Spread financial intelligence
FinTelegram has received new player evidence indicating that MixFind is not merely an anonymous website for identifying unfamiliar card charges. A screenshot reviewed by FinTelegram shows the domain embedded directly in the merchant descriptor of a Revolut card transaction allegedly initiated through the cashier of the BigClash online casino. The Revolut transaction details identify the recipient as: TCP*mixfind.com, Dublin
According to the whistleblower, the BigClash deposit was routed through play1.payment.sale before appearing in the Revolut account under the MixFind descriptor. The evidence materially strengthens the hypothesis that MixFind forms part of an active casino payment, merchant-descriptor and transaction-reconciliation architecture. However, the legal merchant, payment facilitator, processor and acquiring bank behind the transaction have not yet been independently identified.
A possible connection to the Cyprus-regulated payment institution Payabl remains under investigation and requires acquirer-level confirmation.
Key Findings
- MixFind appeared in a live card descriptor: The Revolut screenshot identifies the recipient as
TCP*mixfind.com, Dublin. - The player links the transaction to BigClash: The whistleblower says the payment originated from a deposit made through the BigClash casino cashier.
- A payment redirect was observed: The player identified
play1.payment.saleas the URL displayed during the payment journey. - MixFind claims access to transaction data: Its portal says it can cross-reference millions of transactions and retrieve merchant, contact and receipt information.
- MixFind remains anonymously operated: Its legal documents identify the operator only as โCompanyโ and provide no company name, registration number, address or jurisdiction.
- The Payabl connection is unconfirmed: Earlier FinTelegram research concerned the similar but different domain
play1.payments.saleand associated it with Payabl-related infrastructure. - The screenshot does not prove fraud: The whistleblower alleges fraudulent payments, but the submitted evidence alone does not establish whether the transaction was unauthorized, misleadingly described or otherwise unlawful.
The New Revolut Evidence

The screenshot submitted to FinTelegram shows a Revolut card-transaction detail page with the following information:
To: TCP*mixfind.com, Dublin
It also displays a masked card number and a transaction authorization code.
The appearance of mixfind.com within the merchant descriptor is significant. It indicates that the domain was not merely discovered later by the player while searching for customer support. Instead, MixFind was incorporated into the payment information transmitted through the card-processing chain and displayed by the issuing institution.
The reference to โDublinโ should not be interpreted as proof that MixFind is legally incorporated or physically established in Ireland. Merchant-location fields may reflect information configured by a merchant, payment facilitator, processor or acquirer.
From Payment Lookup Portal To Descriptor Layer

MixFind publicly presents itself as a Payment Support Portal. It asks users who do not recognize a charge to submit their name, email address, the first six and last four digits of their card, the transaction date and the exact amount. The portal claims that its system cross-references โmillions of transactionsโ and can provide the merchant name, contact information and receipt associated with a payment.
MixFindโs Terms describe the service as a billing-inquiry tool for card charges executed by its โauthorized billing partners.โ The Terms simultaneously claim that MixFind is not a financial institution and does not process payments through the portal. The operator is identified only as โCompanyโ; the sole contact disclosed is an email address.
Its Privacy Policy is more revealing. MixFind says inquiry data may be transmitted to the merchant, payment gateway or acquiring bank associated with a charge. It also claims to process data for transaction reconciliation, dispute support, fraud prevention and regulatory compliance. These statements suggest that MixFind is positioned close to one or more operational layers of the payment chain:

