16th May, 2024: Hello! It's been almost two years since this article was published. I posted it online and just let it share. Since then, Acuata.com was taken down and Alex's projects no longer link to it.

Most notably, all web.archive.org entries were scrubbed. Alex went as far as to re-register peanuthero.com to scrub that as well. I really dislike that the Wayback Machine actually allows this, considering they are meant to be an archive. The lack of any archival allows scammers such as Alex to continue operating with a tabula rasa.

Thankfully, archive.is does not seem to care about frivolous takedown requests, so those are preserved.

People still seem to be interested in his identity since I get emails about it. It's for the best that this information stays current, because this is someone who tries very hard to scrub their identity from the internet. Bitrot is also a problem and as time goes on, websites die. This removes vital context from forum posts when they embed images from dead image hosts.

The article has been updated with dead links removed, and has virtually been rewritten yet again for improved reading. Important updates will be addressed with a box like this. Without further ado:

Who is Alexandre Gagnon?

In December 2020, there was a distributed denial-of-service attack on the ScrapTF network; the collective of Team Fortress 2 trading websites better known as backpack.tf, Scrap.TF, and Marketplace.TF. The attacker would navigate to specific pages moments before an attack would hit. Cross-referencing these requests with known user IPs allowed us to determine who was doing it.

This prompted further investigation.

Alexandre Gagnon, or Peanuthero, is an individual from Quebec, Canada. Alex has a paper trail of scams on the internet due to his activities on HackForums and other websites. If you are familiar with Team Fortress 2 trading, this is the same Alex that runs Mannco.store.

Alex's modus operandi is DDoS attacks and false DMCA takedowns against competing services. Despite efforts to separate his identities, there are many ties between his personas. Alex will deny any claims and actively goes out of his way to remove references to his past life. This post documents these behaviours and links his different identities together.

False DMCA takedowns

Alex operated AsterionServeurs from roughly 2008 to 2013. This was a private server platform for Dofus, a popular French MMORPG. Alex was hostile towards other server operators, filing false DMCA notices against at least one.

November 2013

Alex impersonates French video game developer Ankama to send fraudulent DMCA notices to competing private servers. Alex upsets the private server community and argues with them on a public forum.

This DMCA notice was taken from a later page in this thread from DozenOfElites.com. Unfortunately, this forum is now offline.

It is presumed that Alex did not realise that DMCA requests are forwarded to the complainant. Alex reported using his real name. This is the first time we see Peanuthero being related to an Alexandre Gagnon.

Alex identified himself as the owner of AsterionServeurs on his former personal website, peanuthero.com.

Since this article was published, peanuthero.com was scrubbed from the Wayback Machine. Alex did not, however, take down the AsterionServeurs Facebook page where he mentions his peanuthero Skype handle.

A series of web hosting scams

HackForums requires a user login, and the linked threads are only locally-saved snippets. I advise you create a HackForums account if you wish to fully corroborate these details!

In 2016, Alex scammed uncountable amounts of money from HackForums users. Alex would claim his services were "offshore" and "takedown-free". In other words, his services would ignore takedown requests for unlawful content.

July 2016: Peanuthero and OutlawServers.ca

Previously, this article linked to a single page on a thread that was confusing without context. This time, I've archived a print copy of every page for easy reading:

Again, you can create an account on HackForums to read this thread without relying on my cache.

As Peanuthero, Alex advertises OutlawServers.ca, a "black hat" web hosting service. Alex would use aliases such as "Robert Deschemin" in support tickets with his customers.

Spamhaus, a widely-used anti-spam blacklist, soon blacklists Alex's service.

Covering this up, Alex revokes $4,000 worth of services from a single user, claiming it was because the user was hosting child pornography. The user in question discovers that Alex was fabricating support tickets from the upstream to back up his lie.

After community investigation, Peanuthero was banned from HackForums. This did not stop him from returning with other aliases to advertise scam services.

August 2016: SkylerRaine and BPServers

As "SkylerRaine", Alex is caught reselling hosting from the Netherlands at 200% markup via BPServers, his new bullet-proof service. Alex would assert his claims in private messages, to customers who knew how routing on the internet worked.

