- Thread Author
- #6
rdpsh on nulled.to. Super trusted, pretty big. When I posted it there, got a response immediately saying that its happened to them before.(22 March, 2021 - 01:30 AM)Blepop Wrote: Show More
(22 March, 2021 - 12:57 AM)Psychedelic Wrote: Show More
I purchased a one month RDP two weeks ago from RDP.SH. In the meantime, I have been using it for my telegram and to sync the monero blockchain since my PC is too slow/old to do it at a high speed.
This morning, I woke up, and saw I didnt have any telegram notifications (odd). I check, and I see I had two messages which I had already "seen" since there was no notification. I shrug it off, and go back afk. I come back this evening, and I am in shock. Telegram is closed, the monero client is closed, chrome is closed. The only things left are my empty notepad i had open and file explorer.
The RDP was on the desktop view, nothing else
So of course I was surprised. I checked telegram on another device, and once again they had already been read.
Naturally, I was worried so I checked the server connection logs (this is available in the windows event viewer).
I see that there were multiple logins while I was not on my pc from two different IPs.
I am glad I didnt send any funds here as I would be fucked right now.
First off, I was most definitely not ratted. On the computer i had an IM client, telegram, google chrome, and the monero client. There was nothing here that would allow access PLUS if the RDP was ratted, they would be directly accessing it, not logging onto the RDP as they wouldnt have the creds.
My PC is most definitely not ratted as well. I have never downloaded any tools on it or anything that would give malware + I have antivirus that is up to date. That is not a possibility and if I was ratted they would have better things to do with their time than to login to an rdp i hardly use.
Proof? Sure!
Windows has a built in forensic tool called event viewer. I go there, and check the RDP connection history.
1149 event code = successful login. it shows time stamps and IP.
It looks like this
![[Image: rDLT61d.png]](https://i.imgur.com/rDLT61d.png "[Image: rDLT61d.png]")
Here is the most recent login by me
![[Image: RF2YAPK.png]](https://i.imgur.com/RF2YAPK.png "[Image: RF2YAPK.png]")
While I was afk, there were these logins
![[Image: FC5CmlU.png]](https://i.imgur.com/FC5CmlU.png "[Image: FC5CmlU.png]")
![[Image: ZSohCpD.png]](https://i.imgur.com/ZSohCpD.png "[Image: ZSohCpD.png]")
![[Image: 20Hzmdh.png]](https://i.imgur.com/20Hzmdh.png "[Image: 20Hzmdh.png]")
Earlier login by me
![[Image: AEDfCfL.png]](https://i.imgur.com/AEDfCfL.png "[Image: AEDfCfL.png]")
Time stamps
![[Image: 3zb9wqx.png]](https://i.imgur.com/3zb9wqx.png "[Image: 3zb9wqx.png]")
Windows forensic tool
![[Image: Z3J2Tz0.png]](https://i.imgur.com/Z3J2Tz0.png "[Image: Z3J2Tz0.png]")
Proof of ownership
![[Image: CI81Oww.png]](https://i.imgur.com/CI81Oww.png "[Image: CI81Oww.png]")
previous scam report showing that their rdp.sh was hacked and wallet drained
![[Image: WWdK76m.png]](https://i.imgur.com/WWdK76m.png "[Image: WWdK76m.png]")
IP lookups
![[Image: 7Nl2obG.png]](https://i.imgur.com/7Nl2obG.png "[Image: 7Nl2obG.png]")
![[Image: u5xUpKF.png]](https://i.imgur.com/u5xUpKF.png "[Image: u5xUpKF.png]")
Overall. I was CLEARLY not ratted. I cant make that apparent enough. While I suffered no damages, I was wronged and would like a full refund for what happened. Snooping through your customers servers is terrible business and I was sad as the server was half decent.
Do not use them and avoid at all costs
big expose
gg
who owns it anyway ?
n.to mods have said before that they dont have access
complete bullshit
from what I can tell, finndev may own it? Idk or if its just that acc.
But this is just a warning Im sure theres other victims.
![[Image: G3RU3aI.gif]](https://i.imgur.com/G3RU3aI.gif "[Image: G3RU3aI.gif]")