Just posted. Quantum AI investments are not a scam. Meta 💸💳 #scamempire
https://www.facebook.com/reel/654852003661912
https://www.facebook.com/reel/654852003661912
48 reactions · 18 comments | A loyal and highly respected investor sharing her review of the platform. Join this legitimate platform today and you'll be glad you did!
Group: Elon... | By Becky | Facebook
A loyal and highly respected investor sharing her review of the platform. Join this legitimate platform today and you'll be glad you did!
Group: Elon...
www.facebook.com
March 20, 2025 at 12:57 PM
Just posted. Quantum AI investments are not a scam. Meta 💸💳 #scamempire
https://www.facebook.com/reel/654852003661912
https://www.facebook.com/reel/654852003661912
Get ready for the "Big bash" #scamempire
March 20, 2025 at 12:57 PM
Get ready for the "Big bash" #scamempire
Ten years ago Boaelite (now Affilomania/Trafficon) published this video. What has really change at the #scamempire?
March 20, 2025 at 12:57 PM
Ten years ago Boaelite (now Affilomania/Trafficon) published this video. What has really change at the #scamempire?
Landing pages used by affiliates of the #scamempire
March 20, 2025 at 12:57 PM
Landing pages used by affiliates of the #scamempire
“By turning over the material to the media, I/we hope this issue gets enough attention for authorities to take action against these criminals. This problem is not impossible to solve. We all just need to care enough to do something about it.” - Source of the leak of #scamempire
March 20, 2025 at 12:57 PM
“By turning over the material to the media, I/we hope this issue gets enough attention for authorities to take action against these criminals. This problem is not impossible to solve. We all just need to care enough to do something about it.” - Source of the leak of #scamempire
Scam call centers are destroying lives across the world. Now we’re putting the spotlight on them. Coming soon… #ScamEmpire
March 20, 2025 at 12:57 PM
Scam call centers are destroying lives across the world. Now we’re putting the spotlight on them. Coming soon… #ScamEmpire
"When Kehr meets Vextrio" shows how dating scams and disinformation use a common infrastructure.
https://www.qurium.org/forensics/when-kehr-meets-vextrio/ (1/4) 👇
https://www.qurium.org/forensics/when-kehr-meets-vextrio/ (1/4) 👇
March 20, 2025 at 12:57 PM
"When Kehr meets Vextrio" shows how dating scams and disinformation use a common infrastructure.
https://www.qurium.org/forensics/when-kehr-meets-vextrio/ (1/4) 👇
https://www.qurium.org/forensics/when-kehr-meets-vextrio/ (1/4) 👇
Yesterday, Bullet Proof Hosting provider sclad{.}us aka Morningstars (AS215939) connected to UAC-0050 (CERT-UA#8453 and CERT-UA#8494 Alerts) announced "technical works" as their main upstream drop them.
March 20, 2025 at 12:57 PM
Yesterday, Bullet Proof Hosting provider sclad{.}us aka Morningstars (AS215939) connected to UAC-0050 (CERT-UA#8453 and CERT-UA#8494 Alerts) announced "technical works" as their main upstream drop them.
One month after the release of our Doppelganger investigation and the shutdown of Aeza at Datacamp, the ASNs that made it to the finish line have migrated to @packetbouncer @aurologiccom and @RoyaleHostingBV @stanvandeklippe
Many prefixes remain behind GRE tunnels.
Many prefixes remain behind GRE tunnels.
March 20, 2025 at 12:56 PM
One month after the release of our Doppelganger investigation and the shutdown of Aeza at Datacamp, the ASNs that made it to the finish line have migrated to @packetbouncer @aurologiccom and @RoyaleHostingBV @stanvandeklippe
Many prefixes remain behind GRE tunnels.
Many prefixes remain behind GRE tunnels.
The power of CSI (194.36.177{.}229) server of 1cent{.}host runs in AS210281. Can you figure out where do the GRE tunnels of this BPH terminate? @banthisguy9349
March 20, 2025 at 12:56 PM
The power of CSI (194.36.177{.}229) server of 1cent{.}host runs in AS210281. Can you figure out where do the GRE tunnels of this BPH terminate? @banthisguy9349
MTU1448 update: Doppelganger Prefix sneaking away from Aurologic upstream to AS214891. Prefix now using AS56630 Melbikomas (LT) as upstream in Germany. route: 77.91.66.0/24
origin: AS214891
mnt-by: CENTHOST-MNT
last-modified: 2024-08-02T09:47:27Z
origin: AS214891
mnt-by: CENTHOST-MNT
last-modified: 2024-08-02T09:47:27Z
March 20, 2025 at 12:56 PM
MTU1448 update: Doppelganger Prefix sneaking away from Aurologic upstream to AS214891. Prefix now using AS56630 Melbikomas (LT) as upstream in Germany. route: 77.91.66.0/24
origin: AS214891
mnt-by: CENTHOST-MNT
last-modified: 2024-08-02T09:47:27Z
origin: AS214891
mnt-by: CENTHOST-MNT
last-modified: 2024-08-02T09:47:27Z
The answer is 1448. In a standard setup the maximum payload for a ICMP packet will be 1472 bytes (1500-20-8). 28 bytes for the IP (20) and ICMP (8) headers.
If you run GRE tunnels, you need to account for a 24 extra bytes overhead for Outer IP(20) and GRE(4).
1500-20-8-20-4=1448
If you run GRE tunnels, you need to account for a 24 extra bytes overhead for Outer IP(20) and GRE(4).
1500-20-8-20-4=1448
March 20, 2025 at 12:56 PM
The answer is 1448. In a standard setup the maximum payload for a ICMP packet will be 1472 bytes (1500-20-8). 28 bytes for the IP (20) and ICMP (8) headers.
If you run GRE tunnels, you need to account for a 24 extra bytes overhead for Outer IP(20) and GRE(4).
1500-20-8-20-4=1448
If you run GRE tunnels, you need to account for a 24 extra bytes overhead for Outer IP(20) and GRE(4).
1500-20-8-20-4=1448
Yesterday, AS198981 (netshield/1centhost) continued to serve Doppelganger domains but this time with @packetbouncer (Aurologic) as upstreams. This is not the kind of blocking we were expecting from you.
March 20, 2025 at 12:56 PM
Yesterday, AS198981 (netshield/1centhost) continued to serve Doppelganger domains but this time with @packetbouncer (Aurologic) as upstreams. This is not the kind of blocking we were expecting from you.
This is why we think that Lethost bullet proof hosting that run DG is NOT just a costumer of Aeza (1/x)
March 20, 2025 at 12:56 PM
This is why we think that Lethost bullet proof hosting that run DG is NOT just a costumer of Aeza (1/x)
Suspended Cyberhub ASN that is part of the Doppelganger ecosystem has been just renamed to HellaAS (Hellenic Digital Services Ltd / Luxhost). Seems like "luxhost" is the new Aeza bullet proof hoster. 🤦
@Gi7w0rm @banthisguy9349 @SourcesOuvertes
@Gi7w0rm @banthisguy9349 @SourcesOuvertes
March 20, 2025 at 12:56 PM
Suspended Cyberhub ASN that is part of the Doppelganger ecosystem has been just renamed to HellaAS (Hellenic Digital Services Ltd / Luxhost). Seems like "luxhost" is the new Aeza bullet proof hoster. 🤦
@Gi7w0rm @banthisguy9349 @SourcesOuvertes
@Gi7w0rm @banthisguy9349 @SourcesOuvertes
In a new twist in the saga of Doppelganger, Aeza has decided to stop providing connectivity to two bullet proof hosters: Lethost and Sunhost. What a nice way to show the world that they handle "abuse". (1/3)
March 20, 2025 at 12:56 PM
In a new twist in the saga of Doppelganger, Aeza has decided to stop providing connectivity to two bullet proof hosters: Lethost and Sunhost. What a nice way to show the world that they handle "abuse". (1/3)
Since the release of our forensic investigation about Doppelganger infrastructure there has been a few interesting developments. Once of them is that the F-domains @ TNSECURITY and NETSHIELD remain online thanks to one common upstream provider: Datacamp/CDN77
March 20, 2025 at 12:56 PM
Since the release of our forensic investigation about Doppelganger infrastructure there has been a few interesting developments. Once of them is that the F-domains @ TNSECURITY and NETSHIELD remain online thanks to one common upstream provider: Datacamp/CDN77
It seems that TNSECURITY/EVILEMPIRE is no longer routing traffic from Germany. Nice to have now a much clear picture of where Lethost is coming from
March 20, 2025 at 12:56 PM
It seems that TNSECURITY/EVILEMPIRE is no longer routing traffic from Germany. Nice to have now a much clear picture of where Lethost is coming from
Impressed of their setup or our report? Maybe both? @cymnu https://t.co/Ds8gNGobjK
March 20, 2025 at 12:56 PM
Impressed of their setup or our report? Maybe both? @cymnu https://t.co/Ds8gNGobjK
Hostinger today, DNS parking the F domains of DG. bikerspace[.]shop
btwidea[.]shop
cscerbr[.]shop
envhb[.]shop
summitslope[.]shop
vokei[.]shop
btwidea[.]shop
cscerbr[.]shop
envhb[.]shop
summitslope[.]shop
vokei[.]shop
March 20, 2025 at 12:56 PM
Hostinger today, DNS parking the F domains of DG. bikerspace[.]shop
btwidea[.]shop
cscerbr[.]shop
envhb[.]shop
summitslope[.]shop
vokei[.]shop
btwidea[.]shop
cscerbr[.]shop
envhb[.]shop
summitslope[.]shop
vokei[.]shop
TNSecurity (aka Evilempire) is interesting for 4 things:
- Runs from Germany as downstream of @packetbouncer - Runs front proxies for Doppelganger
- It is a hotspot of malware distribution
- It was a "dorector"
@Gi7w0rm @ffforward @banthisguy9349
- Runs from Germany as downstream of @packetbouncer - Runs front proxies for Doppelganger
- It is a hotspot of malware distribution
- It was a "dorector"
@Gi7w0rm @ffforward @banthisguy9349
March 20, 2025 at 12:56 PM
TNSecurity (aka Evilempire) is interesting for 4 things:
- Runs from Germany as downstream of @packetbouncer - Runs front proxies for Doppelganger
- It is a hotspot of malware distribution
- It was a "dorector"
@Gi7w0rm @ffforward @banthisguy9349
- Runs from Germany as downstream of @packetbouncer - Runs front proxies for Doppelganger
- It is a hotspot of malware distribution
- It was a "dorector"
@Gi7w0rm @ffforward @banthisguy9349
Let us check of few domains of DG campaign today that were registered with Namecheap and then moved to Hostinger DNS parking service. The service has been provided for months and tje domains have been pointed to:
AS215428 Mykyta Skorobohatko RU
AS216309 Tnsecurity Ltd RU
AS215428 Mykyta Skorobohatko RU
AS216309 Tnsecurity Ltd RU
March 20, 2025 at 12:55 PM
Let us check of few domains of DG campaign today that were registered with Namecheap and then moved to Hostinger DNS parking service. The service has been provided for months and tje domains have been pointed to:
AS215428 Mykyta Skorobohatko RU
AS216309 Tnsecurity Ltd RU
AS215428 Mykyta Skorobohatko RU
AS216309 Tnsecurity Ltd RU