- merchant-descriptor management;
- transaction reconciliation;
- merchant-support routing;
- gateway or acquirer inquiries;
- dispute and chargeback handling;
- payment-facilitator infrastructure.
FinTelegram had previously identified mixfind.com as the named payee in a Skrill Prepaid Mastercard verification screen during a separate casino payment review. The new Revolut evidence indicates that the earlier observation may not have been an isolated occurrence.
The BigClash Payment Route
The whistleblower told FinTelegram that the transaction resulted from a deposit made through the BigClash casino cashier.
BigClashโs current Terms do not name the company operating the website. They refer only to the โCompany.โ The Terms state that financial operations may be processed directly by the Company, by a payment-system operator or by a third party designated by the Company.
The BigClash Privacy Notice likewise identifies the โoperator of this websiteโ as the data controller without providing the operatorโs legal name. It confirms that player data may be shared with payment providers and financial institutions for deposits, withdrawals, KYC and AML purposes.
Based on the available evidence, the provisional payment architecture is:
BigClash casino cashier
โplay1.payment.saleor another hosted payment page
โ unidentified processor or payment facilitator
โ merchant descriptorTCP*mixfind.com
โ MixFind transaction-support or reconciliation layer
โ unidentified acquirer and settlement chain
This architecture remains a working hypothesis. FinTelegram has not yet obtained the merchant ID, Acquirer Reference Number, acquirer BIN or settlement information required to identify the regulated entities involved.
The Payabl Question
The whistleblower suspects that the payment route may be connected to Payabl and says that both Payabl and MixFind have been contacted. Payabl CY Limited is authorized as a payment institution by the Central Bank of Cyprus under licence number 115.1.2.9/2018. In 2023, FinTelegram reported on several high-risk payment domains, including:
play1.payments.sale
At the time, Similarweb and Urlscan observations indicated that the domains were attributable to or associated with Payabl-related infrastructure. FinTelegram expressly stated that it was not claiming that the domains were registered by Payabl or used for unlawful purposes. The present whistleblower report refers instead to:
play1.payment.sale
The difference between payment and payments is material. It may be a transcription error, a separate domain or a related infrastructure component. The exact URL must be confirmed through browser history, screenshots, redirect logs or a screen recording.
Consequently, FinTelegramโs current assessment is:
The reported payment route resembles infrastructure previously associated with Payabl, but Payablโs participation in the specific BigClash transaction has not been independently established.
Confirmation would require evidence such as:
- Acquirer Reference Number;
- Retrieval Reference Number;
- merchant ID;
- acquirer name and BIN;
- Merchant Category Code;
- 3-D Secure authentication records;
- payment gateway logs;
- processor or settlement records.
Compliance Assessment
The evidence creates a significant transparency issue. MixFind asks consumers to submit a combination of personal and payment-related information while failing to identify the legal entity responsible for collecting and processing that data. Its Privacy Policy refers to a โCompany,โ authorized billing partners, merchants, gateways, acquiring banks and a supposed compliance team, but does not disclose who any of these parties are.
The concern becomes more serious when the same anonymous domain appears directly in card descriptors arising from casino deposit flows. The central compliance question is therefore no longer merely: Who operates MixFind?
It is now:
Which casinos, merchants, payment facilitators, processors and acquiring banks use MixFind as part of their live payment and transaction-support infrastructure?
Share Information
FinTelegram is seeking additional information from players, payment insiders, PSP employees, fraud analysts, compliance officers and acquiring-bank staff. We are particularly interested in:
- statements showing
TCP*mixfind.comor related descriptors; - BigClash deposit confirmations;
- screenshots or recordings of the complete cashier journey;
- evidence involving
play1.payment.saleorplay1.payments.sale; - ARN, RRN, merchant ID, MCC and acquirer information;
- responses from MixFind, BigClash, Payabl or Revolut;
- merchant details returned by the MixFind lookup portal;
- documents identifying MixFindโs operator or authorized billing partners;
- evidence linking MixFind to additional casinos or high-risk merchants.
Please redact full card numbers, security codes, passwords and identification documents before submitting material through Whistle42.
Right of Reply
FinTelegram invites MixFind, BigClash, Payabl and any other involved payment provider to provide clarification and documentation concerning:
- the legal entity operating MixFind;
- MixFindโs authorized billing partners;
- the reason
mixfind.comappears in live card descriptors; - the merchant of record behind the BigClash transaction;
- the processor, gateway and acquiring bank involved;
- any relationship between MixFind and Payabl;
- the use of
play1.payment.saleorplay1.payments.sale; - the legal entity operating BigClash.
Any verified response will be reviewed and appropriately reflected in FinTelegramโs reporting.




