PotatoLogo
Event Servers Archive Servers Testing Servers
Matchmaking Shop
Content Creators Completionists Speedrun
Demos Mission Stats Discord Log In Via Steam
Home
Event Servers Archive Servers Testing Servers
Matchmaking Shop
Content Creators Completionists Speedrun
Demos Mission Stats Discord Log In Via Steam

SCAMMER DOWN LOL

As of 11/24/2025, both of the dangerous sites mentioned below have not only been successfully marked as phishing sites:

potatos (dot) tf has been DROPPED! That one was easy though, the other domain was owned by...

NiceNIC

NiceNIC is a bottom-of-the-barrel Chinese registrar, who's TrustPilot page is (almost) entirely 1-star reviews!
According to public TrustPilot reviews...

NiceNIC takes WEEKS to act upon abuse reports in an acceptable manner!
NiceNIC responded unacceptably slowly to "underage content"!
NiceNIC has, allegedly, openly violated GDPR and California Privacy laws!
NiceNIC openly advertises their services as "bulletproof"!

Personally, the way I see it, in my opinion...
NiceNIC is the go-to registrar for cybercriminals!

nicenic.blog

NOT SO "BULLETPROOF" AFTER ALL!
THESE GUYS AREN'T EVEN GOOD AT HELPING SCAMMERS!
LOL!

Both Cloudflare and Google flagged their potatotf (dot) com domain in almost EXACTLY 24 hours.
Not only were they flagged for phishing, Cloudflare has completely dropped all connections to potatotf (dot) com.
Cloudflare has a great reputation for good reason, they responded extremely quickly.

This response time is almost unprecedented, these things are a massive pain in the ass to get shut down.
Thanks to our fantastic community members, We were able to do something very difficult, very fast.
Response times like this usually require paying very expensive cybersecurity firms.

Massive trading sites, such as marketplace.tf and mannco.store,
Have a much harder time dealing with phishing sites than we did!

Nothing I could say can express how blown away I was by our communities response.
You guys clearly love seeing these losers get destroyed just as much as I do.
I could have never imagined how effective this has been!

We are not going to stop here, we have far more leverage than I originally thought.

I'll be keeping up the original call-to-action below, for other communities to use.
Everything shown below was our exact, step-by-step method on shutting these guys down FAST.
The matchmaking page will return eventually, gonna remove steam logins from our website entirely soon.

The fight isn't over yet, they WILL try again.

Even if they never bother us again, they will try this somewhere else...
If they're going after us, they must be getting desperate.
They WILL do this to others.

My admittedly vague, unconfirmed theory is this:

Their FACEIT scams recently stopped working, so...
They are now targeting popular TF2 communities, including us
(Assuming it's the same people, still not 100% sure)

For everyone who celebrates, have a great Thanksgiving!
Enjoy your Turkey dinner, enjoy your pumpkin pies, enjoy time with your family.

Stay safe out there, and check out our discord for the latest updates!

Here's what this page used to look like:

SCAMMERS ARE ATTACKING US!

A highly coordinated group of scammers have been purchasing domains similar to ours, spoofing parts of our website to lure in victims.

They are persistent, they are a plague, they will not go away on their own, they are why we can't have nice things.

DO NOT ACCEPT MATCHMAKING INVITES
YOU ARE BEING SCAMMED

DO NOT ACCEPT FRIEND REQUESTS FROM THESE PEOPLE
YOU ARE BEING SCAMMED

DO NOT JOIN THEIR DISCORD SERVERS
YOU ARE BEING SCAMMED

These freaks follow you around demanding you add them, then send you FAKE potato matchmaking invites

THEY ARE NOT JUST ON OUR SERVERS, they will target you in casual, they will target you in mannup, they are everywhere

We believe this is the same group of people that targeted FACEIT with similar phishing URLs.

ACTIVE PHISHING LINKS! REPORT AND DO NOT OPEN!

NONE! You guys destroyed both of them, and they haven't come back since!

IT IS NOT OVER YET! Don't get complacent!
These guys are hoping you will let your guard down.
This page will be updated with new phishing links as they appear.

REPORTING ACTUALLY DOES SOMETHING!

These are KNOWN PHISHING LINKS that have been successfully flagged by people just like you:

potatos.tf
potatotf.com

EVERY DOMAIN REGISTRAR ACCEPTS ABUSE REPORTS

Paste the phishing URL into this website to find the correct place to file your abuse report
https://www.whois.com/whois/

Domain registrars have the ability to Completely seize the domain, rather than simply flag it
Most of them accept emails, some have a dedicated abuse report page, However...

MANY DOMAIN REGISTRARS WILL ASK FOR A FOLLOW-UP EMAIL
IF YOU DO NOT RESPOND TO FOLLOW-UPS, YOUR REPORT WILL DO NOTHING!

UPDATE: NiceNIC, the Registrar in charge of potatotf (dot) com, is a horrible company!

From all of the public discussion about NiceNIC I have seen on the internet...
It looks to me like they actively advertise their services to criminals,
and openly break GDPR/CCPA laws in the process!

We originally wanted to play nice with them (no pun intended), responding to their follow-up emails.
That was until we found out they illegally forward these reports directly to the scammers!

Before emailing any registrars...
LOOK THEM UP ON TRUSTPILOT FIRST!
Make sure you aren't exposing anything important to bad actors.

Here is an example e-mail for domain registrars. DO NOT COPY THIS WORD-FOR-WORD!
Make your e-mail unique. Otherwise it will be filtered as spam!

