Jump to content

Ash, D bolter, Ransomwared VPS


CKB

Recommended Posts

Disputed member: [member=]https://osbot.org/forum/profile/10518-d-bolter/

Thread Link: https://osbot.org/forum/topic/137101-💎700-feedbackverified-transactor-1-proxy-and-vps-shop-residential-proxies-new-proxies-over-1k-sold-lifetime-sponsor💎/


I bought a VPS from him, He set the VPS up from the offset, i went to bed like 8 hours ago, VPS was fine, 1 OSRS client open, Any desk open...i woke up not long ago to find Anydesk wouldnt connect so i used RDC to connect, to find 3 ransomware windows open and a program called process hacker 2, I have only put files from my main PC onto this computer, my Main PC does not have any of the same issues my VPS does...

I proceeded to msg him as he was online and the second i mention VPS he went offline....
Hes appeared online *Red status* on discord atleast 3 times since these messages, he is refusing to help and me and him are the only people with access to the VPS.

Please someone help me look into this.

unknown.pngunknown.pngunknown.pngunknown.pngunknown.pngunknown.png

Evidence:

Please also note my windows is a non valid version of windows, I'm thinking the .ISO he installed could have contained said ransomware? either way someone on here must be able to help me figure out exactly how the ransomware was put on, i have not disconnected from RDC, i will keep everything open that i currently have open in hopes this can be resolved and the source can be found, Thanks in advance.

Edited by CKB
  • Like 1
Link to comment
Share on other sites

Alright I've placed @D Bolter in TWC, whats going on? I understand it might be night time but you appear to be online and not responding to customers.

1. I want to know what network this vps is connected to (Is it private or shared dedi/larger vps).

2. Where did you get that iso? Why are you using 7 Ultimate instead of server 08?

3. If you're reselling these VPS, where are you getting them?

4. Who else is using a VPS that could possibly be connected to these and also be affected by this?

  • Like 2
Link to comment
Share on other sites

my next issue is the 150 hours + i have put into 7 accounts on the VPS
The VPS contains all the .txts to the accounts 

The accounts also do not have the login email created on a VALID domain name
The accounts also do not have a recovery email attached.
I have been training defence pures + SOTD pures on the VPS *BY HAND*

I've pumped more work and hours than any venezuelan you can think of.

The accounts on the VPS are legit rendered useless, My time, Efforts, Money, Everything Gone.

Edit: Here is the account formats i use upon account creation - 

================================
OSRS INFO:
================================
Login:

Recovery Email:

Creation Date:

Creation IP:

D.o.B:

================================
PASSWORD LIST:
================================

================================
Email Info:
================================
Login:
Password:
Recovery Email:
Phone #:
Name:
D.O.B:
Creation Date:

================================
Worker Info:
================================
Discord: 
Sythe: 
--------------------------------
Discord:
Sythe:

================================
Sold to:
================================
Amount:
Date:
Sythe Profile:
Discord ID:
Discord UID:
Vouch Quote/Link:
Sale Thread:
================================
Stats & Bank on sale:
================================

Edited by CKB
Link to comment
Share on other sites

 

#1 I never ignored him, he spammed me with messages and calls at 6 am.

https://gyazo.com/48944dcfddad05159d2b874ef601d6ec

https://gyazo.com/9852d7bd7d0e3a1c5d34c8aafa1b2f4a

#2 I don't have access to his VPS. I gave him clear instructions on how to change the VPS password. He is the admin on it. Proof below.

09715a80598a72643460a88deb51c49e.png

 

#3 I never downloaded a ransomware on any VPS. The English on that program is atrocious. His VPS is the only one affected. It may have been through him or his workers.

Proof that he was going to have other people on the VPS:

1359bce590b8a4245186169957b30675.png

#4 There are many ways for computers and VPS to get infected by ransomware. It may be his workers or him clicking on a phishing email or even brute force:

sources:  https://healthitsecurity.com/news/samsam-ransomware-attackers-target-healthcare-providers

https://www.securityweek.com/hackers-using-rdp-attacks-install-crysis-ransomware

 

Although new to my knowledge, these ransomwares seem pretty common these days but knowing this information I will take extra precautions in the future. 

We can try reinstalling the Operating System or doing a System restore to an earlier point in time.

 

I understand TWCing me but can I please have my sponsor rank back?

 

 

  • Heart 2
Link to comment
Share on other sites

No one has touched the VPS apart from myself, I can happily show any discord convo's, Sythe convos, Sythe vouches, any other vouches you would like to see

I have not even logged into a email account on the VPS, Do you think i am 5 years old? i know what a virus does, i know what a virus looks like and i certainly know what a phishing email looks like.

I certainly wont be touching the VPS again with any of my personal info.

Dont shift the blame.

Edited by CKB
Link to comment
Share on other sites

The staff team has decided that @D Bolter will need to refund @CKB the cost of the VPS sold. We will not be forcing a refund for the accounts stored there that @CKB mentioned as we see this is as your responsibility to store your accounts more than 1 place (especially when that is a rented VPS in a .txt file). When the refund is complete if you guys will both confirm that here we can close this.

Link to comment
Share on other sites

it does not matter if the accounts info where on the VPS, i had them on there in hopes of security which is obviously clearly not the case.


The VPS is rendered useless now, the ip attached to the accounts is now useless
if i log in on my own IP to continue training the accounts they will be locked and i will be forced to attach a recovery email defeating the whole purpose of buying said VPS etc

I've legit lost out on hours of my life
Money & Trust within this BS vps scheme.

He also needs to provide proof that he owns the said VPS and proxies and theyre not just being resold?

Edited by CKB
Link to comment
Share on other sites

55 minutes ago, CKB said:

it does not matter if the accounts info where on the VPS, i had them on there in hopes of security which is obviously clearly not the case.


The VPS is rendered useless now, the ip attached to the accounts is now useless
if i log in on my own IP to continue training the accounts they will be locked and i will be forced to attach a recovery email defeating the whole purpose of buying said VPS etc

I've legit lost out on hours of my life
Money & Trust within this BS vps scheme.

He also needs to provide proof that he owns the said VPS and proxies and theyre not just being resold?

 

10 minutes ago, D Bolter said:

The ransomware was clearly not my doing and he's already lied multiple times on this thread.

Also

9cc2d89b29c77e3753323df76651958a.png 

That was not a request, @CKB accept the VPS cost refund from @D Bolter then post here to confirm.

Link to comment
Share on other sites

30 minutes ago, D Bolter said:

The ransomware was clearly not my doing and he's already lied multiple times on this thread.

Also

9cc2d89b29c77e3753323df76651958a.png 

Lied multiple times? i have not lied once

The fact this is getting closed without anyone looking into it is more than concerning, but snm fam i'll collect the chump change and we can all move forward with the unexplained malware on the VPS.

Ill collect refund v shortly.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...