Greasy Fork

Alexander M collects your information. His script steals your facebook and google account and he is selling that information to agarbot.ovh. Overall the script is not trustable and you should stay away

Alexander M collects your information. His script steals your facebook and google account and he is selling that information to agarbot.ovh. Overall the script is not trustable and you should stay away

This userscript does not have permissions to access your social networks, as indicated in the userscript metadata.

On the contrary, when you install the agarbot extension NOT FROM CHROME STORE, you allow access to all sites, including your social networks.

About @connect data
https://www.tampermonkey.net/documentation.php?locale=en#meta:connect

You are stealing the Facebook and Google account tokens (and every other cookie that is saved) of the people that log in and you sell these to agarbot.ovh. And with these tokens someone can do A LOT of things. They can even hack your accounts with these tokens. I have seen the code, there is no reason to lie about it. I suggest to everyone to stay away from this malicious extension

You are stealing the Facebook and Google account tokens (and every other cookie that is saved) of the people that log in and you sell these to agarbot.ovh. And with these tokens someone can do A LOT of things. They can even hack your accounts with these tokens. I have seen the code, there is no reason to lie about it. I suggest to everyone to stay away from this malicious extension

Your accusations are unfounded. The userscript is configured to run only on specific domains (agar.io, sigmally.com, and gota.io) and does not have permissions to access Facebook, Google, or any other social networks.

Allowed Domains:

delt.io
sentinelix-source-agarix.glitch.me
deltav4.gitlab.io
hslo.gitlab.io
These @connect directives restrict the script's network requests to trusted domains unrelated to Facebook or Google, ensuring no access to your accounts or personal information. Additionally, there is no code within the script that interacts with or steals data from social media services.

If you have specific concerns or evidence, please share them so they can be properly addressed.

You got caught red-handed and now you don't know what to do. Let's see how fast you gonna change the code and remove these parts. I have more screenshots that I'll share the next time you choose to lie so blatantly. For whoever can't read the code, he sends to his server your Google and Facebook token as I was claiming in the first place. At least we should be glad that he isn't sending server our emails,fullnames and photos to his own server (or maybe even servers!). Again people stay away from this awful 'extension'.

Edit: I added these screenshots in an IMGUR gallery for a better resolution (https://imgur.com/a/2JXOAao)

Your arguments have no weight. On the contrary, these arguments are an attempt to destroy the developer's reputation.
During the analysis, it was established that your screenshot has nothing to do with reality. The screenshot shows a modified delta code that was used for authorization in agar.io. The screenshot was made in Visual Studio Code, but not in chrome devtools. Next time, in order for your evidence to have weight, use https://archive.is to archive links to your evidence with an independent source. We will be glad to cooperate!

Of course, I used Visual Studio Code, as I had to manually deobfuscate certain parts of the code using the debugger in Dev Tools. People primarily obfuscate their code to prevent others from reading it, with a few exceptions. The code snippet I provided reflects what the code looked like nearly a month ago.

I must say, bravo! It's impressive how quickly you removed those parts. To be frank, I'm unsure whether you made those changes a week ago upon seeing my review or just recently, after recognizing the undeniable proof.

You mentioned that you can't connect to Google/Facebook domains, which I don’t believe I ever claimed. I stated that you were stealing their account tokens, and your response was a weak attempt at smokescreening me.

According to https://archive.is/, the first snapshot of your page was taken just hours after my previous comment. This strongly suggests that you altered the code and tried to save the snapshot. However, after reviewing various snapshots from https://web.archive.org/, I've concluded that the data you were effectively stealing was only from August 7th onward, and it appears you reverted the changes after noticing my review.

I don’t know you personally, and frankly, I have no interest in getting to know you after encountering your malicious code. So no, I'm not trying to ruin your reputation--you did that yourself!

Well, since you have no evidence, then no justification is needed from our side.

You're free to disregard the evidence, though it's both irresponsible and disturbing. My goal with this review was to warn others, and I believe I've accomplished that.

You have no evidence.
1. Your screenshot is fake and you can't prove otherwise.
2. You have not specified the server address where the data is transferred.
3. No one will believe you because you made a mistake when creating the fake
- the first code on the screenshot that you faked is responsible for logging out.In my screenshot I showed where the variable "xt" is used.
- The second code, in the screens hot that you faked,because you edited the generated typescript code. You added "this" and it was your mistake, because in the compiled code "this" was replaced by the variable "t"

Your mistake is that you edited the compiled code.