Hello, The domain {{{INSERT MALICIOUS DOMAIN HERE}}} is actively being used for phishing attempts, and your company is listed as the registrar on whois. This website is impersonating "potato.tf", an established gaming community for Team Fortress 2.

A coordinated group of scammers have recently been buying up domains similar to theirs to trick people into giving away Steam account credentials, they will then steal valuable in-game items to sell for cash.

More than one person has unfortunately already fallen for this. Thousands of dollars have already been lost to other fake domains that have since been flagged by Google Safe Browsing ("potatos.tf" as one example).

Potato.TF is currently asking community members to help shut these imposter sites down, I am filing this report on their behalf. The page on Potato.TF's website that is being commonly impersonated by scammers has been replaced with instructions on how to report them: https://potato.tf/matchmaking

FACEIT.com, a much larger company focused on Counter-Strike matchmaking services, was targeted in the exact same way, it may even be the same group of people.

Thank you for looking into this,
- YOUR NAME HERE (optional if you aren't comfortable doing this)

REPORTING TO THE REGISTRAR IS NOT ENOUGH!

If you see Cloudflare Name Servers, file an abuse report to Cloudflare

https://abuse.cloudflare.com/phishing

Cloudflare also isn't enough
Report them to ALL of these sites, not just one!

https://safebrowsing.google.com/safebrowsing/report_phish
https://ipthreat.net
https://phish.report
https://phishtank.com
https://microsoft.com/en-us/wdsi/support/report-unsafe-site-guest

NONE OF THESE SITES REQUIRE STEAM LOGIN, OR ANY OTHER CREDENTIALS
If you are being prompted to sign in to ANYTHING, you have been sent a phishing URL

These sites however require some additional information (creating an account, email, name, phone #, etc)
If you are willing to do this, putting these sites on as many radars as possible is the fastest way to get them nuked
If not, we understand, reporting to the above URLs will still get the job done
https://complaint.ic3.gov
https://otx.alienvault.com
https://quttera.com/report-phishing
https://www.abuseipdb.com/report

You can view the status of these sites in real-time by punching the URL into VirusTotal
https://www.virustotal.com/gui/

REPORT .COM AND .NET DOMAINS TO VERISIGN

If you have already filed an abuse report to the registrar...
AND they have not responded in what you believe is a way that is quick, or effective...
Verisign has the ability to SEIZE THESE DOMAIN THEMSELVES!

They are a massively influential company that directly controls the most popular TLD's on the entire internet
They do not take kindly to scammers

https://verisign.my.site.com/DNSAbuse/

YOUR BROWSER HAS BUILT-IN REPORTING TOOLS

These are in-case you already have the site open! We do not recommend actively opening these sites to use this
If you have not visited these sites already, use the above reporting website/tools instead!

Chrome:
Three Dots (top-right corner) -> Help -> Report An Issue
Firefox:
Hamburger Icon (top-right corner) -> Help -> Report Deceptive Site
Edge:
Three Dots (top-right corner) -> Help And Feedback -> Report A Safety Issue

You can also email phishing reports here:
phishing‑report@us-cert.gov
reportphishing@apwg.org
report@openphish.com
info@phishfort.com
cert-eu@ec.europa.eu
phish@office365.microsoft.com

uBlock Origin

Here's a tool to automatically scrape many of the phishing databases linked above to block dangerous URLs.
Special thanks to robotlev in our discord for pointing this out
https://gitlab.com/malware-filter/phishing-filter#phishing-url-blocklist

SHOW PROOF THAT YOU REPORTED THESE LINKS IN OUR DISCORD

We'll give you a special role for reporting ACTIVE PHISHING LINKS for helping make our community safer
You should still report the known links, more is better, but the active ones are a much bigger problem
These roles will be given out when your reported URL gets successfully flagged or seized

Scammers can easily spoof this page and link you to a fake discord server
If there is a link to our discord server here, IT IS FAKE!

Check the official Valve blog posts for our events to grab the correct discord invite URL.

We hate this as much as you hate it, this is the only way to get rid of these "people"

ADDITIONAL NOTES

popular TLDs like .com, .net, and .org are more resistant to these reports, but not impervious
They will take a bit longer to get shut down compared to .tf for example
Don't get discouraged, keep reporting.

Domain registrars, Google, and every phishing database listed above is on your side
None of these people want to be on the hook for phishing sites, it devalues their brand as much as it devalues us
These reports do not just go into the mega-corpo void, they are taken very seriously
They just need enough reports to know it's a problem.

This is a continuous game of whack-a-mole that we cannot play alone
There will be more links, there will be more scammers, they will keep trying until we forcibly eject them
If you don't want your communities to succumb to the worst people trying to destroy it
This is your calling to make a massive difference for very little effort.

If you have any additional information about the specific people doing this, send it in our discord ASAP
These are not small-timers, it is not just some guy running a scam, this is a highly motivated group of career criminals.

I imagine the victims of these scams aren't happy with just nuking their fake URLs, unfortunately this is all we can do at the moment
If you lost a particularly valuable inventory or treasured account, this will at least lower the chances of other people becoming victims too.

Hopefully we can re-enable the matchmaker soon when these guys aren't a threat, or figure out another system for it
For now we have to shut it off, it's become the main artery for these scams.

The response has been insane, hundreds of screenshots rolling in
Thank you to everyone sending in reports. Keep em' coming. We can't do this without you.