[Rogue] GoldVipClub=Winpalace

Roanan

Banned User - abusive flamming - misogynist
Joined
Oct 6, 2009
Location
Langley, BC...in Canada, eh?
Oh wow.

I get to tie one of the roguest of the rogues to a 'legitimate' casino.

I made a thread regarding the GoldVipClub spam I received and decided to investigate further.

The trace of GoldVipClub and it's many variations (and affiliate program) tie them to the IP addresses 66.11.154.210 and 66.11.154.211

The whois shows:

Whois query for 66.11.154.210...

Results returned from whois.arin.net:

Canada Web Hosting CWHNETWORKS-1 (NET-66-11-144-0-1)
66.11.144.0 - 66.11.159.255
Hostarica Corp. CWH-HOSTARICACORP--02 (NET-66-11-154-208-1)
66.11.154.208 - 66.11.154.215

# ARIN WHOIS database, last updated 2010-03-12 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at
You do not have permission to view link Log in or register now.



Results returned from whois.arin.net:


CustName: Hostarica Corp.
Address: Edificio Centro Corporativo Internacional, 5to. Piso,
Address: Barrio. Don Bosco
City: San Jose
StateProv: ---
PostalCode: na
Country: CR
RegDate: 2009-02-27
Updated: 2009-02-27


NetRange: 66.11.154.208 - 66.11.154.215
CIDR: 66.11.154.208/29
OriginAS: AS19234
NetName: CWH-HOSTARICACORP--02
NetHandle: NET-66-11-154-208-1
Parent: NET-66-11-144-0-1
NetType: Reassigned
Comment: ---
RegDate: 2009-02-27
Updated: 2009-02-27

OrgAbuseHandle: CWHAE-ARIN
OrgAbuseName: Canada Web Hosting AUP Enforcement
OrgAbusePhone: +1-604-628-6510
OrgAbuseEmail: abuse@canadawebhosting.com

OrgNOCHandle: NETWO1168-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-604-628-6510
OrgNOCEmail: ipadmin@canadawebhosting.com

OrgTechHandle: NETWO1168-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-604-628-6510
OrgTechEmail: ipadmin@canadawebhosting.com

# ARIN WHOIS database, last updated 2010-03-12 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at
You do not have permission to view link Log in or register now.



One IP address over (66.11.154.212) is Winpalace.com

A whois of them shows:

Whois query for 66.11.154.212...

Results returned from whois.arin.net:

Canada Web Hosting CWHNETWORKS-1 (NET-66-11-144-0-1)
66.11.144.0 - 66.11.159.255
Hostarica Corp. CWH-HOSTARICACORP--02 (NET-66-11-154-208-1)
66.11.154.208 - 66.11.154.215

# ARIN WHOIS database, last updated 2010-03-12 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at
You do not have permission to view link Log in or register now.



Results returned from whois.arin.net:


CustName: Hostarica Corp.
Address: Edificio Centro Corporativo Internacional, 5to. Piso,
Address: Barrio. Don Bosco
City: San Jose
StateProv: ---
PostalCode: na
Country: CR
RegDate: 2009-02-27
Updated: 2009-02-27


NetRange: 66.11.154.208 - 66.11.154.215

CIDR: 66.11.154.208/29
OriginAS: AS19234
NetName: CWH-HOSTARICACORP--02
NetHandle: NET-66-11-154-208-1
Parent: NET-66-11-144-0-1
NetType: Reassigned
Comment: ---
RegDate: 2009-02-27
Updated: 2009-02-27

OrgAbuseHandle: CWHAE-ARIN
OrgAbuseName: Canada Web Hosting AUP Enforcement
OrgAbusePhone: +1-604-628-6510
OrgAbuseEmail: abuse@canadawebhosting.com

OrgNOCHandle: NETWO1168-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-604-628-6510
OrgNOCEmail: ipadmin@canadawebhosting.com

OrgTechHandle: NETWO1168-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-604-628-6510
OrgTechEmail: ipadmin@canadawebhosting.com

# ARIN WHOIS database, last updated 2010-03-12 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at
You do not have permission to view link Log in or register now.


In fact, if you notice that they not only have the same registered owner, the registration is for the range of IP addresses (66.11.154.208 - 66.11.154.215)

Therefore, GoldVIPClub, GoldVIPClubCasino, Goldvipcash and Winpalace are ALL THE SAME SITE
 
No, Roanan said it himself over at OCR in one of his posts in the CM Downtime thread.

Yea, I read where he said he hoped that he was not responsible for bringing on the DDOS attack by posting that info above but I was thinking you might have heard something with your pronouncement there above.
____
____
 
[derail]

HaHA! So it was this post that led to the DDOS attack. Well, at least it was what Roanan thought.

How did you deduce that Chu? You got some inside info here that you're not sharing?
____
____

No, Roanan said it himself over at OCR in one of his posts in the CM Downtime thread.

