Author

Topic: potential scammer BtcCasinoOwner (Read 760 times)

newbie
Activity: 14
Merit: 250
January 26, 2016, 01:44:05 PM
#8
You must be kidding. So, is he saying the same bullshit to everyone?, I mean, either he is pretending to be a fool or I would be really surprised that someone like him could hack anything...

2000 USD for that job?, with that shitty English? (I know, mine is not perfect either, that is not the point), Pretty well-known Casinos, with a long history here, "about to launch"?

To the OP, make the links to the phishing site unclickable. Anyone wishing to visit it can perfectly copy-paste the link.
legendary
Activity: 1456
Merit: 1005
January 26, 2016, 08:58:07 AM
#7
This guy is an alt of same scammer - https://bitcointalksearch.org/user/btctrader12-741689

Here is his message to me today -



I asked him he is an alt of this guy than went offline immediately. It looks like he is targetting to spread some virus. Do not install any thing from any one.
staff
Activity: 3458
Merit: 6793
Just writing some code
January 25, 2016, 06:01:10 PM
#6
Yep this is the same guy I was speaking to. I changed my pw and when I entered ot incorrectly I freaked out and thought I was hacked. Ended up waking up today entered correct pw and changed pw again just to be safe.
Yeah, I just did pretty much the same thing. I typed in the password incorrectly when I set it so I had to reset the thing by email after I logged out to test it.

Plus ran a scan o my PC and removed 2 Trojans and a downloader virus that may or may not have come from that link
I should do that too.
legendary
Activity: 1204
Merit: 1000
January 25, 2016, 05:56:08 PM
#5
Please change your account password asap ...

Recently letyouearn lost the account when he clicked the link.

https://bitcointalksearch.org/topic/my-account-letyouearn-got-hacked-1339269

Similiarly yahoo62278 was also going to lose his account but he changed the password early.
Interesting. Well, even though I didn't run the program, I still changed my password just to be safe.

This people are targeting many Hero members recently, good that you changed the password before he changes for you, these people should be negged asap.
legendary
Activity: 3808
Merit: 4603
Contact @yahoo62278 on telegram for marketing
January 25, 2016, 05:53:13 PM
#4
Yep this is the same guy I was speaking to. I changed my pw and when I entered ot incorrectly I freaked out and thought I was hacked. Ended up waking up today entered correct pw and changed pw again just to be safe. Plus ran a scan o my PC and removed 2 Trojans and a downloader virus that may or may not have come from that link
staff
Activity: 3458
Merit: 6793
Just writing some code
January 25, 2016, 05:52:18 PM
#3
Please change your account password asap ...

Recently letyouearn lost the account when he clicked the link.

https://bitcointalksearch.org/topic/my-account-letyouearn-got-hacked-1339269

Similiarly yahoo62278 was also going to lose his account but he changed the password early.
Interesting. Well, even though I didn't run the program, I still changed my password just to be safe.
legendary
Activity: 3094
Merit: 1472
January 25, 2016, 05:40:41 PM
#2
Please change your account password asap ...

Recently letyouearn lost the account when he clicked the link.

https://bitcointalksearch.org/topic/my-account-letyouearn-got-hacked-1339269

Similiarly yahoo62278 was also going to lose his account but he changed the password early.
staff
Activity: 3458
Merit: 6793
Just writing some code
January 25, 2016, 05:38:53 PM
#1
What happened:: I was contacted by this person who said he was asking me to work with him by being an admin at an online casino. We exchanged skypes and then he told me to visit the casino web page. The site is btcluckycasino.com/ (<--- BEWARE, POTENTIALLY MALICIOUS SITE) which is an exact clone of https://www.luckybtccasino.com/, down to the links and everything. This site is potentially a phishing site for luckybtcasino user's logins. Then he directed me to the admin page btcluckycasino.com/admin.php(<-- BEWARE MAY CONTAIN MALWARE) where the page required that the user download adobe flash in order to access the page. Of course I downloaded the file, but did not run it. This is the result of a virustotal scan on it: https://www.virustotal.com/en/file/fe8228f67b1faae45dffe7f1aa754d89650b4d20c67f2dc1033683b1aae9663c/analysis/. At this point, I told him this was very suspicious, he claimed it was to "get users" and that he had "coders" who made the site which made it look like that and have that behavior.

