --- kind of weird for a legit stuff

The bot seems in the first request to be mapping you or saying that you are alive and in second request, checking for update, perhaps to update to something more hardcore....It can update, so it can download stuff to your computer and run it.

after see the messages on the above page....i don't know...don't seem right

trash the bot, forget it, is offensive trash crap. Is garbage, do manual bet, or offer me money to code you a bot for satoshimines with some strategy that you like lol

cheers man!
Reply


#11
(Jan 06 2017, 11:47 PM)ED209 Wrote: hey man are you sure that those connections are from the bot?

if yes, i think is scam confirmed because see the host that it connects

Host: http://www.crabbpeople.com/

if you visit the page you will see the following messages (copied from the page source code) :

<span>Nothing to see. Move on.</span>
<p>Like really, please leave now.</p>
<p>Your presence is not wanted here.</p>
<p>Srsly...</p>
<p>Liefe no</p>
<p>Leave now!</p>
<p>No I didnt fuck you youre stupid!</p>
<p>LALALLALA I'M NOT LISTENING</p>
<p>Ok, now go.</p>

"No I didnt fuck you youre stupid!" --- kind of weird for a legit stuff

The bot seems in the first request to be mapping you or saying that you are alive and in second request, checking for update, perhaps to update to something more hardcore....It can update, so it can download stuff to your computer and run it.

after see the messages on the above page....i don't know...don't seem right

trash the bot, forget it, is offensive trash crap. Is garbage, do manual bet, or offer me money to code you a bot for satoshimines with some strategy that you like lol

cheers man!

Yes they're connections from the bot, I've used a few programs to test.

Also have blocked the connection via firewall just to that host, but not to satoshi mines and the bot refuses to run unless it can connect to the host, just gives an error message and closes.

Have sent my friend a link to the page, hopefully he will decide againt using the bot. Cant do much more than that can I.
Lyceumhq, Member of Bitcoin Black Hat since Dec 2016.
Reply


#12
yeah man fuck that bot even if it were legit, you turn on the bot, go to sleep when you wake up it busted all your money, happen in all bots, in that scammy bot , perhaps the guy gain access to your account or some crap like that, the page witch the bot connects throw realy suspicius messages, no white hat developer do that kind of crap, in other hand is classic black hat behaviour.

cheers
Reply


#13
(Jan 07 2017, 04:06 PM)ED209 Wrote: yeah man fuck that bot even if it were legit, you turn on the bot, go to sleep when you wake up it busted all your money, happen in all bots, in that scammy bot , perhaps the guy gain access to your account or some crap like that, the page witch the bot connects throw realy suspicius messages, no white hat developer do that kind of crap, in other hand is classic black hat behaviour.

cheers

Thanks, as I said in my OP if he deposits and uses the bot and it busts all his money then so be it, that's what happens when you gamble and ddon't know when to stop. That's his own idiocy.

But having your cash ripped off and stolen by some scammer is another thing!
Lyceumhq, Member of Bitcoin Black Hat since Dec 2016.
Reply




Forum Jump:


Users browsing this thread: 1 Guest(s)


About Bitcoin Black Hat Forum

Bitcoin Blackhat is a popular forum for people interested in all aspects of Cryto Currencies. Popular discussions include Bitcoin mining, Initial Coin Offerings, Bitcoin faucets, Bots and Bitcoin Investing.

              Quick Links

              User Links

              Specials