FUTURE10S opened this issue
Not Assigned
User Reports
Medium
Everyone
Closed

User Report: 76561198408972054 (Pacific Ocean <3)

Very quickly to anyone who finds this page: DO NOT ENGAGE WITH ANY OF THIS USER'S ALIASES. HE HAS HAD DOZENS IF NOT HUNDREDS OF ACCOUNTS. IF YOU ARE CURRENTLY BEING OFFERED A GAMBLING SITE PROMOTION, DO NOT GIVE AWAY ANY INFORMATION OR ITEMS, YOU WILL NOT SEE IT BACK.

Attempted gambling scam. Dude claimed to be a moderator of tf2fortune.com and said that if I advertise it on my profile page, he'll rig the gambling once a week in my favour.

Archived Steam profile: http://archive.is/j62g9

Full chat log: https://imgur.com/a/ZcyE9bm

The site was run in a Linux Mint VM to minimize effects of potential malware. Most of the discussion and my subsequent research was recorded in OBS.

Image of site: https://i.imgur.com/gJXTnpg.jpg

Site trade link: https://i.imgur.com/s6GJ7AI.jpg

Rigging the site: https://i.imgur.com/CYiJG4k.jpg

And now for the actual fun part: Checking ICANN, turns out this shitshow is operated by Anton Zharikov. Whether it's an alias or his real name, I don't know, but looking up his email, he's already a very well known scammer in the community, dating back to 2014 with PayPal scams and possibly earlier. Thankfully, thanks to other people's diligence at finding his info, and a number of crawling sites, I've also gotten a list of domain names he's used in the past.

Registrant Contact

Name: Anton Zharikov

Organization: Private Person

Mailing Address: Pushkinskaya, dom 4, kv. 2, Moskva Moskva 880044 RU

Phone: +380.953289216

Email: Ski-09@mail.ru

And here's the domain names in question:

skins-white.com

dota2revenge.com

market-dota.net

tf2success.com

tf2steel.com

tf2legendary.com

marketsignin.com

tf2legend.com

tf2safari.com

tf2silver-plate.com

dota2loot.net

tf2harvest.com

tf2burning.com

tf2splendor.com

tf2stick.com

tf2goost.com

tf2violet.com

tf2angel.com

tf2wheel.com

tf2aqua.com

tf2wonder.com

lis-trades.com

tf2pounce.com

skinsblue.com

tf2euro.com

tf2bowl.com

tf2skull.com

tf2vogue.com

tf2raven.com

dota2black.com

max-skins.com

tf2lord.com

tf2dark.com

skinstradebot.com

tf2bunch.com

tf2effect.com

skinsduck.com

tf2red.com

dota2eagle.com

tf2crown.com

tf2smart.com

tf2snipe.com

tf2cyber.com

tf2purple.com

tf2sweet.com

tf2fade.com

tf2diamond.com

tf2join.com

dota2target.com

skinsnine.com

dota2moon.com

dota2glory.com

skinswaves.com

skinstwice.com

skinsravage.com

skinsdestiny.com

skinszipper.com

skinswhite.com

its-not-scam.pro

skinscores.com

shuffleskinz.com

skinsbrawl.com

dota2blades.com

skinsplays.com

skinsmagic.com

skinspolygon.com

skinstrue.com

skinsjoin.com

skinsdeep.com

dota2farm.com

snipercoins.com

skinswood.com

skinswings.com

easypotz.com

skinshunts.com

dota2hive.com

skinsactions.com

skinsplanets.com

skinsmain.com

skinsaction.com

skinsbeats.com

betsntrade.com

dota2blaze.com

skinsfly.com

dota2thunder.com

skinspied.com

skins-pot.com

skins-roll.com

skinsburn.com

skinsflow.com

skinsvertigo.com

skins-loot.com

skinsxlot.com

skinsamber.com

skins-lot.com

skins-easy.com

skinsxwrap.com

skins-wrap.com

skins-force.com

skins-spectrum.com

Every last one of these is fraudulent.

Lastly, I also backed up the main page of his site and the javascript code he used, just in case someone's making a steam scam extension and wants code that'll either be reused or has been.

If you need any more information, let me know.

Tags
#resolved
  • Avatar
    Marty Birdman commented

    The screenshots of chat you've provided are cropped, and need to be reformatted.


    Please provide uncropped (whole screen visible)/unedited screenshot proof of your interactions with this user and any other users involved in this scam attempt. If you have access to these from the original chat window, please provide them. Upload them to an image hosting service (imgur, for example) and post the links here.


    If you no longer have access to your original chat window with this user, you can instead recover chatlogs here - https://help.steampowered.com/en/accountdata/GetFriendMessagesLog - and when you take screenshots of them, please do so in a web browser rather than Steam client and hover your mouse over the name of the user you are interacting with so that their profile URL displays in the lower left hand corner of the screen (and again, remember not to crop or edit them in any way). Then upload them to an image hosting service (imgur, for example) and post the links here.

  • Avatar
    FUTURE10S commented · FUTURE10S edited

    https://imgur.com/a/3EKe4JQ Is this good enough? By default, Greenshot's window capture crops everything unrelated.

  • Avatar
    Marty Birdman commented

    The screenshots provided above are acceptable proof of the chat itself. However, please also take one screenshot from https://help.steampowered.com/en/accountdata/GetFriendMessagesLog as well, formatted as requested in my initial post. This will help us prove that the chat shown was really with the reported user. One additional screenshot should be sufficient to do this.


    Notes:

    http://archive.is/yHzZb

    https://imgur.com/a/BLux6CG - Chat1

    https://imgur.com/a/SlGRv11 - Chat2

    https://imgur.com/a/a4Agq6A - Chat3

    https://imgur.com/a/dmuDhoo - Chat4

    https://imgur.com/a/OX2bLVn - Chat5

    https://imgur.com/a/mHy9TCw - Chat6

  • Avatar
    FUTURE10S commented

    Sorry for not getting back sooner, I don't go on bp.tf that often.


    https://i.imgur.com/ueX0yY5.png

  • Avatar
    Marty Birdman commented

    Thank you for following up - the reported user has been banned from the site, and your report has been marked ready for review. Our admin will assess if a tag can be applied as soon as they are available.


    Notes:

    https://imgur.com/a/nInZHir - Chat w/ URL

  • Avatar
    Teeny Tiny Cat commented

    Tag applied.

  • Avatar Teeny Tiny Cat set the issue's status to Closed