"I attempted to explain all of this to SkylerRaine, but was met with a bunch of read PM’s, but no replies. The last thing he said to me was this:"
"He doesn’t understand, or maybe he does, that just because the company who owns the IP is based out of Seychelles, and the whois on the IP says Seychelles, does not mean that the IP is pointing at a server out of Seychelles."
SIM-3183372, HackForums user

WHOIS is a method to look up information on an IP address. The owner of an IP address is able to add remarks such as a country and a point of contact. However, this information does not necessarily correspond to where the server is physically located. Commands such as traceroute can reveal the path taken from a source address to the target, and this likely revealed a route to the Netherlands.

Seasoned users suspected this was Alex based on his writing style, and further sleuthing leads to his next ban.

So I’ll make this part quick because I don’t really remember who Peanuthero is, but apparently he scammed a few thousand dollars from users here and got himself perm banned. It has become pretty clear that SkylerRaine is here to proxy sell for Peanuthero. Here is an image of Skype showing Peanuthero advertising BPServers.ru:
SIM-3183372, HackForums user

September 2016: manandco and ShadowHosting

As "manandco" (mannco?), Alex returns yet again to advertise ShadowHosting – yet another offshore service. Again, another host claiming to operate out of the Seychelles, traced to the Netherlands.

Yet again, HackForums users identify this new user to be another sock of Alex's. A CloudFlare employee helps tie this with Alex's other projects, including layer7.pw (also previously featured on Acuata.com).

After finally leaving the forum, Alex would continue hosting payment portals for BPServers.ru through to 2017, although the abandoned client area was no longer usable.

Acuata.com

Since this article's creation, Acuata.com has been removed from the Wayback Machine. Additionally, as of writing, Acuata.com is just a placeholder page. We have a snapshot from 2020!

Alex's HackForums scams would link to Acuata.com in the footer. Likewise, Acuata.com would link back to these services. Acuata is "a private contractor that work on multiples (sic) communities & websites".

Although the site is way older, Acuata has listed "Alexandre Gagnon" as the Director/Founder since at least 2018. This is corroborated by Alex's company listings.

Also on the roster is:

  • Emmanuel Chevreux, a long-time friend of Alex from his Dofus days, who has worked alongside him since at least 2015 on a project known as Sourcerev.
  • Anthony Garcia, a.k.a. "Lagg", Team Fortress 2 Wiki sysop.
  • Hadrien Jared, of Hadrien Design. Hadrien has designed the web frontend on a lot of Alex's projects, from Acuata.com, to SourceRev, to Mannco.store.

Acuata.com first appeared on January 15, 2014, having a very different set of services on its roster:

  • layer7.pw, a distributed denial-of-service (DDoS) / "booter" service.
  • OutlawServers.ca, a "bullet proof" hosting service. "Bullet proof" is slang for "will ignore any legal letters".
  • BPServers.ru, an offshore hosting service "for your personal botnet".

These services no longer exist, and the frontpage of Acuata.com no longer reference these.

Acuata.com has never changed ownership according to WHOIS records, indicating that it has always been owned by one person.

Mannco.store and an identity crisis

Peanuthero's first appearance in the Steam trading space was with mannco.jackpot. This was a gambling website which would use backpack.tf web APIs to fetch price data. At that time, a policy was in place to disallow use of this data by gambling websites. After revoked API access and repeated attempts to circumvent a block, Alex took to launching DDoS attacks on backpack.tf.

Peanuthero would receive a SteamRep tag when it was discovered one of his bots, for some reason, had an unexplained SteamRep Scammer tag. Peanuthero's appeal against the tag was declined.

Mannco.trade and Mannco.store launched around this time. This is when Peanuthero stepped down, and "Alex" took his place. Nobody knew who Alex was, and Alex had no history in the trading scene. While it was suspected that they were the same person, there was no concrete evidence at that moment, allowing him to operate this way for roughly a year.

The footer of HackForums-era BPServers.ru references web designer brand wbxdsg, a project of Nicolas Durand. This name appears in the footer of an old Mannco.trade page template which is still online today.