1. So, just to clarify, your screenshot is the gold standard, while mine is just an elaborate hoax. Got it!
2. It looks like your wss://chat.delt.io server was collecting that information. Unless there are other servers at play that I'm not aware of?
3. At this point, it seems you're making assertions without a clear grasp of the situation, hoping that some of your claims will resonate with others. I assure you, that's a dangerous move.

I’ll be reporting the script, and I might consider further actions against you. Time will tell.

There is always only one way to make this right and it's always the same: share the source code on github, make it open source and let other developper judge if that is trustable or not.

Dang, now this is SMOKE

CharlesD, its already open source, github doesnt mean something is open source as it may be obfuscated, and there are plenty other sites that do include rules to disallow anything other than opens-source, such as this site, greasyfork, which as a fellow script developer can say, he did not collect any information from this script

TallTacoTristan, you should review the definition of open source again. You clearly understood what CharlesD meant about sharing the source code on GitHub, but it feels like you deliberately tried to dodge the point with unnecessary (and outright incorrect) explanations. Stick to the basics until you fully understand what open source actually means.

How was it incorrect? and how was i dodging the point? youre clearly just trolling by making accusations with no backing

also if the javascript was obfuscated in the slightest the names wouldnt have been recoverable, youd have to rename the functions yourself for your little screenshot, and the version history is public on greasyfork, unless they went in and hid a version just to spite the victims of his supposed infostealer, than your claim is literally impossible

There are several aspects you either don't fully understand or haven't taken the time to consider. Alternatively, it seems like you’re just choosing to ignore the facts in favor of supporting your 'friend' with misleading reviews.

1. Open source requires the code to be provided in a clear, human-readable format, free from deliberate obfuscation. A script cannot be considered open source if other developers cannot understand or work with it. This is a well-known principle. Your disagreement with it doesn't make it any less true.

2. CharlesD's request was almost straightforward: he wants to see the code on GitHub in a readable form. He’s asking for code that can be understood and worked with—not minified or obfuscated code. Yet it seems you’re interpreting his words in a way that avoids the direct meaning of his request.

3. I’ve never claimed that the entire script is obfuscated. Some parts are obfuscated, while others are not. However, it’s the most critical or suspicious sections of the code that have been obfuscated, raising concerns.

3. The version history on GreasyFork doesn’t address the obfuscation issue. This developer is hosting the script on their own site, which allows them to change the code at will without tracking those changes in GreasyFork’s history, violating the platform's rules. The recent changes to the version reflect an attempt to sidestep these rules, due to the fact that I brought this matter to light. If you see the archived 'v7/index.js' file here (https://web.archive.org/web/20240806231255/https://delt.io/), you'll clearly see patterns of obfuscation. And even now, the obfuscation remains—just check the first few lines here (https://delt.io/v7/js/index.js) to see the same patterns.

You should review my two reports on this matter. Perhaps then you'll stop so strongly defending your friend's actions:
Report #1 (https://greasyfork.org/en/reports/72404)
Report #2 (https://greasyfork.org/en/reports/72546)

Your false reports dont make me any more inclined to believe everything i hear
I literally never in the slightest disagreed with what open-source means
I never said he asked for anything other than what he asked, he's just clearly uninformed on what github is, since its closely tied to creators claiming their projects are open-source, he believes something being on github means its open-source, and something simply being posted on github means its malware-free, i was simply alleviating this misjudgment. By telling him obfuscated or minified code is completely allowed on github, and github has nothing to do with open-sources definition.
the version history on greasyfork most certainly does put to rest any concerns anyone could have about it ever being obfuscated, as you can look through every version with no minification or obfuscation present. And the creator never promoted those links with obfuscated versions of his script, you have no proof it has any relation to him, seeing as anyone could have simply obfuscated his script and posted it.

I believe this will be my final response, as it seems you’re not genuinely interested in reading or understanding the points I’ve made.

1. You have not provided any valid reasons for dismissing my reports, which are backed by substantial, verifiable evidence.

2. CharlesD clearly asked to 'share the source code on GitHub, make it open source' and you responded with 'it’s already open source' However, this code is not open source—it was heavily minified and obfuscated. While you might be able to read the userscript from GreasyFork, you can’t read the actual script from the link 'https://delt.io/v7/js/index.js'.

3. The purpose of this userscript was simply to load the real script from the URL 'https://deltav4.gitlab.io/v7/index.html'. If you struggle to understand basic JavaScript, that’s a different issue. The GreasyFork moderators agreed with my assessment in the second report (https://greasyfork.org/en/reports/72546), which is why Alexander M modified the script.

