Phishing Site at a Glance
| Portal Type | Steam Credential Phishing / "Vote for My Team" Scam |
|---|---|
| Attack Vector | Discord DMs / Steam Friend Requests / Social Engineering |
| Primary Red Flag | .icu domain — flagged by Cloudflare as "Suspected Misleading Website" |
| Targeted Platform | Steam (Valve Corporation) |
| Malicious URL | vote-kast.icu |
| Risk Status | ⚠ EXTREME RISK — CREDENTIAL THEFT & ACCOUNT TAKEOVER |
Technical Analysis: vote-kast.icu
⚠ CONFIRMED PHISHING — Cloudflare Interstitial Active
This domain has been independently flagged by Cloudflare's security infrastructure. Navigating to it triggers a "Suspected Misleading Website" warning page (Cloudflare Ray ID: 9f16f9611bada148). The underlying site cannot be accessed without bypassing a Turnstile captcha and dismissing the security warning.
How the "Vote for My Team" Scam Works
This is one of the most prolific and effective credential phishing campaigns targeting gamers. The attack chain follows a predictable pattern:
- Initial Contact: The victim receives a message on Discord or Steam from a "friend" (whose account has already been compromised). The message says something like: "Hey! Can you vote for my team in this tournament? It would mean a lot!"
- The Link: The message includes a link to a site like
vote-kast.icu. The URL looks vaguely related to esports or voting. - Fake Login: The site presents a pixel-perfect clone of the Steam login page. The victim enters their username, password, and Steam Guard 2FA code.
- Account Takeover: The attacker uses the captured credentials in real-time to log into the victim's Steam account, change the password, remove the phone number, and steal the account.
- Propagation: The compromised account is then used to send the same "vote for my team" message to the victim's entire friends list, creating a self-propagating worm.
Public Safety Advisory: Steam Login Security
You should NEVER log into Steam through any website other than store.steampowered.com or steamcommunity.com. Legitimate esports tournaments (FACEIT, ESEA, etc.) use OAuth integration that redirects to the official Steam domain — they never host their own login forms. If a "friend" sends you a voting link, verify with them through a different channel first.
Identified Attack Mechanics
| Credential Harvesting | Pixel-perfect clone of the Steam login page that captures username, password, and 2FA codes in real-time. |
|---|---|
| 2FA Relay Attack | Stolen Steam Guard codes are used immediately (within seconds) to authenticate on the real Steam servers before they expire. |
| Worm Propagation | Compromised accounts are weaponized to send phishing messages to the victim's entire contact list. |
| Asset Theft | Stolen accounts are stripped of CS2 skins, DOTA 2 items, and Steam Wallet balance, then sold on grey market platforms. |
Steam Phishing Recovery FAQ
I entered my Steam credentials on this site. What should I do?
Act immediately: Go to store.steampowered.com and change your password. If you can no longer log in, use Steam Support to recover your account. Provide proof of ownership (original email, purchase receipts, payment method). Deauthorize all other sessions and regenerate your Steam Guard Mobile Authenticator.
My friend sent me a voting link. Is their account compromised?
Almost certainly yes. Contact your friend through a non-Steam channel (phone, text, different social media) and warn them. Their account is likely being used to propagate the phishing campaign to everyone on their friends list.
Can stolen Steam items be recovered?
Steam Support may reverse trades made by an unauthorized party if you file a support ticket quickly. However, Valve's policy has become increasingly strict on trade reversals. For high-value inventories (CS2 skins, rare items), contact our forensic team to document the theft chain for potential legal action.
Forensic Blacklist Status
Status: CONFIRMED PHISHING — CLOUDFLARE INTERSTITIAL ACTIVE
Scam Type: Steam "Vote for My Team" Credential Phishing
Infrastructure: .icu TLD (Disposable Phishing Domain)
Date Flagged: April 2026