GM Phishing

A bunch of guys have lately been stealing players’ passwords in gms, through websites promising bytes. I assume they’re using the accounts they steal to advertise them further in gms, as some of the player gming had pretty high lvls (One even had lvl 161).

The websites are not using .com domains and instead are going for cheaper, and even free options, as I predicted a long time ago.

(Ik this info isn’t really useful, but I wanna share it cuz I feel cool from predicting that)

Now onto the suggestion. Block the entire list of TLDs. Also parse every gm to remove spaces before checking (To prevent “. com” from passing). This could be a temporary, or a permanent measure, I’m voting for permanent. If I’m right about them using the stolen accounts to gm, then lots of accounts have already been stolen, action needs to be taken immediately.

Here’s a pic I took of the website.


Plot Twist: You made this website…

This actually made me laugh out loud. Literally just outright asking for the password without any sort of a facade…

1 Like



Also the “legal / privacy policy / manage consent / do not sell my data” buttons are not even working…

Yes, they don’t, you checked the website out too?

Yep, I did. The link to the website is in the screenshot, btw.

Oh, I thought it said “Pixelworlds”.

Also filters are like a cat-and-mouse game, there are so many methods to bypass them and when one is patched, another emerges.

It could be simple “. com” using spaces, but also…

  • .c0m
  • .(0|/|
  • ./c/o/m
  • .corn
  • scamwebsite[.]com

And now do that for hundreds of TLDs. After the “big TLD bang”, it’s even harder because stupid TLDs like “.pizza” or “.club” were also added.

.tk domains are notorious for being taken away when the site’s traffic gets high, and redirected to some questionable websites, so don’t be surprised when that domain starts leading you to the darkest places of the internet…

Yes but the filter is going to decrease the traffic, as less people will realize that ./c/o/m is actually .com.

Especially people that are dumb enough to buy that scam, which is the target audience of the filter.

People trying to break the rule getting scammed by veteran rule breakers.
Newbies dont stand a chance to the big shots here
Its a war

This would probably lead to massive overblocking, as there are many TLDs that are just regular words. Having multiple sentences in one message then makes it very likely something will get censored wrongfully.

Seems normal, nothing wrong with it if it’s not advertised, it’s not found.




It is advertised, I said that multiple times.

Then just do that with every free domain at least.

Something needs to be done, those aren’t just noob accounts, they are people who probably played for years already.

They could also just completely remove punctuation for now, can’t type any links that way.

Edit: Just checked, they do it for every free domain already. Just need to parse the spaces off and probably check for a space after the TLD, to ensure it isn’t just a part of a word.

Of course black is the one in the middle…

Another one bites the dust


moderators need tool prevent publish global messages and have autoban feature on those.