Scammers Profile Link: https://bitcointalksearch.org/user/btccasinoowner-739421

Reference Link:
Amount Scammed:
Payment Method:
Proof of Payment:
PM/Chat Logs:
PMs:
Quote from: BtcCasinoOwner
Hello, I have my own project which will became very famous bitcoin casino soon. I need serious people who will help me with it.
 admin(you) should moderate some parts of forum/play on my casino/help me with some things/say me if he detect bugs to fix it and e.t.c I pay 2000$ per mounth also admin have to give me soviets/advices

my skype is damon3228
Quote from: knightdk
Seems interesting. What is the website and how successful do you think it will be? I will take a look. I don't really have a lot of time right now, but I should have some more time in a week or two. I can still help out during that time though, just maybe not as much as I could.
Quote from: BtcCasinoOwner
btcc
btcluckycasino.com/  thats my casino
do you have skype or telegram
!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!

btcc
http://btcluckycasino.com/  thats my casino
I will take a look.

do you have skype or telegram
I have a skype, but I don't know if I can still login to it. I will let you know in a few minutes.

Skype:
Quote
[5:04:11 PM] Pasha BitcoinTry Main Admin: Hello
[5:04:28 PM] A C: hello
[5:05:58 PM] Pasha BitcoinTry Main Admin: knightdk
[5:06:00 PM] Pasha BitcoinTry Main Admin: ?
[5:06:03 PM] A C: yes
[5:06:11 PM] Pasha BitcoinTry Main Admin: so you looked on my site?
[5:06:14 PM] Pasha BitcoinTry Main Admin: what can you say
?
[5:06:42 PM] A C: I have looked at it briefly, not in depth yet.
[5:06:51 PM] A C: I am currently a little busy with some other stuff though
[5:07:26 PM] Pasha BitcoinTry Main Admin: okay I just saying : I need from you 2-3 hours online .I pay 1.5 btc per week of working,
[5:08:07 PM] A C: is that 2-3 hours per week or per day?
[5:08:39 PM] Pasha BitcoinTry Main Admin: 5-6 hours per week
[5:09:52 PM] A C: I will be able to do that, although the times I am online might not be very consistent
[5:09:57 PM] A C: What is it that you need me to do?
[5:11:35 PM] Pasha BitcoinTry Main Admin: you have to do some not hard things, its will not take much time , I described all you need to know in Admin panel FAQ
[5:11:41 PM] Pasha BitcoinTry Main Admin: sec I will give you access to admin panel
[5:11:59 PM] A C: do I need to register?
[5:12:14 PM] Pasha BitcoinTry Main Admin: nope I will give you logs from admin panel
[5:12:20 PM] A C: k
[5:12:36 PM] Pasha BitcoinTry Main Admin: btcluckycasino.com/admin.php
user : admin322
pw : 2216727y0025kf2nms1jkjghf9112*5412
[5:15:07 PM] A C: seems very suspicious. The admin panel requires an old version of adobe flash.
[5:15:16 PM] A C: your site is a clone of luckybtccasino.com
[5:15:57 PM] A C: no site for an admin panel should require adobe flash
[5:16:03 PM] A C: it is simply bad design
[5:16:32 PM] Pasha BitcoinTry Main Admin: Yea codders said me what their admin panel requires 15 version of flash player- I updated it
also yeah its looks like luckybtccasino but I will change desighn on this week , some group of codders making uncial desighn for my casino
[5:16:38 PM] Pasha BitcoinTry Main Admin: they said tomorrow
[5:16:41 PM] Pasha BitcoinTry Main Admin: its will be finished
[5:16:49 PM] Pasha BitcoinTry Main Admin: don't worry man
[5:18:33 PM] Pasha BitcoinTry Main Admin: I did it like luckybtccasino to advertise for beggining
[5:18:37 PM] Pasha BitcoinTry Main Admin: i will change it soon
[5:18:56 PM] Pasha BitcoinTry Main Admin: you can see new types of desighn in admin panel I'm added here exemples
[5:18:57 PM] A C: I am calling bullshit on this one
[5:19:14 PM] A C: everything on the site links to luckybtccasino, not to btcluckycasino
[5:19:51 PM] Pasha BitcoinTry Main Admin: ye its only for now to get traffic/and users
[5:21:28 PM] A C: No, it does not. In no way shape or form would having every single thing that is a link on that page be linked to luckybtccasino be able to get users.
[5:21:44 PM] Pasha BitcoinTry Main Admin: i will fix it tomorrow..
[5:22:04 PM] Pasha BitcoinTry Main Admin: also I'm going to buy advertising for 5000$ so our casino will get famous soon
[5:22:08 PM] Pasha BitcoinTry Main Admin: and we get very good profit
[5:23:36 PM] A C: I will check tomorrow. If it still requires flash and is an exact clone of luckybtccasino in 24 hrs, then I will be opening a scam accusation against you
[5:24:23 PM] Pasha BitcoinTry Main Admin: whats your problem lol
[5:24:55 PM] A C: In fact, I think I might just do that now to prevent you from being able to potentially scam people.
[5:25:05 PM] A C: The problem is that your site has every indication of being a scam attempt
[5:25:19 PM] A C: You ask people through PM to work for you for a really nice pay.
[5:25:33 PM] A C: Then you direct them to an admin page which requires that the person downloads a software that is probably a virus
[5:25:51 PM] A C: The site itself is an exact clone of luckbtccasino.com's frontpage
[5:26:00 PM] Pasha BitcoinTry Main Admin: look
[5:26:03 PM] A C: It even has all of the links and such still pointing to luckybtcasino
[5:26:03 PM] Pasha BitcoinTry Main Admin: beside
[5:26:03 PM] Pasha BitcoinTry Main Admin: you
[5:26:06 PM] Pasha BitcoinTry Main Admin: IT IS A BEAR
[5:26:24 PM] A C: need I say anymore?

