OFM Databank
The OFM Scammer Directory: Every Named Bad Actor, Their Methods, and What They Cost People

Other

The OFM Scammer Directory: Every Named Bad Actor, Their Methods, and What They Cost People

By Yalla Papi · 2026-06-09

Seventeen named bad actors, documented losses, and the exact mechanics they use — because the only thing worse than getting scammed once is not knowing the playbook.

Updated Jun 2026 · sourced from 15 YouTube creators and 8 operator groups

Key takeaways

  • Payday-ghost scammers (noah1zero, DBALB1, GunnersMA) let you work weeks then vanish.
  • Fake-traffic sellers like tosyme trigger real OF chargebacks — one operator reported $2,000 back.
  • Username spoofing (capital I for lowercase L) is an active, multi-scammer tactic — verify every character.
  • Littesttelly exit-scammed ~$350 and allegedly planted illegal content on a model's account.
  • No legitimate BTZ, Oura, or OnlyFinder rep ever DMs to sell — any that do are impersonators.

Someone in this space got billed $1,600 for an account unban that re-banned in 48 hours. Someone else spent three weeks chatting fans, hit $9,300 in sales, then got locked out of the account and paid nothing.

These aren't edge cases. They're Tuesday.

This directory is the closest thing to a public record the OFM space has. Every name below comes from operator group chatter — so treat each entry as a reported, unverified allegation, not a court verdict.

But when multiple distinct groups flag the same handle, the signal gets harder to ignore.

The Payday-Ghost Cluster: Work First, Pay Never

This is the dominant scam architecture in OFM right now. The pitch is simple: you chatter, they pay.

The reality: you chatter, they ghost.

@GunnersMA is the starkest example on record. According to reports from one operator group (early-to-mid 2026), a chatter worked the account for three weeks, the page generated $9,300 in sales, and GunnersMA refused to pay out the $950 owed.

The math is brutal — that's a 10% cut on real revenue, withheld after the work was done.

@noah1zero runs the same playbook with a technical twist: operators report he lets chatters work, then ghosts on payday while simultaneously logging them out of the account — removing their only leverage in a single move. Reported by one group, mid-2026.

@DBALB1 operates an AI model called 'Nina Noir' and is flagged by one group (mid-2026) for ghosting chatters on payday. The AI model framing is notable: it signals a layer of abstraction between the scammer and the revenue, making it harder to verify earnings or demand payment.

Red flags shared across all three: - No written contract before access is granted - Vague or delayed payment timelines - Single point of contact (the operator), no verifiable third party - Abrupt communication blackouts the moment a payout is due

The Fake-Contract Seller: @curl_bryant1 (Now @ofm_davis)

This one has a wrinkle most scams don't. One group (early 2026) reports that @curl_bryant1 — who has since rebranded as @ofm_davis — sells fake model contracts while posing as the model herself.

Payment received, roughly 300€. Then a block.

The rebrand is the tell. Legitimate operators don't rename their handle after a fraud allegation.

The name change is the exit from accountability, not a fresh start.

The Fake-Traffic Seller: @tosyme / @mmtosy

This is financially the most dangerous category for operators who run real pages, because the damage doesn't stop at the scam amount.

One group (mid-2026) reports that @tosyme and the associated handle @mmtosy sell traffic that triggers OnlyFans chargebacks. One operator reported $2,000 charged back after purchasing their traffic.

The accounts they use for fake social proof — those reviews you see vouching for them — are allegedly secondary accounts they control themselves.

Fake traffic isn't just worthless. It's actively harmful.

Chargebacks damage account standing on OF, and a wave of them can trigger platform review or suspension. You pay for the traffic, then pay again in platform risk.

The Account-Eater: @markv777444 (Alt: mmrayh)

One group (early 2026) flags @markv777444 as an 'Indian account-eater' — the term used in operator circles for someone who gains access to your accounts (typically under the guise of management or automation services) and drains or destroys them.

This is a single-group report. Treat it as one unverified data point, not established fact.

But the 'account-eater' model is a documented fraud archetype: the damage is typically irreversible because by the time you notice, the account's credentials, content, or subscriber relationships are already compromised.

The Crypto Taker: @Philip_R / @Philip_rdg

One group (early-to-mid 2026) reports that @Philip_R took $100 in crypto — payment for warmed NSFW accounts plus marketing — delivered nothing, and then gaslit the buyer when confronted.

$100 is a small number. The gaslighting is the feature, not the bug.

At low price points, operators often absorb the loss rather than escalate. That's the design.

Volume of small hits across many targets adds up; individual victims rarely make noise.

Crypto payment removes the chargeback option entirely. That's not incidental to this type of scam — it's the whole point.

The Platform-Impersonator Network: BTZ, Oura, OnlyFinder

The most systematically documented scam pattern in the evidence isn't a single actor — it's an architecture.

Two separate groups, across multiple months (late 2025 through mid-2026), have independently flagged the same mechanism: scammers create handles that are visually identical to legitimate ones by substituting a capital I for a lowercase L.

