Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 16843

DO NOT USE RDP.SH | LOGGING INTO MY SERVER | (PROOF PROVIDED)

by Kingpin - 22 March, 2021 - 02:57 AM
This post is by a banned member (Kingpin) - Unhide
This post is by a banned member (Maestro_js) - Unhide
This post is by a banned member (Kingpin) - Unhide
This post is by a banned member (Blepop) - Unhide
Blepop  
Galactic
4.051
Posts
2.148
Threads
5 Years of service
#4
(22 March, 2021 - 02:57 AM)Psychedelic Wrote: Show More
I purchased a one month RDP two weeks ago from RDP.SH. In the meantime, I have been using it for my telegram and to sync the monero blockchain since my PC is too slow/old to do it at a high speed.
 
This morning, I woke up, and saw I didnt have any telegram notifications (odd). I check, and I see I had two messages which I had already "seen" since there was no notification. I shrug it off, and go back afk. I come back this evening, and I am in shock. Telegram is closed, the monero client is closed, chrome is closed. The only things left are my empty notepad i had open and file explorer. 
 
The RDP was on the desktop view, nothing else
 
So of course I was surprised. I checked telegram on another device, and once again they had already been read. 
 
Naturally, I was worried so I checked the server connection logs (this is available in the windows event viewer). 
 
I see that there were multiple logins while I was not on my pc from two different IPs.
 
I am glad I didnt send any funds here as I would be fucked right now.
 
 
 
 
 
 
 
First off, I was most definitely not ratted. On the computer i had an IM client, telegram,  google chrome, and the monero client. There was nothing here that would allow access PLUS if the RDP was ratted, they would be directly accessing it, not logging onto the RDP as they wouldnt have the creds.
 
My PC is most definitely not ratted as well. I have never downloaded any tools on it or anything that would give malware + I have antivirus that is up to date. That is not a possibility and if I was ratted they would have better things to do with their time than to login to an rdp i hardly use.
 
 
 
Proof? Sure!
 
Windows has a built in forensic tool called event viewer. I go there, and check the RDP connection history.
 
1149 event code = successful login. it shows time stamps and IP.
 
It looks like this
[Image: rDLT61d.png]
 
 
 
 
Here is the most recent login by me 
[Image: RF2YAPK.png]
 
 
While I was afk, there were these logins
 
[Image: FC5CmlU.png]
[Image: ZSohCpD.png]
[Image: 20Hzmdh.png]
 
 
Earlier login by me
 
 
[Image: AEDfCfL.png]
 
 
 
 
 
Time stamps
[Image: 3zb9wqx.png]
 
Windows forensic tool
[Image: Z3J2Tz0.png]
Proof of ownership
[Image: CI81Oww.png]
 
 
 
previous scam report showing that their rdp.sh was hacked and wallet drained
 
[Image: WWdK76m.png]
 
 
IP lookups
 
[Image: 7Nl2obG.png]
[Image: u5xUpKF.png]
 
 
 
 
 
Overall. I was CLEARLY not ratted. I cant make that apparent enough. While I suffered no damages, I was wronged and would like a full refund for what happened. Snooping through your customers servers is terrible business and I was sad as the server was half decent.


Do not use them and avoid at all costs

big expose
gg
who owns it anyway ?
[Image: S6IAC.gif]
Ad by firewizard 

Join for Daily Bulk Drops 
This post is by a banned member (Kingpin) - Unhide
This post is by a banned member (Blepop) - Unhide
Blepop  
Galactic
4.051
Posts
2.148
Threads
5 Years of service
#6
(22 March, 2021 - 03:37 AM)Psychedelic Wrote: Show More
(22 March, 2021 - 03:30 AM)Blepop Wrote: Show More
(22 March, 2021 - 02:57 AM)Psychedelic Wrote: Show More
I purchased a one month RDP two weeks ago from RDP.SH. In the meantime, I have been using it for my telegram and to sync the monero blockchain since my PC is too slow/old to do it at a high speed.
 
This morning, I woke up, and saw I didnt have any telegram notifications (odd). I check, and I see I had two messages which I had already "seen" since there was no notification. I shrug it off, and go back afk. I come back this evening, and I am in shock. Telegram is closed, the monero client is closed, chrome is closed. The only things left are my empty notepad i had open and file explorer. 
 
The RDP was on the desktop view, nothing else
 
So of course I was surprised. I checked telegram on another device, and once again they had already been read. 
 
Naturally, I was worried so I checked the server connection logs (this is available in the windows event viewer). 
 
I see that there were multiple logins while I was not on my pc from two different IPs.
 
I am glad I didnt send any funds here as I would be fucked right now.
 
 
 
 
 
 
 
First off, I was most definitely not ratted. On the computer i had an IM client, telegram,  google chrome, and the monero client. There was nothing here that would allow access PLUS if the RDP was ratted, they would be directly accessing it, not logging onto the RDP as they wouldnt have the creds.
 
My PC is most definitely not ratted as well. I have never downloaded any tools on it or anything that would give malware + I have antivirus that is up to date. That is not a possibility and if I was ratted they would have better things to do with their time than to login to an rdp i hardly use.
 
 
 
Proof? Sure!
 
Windows has a built in forensic tool called event viewer. I go there, and check the RDP connection history.
 
1149 event code = successful login. it shows time stamps and IP.
 
It looks like this
[Image: rDLT61d.png]
 
 
 
 
Here is the most recent login by me 
[Image: RF2YAPK.png]
 
 
While I was afk, there were these logins
 
[Image: FC5CmlU.png]
[Image: ZSohCpD.png]
[Image: 20Hzmdh.png]
 
 
Earlier login by me
 
 
[Image: AEDfCfL.png]
 
 
 
 
 
Time stamps
[Image: 3zb9wqx.png]
 
Windows forensic tool
[Image: Z3J2Tz0.png]
Proof of ownership
[Image: CI81Oww.png]
 
 
 
previous scam report showing that their rdp.sh was hacked and wallet drained
 
[Image: WWdK76m.png]
 
 
IP lookups
 
[Image: 7Nl2obG.png]
[Image: u5xUpKF.png]
 
 
 
 
 
Overall. I was CLEARLY not ratted. I cant make that apparent enough. While I suffered no damages, I was wronged and would like a full refund for what happened. Snooping through your customers servers is terrible business and I was sad as the server was half decent.


Do not use them and avoid at all costs

big expose
gg
who owns it anyway ?
rdpsh on nulled.to. Super trusted, pretty big. When I posted it there, got a response immediately saying that it’s happened to them before.

n.to mods have said before that ‘they don’t have access’

complete bullshit 

from what I can tell, finndev may own it? Idk or if it’s just that acc.


But this is just a warning I’m sure there’s other victims.

yeah i saw it 
probs the matters gonna be buried there
foooking cunts stealing the data , scammed people big time
[Image: S6IAC.gif]
Ad by firewizard 

Join for Daily Bulk Drops 
This post is by a banned member (oopsgeneration88) - Unhide
This post is by a banned member (vi0lentpasta) - Unhide
12
Posts
1
Threads
4 Years of service
#8
will pull my account also. thanks for the heads up

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 6 Guest(s)