Арбитраж swissrdp.com it's scam and not Bulletproof

Статус
Закрыто для дальнейших ответов.
Перейти к новому Отслеживать

TheExample

RAID-массив
Пользователь
Регистрация
28.05.2023
Сообщения
86
Реакции
7
Hello to all the dear members of our forum,

A few days ago, we purchased an linux - VDS server from this person vodkawaf and ran Cobalt and MeshCentral on it. On MeshCentral, we had a lot of access that we were working with, but we hadn't even started our work with Cobalt yet.

This person claimed that all of his servers are "Bulletproof" and "Don’t Care about Spamhaus/Abuse!" and we trusted him based on these statements. After two days, I believe, our server got abused, and we asked him what happened and what went wrong. He sent us a link stating that search engines had detected the Cobalt icon hash, but there was nothing else just the hash showing that Cobalt was installed on the server.

We contacted this person, and he told us that after providing the link, we needed to buy a FastFlux service for our server, which cost around $300 to $600. I told him that I couldn’t purchase this service right now, but asked him to lift the suspension so we could continue our work and, after that, buy the FastFlux service. He did lift the suspension, but two days later, our server was quickly abused again. He then told us that our server would be suspended permanently, and sent us a message from Microsoft accusing us of attacking them, even though none of our team members had done anything like that, and we hadn’t added any servers to Cobalt either.

Then, this person insisted that we must buy FastFlux, or it wouldn’t work. I told him I couldn't buy it right now, and that he should check again since we didn’t have any Cobalt-related activity on the server. I even sent him a link showing that there were no attacks coming from the IP address linked to us. However, he didn’t look into it, and when I told him I was going to report this to the XSS admin, he wrote that I could report it, then blocked me on Telegram.

I bought this server for $34, and I’m not asking for my money back. I just want justice to be served, and for this person to be banned from the forum because he is a scammer. He exploits people by forcing them to buy FastFlux services, and then intentionally reports the servers so they get abused, leaving customers no choice but to purchase the service.

In conclusion, this person is not what he claims to be, and he is a scammer. I have all the evidence and documents, which I can provide here or to the admin if needed.

Thank you to the admins and other managers. admin

Telegram swissrdp :@swissrdpsupport
site : swissrdp.com
xss acc : vodkawaf


swissrdp.com is scam be careful​

 
yslvintage сказал(а):
You must provide the proofs here, publicly.
No problem. I can distribute it publicly, but only if the admin approves i have sent the information to the admin, and they have reviewed my documents you know, my issue is that we didn’t carry out any attacks with Cobalt at all it was only installed on the server, that’s it If we had conducted any attack, then I would accept that the problem was on our side, not theirs but the fact is, we didn’t carry out any attacks
 
I use swissrdp servers this is my first month i got a pretty good deal yes it took very long to setup because of some problems but i believe that was only a one time thing other than that I have no problems with swissrdp servers, i really think you should contact people and first clarify terms by talking if you want true bulletproof servers. For me, swissrdp is a perfect service with great dedicated bare metal servers, no take downs. This is because I messaged the provider first and clarified terms and came to an agreement before blindly throwing money at it, they are not scammers.
 
LeaksPlus сказал(а):
I use swissrdp servers this is my first month i got a pretty good deal yes it took very long to setup because of some problems but i believe that was only a one time thing other than that I have no problems with swissrdp servers, i really think you should contact people and first clarify terms by talking if you want true bulletproof servers. For me, swissrdp is a perfect service with great dedicated bare metal servers, no take downs. This is because I messaged the provider first and clarified terms and came to an agreement before blindly throwing money at it, they are not scammers.
Yes, you’re right that we should have done that first.
But right now, I have a lot of access on that server. I explained to him that I no longer have Cobalt installed on it and that he can go and verify it himself.
All I want is to keep my access . But what did he do? He blocked me on Telegram. That’s really not right. Honestly, that move wasn’t fair at all you have to admit that too.
I’m not the kind of person who would falsely accuse someone, and I really don’t like doing that. If I had done something wrong, I would take responsibility for it. But no matter how much I tried to compromise and be flexible, it didn’t work.
 
Арбитр сказал(а):
vodkawaf iam waiting for your comments.

TheExample , please provide the proofs, including the correspondence and the terms of the deal.

This is all the documents.


I told him to check this site:
https://threatfox.abuse.ch/ioc/1743201/

So he can see that we don’t have any issues it was only flagged as C2, and we have already removed that.
You can also still check Censys for our IP; you’ll see that there is no longer any C2 running on it.
 
Unfortunately, I cant verify the Microsoft attack claim. So I cant just ban this seller. However, vodkawaf — you need to refund the buyer for the remaining rental time and update your listing description. Right now it says "Everything allowed!" — but that's not true. You also definitely need to mention that buying FF is required to use your servers.
 
hello there is first big abuse https://urlhaus.abuse.ch/url/3774651/
we warned user to buy fastflux from us or another seller and he was still going.

