All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
FBI seizes StarkRDP(and possibly RDP.sh)
Today, the FBI also seized the domains used by:
MySellIX (mysellix.io) and SellIX (sellix.io), two platforms that allowed users to create their own online stores, which threat actors also used to sell stolen data, software keys, and compromised accounts, and
StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider that some threat actors allegedly used for credential stuffing attacks.
https://www.bleepingcomputer.com/news/security/fbi-seizes-domains-for-crackedio-nulledto-hacking-forums/ (archive)
StarkRDP and Sellix was operated by the same group of Germans as RDP.sh who I suspect is next to go.
https://bgp.tools/as/210558 is the network of RDP.sh
Imprints all pointing to Florian Marzahl/1337 Services GmbH
StarkRDP (archive)
RDP.sh (archive)
LinkedIn with Sellix (archive)
Comments
This could be related with some hacking forums like nulled.to and others giving an error through CF?
It is. Nulled.to, Cracked.io and Sellix.io also got seized at the same time. Looks like one big sweep.
@FlorinMarian What's up?
First link in the post crossposted. (https://www.bleepingcomputer.com/news/security/fbi-seizes-domains-for-crackedio-nulledto-hacking-forums/)
They finally seized Sellix?
Yeah, just waiting on DNS to propegate the nameserver change XD, taking longer than 4 hours now I think.
Tor relays on RDP.sh remain operational: https://metrics.torproject.org/rs.html#search/as:AS210558
I didn't realize they host almost 500 relays
Yes rdp.sh is still working, and all the other stuff (sellix, nulled, cracked, starkrdp) is also working, the domains just got seized afaik.
Because the domains are most likely just their first step.
It's unclear if rdp.sh is even going to be affected though, the nameservers haven't been updated for the domain.
Allowed crime on their servers or why?
I hope so, + this guy is known, its not some anon alias.
Yeah.
Nulled/Cracked where hacking and cracking forums.
Sellix was offering their payment processing services to them.
MySellix was using Sellix and was an account shop for hacked/cracked/stolen accounts.
Starkrdp was owned by rdp.sh and allowed/advertised cracking/checking accounts.
rdp.sh and sellix are owned/ooperated by the same people.
Sellix was used for all types of illegal shit, they were one of the most well known places for buying and selling that type of stuff. Stolen accounts, bank accounts, identities, gift cards, booters, illegal tools, if you wanted something, a sellix store probably had it.
There's a lot of similar sites as well, like shoppy, selly, etc.
I even thought about buying server from RDP.sh at one point. I believe their servers are located mostly in Poland, they have (/had) pretty clean website and rather affordable pricing.
Didn't know they were affiliated with those kind of stuff.
Nice, waiting for krebs article.
Would be epik, haven't followed krebs in a while.
REGUARDS
i guess
Actually omnisia is in legal trouble, he just play hide and seek with feds. Hehe…
Here is archive https://krebsonsecurity.com/tag/omniscient/
Waiting for Mutahar from SomeOrdinaryGamers and Mental Outlaw videos on this lol
Wasn't this the guys that looked for hosting here on LET where I shared some examples in their request thread to providers on the kind of stuff they actually host
If you can find that, that would be lovely, can't recall that.
I can't, already tried.
Either it's been hidden/removed or I'm just confusing Sellix with one of those similar ones, there's been quite a few of them.
Anyway, exciting stuff.
Honestly suprised it took the FBI what feels like forever to shut some of those forums down. They've been around since forever. With that power and budget they don't seem very effective
I doubt they will shutdown for long if at all, they will just move domains
Criminal activity and "RDP" in a hosting provider name go together like peanut butter and jelly.
We as well I assume.
“RDP” hmmm
Allegedly, HF complies with the feds. But both of the seized forums did the same (at least partially), so who knows.
Don’t worry, the FBI will shut down the new domains in another 10 years
why take down a cybercrime forum when they know a replacement will take its place within days? better to keep it up and let skids incriminate themselves
this is why we don't have windows server images (besides legal concerns and me not wanting to have anything to do with m$)
it filters out 99% of abusers because skids cant into linux
Sellix had a ton of "DDoS for Hire" and carding services operating blatantly, and their "abuse contact" was notified and did nothing for months.
Not surprised.