A couple years ago when I was creating the matdoes.dev blog I wrote a somewhat powerful markdown system with Regex to allow me to more easily write blog posts. Although I've barely written any posts, I'm still proud of it. Also this post is mostly just reference for myself, lol. I present: matdown™ Relative anchor: [matdoesdev](/blog) matdoesdev External anchor: [matdoesdev](https://matdoes.dev) matdoesdev (External anchors have target=_blank so they open in new pages) Normal links: https://matdoes.dev https://matdoes.dev Code block: ```py print('code') ``` print('code') Inline code: `code` code Block quote: > text text Italic: *text* text Bold: **text** text Italic & bold: ***text*** text Horizontal center: ||text|| text Titles: # h2 ## h3 ### h4 #### h5 ##### h6 ###### h6 h2 h3 h4 h5 h6 h6 Horizontal rule: --- Image: ![description](https://image) Left image: ,![description](https://image) Right image: .![description](https://image)
I wrote this story on the Hypixel Forums a while ago, but I realized it would be a good idea if I posted it on my blog too. Intro ReportScammers was a robot on the Hypixel SkyBlock Forums that automatically replied to posts where people were complaining that they got scammed. It all started on April 27th, 2020. I was bored and wanted to make a Hypixel Forums bot. At first, I wasn’t sure what I wanted it to do. Then I thought, “what’s a task that humans do often that could be easily automated?”: complaining about people getting scammed, of course. madcausebad11 I didn’t do anything with this idea until a couple weeks later on May 14th, when I remembered it, and was actually motivated to create it. I asked around on the SkyBlock Community Discord for what it should be called and what it should do, and I decided on calling it madcausebad11 (name chosen by @TatorCheese), and making it say “thats crazy but I dont remember asking” (@Bliziq chose that one) to all posts that mentioned being scammed. When that had been decided, I started working on the code. It was written in Python, using BeautifulSoup to scrape the web pages and aiohttp to make the requests. After an hour of writing code, madcausebad11 was working. Less than an hour after the bot started working, it got banned for the reason “spam”. reportScammers A day after madcausebad11 got banned, I decided to make it again, but better. This time, I was going to make it look like a human. I added more delays, random messages, a profile picture made in MSPaint, and fixed more false positives. This became what you all (probably) know, and (maybe) love, reportScammers. This version of the bot also wasn’t toxic, as it just said “Please report scammers at hypixel.net/report” (or some variation of that) to all messages complaining about being scammed, and people didn’t hate it that much this time. I checked the forums often on this account, so if anyone talked about the bot I would be able to respond, and there were some people that called reportScammers a minimod and a bot, but it was fairly unknown so most people didn’t care. There were, of course, people that suspected reportScammers was a bot. Every time I saw one of these messages, I responded manually, sometimes pretending to get angry about people thinking it was a bot, even though it was. There were also many posts baiting the bot to reply, by making the title of their post a variation of “I got scammed”, even though they didn’t. To combat this, I made the bot only reply to messages from new members, as well-known members were likely only trying to post farm. I had a few problems making the bot work well though, such as the Cloudflare captcha screen, meant to prevent bots from scraping the forums. However, reportScammers wasn’t a bot, so I found a Python library meant to bypass it and tweaked the source code to make the library asynchronous. Near this time I also updated the logo for reportScammers in Photoshop, but still with the MSPaint vibe. Dafty = reportScammers??? On June 9th, a member of the SkyBlock Community Discord followed reportScammers, and they told me “follow me back”, “thats rude”, so I did. This user was @Dafty. I pointed out how the only person reportScammers was following was Dafty, so people will think they run the account. We got @pigeo to write a forum thread “exposing” reportScammers, and then some people starting making their own forum threads, and then I wrote my own forum thread titled “Addressing the reportScammers situation” on my main account. However, we had to go further. Dafty asked @SecureConnection to change the name of their alt to reportScammers, so we could link the forum account and look even more human. At this time I also gave the login details of the account to Dafty, so he could help reply to messages faster, and farm more messages. Dafty also created a Minecraft skin for the account, which was simply a Steve holding a Hypixel logo. The death of reportScammers At this time, many parody accounts started popping up, such as reportScammersbrother, scam-bot, NoPublicShaming, and NoTrollingBotXD. One day, I noticed reportScammers had suddenly stopped replying to posts. I first thought this must just be a glitch with the code, but when I looked further, I could not find any recent posts complaining about being scammed. Maybe people just stopped getting scammed? I thought this was the reason, but no staff members wanted to confirm. I made another alt account to test this, and I found out that the admins have disabled new members from being able to create posts with the word “scammed” in them. I sadly went to disable the code running the bot, but wanted to make one last message as reportScammers. This thread is the first and last thread by reportScammers, created by @matdoesdev.
So a few days ago my friend Slip got a DM on Discord from this "Twitch" bot asking him to invite it to my servers as well as to join theirs. The message the bot said claimed that Discord and Twitch had partnered up to give its users free Nitro Games and free Twitch Prime. It obviously looked fake, so Slip created a testing server and added me and some friends to help. Upon joining, the fake Twitch bot DMed everyone in the server with the same message as it sent to Slip. It looked like some sort of social engineering worm, but it hadn't done anything bad yet, so we revoked the bot's perms and left it in the server. When I joined the server it linked, it looked like some sort of bad giveaway server with giveaway channels, and even a rules and TOS channel. Unfortunately for us, there were no channels that we could talk in to inform other people. Soon after joining, we got another DM from a different bot but with the same name. Again, it contained a link to join a Discord server. However, this time, instead of saying it was from Twitch, it took a more straightforward attempt, saying to join for "Nitro / Nudes". It was getting late, so we went to sleep. When we woke up, we were greeted by at least 4 other bots with the same message and name, so we just invited all of them to our server! The old bots were now offline and for some people, the bots' names were displayed as things such as "thisisaspambot", "Fake Twitch Bot", and "Fake bot". We later found out that this was in fact a doing of the Discord Trust and Safety team, but they didn't do it very well because some of the bots could still DM people, and it didn't always show up with their new names. Another interesting thing was in a MediaFire link one of the bots DMed to Slip. He shared it with us, and the file claimed to be an executable containing a Nitro generator, but it looked obviously fake, evident by the instructions text file provided. How to use the Discord Generator : 1. Disable anti-virus, and open it. 2. When you opened it, press on ''Generate'' and good luck! 3. It says its a virus because this generator generates accounts, so obviously it will say its a virus, but its not. If its not working, it means u dont have the good version. Good Luck! What even is that grammar... Another notable thing was that when we searched up the owner of the "Free Nitro" Discord server on YouTube, it returned their channel. One of the videos was a free Nitro generator, leading to the same exact MediaFire link, so we knew there was a definite link with that user. Anyway, we booted up Windows Sandbox and ran the virus with a process monitor in the background. There were a bunch of references to Python, so it was likely a Python script compiled into an exe. I wasn't sure what it was compiled with, so I tried running unpy2exe on it, but it returned an error telling me to use pyinstxtractor instead, as it was compiled with pyinstaller. After we ran pyinstxtractor on the exe, it returned a folder with a bunch of pyc and pyd (Python bytecode) files. It looks like it was created on March 2nd. No matter what we tried, we couldn't decompile it into normal readable Python, so we just analyzed the bytecode using the dis Python module. There was a bunch of references to tokens and browser LocalStorage, where the token is stored. The malware also sent an http request to api.ipify.org (to grab the victim's IP address), the user's email and phone number, as well as the user's nitro status. There was also a funky looking base64 string, which revealed to be a Discord webhook that the script sent the user's details to. Once we got hold of the webhook, things got spicy. We tidied up the testing server a bit and hid our discussion channels, then made the invite look as appealing as possible. Using a little webhook spamming script I wrote, we spammed @everyone, as well as an invite to our server, and left it running overnight. In the morning, We woke up to this: They were the admins to that free Nitro server. We also found out that they had deleted their webhook, which meant we couldn't spam them anymore, but they wouldn't get the tokens of any new users. The first two quickly left, but one sent us a message before leaving. We asked kzh to join back again. This led to this hilarious conversation. In summary, these guys are just terrible clowns trying to get tokens from unsuspecting Discord members. And that ends the tale. We still have the server ID and the channel ID that the webhook was created in as well as the discord tags of all the members and we'll continue to spam any future webhooks that the Twitch bots send us. :)
A domain hack is a domain in which both the top level domain (TLD) and the second level domain (SLD) are combined to make up a word or phrase. For example, matdoes.dev is a domain hack for mat does dev. Domain hacks are not security-related and they are completely legal. Most domain hacks use country code top level domains (ccTLDs), for example, .it is for italy, .am is for Armenia, etc. Some companies even purchase their own custom TLDs from the Internet Assigned Numbers Authority in order to create a hack for their domains. Most notably is goo.gle, which was created by Google as a domain hack for their website. Why Use a Domain Hack? An advantage to using a domain hack is that your domain is much shorter and therefore easier to remember. Many URL shortening sites such as bit.ly, goo.gl (Google), youtu.be, etc, use domain hacks to make their URLs shorter. Domain hacks are more fun than normal domains, too, which increases the chance of people clicking on them in search results. How to Choose a Domain Hack? Finding a good domain isn't always easy, so I've created a tool hosted on Repl.it that helps you find domain hacks Click here to view the domain hack finder At the moment, it uses every TLD currently in existence, which may not be what you want since some top level domains cannot be used by most people as they require you to live in a certain area or work for a certain organization. You can customize it by adding or removing from the tlds.txt file. My tool also checks whether a domain is already taken by someone by seeing if the website has any DNS records. Also, be aware that some TLDs are stupidly expensive. For example, .ng domains can go for up to $50,000