Posts: 15
Threads: 4
Joined: Jan 2024
some attacker tried to login my telegram account but couldnt thanks to 2fa and now i have attacker's IP address.
see example: https://tinyurl.com/3wxt5p5t
I tried https://www.iplocation.net/ip-lookup but every ip to location service giving close but different location to me.
what can i learn about this IP address? it is not related to a vpn so i guess its attacker's real IP.
waiting for your help
Posts: 26
Threads: 1
Joined: Apr 2024
(04-05-2024, 04:41 PM)aromatictsunamiartic Wrote: some attacker tried to login my telegram account but couldnt thanks to 2fa and now i have attacker's IP address.
see example: https://tinyurl.com/3wxt5p5t
I tried https://www.iplocation.net/ip-lookup but every ip to location service giving close but different location to me.
what can i learn about this IP address? it is not related to a vpn so i guess its attacker's real IP.
waiting for your help
I'm not an expert, but i guess that you wont get anything, if you see, the domain is a tinyurl, that doesnt belong to the attacker, maybe if somehow you get the original domain or a url that the attacker is running, you'll get something.
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breachedu76kdyavc6szj6ppbplfqoz3p...an-Appeals if you feel this is incorrect.
Posts: 12
Threads: 0
Joined: Apr 2024
In the reddit post you mentioned as an example, it appears to be happening only to people using phone numbers provided by alfa, if you're using the same provider, maybe that's the issue (something related to the provider, maybe a rogue employee or an undetected hack) but since the login attempt wasn't completed, you're not probably not using the same provider. and you said the IP is close to you, meaning the person who tried to do this is probably someone who knows you and that they didn't use a VPN, meaning the IP is legit, and you can choose to `burn their router` or further try and track them down.
If they went as far as the 2FA verification though, you should probably look into changing your password.
Although, as long as this person doesn't gain access to your phone, you're good.
Posts: 15
Threads: 4
Joined: Jan 2024
(04-05-2024, 05:10 PM)theGospel Wrote: In the reddit post you mentioned as an example, it appears to be happening only to people using phone numbers provided by alfa, if you're using the same provider, maybe that's the issue (something related to the provider, maybe a rogue employee or an undetected hack) but since the login attempt wasn't completed, you're not probably not using the same provider. and you said the IP is close to you, meaning the person who tried to do this is probably someone who knows you and that they didn't use a VPN, meaning the IP is legit, and you can choose to `burn their router` or further try and track them down.
If they went as far as the 2FA verification though, you should probably look into changing your password.
Although, as long as this person doesn't gain access to your phone, you're good.
you are right. alfa is not my phone number provider, i use different provider in a different country. a similar problem happened with my phone operator company 1 week before this. so i assume either a rat in phone operator company or undetected hack. can you elaborate the "burn their router or further try and track" part please?
Posts: 12
Threads: 0
Joined: Apr 2024
By burn their router, I meant buy a ddos attack on them which is only temporary and will piss them off or use some nmap magic and try to infiltrate their system, you can find known exploits in https://www.exploit-db.com/
Try to run their IP on https://bgp.he.net/ , that might give valuable info on them.
Personnaly tho, i think its just a kid who knows more than they should, just change your creds and watch your accounts
Posts: 15
Threads: 4
Joined: Jan 2024
(04-05-2024, 08:59 PM)theGospel Wrote: By burn their router, I meant buy a ddos attack on them which is only temporary and will piss them off or use some nmap magic and try to infiltrate their system, you can find known exploits in https://www.exploit-db.com/
Try to run their IP on https://bgp.he.net/ , that might give valuable info on them.
Personnaly tho, i think its just a kid who knows more than they should, just change your creds and watch your accounts
I run this IP address on https://bgp.he.net/ but not much info there. I will try to do this nmap thing, thank you
|
