I have never traded any items between players in Rocket League.
So when I got asked to trade something today I agreed to see how trading works in Rocket League.
Here is the chat log between me and the other player.
Nothing else was said, how rude of him..
I have been looking into selling the cap (among other items) for euros (and break the Rocket League user agreement) so I have seen that the pricing websites recently have listed that one item to be worth around 150-160 crate keys.
Here are today’s prices for the item, golden cap.
I thought I was asking for way too much because I am not willing to just trade that item away, if anything I want at least cash for it but it turns out I was semi-accurate on the price I wanted for it.
I guess the other person was in a hurry because they didn’t reply anything to me and instantly kicked me out of their party, closed the trade window and unfriended me on Steam.
PS. Anyone willing to pay cash for all of my Rocket League items?
I got a message from one of my Steam friends who also streams on Twitch with 2k followers.
So I did a quick check to the website and noticed it’s not a gambling website at all, the only function it has is to ask for Steam login details, including Steam guard code in order to login and continue the theft with a new friend list to go through.
Was he targeted because he is semi-popular streamer with over 400 Steam friends? Or was just a coincidence?
Below is the analysis of the phishing website.
The phishing website itself is not first timer or unique, in fact I had already ran into that phishing site via bots roaming Steam spamming the link to everyone they can, however the domain name had changed in between because I already report the phishing websites to the webhosters, domain sellers, blacklists such as Google safe browsing and so on..
The index page of the phishing website
The “login” page
Note how the “login” page is loaded into a brand new pop-up element which doesn’t link to any web address, about:blank.
Instead it’s a blank pop-up which only contains HTML data instead of opening a new website. To be precise it loads data from the same server as the index page, the images and style data is loaded from Steam. That is the only reason why web browser might indicate loading of data from Steam cloud provider akamai technologies.
When you open that pop-up in developer tools you will see that most of critical data is loaded from the phishing website, in normal open ID login pages it only loads data from Steam and displays web address on the tool bar above the pop-up. And when you are at a real Steam login page you will always see the secure text or lock icon at the address bar depending on your browser and the text before the web address should say Valve Corp [US].
Developer tools inspect
To avoid these phishing website just refrain from gambling, you never know who is running such websites and how they deal with pots, items, transferring of items and most importantly how is the login and user accounts handled.
Google translated thunder observation map above and video of both sides, survivor and killer below. Lost electricity for 1 second and Internet connection for 5 minutes. Closest thunder struck approximately 1-2 kilometers away from my apartment.