So you accepted a random friend request and now they want you to play in some league or vote for their team. You might be interested in comp so you might be tempted to click the link but you're unsure as it's not your average rgl, FaceIt, or whatever sweatbucket you know about link. Even though some sort of alarm should be ringing, or at least some scepticism should arise, you want to go ahead and help this stranger out.

This guide exists to tell you the obvious because copy-pasting a link is less typing for me than posting this stuff in the hourly forum post asking about one of these sites. Excuse any ♥♥♥♥♥♥ images or grammar errors as I did not proofread and you don't need to know my bookmarks and taskbar.

Don't. Instead of me just telling you the website is a scam and leaving, you're going to gain the ability to figure this out for yourself if your intuition somehow isn't screaming that something's off.


A quick way to filter out some randomly DM'd URLs is to just WHOIS search the URL to see how old a domain is. Personally, I like to use URLvoid[www.urlvoid.com] as it also tells you what antiviruses and whatever say about the site although that doesn't mean much here as they tend to not host malware and are too new to be detected. In the off chance it does, you shouldn't need to read any further.

Let's say someone wanted me to head on over to, for example, Epsilon-egaming.pro and vote for their team or something. Never heard of that site? Nobody has!


That's because, as of the creation date of this guide, it's only 12 days old. Naturally, some of these sites can be kicking around for a little longer but the ones you'll get sent will usually be around 2 weeks old at most.


True, but that's where the next trick comes in. Googling the name of the site should give you its url very near the top as others tend to know and look for legit sites.

Slow down a little. Let's take a look at the page our previous URL leads to.


Looks pretty good, huh? One small problem, that page isn't unique to that URL. These guys are pretty lazy and won't get a new webpage for their next URL as that takes more effort and won't fool anyone that doesn't need to read this guide.


So you've gone one step closer to the point of getting rekt. This part may look different depending on your own funny link, but this is what mine looks like.


Like every other site associated with TF2, CS;GO, or whatever, you need to sign in with steam. That's pretty normal, until...


That should look odd to you. Sure, there is a green padlock but try moving that "window" and you'll notice that it isn't real. You can't move it outside of your actual browser's window.

Another thing to note is that the site uses the old Steam UI. You can tell because Steam now allows you to login using a QR code and the entire page looks different. Let's compare it to a legit site, ♥♥♥♥♥♥♥[www.♥♥♥♥♥♥♥♥♥♥♥].


In case you need a reminder, the fake one is the second image. Do note that this may change as scammers might be slightly less lazy and update their blatant scams.

There is a variation of this where the link doesn't open a fake window and instead just redirects to a fake login page. primeoffensive[dot]com, a site with the same layout, uses this method. There are still very easy ways to see that it isn't real if you are super convinced it's real for some reason. Check the URL and the certificate. I mean, doesn't the start of that link look super legit for a steam login screen?

connect[dot]primeoffensive[dot]com/authdate?openid[dot]ns=http%3A%2F%2Fspecs[dot]openid[dot]net%2Fauth%2F2.0&openid[dot]mode=checkid_setup&openid[dot]return_to=https%3A%2F%2Fhttps://connect[dot]primeoffensive[dot]com%2F%3Flogin&openid[dot]realm=https%3A%2F%2Fhttps://connect[dot]primeoffensive[dot]com&openid[dot]ns[dot]sreg=http%3A%2F%2Fopenid[dot]net%2Fextensions%2Fsreg%2F1[dot]1&openid[dot]claimed_id=http%3A%2F%2Fspecs[dot]openid[dot]net%2Fauth%2F2.0%2Fidentifier_select&openid[dot]identity=http%3A%2F%2Fspecs[dot]openid[dot]net%2Fauth%2F2.0%2Fidentifier_select


Let's also compare its certificate to ♥♥♥♥♥♥♥'s login screen.

Notice anything weird? ♥♥♥♥♥♥♥'s sign in link actually goes to Valve whereas primeoffensive's is for itself. If you signed in there, you didn't sign into Steam.

You certainly weren't the first to do that and you won't be the last. You should have Steam Guard to keep them from doing anything too ♥♥♥♥♥ like trading away all your items and other unfun things. The steps to follow here are pretty obvious as they're the same for every "oh ♥♥♥♥ my account got rekt" situation but you should check for any Steam API keys. You can do this here: https://gtm.steamproxy.vip/dev/apikey.

If you do not know what these do, you do not need one and if there is one, then revoke it. You can find a nice explanation about API scams here as I can't be bothered explaining them and I just want to have a canned forum answer ready for whenever a question about these sites inevitably gets asked again.

It's an obvious well-known scam that you should already know about but you somehow seem to not know about it. At least you know now.