Yea, I read where he said he hoped that he was not responsible for bringing on the DDOS attack by posting that info above but I was thinking you might have heard something with your pronouncement there above.
____
____

I was merely thinking out loud regarding the strange time line if events that occurred:

-There have been many posts in the last week regarding Virtual Casinos besides my Virtual=Acerevenue=CurgamMalta=NetsurfMedia thread.
-Casinomeister gets hit with a DOS attack
-Webczas makes an announcement regarding the attack on OCR.
-The thread starts getting active as CM members find it.
-An OCR account made in December by someone from the Virtual Group suddenly becomes active and posts three spams for TheVirtualCasino
-The spams get reported, deleted and 'VirtualCasino' gets banned
-Shortly after their banning, OCR gets hit with a DOS attack


It's a strange sequence of events which lead me to surmise that Virtual MAY be behind it and MAY have an undiscovered virus/trojan in their software that allowed them to control computers with a Virtual Group casino on it to direct the attack on CM

This is only an opinion, but I certainly wouldn't put it past them.

[/derail]

As for my thread here, while CM was down, I received confirmation from the ISP that hosts the web pages for both GoldVIPClub and Winpalace that the bills are paid by the same person.
 
[derail]









I was merely thinking out loud regarding the strange time line if events that occurred:

-There have been many posts in the last week regarding Virtual Casinos besides my Virtual=Acerevenue=CurgamMalta=NetsurfMedia thread.
-Casinomeister gets hit with a DOS attack
-Webczas makes an announcement regarding the attack on OCR.
-The thread starts getting active as CM members find it.
-An OCR account made in December by someone from the Virtual Group suddenly becomes active and posts three spams for TheVirtualCasino
-The spams get reported, deleted and 'VirtualCasino' gets banned
-Shortly after their banning, OCR gets hit with a DOS attack


It's a strange sequence of events which lead me to surmise that Virtual MAY be behind it and MAY have an undiscovered virus/trojan in their software that allowed them to control computers with a Virtual Group casino on it to direct the attack on CM

This is only an opinion, but I certainly wouldn't put it past them.

[/derail]

As for my thread here, while CM was down, I received confirmation from the ISP that hosts the web pages for both GoldVIPClub and Winpalace that the bills are paid by the same person.

Given that RTG installers constantly trigger "false positives", it would be EASY to get a genuine trojan past a player's defences. They would either KNOW about the issue, and routinely ignore such warnings triggered from an RTG installer, or they would tell support, who would tell them it was a false positive, and maybe point them to the many forum posts on the subject - which would probably be enough to convince them.

Given that RTG lobbies can differ substantially from each other, there is probably a fair bit of local coding that operators can add, whereas with software such as MGS, they can only alter colours and some designs, and anything else is ringfenced in the "news" or "promotions" page of the lobby, which uses a browser plug-in.

The likelihood is even greater that they simply hired a botnet that already existed, as there may not be enough PCs infected by a Virtual casino. Past behaviour from GoldVIPClub demonstrates that they will do what is necessary, and "sod the rule of law". This is pretty similar to how Virtual behave when backed into a corner - they will even use hired thugs against a player if they can get to him.

Now, are GoldVIPClub connected to Virtual? Virtual are well known rogues, so it makes sense that any future casinos they open will be disguised as nothing to do with Virtual. There is also compelling evidence that Virtual bought up the old Crystal Palace casinos, rebranded them to erase history, and now market them as "new" casinos, which have nothing to do with "old" Virtual.

The problem with DDOS attacks is that it is almost impossible to trace the culprits behind them, any logs at best trace back to infected computers.
 
I wasn't able to tie Virtual to GoldVIPClub (just every other rogue on the planet) but I have tied Winpalace to GoldVIPClub.

Winpalace even has a CM rep, plus they're the sister site to Mayflower (TopGame)

A 'legitimate' casino directly tied to one that can't even be considered a casino because it only exists to distribute viruses and commit fraud.

(Maybe that's how they can afford licenses for two different software providers)
 
Hello,‎

Following is a reply I received from Winpalace:‎

"In response to a thread in this forum about a relationship between Winpalace Casino and other ‎casinos, allow me to clarify this concern: Winpalace is a 100% independent casino; its sole sister casino ‎is Mayflowercasino.com. ‎

We have forwarded this claim to Hostarica (our hosting provider) for clarification. This has been very ‎disturbing for us and we will do everything in our power to correct this misconception.‎

Winpalace Casino is known for its good reputation in terms of fair gaming practices, security and overall ‎credibility, and we hope to rectify this situation as soon as possible.‎

Furthermore, Winpalace Casino has proven itself many times as an honest and reliable brand, as ‎evident by our responses to claims posted in this forum."



Kind regards,

Daniel
 
Daniel, it might be a good idea to clarify, perhaps by the forum signature function, that you are the Affiliate manager for Affactive - the program behind WinPalace & Mayflower.

Anyone who didn't know might be wondering who you are and why you posted that! ;)

KK
 

Users who are viewing this thread

Meister Ratings

Back
Top