This means other Mannco.trade staff have collaborated with Alex since scamming on HackForums.

Attacks on the ScrapTF network

Following a major feature release on Mannco.store in December of 2020, sites in the ScrapTF network were being hit with DDoS attacks.

A certain IP address would browse to specific pages right before an application-level attack would hit that page—a technique to work out which pages would load the slowest, thus the more vulnerable to an attack. Cross-referencing IPs with our database led us to Alex, and most of the information found in this article was first discovered.

With the identities linked, the main Mannco.store staff received bans from the website, and SteamRep reinstated a tag on Alex's new Steam account upon our request. Following this incident, Mannco.store published an article reasserting that Alex and Peanuthero are two different people.

Minelauva Holdings Limited and TF2Shop

This is a new section. The scrubbing of Acuata.com removed evidence of Anthony Garcia's involvement, but this ties it back in nicely.

There is a curious company in the footer of several of Alex's websites. It is Minelauva Holdings Limited, a company registered in Cyprus.

Anthony Garcia is referenced earlier in this article, as a listed employee of Acuata. Anthony Garcia lists himself as a developer of TF2Shop and several sister sites. The site has changed a lot over the years.

TF2Shop, Mannco.store and Mannco.trade have Minelauva Holdings Limited in their footers and terms of services, and TF2Shop appears to now use the exact same page template. We can reasonably deduce that TF2Shop is now owned by Alex.

An archive of status.minelauvaholdings.com shows us that the operations of Minelauva Holdings Limited only go as far Alex's websites. It is just a status page showing graphs for Mannco.store services et al.

But what exactly is Minelauva Holdings Limited? It's not registered to Alexandre Gagnon, but these people:

VARRINGTON INTERNATIONAL LLC is not a real entity and no record of this company exists anywhere. This leaves the other names listed here up to scrutiny.

ΞΑΝΘΟΣ ΙΩΑΝΝΟΥ (XANTHOS IOANNOU) is listed as Director and was only added sometime after July 2023. ΙΩΑΝΝΗΣ ΠΑΠΑΝΔΡΕΟΥ (IOANNIS PAPANDREOU) is listed as Secretary. These names appear across hundreds of companies on this registrar, and are very likely names used as part of third-party offshore company formation.

You can access the Cyprus' companies registrar e-search here.

Alex's Registered Businesses

This new appendix aims to collect all of the registered businesses belonging to Alex.

The business addresses given are what were given by Alex on his business filings. Despite some of these being residential addresses, they may not be his actual addresses. They are posted here for archival purposes only.

Groupe Acuata

Company ID: 2273035404
Registered At: 615 Avenue des rivieres Repentigny, QC, J5Y 0C9, Canada

This company is referenced on b2bhint, but cannot be found on the Quebecois registry anymore.

A Feb 9, 2020 archive of the Mannco.store Terms of Services references this company by ID and address.

Entreprise Acuata inc.

Company ID: 1176228733
Registered At: 8-1503 boul. le Bourg-Neuf Repentigny, QC, J5Z 0G1 Canada
Filing: Canada Business Registry (click first result to view.)

This business is registered under Alexandre Gagnon since 2021. Under "other names used" exists mannco.trade, mannco.store, validmy.id and SourceRev.

MANNCO ONLINE LIMITED

Company ID: 12440217
Registered At: York Eco Business Centre (Office 12), Amy Johnson Way, Clifton Moor, York, England, YO30 4AG
Filing: Companies House - gov.uk

Registered in the UK under Alexandre Gagnon and dissolved as of 2021. For some reason, Alex put his nationality as 'British' in the original filing before changing it to Canadian.

Alex used offshore registration agency Turner Little to register this company. I'm not sure why he dissolved it.

Minelauva Holdings Limited

Company ID: 429892
Registered At: Κυπράνορος, 13, EVI BUILDING, Floor 2, Flat/Office 201, 1061, Λευκωσία, Κύπρος
Filing: Cyprus companies registry

A mysterious company not directly registered to Alex, but is registered to a fake parent company. In the footer of various websites.

Other Stuff

I am always interested any extra information to further complete Alex's biography – please send any tips to [email protected].