Swiss Rdp Support, [2/10/2026 4:24 PM]
Microsoft
Attacks on Microsoft and Fortra Software and Customers by Your Organization’s IP Addresses
Dear Abuse and Legal Teams:

We are communicating with you on behalf of Microsoft Corporation (“Microsoft”), a limited liability company incorporated under the laws of the State of Washington and having its offices at One Microsoft Way, Redmond, Washington 98052, United States of America, and Fortra LLC (“Fortra”), a limited liability company organized under the laws of the State of Delaware and having its offices at 11095 Viking Drive, Suite 100, Eden Prairie, Minnesota 55344, United States of America, to:

notify you of illegal activity from the IP addresses outlined at the end of this message, hosted by your company, which is causing a widespread attack on, and severe business disruption and injury to, Microsoft, Fortra, and their respective customers, (the “Attacks”), as well as constituting an infringement of Fortra’s and Microsoft’s intellectual property rights (the “Infringements”); and
request that your company take the necessary steps to cease the Infringements and stop further illegal Attacks from happening, as per your legal obligations detailed herein below.
We also request that your abuse team immediately forward this communication to your company’s legal team.

Microsoft and Fortra have conducted a detailed investigation and detected a pattern of IP addresses hosted by your company acting as command-and-control infrastructure for the malicious, trademark and copyright infringing use of illegal versions of software known as “Cobalt Strike”.

During the Attacks, illegal activity is conducted through these IP addresses by delivering malicious commands to and receiving stolen information from victim computers running Microsoft’s Windows operating system. The malicious and unlawful versions of Cobalt Strike controlled through these IP addresses are used to target victims with ransomware (i.e., Conti and Lockbit), resulting in extortion of funds and theft of sensitive information, intrusion into victims’ computers and networks, surveillance of the victims, and obfuscation of the cybercriminals’ activity. In these ways, the Attacks emanating from the IP addresses hosted by your company are causing severe business disruption and injury to Microsoft, Fortra, and their respective customers, including victims in sensitive industries such as healthcare, and individual consumers.

As regards the Infringements, the malicious and unlawful versions of Cobalt Strike software infringe on Fortra’s copyright by literally copying the entirety of its copyrighted Cobalt Strike “team server” code in a cracked, unauthorized version used for malicious purposes. The infringement involves unauthorized copying of executable code for all of the Cobalt Strike team server’s web server, beacon and configuration features and functionality, including all of Fortra’s creative and original method implementations, interfaces, parameters, variables, arrays, data types, operators, and objects. Further, the content hosted at the IP addresses referred to herein violates the law as it contains malicious code including unauthorized use of Fortra’s “Cobalt Strike” trademark and both Microsoft’s and Fortra’s copyrighted code.

The Attacks and the Infringements from your company’s infrastructure are ongoing. It is also foreseeable that if your customers carrying out these Infringements and illegal Attacks over the identified IP addresses are permitted to continue to use your company’s infrastructure in the future, Microsoft, Fortra, and their respective customers will as a result be subject to continued serious injury.

Swiss Rdp Support, [2/10/2026 4:24 PM]
Set forth below are the malicious Cobalt Strike command and control IP addresses identified as being hosted by your company. We are also providing you with the relevant details regarding these IP addresses, including evidence of illegal activity, date and time information, and other indicators. This notification letter is sent to you to inform you of the illegal activity taking place at these IP addresses and to enable you to fully identify the illegal activity and customers associated with the traffic.

The Attacks and the Infringements, as outlined above, violate the law and your company’s terms of use.

We urge your company to review its terms of use for violations by your customers carrying out the Attacks and the Infringements and to exercise its rights to stop the illegal network activity, in order to mitigate the injury to Microsoft, Fortra, and their respective customers, and for Microsoft’s, Fortra’s, and their respective customers’ benefit.

The illegal activity from the IP addresses violates the law as they are used to control the malicious versions of stolen Cobalt Strike; and thus, commits several criminal offenses including illegal access, illegal interception, data interference, misuse of devices, computer-related forgery, and computer-related fraud. The malicious, illegal versions of Cobalt Strike command and control software hosted at the IP addresses is also engaged in fraudulent conduct, extortion, and theft of funds, which is illegal under the laws of all jurisdictions, while also infringing our intellectual property rights.

This letter is an official notification under the laws implementing Article 14 of the EU e-Commerce Directive 2000/31/EC and other analogous laws in your jurisdiction, in line with Article 6 of the Digital Services Act – Regulation 2022/2065, thus providing your company with actual knowledge of the illegal activity. Please be advised that the law requires your company, as a hosting provider, to act against the illegal activity upon receiving this notice to remove or, at the least, to disable access to the illegal information or illegal activity. Under the foregoing legislation a hosting provider, such as your company, can be held liable for the illegal activity originating from your infrastructure unless you act expeditiously to disable the illegal activity upon receiving this notice. Under the foregoing legislation a hosting provider, such as your company, may avoid liability for the illegal activity originating from their infrastructure if they act expeditiously to remove or disable the illegal activity once obtaining knowledge or awareness of it, as well as to prevent the illegal activity.

Because the Attacks and the Infringements originate from IP addresses hosted by your company, and for which your company is responsible, Microsoft and Fortra respectfully request that your company:

take immediate steps to remove or disable access to the infringing content and disable the illegal activity carried out through the IP addresses listed below,
cease providing services to any existing customer enabling them to use these IPs to carry out the Infringement and the Attacks,
ensure that any ultimate customer is not allowed to reestablish these IP addresses at your company or maintain any future presence on your company’s network in order to carry out similar Infringement and Attacks, and
preserve for evidence purposes the content and traffic data for these servers, as well as the user’s control panel, for a period of 6 months.
After having taken the necessary steps, Microsoft and Fortra also request that your company immediately notify the customers to cease any illegal activity originating from your infrastructure in the future. As the identified servers do not have any public facing websites, it is impossible for Microsoft or Fortra to contact your customers directly.

Swiss Rdp Support, [2/10/2026 4:24 PM]
As you know, failure to comply with this request to take action against illegal content and/or illegal activity may result in your company’s liability for the prejudice Microsoft, Fortra and their customers are bound to suffer as a result. Consequently, Microsoft and Fortra look forward to collaborating with your company to reach a full and accurate understanding of the Infringements and the Attacks and their source, and to take all necessary and appropriate steps to ensure that no further illegal activity occurs; as well as to protect Microsoft, Fortra, and their respective customers from any future harm and the associated damage that these Infringements and Attacks have caused or may cause.

THIS EMAIL ACCOUNT IS UNMONITORED AND ANY MESSAGE SENT TO IT WILL NOT BE READ. IF YOU WISH TO SEND A COUNTERNOTICE IN RESPONSE TO THIS NOTICE OR HAVE ANY OTHER INQUIRY PLEASE DIRECT YOUR MESSAGE TO: dcuct-monitored@microsoft.com.

Microsoft Corporation
Fortra, LLC

Domain N/A
IP 176.65.151.201
Port 8080
URL hxxp://176.65.151.201:8080/iw9C
Last seen February 9, 2026 14:52 UTC
Autonomous System Number N/A
Beacon Sha256 aaded8377e77285c6c3ea6d5299da9e180dc49dbe6404dda866f7848261c8ce9
Watermark 987654321


and there is second big request to coming us. yeah we can handle all kind of abuses but sorry we cant handle microsoft abuses. him need the speak us first for special configration
 
vodkawaf сказал(а):
hello there is first big abuse https://urlhaus.abuse.ch/url/3774651/
we warned user to buy fastflux from us or another seller and he was still going.
vodkawaf сказал(а):
yeah we can handle all kind of abuses but sorry we cant handle microsoft abuses


It was supposed to be taken offline when my server still had a C2 on it not when I had already informed you that I had removed everything and cleaned it up. You could have verified it yourselves. Even if you had checked Censys, you would have seen that there was no C2 running anymore.

But you immediately shut down our server without any delay, without listening to us, and you blocked us.

I also told you to review this website:

ThreatFox | Checking your browser

threatfox.abuse.ch

so that you could understand that no attack had taken place.

However, the problem is that you do not want to accept anything. I am not that kind of person if I make a mistake, I admit it. Do you really think that I am afraid of you and would deny carrying out an attack out of fear? If I had carried out an attack, I would certainly say that I did and that it was my fault. Many other service providers sell servers I have already purchased from them. They do not claim to be “100% bulletproof,” but you advertise your services as “100% bulletproof.” Then when something like this happens, instead of telling the customer to purchase another server, you tell them that they must buy FASTFLUX.

You should have clearly written all of this in your forum beforehand that there is a high risk of account suspension because users on the internet report your servers for 10 credits.

To be honest, I no longer even know what to say to you. You just keep repeating your position. “I leave everything to the admin, and whatever the admin decides will be done, no matter what it is.

Thank you to the respected admin.
 
you need to refund the buyer for the remaining rental time and update your listing description. Right now it says "Everything allowed!" — but that's not true. You also definitely need to mention that buying FF is required to use your servers.
vodkawaf , My decision is final.
Also, please include the restrictions outlined in your FAQ on the website.
 
Статус
Закрыто для дальнейших ответов.
Верх