Title: !!! Phishing Site! Beware !!! Post by: Indianacoin on January 26, 2016, 12:49:22 PM What happened::
A brand new user named Btctrader12 started pming me constantly for choosing me as a partner on his gambling site. He then sent a link to a phishing site of Luckybtccasino. He also sent me another link which will probably download a keylogger and gave a fake login details to camouflage that link saying that they are the login details for admin panel. LOL! He though I was such a fool! ;D Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=741689 Reference Link: 1. Real casino site: https://www.luckybtccasino.com/ 2. Phishing site: Code: http://btcluckycasino.com/ Code: http://btcluckycasino.com/admin.php PM/Chat Logs: Additional Notes: 1. Never feed any troll pms send by newbies. 2. Always investigate thoroughly a link given by them. Never follow their instructions blindly for money. 3. Always look for SSL certificate and verify if necessary. (Look at the phishing link. There is no https://) Title: Re: !!! Phishing Site! Beware !!! Post by: Indianacoin on January 26, 2016, 01:01:44 PM For further information regarding the phishing site, here is the whois details.
Comment here if anyone finds similar details given below for any previous phishing sites. btcluckycasino.com registry whois Domain Name: BTCLUCKYCASINO.COM Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC Sponsoring Registrar IANA ID: 1606 Whois Server: whois.reg.com Referral URL: http://www.reg.com Name Server: NS1.REG.RU Name Server: NS2.REG.RU Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Updated Date: 24-jan-2016 Creation Date: 24-jan-2016 Expiration Date: 24-jan-2017 btcluckycasino.com registrar whois Domain name: btcluckycasino.com Domain idn name: btcluckycasino.com Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Registry Domain ID: Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com/ Registrar URL: https://www.reg.ru/ Registrar URL: https://www.reg.ua/ Updated Date: 2016-01-24 Creation Date: 2016-01-24T16:46:54Z Registrar Registration Expiration Date: 2017-01-24 Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: email@reg.ru Registrar Abuse Contact Phone: +7.4955801111 Registry Registrant ID: Registrant Name: Andrey Ivanov Registrant Organization: Yandex TDA Registrant Street: Armeyskaya 42 Registrant City: Moscow Registrant State/Province: MOSCOW STATE Registrant Postal Code: 121500 Registrant Country: RU Registrant Phone: +18004699269 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: email@mail.ru Registry Admin ID: Admin Name: Andrey Ivanov Admin Organization: Yandex TDA Admin Street: Armeyskaya 42 Admin City: Moscow Admin State/Province: MOSCOW STATE Admin Postal Code: 121500 Admin Country: RU Admin Phone: +18004699269 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: email@mail.ru Registry Tech ID: Tech Name: Andrey Ivanov Tech Organization: Yandex TDA Tech Street: Armeyskaya 42 Tech City: Moscow Tech State/Province: MOSCOW STATE Tech Postal Code: 121500 Tech Country: RU Tech Phone: +18004699269 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: email@mail.ru Name Server: ns1.reg.ru Name Server: ns2.reg.ru DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2016-01-26T15:58:27Z <<< Title: Re: !!! Phishing Site! Beware !!! Post by: Avirunes on January 26, 2016, 01:10:31 PM Thanks for the whois search.
He is the one who hacked letyouearn account..Nice work @Indiana Title: Re: !!! Phishing Site! Beware !!! Post by: stingers on January 26, 2016, 01:17:16 PM Why don't you just try giving him a call? He'll get afraid as shit :p .
Title: Re: !!! Phishing Site! Beware !!! Post by: notaek on January 26, 2016, 03:26:03 PM Same incident happened with knightdk here (https://bitcointalk.org/index.php?topic=1340882).
Looks like he's on a hacking spree! Title: Re: !!! Phishing Site! Beware !!! Post by: WouchtSack on January 26, 2016, 04:52:25 PM He is back ::)
!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!! Hello, I have my own project which will became very famous bitcoin casino soon. I need serious people who will help me with it. admin(you) should moderate some parts of forum/play on my casino/help me with some things/say me if he detect bugs to fix it and e.t.c I pay 2000$ per mounth also admin have to give me soviets/advices my skype is damon3228 Title: Re: !!! Phishing Site! Beware !!! Post by: pinoycash on January 26, 2016, 04:54:06 PM better be careful on all the links sent via PM, double check triple check before clicking, this gyus should be banned permanently, ban their IP for life. so they cannot comeback
Title: Re: !!! Phishing Site! Beware !!! Post by: Indianacoin on January 26, 2016, 04:58:08 PM this gyus should be banned permanently, ban their IP for life. so they cannot comeback No this is impossible. Because there are so many members browsing this forum with VPN. So chances are that, same IP address will get blocked for other members too. Better option is to ban their profile immediately after they start sending these kind of messages. For this you must click the "Report to moderator" option. Title: Re: !!! Phishing Site! Beware !!! Post by: Joel_Jantsen on January 26, 2016, 05:00:42 PM This dude damon3228 is not only hacking bitcoin talk accounts but he is posting the same add on other crypto forums such as :
https://cryptocointalk.com/topic/44417-need-administrators-for-bitcoin-casino/ http://cryptocurrencybuzz.com/news/need-administrators-for-bitcoins-casino/ https://forum.bits.media/index.php?/topic/20127-nuzhny-adminy-dlia-kazino-bitkoinov/ Title: Re: !!! Phishing Site! Beware !!! Post by: mexxer-2 on January 26, 2016, 05:51:04 PM Unsolocited PM about installing something and entering your details on a site, which has a similar name as another famous casino. What could possibly go wrong? /sarcasm
Good thing my advice came in handy for you OP. Edit: If anyone else gets a similar PM, use the "Report to admin" feature Title: Re: !!! Phishing Site! Beware !!! Post by: LordCoder on January 26, 2016, 06:41:49 PM Malware is packed with Confuser 1.9, common in this kind of malwares. Using a quick scan on Malwr (because I don't analyze malware now on my computer). It has an anti-honeypots installed, the owner might have bought a crypter to stop that.
https://malwr.com/analysis/NTI2YmMxYmJlNDUwNDY4M2EyNTZlMGUzZjYxZDIwMDE/ |