4. Regarding the links you mentioned, the web archive links are simply snapshots of the site at a specific moment in time. These archive services capture and save the content, including HTML, JS, and CSS, exactly as it appeared when archived. Once saved, the content cannot be modified. Therefore, you can refer to these archived versions to verify what the site’s code actually included. The file at 'https://delt.io/v7/js/index.js' is the real script that is being loaded.


You stated that 'most certainly does put to rest any concerns anyone could have about it ever being obfuscated'. Unless you revise this, I will report your comment. Making false claims like this is misleading and could confuse others. I’m open to discussing the issues further and helping you understand the situation, but not if you continue to mislead people.
Try to also read the reports. They explain the issue there as well.

I already put your baseless claims to rest, i do indeed have a reason to dismiss your reports, you have no evidence, you linked a file in no way verifiable to be the creators, the script never requests that domain in any versions, and yes, it is already open source, his script is fully open-source, the obfuscated script you linked is indeed obfuscated, but in now way posted by the creator, and mentioning the modifications are pointless since the script was open source in every previous version and never linked to that domain you keep throwing around, and no, your random links are not archived forms of his script from any trustable source, theyre just links to raw code, which could be from anywhere, and theyre pointless because if they were from him, you could simply send any page from https://greasyfork.org/en/scripts/399197-delta-999999-in-1/versions that ever links to that unreadable script you keep sending, or includes any unreadable code itself.

now, if youre gonna run away with the excuse that im not interested, go ahead, but i hope you find something better to do than troll all day brother. Because i seriously doubt you actually have the intelligence to make these sources which would be incriminating if they at all linked to the creator, but not the sanity to realize what youre doing.

I’ve reported your comment as I said I would, but just for kicks and laughs:

In the URL 'https://greasyfork.org/en/scripts/399197-delta-999999-in-1/versions', for version 7.3 from 'Jun 24, 2024' (https://greasyfork.org/en/scripts/399197-delta-999999-in-1/code?version=1399518):

Line 103 contains 'https://deltav4.gitlab.io'
Line 129 contains '/v7/index.html'

Combine them (since the default mode in line 105 is 'v7'), and you get 'https://deltav4.gitlab.io/v7/index.html', which just so happens to be the same file as 'https://delt.io/v7/index.html'. Oh, and by the way, 'https://deltav4.gitlab.io' redirects directly to 'https://delt.io'. Naturally, 'https://delt.io' loads the 'https://delt.io/v7/js/index.js' script, which is minified and obfuscated to top it all off.

I’m still waiting for you to revise those comments and remove the blatant falsehoods (though I’m sure you’ll once again ignore everything I’ve pointed out and make up more lies).

those urls are different from this url
https://delt.io/v7/js/index.js
seeing as that, youre the one making up lies lmao, and no, they dont redirect to that, anyone looking can click the url and see that it doesnt redirect at all

Although I am reluctant to respond to you, as it is clear by now that you are either a secondary account of the developer, Alexander M, or one of his close associates, spreading such blatant lies is extremely harmful. If you continue to do so (which you will), I will simply report your comments moving forward.

The sites 'https://delt.io/v7/js/index.js' and 'https://deltav4.gitlab.io/v7/js/index.js' are the same, and yes, 'https://deltav4.gitlab.io' does redirect to 'https://delt.io'. Denying these facts repeatedly does nothing to change their validity.

To anyone reading this review, I strongly advise staying away from this script for all the reasons outlined above.

agreed, denying does not change validity, so stop denying the fact it clearly doesnt do what you say it does.

And yes, the reasons outlined above are good reasons to not use a script, good thing they dont apply for this one.

And no, i dont know the guy, im only defending him because his geeky response of " On the contrary, these arguments are an attempt to destroy the developer's reputation." made me seriously doubt he was malicious, so i looked into it, and saw it indeed had no connection to your false evidence.

just realized you mentioned https://deltav4.gitlab.io redirected to https://delt.io, and yes, it does, the screenshot attached shows that its a multiplayer game, the one the script is for, nothing to do with your false evidence found at https://delt.io/v7/js/index.js

Anyway, this concern troll wasted a lot of other people's personal time, as well as his own, writing complaints, but got nothing in return. Fortunately, his antics did not affect the functionality of the userscript.

GreasyFork is an open platform where every user's opinion is heard—unlike the deaf, sluggish giants like Facebook, Instagram, and TikTok. I'm glad that GreasyFork remains a platform that listens to its users, even to concern trolls.

I can add that he was complaining about this userscript: deltav4.gitlab.io/deltav4.user.js (Banned on Greasefork)