Hey guys, I made this thread in the scammer's main thread:
I'm new here and wanted to start by helping fellow members.
I think there's tons of more info to be found. I will update as soon as I report them to the service providers as well as if I find more details.
Hey guys, I just joined bitcointalk, and I want to start a poker site, so I have been looking into the competition, and seeing that cryptopokergroup.com is scamming members, I decided to take a look and this is what I found so far:
https://www.whois.com/whois/cryptopokerclub.io - The whois info of their first domain
https://www.whois.com/whois/cryptopokergroup.com - The whois info of their latest domain.
I found several things that can be used to corrupt their site, if you guys so desire:
I found their "admin" login page:
https://admin.cryptopokergroup.com/login/default.aspx?ReturnUrl=%2fDude, that admin login page is so insecure and I may bruteforce my way into logging into their scammer's cave. That's probably where all the scams start.
Also, I found several emails to contact in case of abuse (which I will place down below).
Also, I found where their game servers are, Data Miners S.A. ( Racknation.cr )
I will submit abuse emails and reports to all parties laid here, in order to take down this scammer site once and for all. I don't think we can save any scammed coins, but we can stop these scammers from taking from more people.
Their server IP from cryptopokergroup.com is on
https://www.racknation.cr/ is: 190.112.223.106 (Racknation.cr IP)
Their admin, affiliate and game servers IPs is: 190.112.223.106 (Racknation.cr IP)
Their root public site IP is: 192.64.115.146 (Namecheap.com Hosting IP)
So, in short, their affiliate, admin and game servers are located at
https://www.racknation.cr/ and their root domain hosting (the site that everyone sees), is hosted at
https://www.namecheap.com/hosting/In regards to their emails, they are managed from Google with these servers:
alt2.aspmx.l.google.com
aspmx.l.google.com
alt3.aspmx.l.google.com
alt4.aspmx.l.google.com
alt1.aspmx.l.google.com
Also, their google site verification code is:
google-site-verification=jQPChjSS9oLB59VXNUJmuaIzGGJb-46EuceY4jzdinc
So, as I said, we can just send tons of emails to the abuse departments of each service provider and hope they take down their service and pass their details to the authorities.
Hopefully, Racknation.cr will cooperate as that's where the main scam operation takes place (the game server, logs, the admin scam panel, etc)
When I find more info and after I report these scammers, I will post here or on the scam accusation thread (
https://bitcointalk.org/index.php?topic=5243049.0)
Also, I found some subdomains of the deleted cryptopokerclub.io and their ongoing scam site cryptopokergroup.com:
lyncdiscover.cryptopokerclub.io
instantplay.cryptopokerclub.io
game.cryptopokerclub.io
affiliate.cryptopokerclub.io
admin.cryptopokerclub.io
instantplay.cryptopokergroup.com
game.cryptopokergroup.com
affiliate.cryptopokergroup.com
admin.cryptopokergroup.com
EDIT:
At game.cryptopokergroup.com I found 3 .exe files
SetupCryptoPoker247.exe
SetupCryptoPokerClub.exe
SetupCryptoPokerGroup.exe
I don't suggest you download these at all, but If needed, I uploaded them securely:
https://mega.nz/file/ok9lhCrB#7PDsR__gLSHVNfGSVQnEeefyy5zvpaWA1SrFYRyLWqwhttps://mega.nz/file/l50VhCRC#g3g-pkZUQIxbfyfv1so9gTibmQ53eEgZ6-pLM8lG5vwhttps://mega.nz/file/M40zWQJT#YGMMwiabsSHuZNBOlDwKa8xDlCVUe5XDFyWoOCGJlhgEDIT 2:
it seems that domain cryptopokergroup.com is also propagating malware through exe files.
The setup files can be found at:
https://game.cryptopokergroup.com/SetupCryptoPokerClubhttps://game.cryptopokergroup.com/https://game.cryptopokergroup.com/SetupCryptoPoker247https://game.cryptopokergroup.com/SetupCryptoPokerGroupJust add .exe to the files above as it seems btc talk censors the links
It seems that SetupCryptoPokerGroup.exe and SetupCryptoPokerClub.exe files are the same, just the name changed.
Anyway, as two files are the same, only 2 scans could be done. The results are below:
https://www.hybrid-analysis.com/sample/b6d6af6e588eca6422cf4829cf2f4bacf324ecdf7830930296e4a7408c338a97https://www.hybrid-analysis.com/sample/593ce36fea679d7ed8db2881e89c6650c18202cbaee608d901ea9db33541fd54If, by the time the setup exe files can't be found in those URLs, there are backups at:
https://mega.nz/file/ok9lhCrB#7PDsR__gLSHVNfGSVQnEeefyy5zvpaWA1SrFYRyLWqwhttps://mega.nz/file/l50VhCRC#g3g-pkZUQIxbfyfv1so9gTibmQ53eEgZ6-pLM8lG5vwhttps://mega.nz/file/M40zWQJT#YGMMwiabsSHuZNBOlDwKa8xDlCVUe5XDFyWoOCGJlhgEDIT 3:
Also, it's possible that the game server could send your hole cards to the game server. This is not verified yet, but it's possible that's what could happen.