I played some more rounds, carefully verifying each round. I used
https://wtools.io/php-sandbox with this php source code:
$client_seed = "...";
$server_seed = "...";
$server_seed_hash = "...";
$result_seed = hash_hmac('sha512', $server_seed, $client_seed);
$result_number = hexdec(substr($result_seed,0,10));
$lucky_number = $result_number % 10001;
echo $lucky_number;
if($server_seed_hash==hash('sha256',$server_seed)){ echo "\ntrue"; }
Most rounds verified, but occasionally it generated an abnormally long server seed whose hash didn't match, and I always lost those rounds. So the site has multiple ways of cheating.
1. If you don't request the server seed hash in advance it can change the server seed to achieve whatever result it wants, undetectably
2. even if you do request the server seed hash in advance, it will still sometimes change the server seed to achieve whatever result it wants.
Definitely 100% scam.