Scammed by [redacted]

Read below

 

After reading Scammed by EasyRSGP.com I saw someone who got scammed in a very similar way that I was scammed, except it's a different website and a different player collecting the gold. These links were being spammed in a few Discord servers I am active in. I tried contacting customer support about this and they didn't seem to know about the scam page on their website and they basically told me there's nothing I can do. I don't want to post the URL because it could trick another user but it however here is a video:



I was told the that link that redirected me was a referral link by the scammer, I didn't download anything all I did was click on it and it redirected to EasyRSGP's domain so I trusted the content. A reputable gold site should not have a feature that allows users to put up fake pages. @OblivionRage because of your website I lost 1657 million GP I would like an explanation of why there is a scam page of your domain and a refund. It doesn't matter if I click on another website, if the scam page is hosted on yours that is your fault not mine. Is

I have also archived the web page Buy RSGP with BTC to prove the scam page was really on EasyRSGP.com

Also you can check the blockchain, obviously the transaction never went through:
14uo5eyuJ6pPzekwXtfdoEBnTCBf6cGE15
Bitcoin Address 14uo5eyuJ6pPzekwXtfdoEBnTCBf6cGE15

 

i think you will find that ''referral link'' you used was infact a phishing link.... like i already told you on my live chat.

if you want to use the website www.EasyRSGP.com, then go the website www.EasyRSGP.com, not some random link someone posted.

i am truly sorry for you're loss but this has absolutely nothing to do with EasyRSGP.com.

 

Explain this: Buy RSGP with BTC

 

Please direct me to where this link is on MY website, i dont want to visit 3rd party links to gain access to the page you accessed.

also you have the exact same report open against another gold seller, does this not ring any bells?

 

I cannot send you a direct link, but an issue with the POST to /order/helper.php#Referral. I don't know how to code but my friend kind of explained the issue to me

 

was this the same great friend of you're who gave you the ''referral link'' out of curiosity?

 

I cannot send you a direct link, but an issue with the POST to /order/helper.php#Referral. I don't know how to code but my friend kind of explained the issue to me

 

Proof I was able to embed your sites logo into a called /order/helper.php#Referral using a tool called LiveHTTPHeaders by modifying the POST request.

 

The attacker can embed whatever they want, i dont know javascript but my friend told me he used javascript and html to automatically embed content in your website

 

I have been researching this since I got scammed by your site, I am pretty confident that this is an issue with your website and it is not a phisher.

 

Anyone is able to embed whatever they want into your website by exploiting the 'helper.php' file which doesn't sanitize input properly if you pass it the correct parameters as a POST request

 

Using this technique the scammer was able to embed a full page iframe containing a scam page that stole my RSGP. This is a video demonstration:

 

Now that I have spent hours figuring out how I got scammed I have finally come to the conclusion that it is in fact a problem that is server sided. Now thats we have cleared that issue up, I would like to be refunded.

 

I would like someone with technical knowledge to verify my claims.

 

This would of been a lot more believable if you had said you dont know anything about coding. your friend is obviously @Miles94 who is also reporting someone for the exact same scam.

you'd not of been able to learn all this in the matter of a few hours. i'm compiling evidence on how you and your friend has framed obvlivion rage now if @OblivionRage could join the livechat and help me with something id be able to find out in a matter of minutes

 

Vulnerable: https://archive.fo/i9CGB
Not Vulnerable: https://archive.fo/Yb49H

XSS Vulnerability Fixed! Good Job, now no one else is going to get scammed.

However, that does mean I was correct about a vulnerability existing. I would like an apology and a refund. The proof I have provided is undeniable.

 

I took a web design class in high school however I did not have any knowledge of javascript which is why I needed to ask a friend. I understand the basics of this sort of stuff but I am not a pro

 

Also, I have never even spoke with @Miles94 I just saw his forum post talking about the same scam that took my RSGP.

 

this is alot of back end coding your talking about which isn't something you'd learn in a simple web design class in school. Web design would be more front end, simple html, designing etc

you also said you dont know how to code, now i've called you out on knowing a lot of it you just happened to of done a year of it hmmmmm ok


still compilin evidence. second.