FBI seizes StarkRDP(and possibly RDP.sh)
Today, the FBI also seized the domains used by:
MySellIX (mysellix.io) and SellIX (sellix.io), two platforms that allowed users to create their own online stores, which threat actors also used to sell stolen data, software keys, and compromised accounts, and
StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider that some threat actors allegedly used for credential stuffing attacks.
https://www.bleepingcomputer.com/news/security/fbi-seizes-domains-for-crackedio-nulledto-hacking-forums/ (archive)
StarkRDP and Sellix was operated by the same group of Germans as RDP.sh who I suspect is next to go.
https://bgp.tools/as/210558 is the network of RDP.sh
Imprints all pointing to Florian Marzahl/1337 Services GmbH
StarkRDP (archive)
RDP.sh (archive)
LinkedIn with Sellix (archive)
Comments
Is the Florian in the screenshot the same as LE*'s Florian M?
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
We are glad that we unbrothered @FlorinMarian last year.
No hostname left!
Nop, this is
Florian Marzahland our Florian isFlorian Meissner.Ahhh, gotcha. I tried to find the user but just knew it was a Florian "M", didn't know his full last name.
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
I think our guy is @FlorinMarian
The Ultimate Speedtest Script | Get Instant Alerts on new LES/LET deals | Cheap VPS Deals | VirMach Flash Sales Notifier
FREE KVM VPS - FreeVPS.org | FREE LXC VPS - MicroLXC
Update from Europol
https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-takes-down-two-largest-cybercrime-forums-in-world (archive)
So apparently they ran Cracked and/or Nulled too.
Video from arrests.
In video there was a gorgeous lady with a plum bottom! How she could be related to this? :O I think it is a mistake.
"1337"!? How dare they misuse such a sacred term for us elite!
That Sellix website openly had people selling carding services and "stressers."
Good riddance.
Swiftnode.net - Baremetal, virtual machines, VoIP, and DDoS mitigation.
"Hack the Planet!!! They are trashing our rights!! They are trashing!!!! Trashing!!!"
Free Hosting at YetiNode | MicroNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Brian Krebs has published a piece on the whole shitshow
https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nulled/ (archive)
It confirms what I suspected, however I was not aware shoppy.gg was also involved. Shoppy was pretty much the same like Sellix offering individual "shops" primarily used for selling credentials and other illegal services.
The idea started with Selly.gg, however they cracked down on illegal use of it, seems like it was not designed for it day one(unlike Shoppy and Sellix).
0 opsec, its a miracle this shit ran for as long as it did. Feds have ignored it for a very long time, cause it was just skids selling accounts for Netflix etc. Seems like they crossed the line with "e-whoring" and extortion/sextortion of people.
Weird way to say morbidly obese. Your typical "E-Girl".
the lack of opsec in the Krebs report is just breathtaking, I’m endlessly amazed that people who switch into direct crime just cannot make themselves drop their old kiddie identity first.
Given the chaos in the US gov, I am surprised FBI is still business as usual.
The all seeing eye sees everything...
I like big girls, there is no need to ponder.
At the point this happened the shit-show hadn't filtered down to the boots on the ground yet.
StarkRDP has rebranded to LakeVPS following their domain seizure and investigation by FBI and Europol. We'll see how it plays out for them long-term.
https://client.lakevps.io/announcements/2/StarkRDP-is-now-called-LakeVPS.html (archive)