đŸ”Ŧ
intro
  • đŸ’ģSummary
  • 🧑‍đŸ’ģMe
  • 🟠Investigation
    • 👁ī¸â€đŸ—¨ī¸Reconnaissance
  • 🔴The Evidence
    • 🔍Evidence #1
    • 🔍Evidence #2
    • 🔍Evidence #3
    • 🔍Evidence #4
    • 🔍Evidence #5
    • 🔍Evidence #6
    • 🔍Evidence #7
    • 🔍Evidence #8
    • 🔍Evidence #9
    • 🔍Evidence #10
    • 🔍Evidence #11
    • 🔍Evidence #12
  • đŸŸŖTracking Down
    • đŸ’ģIP Addresses
    • đŸ‘ŋThe Telegram Admins
  • đŸŸĸThe Break
    • 🤝The Marketing Agency
    • 🙈The People
    • 📞Phone Numbers
  • 🟤Concslusion
    • ℹī¸Final Words
  • âšĢDo Your Part
    • đŸ‘ĢHelp Thy Neighbor
  • 🟡Bonus Info
    • 📉Snowfall Scam
Powered by GitBook
On this page
  1. The Evidence

Evidence #12

Coincidence? I think not.

PreviousEvidence #11NextIP Addresses

Last updated 2 years ago

When I created the fake bad media article, which was ultimately visited by some of the Telegram admins and collected their data, one of the IP addresses turned out to be a Squid Cache proxy set up on a Digital Ocean droplet. The version of Squid Cache is 4.14, indicating that it was set up between February 8th and 10th May 2021, coinciding with the dates of the early projects the scammers launched.

Additionally, legitimate projects with real founders and teams behind them won't usually require a proxy server. The only purpose of such a server is to conceal the real IP of its users.

🔴
🔍