  • @btzofficiaI (capital I) impersonates the real @btzofm
  • @iiquidback impersonates @liquidback

The real BTZ account does not DM users and does not sell anything via direct message. Any BTZ profile that contacts you first, offers a deal, or claims to run a marketplace is an impersonator.

Two distinct groups corroborate this independently — that's as close to confirmed as anonymous chatter gets.

Oura has no marketplace. Full stop.

One group (early-to-mid 2026) flags accounts claiming otherwise as impersonator scams.

OnlyFinder only sells ranking and ad placement on their own site. Anyone claiming to sell OF accounts through OnlyFinder via DM is lying about the product entirely — the product does not exist.

One group, early 2026.

@DropzyWorld / @DropzyWorldOF runs a variation on this theme: posing as a CupidBot moderator running fake 'identity checks.' One group flagged this in early 2026. If someone claiming to represent a tool you use asks you to verify your identity or account details via DM, that's a credential-harvest attempt, not a security check.

The Crypto Pair: @Btcusdkuwait and @dirhamOfmm

One group (early 2026) issued a flat warning: do not buy from either handle. No specific mechanism was detailed in the available reports — which makes this a single-source, low-corroboration flag.

Worth knowing the names. Not worth treating as proven.

The Quiet Exit: @leng23334 (Display Name: 'pitri')

Two separate mentions from one group (early 2026) flag @leng23334 under display name 'pitri' as a scammer. No specific method was described in the available reports — but two mentions from the same group elevates it above a throwaway warning.

Cross-reference before any transaction.

The Alleged Content Planter: @Littesttelly

This one is the most serious allegation in the directory, and it needs the most careful handling.

One group (early-to-mid 2026) reports that @Littesttelly exit-scammed approximately $350 and allegedly placed illegal content on a model's account. That second allegation — if true — moves this from financial fraud into criminal territory, with the account owner potentially bearing legal exposure for content they didn't create.

This is a single-group report. The allegation is serious enough to name, serious enough to flag the claimed method, and serious enough to demand you treat it as unverified.

But it illustrates why the 'account access' relationship in OFM carries asymmetric risk: whoever holds the login can do things the owner will be held responsible for.

The DM Spam Operator: @igmassdms (Henry / igmassdm / floan)

One group (mid-2026) flags igmassdms — also operating as igmassdm and floan, allegedly named Henry — as a scammer, with proof reportedly available in DMs. The multiple alias structure is a classic long-run fraud indicator: each burned handle gets replaced with a new one while the same person continues operating.

Where Operators Disagree

The evidence isn't uniformly clean — two points of genuine conflict are worth surfacing.

On the BTZ middleman: One group recommends using @marshal as a trusted middleman for BTZ transactions. The same claim appears in a separate group.

However, the broader advice across multiple groups is that most Telegram contacts are scammers and that admins never DM — which creates tension. The middleman recommendation is corroborated but comes from sources that may themselves have an interest in promoting specific handles.

Verify independently before trusting any middleman recommendation, including these.

On what counts as a safe transaction: One group's position is essentially 'never pay upfront without proof, real opportunities don't rush you.' Another operator's framing treats chargeback risk and platform risk as the primary concern — meaning the damage can arrive even after you've done everything right, via third-party fraud like fake traffic.

There is no fully safe transaction structure in an unregulated OFM marketplace. Both positions are correct from different angles.

The Red Flag Checklist

Across all named actors, the patterns collapse into a short list:

  • Crypto-only payment — removes all recourse
  • DMs from platform accounts (BTZ, Oura, OnlyFinder) — platforms don't DM to sell
  • Username character swaps — verify every character, especially I vs. l
  • Access-before-contract — any arrangement where you work before terms are written is a payday-ghost setup
  • Review accounts that belong to the seller — tosyme's playbook
  • Rebranded handles after complaints — curl_bryant1 → ofm_davis
  • Multiple aliases — igmassdms/igmassdm/floan signal a serial operation
  • Urgency and pressure — legitimate deals don't expire in 10 minutes

The Bottom Line

Every name in this directory is an allegation from anonymous operator chatter — not a conviction, not a verified investigation. But allegation density matters.

When two independent groups separately flag the same handle, the same mechanism, and the same victim profile, you are looking at a pattern, not a rumor.

The OFM space has no regulatory body, no dispute resolution mechanism, and no public record. This directory is what accountability looks like here: imperfect, crowdsourced, and the best available option.

Verify usernames character by character. Never pay crypto upfront for accounts or traffic.

Never work an OF page without a written agreement. And if someone DMs you claiming to represent BTZ, CupidBot, Oura, or OnlyFinder — they're not.

Sources

Community intelligence: 34 operator claims aggregated from 8 separate private OFM groups (Dec 2025–Jun 2026), corroboration counted across groups. Group identities are withheld to protect sources; browse the underlying intel in the Community Intel Wiki.