Author

Topic: !!! Phishing Site! Beware !!! (Read 763 times)

hero member
Activity: 712
Merit: 500
January 26, 2016, 01:41:49 PM
#11
Malware is packed with Confuser 1.9, common in this kind of malwares. Using a quick scan on Malwr (because I don't analyze malware now on my computer). It has an anti-honeypots installed, the owner might have bought a crypter to stop that.

https://malwr.com/analysis/NTI2YmMxYmJlNDUwNDY4M2EyNTZlMGUzZjYxZDIwMDE/
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
January 26, 2016, 12:51:04 PM
#10
Unsolocited PM about installing something and entering your details on a site, which has a similar name as another famous casino. What could possibly go wrong? /sarcasm
Good thing my advice came in handy for you OP.

Edit: If anyone else gets a similar PM, use the "Report to admin" feature
legendary
Activity: 1988
Merit: 1317
Get your game girl
sr. member
Activity: 406
Merit: 252
January 26, 2016, 11:58:08 AM
#8
this gyus should be banned permanently, ban their IP for life. so they cannot comeback

No this is impossible.
Because there are so many members browsing this forum with VPN.
So chances are that, same IP address will get blocked for other members too.

Better option is to ban their profile immediately after they start sending these kind of messages.
For this you must click the "Report to moderator" option.
hero member
Activity: 1316
Merit: 514
January 26, 2016, 11:54:06 AM
#7
better be careful on all the links sent via PM, double check triple check before clicking, this gyus should be banned permanently, ban their IP for life. so they cannot comeback
newbie
Activity: 14
Merit: 0
January 26, 2016, 11:52:25 AM
#6
He is back  Roll Eyes

!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!

Hello, I have my own project which will became very famous bitcoin casino soon. I need serious people who will help me with it.
 admin(you) should moderate some parts of forum/play on my casino/help me with some things/say me if he detect bugs to fix it and e.t.c I pay 2000$ per mounth also admin have to give me soviets/advices

my skype is damon3228
legendary
Activity: 1268
Merit: 1009
January 26, 2016, 10:26:03 AM
#5
Same incident happened with knightdk here.

Looks like he's on a hacking spree!
legendary
Activity: 1184
Merit: 1013
January 26, 2016, 08:17:16 AM
#4
Why don't you just try giving him a call? He'll get afraid as shit :p .
legendary
Activity: 3094
Merit: 1472
January 26, 2016, 08:10:31 AM
#3
Thanks for the whois search.

He is the one who hacked letyouearn account..Nice work @Indiana
sr. member
Activity: 406
Merit: 252
January 26, 2016, 08:01:44 AM
#2
For further information regarding the phishing site, here is the whois details.
Comment here if anyone finds similar details given below for any previous phishing sites.

btcluckycasino.com registry whois

Domain Name: BTCLUCKYCASINO.COM
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
Sponsoring Registrar IANA ID: 1606
Whois Server: whois.reg.com
Referral URL: http://www.reg.com
Name Server: NS1.REG.RU
Name Server: NS2.REG.RU
Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Updated Date: 24-jan-2016
Creation Date: 24-jan-2016
Expiration Date: 24-jan-2017

btcluckycasino.com registrar whois


Domain name: btcluckycasino.com
Domain idn name: btcluckycasino.com
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Domain ID:
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com/
Registrar URL: https://www.reg.ru/
Registrar URL: https://www.reg.ua/
Updated Date: 2016-01-24
Creation Date: 2016-01-24T16:46:54Z
Registrar Registration Expiration Date: 2017-01-24
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +7.4955801111
Registry Registrant ID:
Registrant Name: Andrey Ivanov
Registrant Organization: Yandex TDA
Registrant Street: Armeyskaya 42
Registrant City: Moscow
Registrant State/Province: MOSCOW STATE
Registrant Postal Code: 121500
Registrant Country: RU
Registrant Phone: +18004699269
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: Andrey Ivanov
Admin Organization: Yandex TDA
Admin Street: Armeyskaya 42
Admin City: Moscow
Admin State/Province: MOSCOW STATE
Admin Postal Code: 121500
Admin Country: RU
Admin Phone: +18004699269
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: Andrey Ivanov
Tech Organization: Yandex TDA
Tech Street: Armeyskaya 42
Tech City: Moscow
Tech State/Province: MOSCOW STATE
Tech Postal Code: 121500
Tech Country: RU
Tech Phone: +18004699269
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ns1.reg.ru
Name Server: ns2.reg.ru
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-01-26T15:58:27Z <<<
sr. member
Activity: 406
Merit: 252
January 26, 2016, 07:49:22 AM
#1
What happened::
A brand new user named Btctrader12 started pming me constantly for choosing me as a partner on his gambling site. He then sent a link to a phishing site of Luckybtccasino. He also sent me another link which will probably download a keylogger and gave a fake login details to camouflage that link saying that they are the login details for admin panel.

LOL! He though I was such a fool! Grin

Scammers Profile Link:
https://bitcointalksearch.org/user/btctrader12-741689

Reference Link:
1. Real casino site: https://www.luckybtccasino.com/

2. Phishing site:
Code:
http://btcluckycasino.com/
3. Keylogger:
Code:
http://btcluckycasino.com/admin.php

PM/Chat Logs:


Additional Notes:

1. Never feed any troll pms send by newbies.
2. Always investigate thoroughly a link given by them. Never follow their instructions blindly for money.
3. Always look for SSL certificate and verify if necessary. (Look at the phishing link. There is no https://)
Jump to: