"Vote for my Team" Steam Scam

Phishing
1

Popup - https://esports-cups.com/

Associated Steam Accounts:
https://steamcommunity.com/profiles/76561199128995018
https://steamcommunity.com/profiles/76561199030158489/

Associated Email Address - [email protected]

Scammer asked the victim to register on the site so he could quickly take part in an "amateur tournament." The site includes an option to sign in/register on Steam, which opens up a fake popup used to steal victims' login credentials.

A WhoIs lookup reveals that the site is operated out of Moscow, Russia, though the country code lists it as from "Antarctica."
https://www.whois.com/whois/esports-cups.com

2

This is definitely a phish (but a pretty sneaky one). See </s>/html/body/div[2]/div[1]/div[2]<e> (DOM XPath). Also, the green lock icon thats suppossed to indicate HTTPS doesn’t work.

They seem to be using Cloudflare as a reverse proxy / caching solution, and Akamai as a CDN for some extra static files. I've reported this to Cloudflare, and am in the process of getting in contact with Akamai.
3

On the website chat, Akamai just said to call their main customer support number and they will get it taken down. I can’t talk on the phone right now, so if someone else could try and get Akamai to take it down (they said they would), that would be great.

4

I’ll get them!

5

Thanks so much @HereIronman7746#189141 !

One more thing, I just reported it to the Google Safe Browsing service too. That should just about cover as many bases as we can.

6

Server IP 1: 104.21.76.246

Server IP 2: 172.67.202.127

Server 1:
Server IP 1: 104.21.76.246
ISP: CLOUDFLARENET
ASN: 13335
WhoIS: https://www.infobyip.com/ipwhois-104.21.76.246.html
DNS: No Records Found

Server 2:
Server IP 2: 172.67.202.127
ISP: CLOUDFLARENET
ASN: 13335
WhoIS: https://www.infobyip.com/ipwhois-172.67.202.127.html
DNS: No Records Found

-----------------------------------------------------------------------------

Reverse DNS Info: https://viewdns.info/reverseip/?host=esports-cups.com&t=1
Report Here: https://www.cloudflare.com/abuse/
Report Steam Here: https://extremereportbot.com/main/

Domain host: https://reg.ru
Domain abuse contact: [email protected]

More Info: https://www.domain.com/whois/whois/?search=esports-cups.com

7

@__fn_reality#189148 I did it, I contacted cloudflare too and will be contacting their domain provider

I can do more than google safe search.


8

@HereIronman7746#189155 Sounds good, thanks!

9

https://imgur.com/a/bXOYCEK

Thanks Cloudflare!

10

@__fn_reality#189196 Congratulations, Nice :slight_smile:

11

@__fn_reality#189196 BTW, they forwarded my report to their hosting provider, so we did it

12

@HereIronman7746#189352 Same