this post was submitted on 12 Nov 2023
61 points (77.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54758 readers
318 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 
top 5 comments
sorted by: hot top controversial new old
[–] Krafting@lemmy.world 109 points 1 year ago* (last edited 1 year ago)

"Vodafone" is the ISP owning the IP address of the user who tried to loggin. So i'ts someone who is using vodafone as his ISP.

[–] DarkThoughts@kbin.social 48 points 1 year ago

It's not Vodafone but someone using Vodafones network.

[–] taanegl@beehaw.org 41 points 1 year ago

I don't think that's Vodafone directly. Vodafone is a mobile provider and is therefore also an ISP.

Someone who uses Vodafone tried to log in, wether it was manual or automated. At least that's my surmise.

This is a good time to remind people to use 2FA and possibly even WebAuth (or WebKey) if possible.

[–] BCOVertigo@lemmy.world 34 points 1 year ago

Low effort speculation:

That's a vodaphone portugal IP, but this is likely traffic routing though their customer cellular network and not their corporate. It's possible that someone in PT has a similar username for this service and is fat fingering it. It's also possible that you're seeing a tiny sliver of a larger attack.

Spur.us tracks that IP as an egress point for openproxy and windscribe ResIP networks so it's worth considering that the origin of the authentications you're seeing may not be Portuguese cellphone but someone hiding behind those services.

Here's a paper describing the difficulties such a service creates for folks trying to secure accounts with traditional IP reputation based rules. "Resident Evil: Understanding Residential IP Proxy as a Dark Service" https://ieeexplore.ieee.org/document/8835239

Shooting in the dark for how a bad actor would monetize account takeover for this service if this is in fact an attack.... They could try to sell your invitation to that private tracker. They could also look to scoop up a bunch of folks to try and blackmail based on what victims are download/seeding. Other more creative options I'm not thinking of might be on the table.

[–] Emerald@lemmy.world 3 points 1 year ago

Image Transcription: Text


Account Login Failed!

A failed login was detected from your account.

This request originated from 148.63.223.232 ( 232.223.63.148.rev.vodaphone.pt ) at 2023-11-12 17:39:38

Regards,

hawke-uno