Additional Notes: This is probably a scheme that he will be attempting on many other users to get them to download the software which is probably malware.

Whois lookup of the site:
Quote
Domain name: btcluckycasino.com
Domain idn name: btcluckycasino.com
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Domain ID:
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com/
Registrar URL: https://www.reg.ru/
Registrar URL: https://www.reg.ua/
Updated Date: 2016-01-24
Creation Date: 2016-01-24T16:46:54Z
Registrar Registration Expiration Date: 2017-01-24
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +7.4955801111
Registry Registrant ID:
Registrant Name: Andrey Ivanov
Registrant Organization: Yandex TDA
Registrant Street: Armeyskaya 42
Registrant City: Moscow
Registrant State/Province: MOSCOW STATE
Registrant Postal Code: 121500
Registrant Country: RU
Registrant Phone: +18004699269
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: Andrey Ivanov
Admin Organization: Yandex TDA
Admin Street: Armeyskaya 42
Admin City: Moscow
Admin State/Province: MOSCOW STATE
Admin Postal Code: 121500
Admin Country: RU
Admin Phone: +18004699269
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: Andrey Ivanov
Tech Organization: Yandex TDA
Tech Street: Armeyskaya 42
Tech City: Moscow
Tech State/Province: MOSCOW STATE
Tech Postal Code: 121500
Tech Country: RU
Tech Phone: +18004699269
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ns1.reg.ru
Name Server: ns2.reg.ru
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-01-26T01:36:44Z <<<

For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.


% By submitting a query to REG.RU Whois Service
% you agree to abide by the following terms of use:
% http://www.reg.ru/whois/servpol (in Russian)
% http://www.reg.com/whois/servpol (in English)

Picture of the admin page:
Jump to: