Velox media under new management

zed · January 21

@JohnFilch123 said:

@AlteredParadox said: you'd think he'd at least take the 4/yr out of the freaking name

Nah, let's just bill everyone Mine will be disconnected tomorrow I think. Funny thing is I only received one invoice but have three VPS with them.

inb4 FRAUD

Maelstrom36 · January 21

I looked at my invoice where they are asking to pay the $2. They are only accepting Stripe it seems. So much for their "we sell 8 figures with both PayPal and Stripe a year"

dedicados · January 21

oh well, finally vps are gone from account.

xD

zGato · January 22

this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

default · January 22

Chargeback and delete accounts! Get out of there as soon as possible!

MaxTakeba · January 22

LOL WTF?

MaxTakeba · January 22

Can I just point out AbuseIPDB got a report from my residence IP accusing me of a layer 7 flood of which I am not capable of doing as my ISP would immediately null me and terminate me?

How stupid are they?

rpqu · January 22

IYKYK

JabJab · January 22

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

you should ask what TOS as you never accepted one? :-D

AlteredParadox · January 22

I am amused that @itsTomHarper continues to be have active last logon dates but has yet to say a word.

TeneT · January 22

So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

AlteredParadox · January 22

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

lol

xvps · January 22

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

Hey, shut up and pay the $500 you owe him.

VeloxMedia acceptable use terms:

$500 abuse charge applies for verified spam or abuse incidents.

source: https://veloxmedia.co.uk/acceptable-use/

TimboJones · January 22

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

How did traffic route from the public IP to a non-routable private subnet? Wtf is that private IP supposed to be?

rpqu · January 22

@TimboJones said:

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

How did traffic route from the public IP to a non-routable private subnet? Wtf is that private IP supposed to be?

It's very sus

  2026-01-22 00:41:52
(7 hours ago)

01/22/2026-01:38:39.443689 46.33.10.94 Protocol: 6 ET SCAN Potential SSH Scan
Port Scan

🇩🇪 iNetWorker
2026-01-22 00:41:47
(7 hours ago)

firewall-block, port(s): 53220/tcp
Port Scan

🇫🇷 sthoyer.de
2026-01-22 00:41:43
(7 hours ago)

Jan 22 01:38:25 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=109 ID=7333 DF PROTO=TCP SPT=24938 DPT=29176 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:28 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=60 ID=27037 DF PROTO=TCP SPT=56064 DPT=36305 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:34 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=68 ID=31370 DF PROTO=TCP SPT=44116 DPT=9350 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:39 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=89 ID=60147 DF PROTO=TCP SPT=8308 DPT=18239 WINDOW=65535 ...
show less
Port Scan

🇬🇧 oviliz
2026-01-21 10:59:00
(21 hours ago)

IPS Alert 2: Misc Attack. Signature ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 460. From: 46.33.10.94:22067, to: 192.168.1.177:51510, protocol: TCP
show less
Exploited Host

Showing 1 to 4 of 4 reports

@zGato posted on 2026-01-22 00:16, and it could be assumed that Eric already shutdown the service. So, how the fuck a stopped service do port scan?

zGato · January 22

@rpqu said:

@TimboJones said:

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

How did traffic route from the public IP to a non-routable private subnet? Wtf is that private IP supposed to be?

It's very sus
  2026-01-22 00:41:52
(7 hours ago)

01/22/2026-01:38:39.443689 46.33.10.94 Protocol: 6 ET SCAN Potential SSH Scan
Port Scan

🇩🇪 iNetWorker
2026-01-22 00:41:47
(7 hours ago)

firewall-block, port(s): 53220/tcp
Port Scan

🇫🇷 sthoyer.de
2026-01-22 00:41:43
(7 hours ago)

Jan 22 01:38:25 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=109 ID=7333 DF PROTO=TCP SPT=24938 DPT=29176 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:28 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=60 ID=27037 DF PROTO=TCP SPT=56064 DPT=36305 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:34 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=68 ID=31370 DF PROTO=TCP SPT=44116 DPT=9350 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:39 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=89 ID=60147 DF PROTO=TCP SPT=8308 DPT=18239 WINDOW=65535 ...
show less
Port Scan

🇬🇧 oviliz
2026-01-21 10:59:00
(21 hours ago)

IPS Alert 2: Misc Attack. Signature ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 460. From: 46.33.10.94:22067, to: 192.168.1.177:51510, protocol: TCP
show less
Exploited Host

Showing 1 to 4 of 4 reports
@zGato posted on 2026-01-22 00:16, and it could be assumed that Eric already shutdown the service. So, how the fuck a stopped service do port scan?

Suspension email is from over 12 hours ago so yeah

They suspended both of them, even though the one in Fremont doesn't have a single report:
https://www.abuseipdb.com/check/204.197.163.133

TeneT · January 22

It just wants to kick everyone out and sell them to new customers (victims). One day there will be popped up a reason for you to terminate your services.

By the way, that Fremont 204.197 /22 IPv4 was clean and great over the past half year but now it is tagged in ipapi ipqs and other db as abuse ip address and involved in cyber attack, just after this exit scam. Hope the rest of users would enjoy that.

rpqu · January 22

@zGato said:
@rpqu said:

@TimboJones said:

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

How did traffic route from the public IP to a non-routable private subnet? Wtf is that private IP supposed to be?

It's very sus
  2026-01-22 00:41:52
(7 hours ago)

01/22/2026-01:38:39.443689 46.33.10.94 Protocol: 6 ET SCAN Potential SSH Scan
Port Scan

🇩🇪 iNetWorker
2026-01-22 00:41:47
(7 hours ago)

firewall-block, port(s): 53220/tcp
Port Scan

🇫🇷 sthoyer.de
2026-01-22 00:41:43
(7 hours ago)

Jan 22 01:38:25 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=109 ID=7333 DF PROTO=TCP SPT=24938 DPT=29176 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:28 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=60 ID=27037 DF PROTO=TCP SPT=56064 DPT=36305 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:34 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=68 ID=31370 DF PROTO=TCP SPT=44116 DPT=9350 WINDOW=65535 RES=0x00 SYN URGP=0 Jan 22 01:38:39 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=46.33.10.94 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x20 TTL=89 ID=60147 DF PROTO=TCP SPT=8308 DPT=18239 WINDOW=65535 ...
show less
Port Scan

🇬🇧 oviliz
2026-01-21 10:59:00
(21 hours ago)

IPS Alert 2: Misc Attack. Signature ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 460. From: 46.33.10.94:22067, to: 192.168.1.177:51510, protocol: TCP
show less
Exploited Host

Showing 1 to 4 of 4 reports
@zGato posted on 2026-01-22 00:16, and it could be assumed that Eric already shutdown the service. So, how the fuck a stopped service do port scan?
Suspension email is from over 12 hours ago so yeah

They suspended both of them, even though the one in Fremont doesn't have a single report:
https://www.abuseipdb.com/check/204.197.163.133

While there could be hours of delay until reporting, sthoyer.de core dump provide a hint that it was using UTC +0100. And Judging by the UTC timestamp, it was reported in less than 3 minutes.
So, your vps is definitely already turned off.

rpqu · January 22

@TeneT said:
It just wants to kick everyone out and sell them to new customers (victims). One day there will be popped up a reason for you to terminate your services.

By the way, that Fremont 204.197 /22 IPv4 was clean and great over the past half year but now it is tagged in ipapi ipqs and other db as abuse ip address and involved in cyber attack, just after this exit scam. Hope the rest of users would enjoy that.

I see

new customer signed up for monthly/annual contract
forge fake abuse report
email customer about the "abuse"
deny refund because of their "action

TeneT · January 22

Oh good news every benchmark score is raising, which means former users are being kicked out and the rest prefer not to use it as a primary server. Those marks will rise again after mine is deleted.

Geekbench 5 Benchmark Test:

https://nodequality.com/r/IGOgAfsZrIbttn8vUlaMFeLmbTnapkG7

ralf · January 22

@xvps said:

@zGato said:
this is their new ceo btw (if it isn't clear enough already how he is):

aaand ticket closed without any answer

Hey, shut up and pay the $500 you owe him.

VeloxMedia acceptable use terms:

$500 abuse charge applies for verified spam or abuse incidents.

source: https://veloxmedia.co.uk/acceptable-use/

Haha, lol:

$500 abuse charge applies for verified spam or abuse incidents.
£500 for spam; case-by-case admin fees for handling illegal/obscene content or major abuse

He can't even get that right!

ralf · January 22

BTW, now the deadline for GDPR compliance has passed, I'd be very interested in hearing whether:

a) everyone on a LET plan got the cancellation / extortion notice, even US people
b) did previous veloxmedia customers (if any) all get the e-mail about consent, or only the EU/UK ones?
c) if you didn't get the e-mail for b, this is the important one - are you a UK/EU citizen resident in a non-GDPR country? The GDPR still applies to you as a citizen, which is why he needed to e-mail everybody regardless of where their customer details said they lived.

Saragoldfarb · January 22

@ralf said:
BTW, now the deadline for GDPR compliance has passed, I'd be very interested in hearing whether:

a) everyone on a LET plan got the cancellation / extortion notice, even US people
b) did previous veloxmedia customers (if any) all get the e-mail about consent, or only the EU/UK ones?
c) if you didn't get the e-mail for b, this is the important one - are you a UK/EU citizen resident in a non-GDPR country? The GDPR still applies to you as a citizen, which is why he needed to e-mail everybody regardless of where their customer details said they lived.

Didn't get the email. Also no data delivered yet. Guess they must have an extensive dataset on me if it's taking this long.

network · January 22

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

Report the IP running the main site and maybe he terminates himself?

gbzret4d · January 22

@network said:

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

Report the IP running the main site and maybe he terminates himself?

I've reported the whole range of 172.* and 192.* my logs are full of words I don't understand.

What if someone sends veloxmedia a faked report with their main IPs for their website? Will they block itself?

rpqu · January 22

@gbzret4d said:

@network said:

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

Report the IP running the main site and maybe he terminates himself?

I've reported the whole range of 172.* and 192.* my logs are full of words I don't understand.

What if someone sends veloxmedia a faked report with their main IPs for their website? Will they block itself?

You forgot 10.0.0.0/8, 255.0.0.0/8

gbzret4d · January 22

@rpqu said:

@gbzret4d said:

@network said:

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

Report the IP running the main site and maybe he terminates himself?

I've reported the whole range of 172.* and 192.* my logs are full of words I don't understand.

What if someone sends veloxmedia a faked report with their main IPs for their website? Will they block itself?

You forgot 10.0.0.0/8, 255.0.0.0/8

# [NETSEC-CERT] SECURITY INCIDENT REPORT: #AF-2026-991

**Date:** 2026-01-22 17:22:15 UTC
**Source:** Automated Infrastructure Protection System (AIPS)
**Target:** 104.21.16.25 (Cloudflare Range)
**Classification:** HARDWARE INTEGRITY THREAT
**Priority:** P1 (IMMEDIATE ACTION REQUIRED)

---

## 1. EXECUTIVE SUMMARY

Our backbone monitoring agents have detected a critical anomaly originating from IP `104.21.16.25`. While the traffic volume is within acceptable throughput limits, the **physical composition** of the data packets violates IEEE 802.3 standards regarding bit-distribution and gyroscopic stability.

The data stream is currently causing mechanical resonance vibrations in our solid-state routing equipment.

## 2. TRAFFIC LOG ANALYSIS

**Interface:** `ae0.core-rtr.fra.de`
**Protocol:** TCP/IPv4
**Flagged Metric:** Angular Momentum / Centrifugal Force

**Raw Syslog Extract:**
```log
17:20:01 [KERNEL] INBOUND: SRC=104.21.16.25 DST=192.168.1.50 LEN=1500
17:20:01 [WARN]  PACKET_BALANCE: skew_detected value=0.98 (Critical)
17:20:02 [ERROR] GYRO_STABILIZER: Rack #4 is tilting 2 degrees left.
17:20:02 [CRIT]  PHYSICS_VIOLATION: Packet center of mass is off-axis.
17:20:03 [DROP]  Jettisoning payload to prevent server tip-over.

network · January 22

@rpqu said:

@gbzret4d said:

@network said:

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

Report the IP running the main site and maybe he terminates himself?

I've reported the whole range of 172.* and 192.* my logs are full of words I don't understand.

What if someone sends veloxmedia a faked report with their main IPs for their website? Will they block itself?

You forgot 10.0.0.0/8, 255.0.0.0/8

Report 0.0.0.0/0 and he will end the internet.

gbzret4d · January 22

@network said:

@rpqu said:

@gbzret4d said:

@network said:

@TeneT said:
So if someone just go and report every IP to AbuseIPDB, they will terminate all of them?

Report the IP running the main site and maybe he terminates himself?

I've reported the whole range of 172.* and 192.* my logs are full of words I don't understand.

What if someone sends veloxmedia a faked report with their main IPs for their website? Will they block itself?

You forgot 10.0.0.0/8, 255.0.0.0/8

Report 0.0.0.0/0 and he will end the internet.

Together with his buddies from the FBI, cia, homeland, Ronald Mcdonald buddy club,... he could do that

ascicode · January 22

They must scan random ranges to get IPs listed every minute. Eric can be one of them.

Howdy, Stranger!

Categories

In this Discussion

Velox media under new management

Comments

Geekbench 5 Benchmark Test:

Howdy, Stranger!

Quick Links

Categories

In this Discussion

Velox media under new management

Comments

Geekbench 5 Benchmark Test: