Investigating the Discord Exploit that Leaks Your IP!
Summary
TLDRこのビデオスクリプトは、DiscordユーザーIDからIPアドレスを取得することができるとされるゼロデイ脆弱性について深掘りしています。特に、「infos SEC」と「cord killer」という二つのウェブサイトがこの情報を不正に販売していることに焦点を当てています。調査を進める中で、この脆弱性が実際にはDiscordの裏側で動作する「restore cord」というボットのデータベース漏洩に関連していることが判明しました。この発見は、Discordコミュニティ内でのIPアドレスの不正使用と戦う上で重要な情報となります。
Takeaways
- 😲 DiscordのユーザーIDからIPアドレスを取得できるとされるゼロデイエクスプロイトが複数のウェブサイトで数百ドルで販売されている。
- 🕵️♂️ このエクスプロイトは、「infos SEC」と「cord killer」という2つのウェブサイトで特に注目されている。
- 💸 「infos SEC」では、Discordユーザーの個人情報を見つけるためのサブスクリプションが必要で、その中には$700の終身サブスクリプションも含まれる。
- 🔍 Discord IDからIPアドレスを取得する機能に加えて、データ漏洩の検索やドメインの逆引き検索などの機能が提供されている。
- 🤔 調査により、これらのウェブサイトが同じエクスプロイトを利用している可能性が高いことが示唆されている。
- 🚨 このエクスプロイトに関連する議論が増え、実際に多くの人々のIPアドレスが漏洩したとの報告がある。
- 🤡 漏洩したIPアドレスの一部は、誤情報であることが判明し、実際にはVPNを通じて偽装されていた例もある。
- 🕵️♀️ 「restore cord」というDiscordボットがこのエクスプロイトに深く関与しており、悪意のあるDiscordサーバーで広く使用されていることが発覚。
- 🔓 「restore cord」のデータベースが侵害され、その情報がエクスプロイトに使用されている可能性が高いことが示された。
- 🛡️ 「restore cord」のデータベース侵害の後、セキュリティ対策が強化され、情報の漏洩が止まったと報告されている。
Q & A
DiscordのユーザーIDからIPアドレスを特定できるゼロデイエクスプロイトがあるというのは本当ですか?
-はい、そのようなエクスプロイトが存在し、特定のウェブサイトで販売されていると報告されています。
「infos SEC」とはどのようなウェブサイトですか?
-「infos SEC」は、DiscordユーザーのIPアドレスを特定する機能など、複数のモジュールや機能を提供するウェブサイトです。
「cord killer」とはどのようなサービスですか?
-「cord killer」もまた、DiscordユーザーのIPアドレスを特定するサービスを提供するウェブサイトの一つです。
これらのウェブサイトはどのようにしてIPアドレスを特定することが可能なのですか?
-これらのウェブサイトは、DiscordのユーザーIDを基にIPアドレスを特定するエクスプロイトを利用しているとされます。
エクスプロイトを利用するためには、どのような費用がかかりますか?
-情報によると、この機能を利用するためにはサブスクリプションが必要で、その費用は最大で700ドルの一生涯サブスクリプションが存在します。
自分の情報を削除するにはどうすればいいですか?
-これらのウェブサイトは、自分の情報を削除するためにも料金を支払う必要があるとしています。
「restore cord」とは何ですか?
-「restore cord」はDiscordのバックアップボットで、特定のDiscordサーバーに参加するための認証などに利用されています。
このエクスプロイトはどのように発見されましたか?
-特定のDiscordサーバーに参加する際に要求された「restore cord」ボットを通じて、ユーザーのIPがログされ、そのデータベースが漏洩している可能性があることが発見されました。
この問題に対処するためにはどうすればいいですか?
-データベースのセキュリティを強化し、不正アクセスを防ぐ措置を講じることが重要です。また、このようなエクスプロイトを利用するウェブサイトにはアクセスしないことが推奨されます。
このエクスプロイトの影響を受ける可能性があるユーザーはどのような対策を講じるべきですか?
-VPNの使用や、Discordのセキュリティ設定を見直し、不審なサーバーへの参加を避けるなど、個人の情報を守るための対策を講じることが推奨されます。
Outlines
💻 Discordのゼロデイ脆弱性とその調査
あるDiscordのゼロデイ脆弱性が数百ドルで販売されており、ユーザーIDからIPアドレスを取得できるという。この脆弱性は、Infos SECとCord Killerという2つのウェブサイトで利用可能であることが明らかにされた。Infos SECでは、DiscordのユーザーIDからIPを見つける機能のほかに、データ漏洩の検索やドメインの逆引き検索などが提供されているが、これらの情報を得るためには高額なサブスクリプション料金が必要である。調査者は、これらのウェブサイトが本当に機能するのか、そしてその背後にある技術や動機を解明するために、さらなる調査を進める。
🔍 調査の深堀りと誤情報の発見
調査者は、自分のIPが誤ってオハイオ州にあるProctor and Gamble社のものとして特定されたことから、情報の正確性に疑問を持つ。実際には、調査者はカナダに住んでおり、使用しているVPNもカナダのサーバーを指している。この誤情報は、提供されたサービスの信頼性に大きな疑問を投げかける。さらに、別のユーザーから調査者のIPを特定するためのデータが提供されたが、それはVPNを介して得られたものであり、調査の信憑性をさらに損なう結果となった。
🕵️♂️ RestoreCordとの関連性の発覚
調査はRestoreCordというDiscordボットに焦点を当て、その使用がIP漏洩に関与している可能性が高いことを示唆する。RestoreCordは、Discordの暗黒面で使用されるバックアップボットで、悪意のあるコミュニティが利用者を認証するために使用する。このボットを通じてユーザーが認証すると、そのIPアドレスがログに記録される。さらに、Infos SECとCord Killerがこの情報にどのようにアクセスしているのか、そしてRestoreCordのデータベースが侵害された可能性があることを探求する。
🔐 データベース侵害の確認とその結果
最終的に、RestoreCordのデータベースが侵害され、その情報がInfos SECやCord Killerといったサイトに流出していることが確認された。この発見は、RestoreCordの管理者とのやり取り、および第三者からの情報提供によって裏付けられる。管理者は当初、データベースへの不正アクセスを否定するが、後にデータベースの認証情報をリセットし、問題が解決されたと述べる。しかし、この問題の公表がなされず、RestoreCordの評判に関する懸念が残る。この事件は、Discordコミュニティ内での情報の安全性とプライバシー保護の重要性を浮き彫りにする。
Mindmap
Keywords
💡Discord
💡exploit
💡IP address
💡database
💡Restore Cord
💡bot
💡permissions
💡compromised
💡denial
💡reputation
Highlights
Discussing alleged Discord exploit allowing IP addresses to be revealed
Describing websites offering paid services related to this exploit
Investigating the source and validity of the supposed exploit
Tracing connections suggesting exploit comes from Restore Cord database
Transcripts
there is a Discord zero day exploit that
is selling for hundreds of dollars that
allows anyone to get your IP from your
Discord user ID now due to how serious
of a problem this is I investigated
every corner of Discord for this exploit
and believe it or not I actually got to
the bottom of it but this exploit of
finding your IP from your Discord user
ID isn't available on just one hidden
Niche website on the internet in fact
it's available on multiple websites now
I want to focus on two specifically we
have this first website which is called
infos SEC and and yes that is a zero not
a no it's the most hacker man name on
the planet and when I thought the cringe
names couldn't get any worse we have
this other website cord killer God these
people are not original at all now let's
start our investigation by taking a look
at infos SEC now this website has a
handful of modules or features we have
Discord lookup which is the main thing
we're focusing on where you can find
someone's IP just by getting their
Discord ID which by the way is as simple
as enabling developer options and right-
clicking on someone's name and copying
their user ID but wait there's more
because you also have have data leaks
lookup where you can search through data
leaks for people's information and you
have reverse domain lookup and oh my
goodness what is that this is a Discord
termer which is coming soon now just
like my father figure this will not be
coming soon this will never show up
because there's no way to magically
terminate someone off Discord now of
course how do I figure out everyone's IP
on Discord well uh oh God there's a
subscription isn't there yes you have to
pay for this feature of finding people's
personal information now I could read
this whole entire page but my eyes
instantly go to this
$700 lifetime subscription to this
website I do want to point out though
that they call this a security solution
this is not a security solution this is
a tool for Discord EEG gangsters but if
you're not one of those slack jaw morons
that try to be an EEG gangster on
Discord and you're afraid of getting
your IP released conveniently you can
just pay money to get your information
removed all right I'm jumping out of
character for a second but why would I
send these guys money to get rid of my
information when they're the ones
leaking my information oh I got to get
back in the Discord mindset this is
absolutely insane and what I need to do
is I need to talk to their support and
hopefully this will help them the
payment proof wonderful but remember
this is just one website and in fact
we're going to look at the second one
cord killer now before we look at their
website let me uh just dip your toes
into the water get you a little warmed
up by showing you one of their
advertisements for cord killer forgive
me it's in like 720p quality and man let
me tell you their website is looking
banging now I have a guy line in terms
of figuring out whether or not this is a
Discord EEG gangster skid project and
the first key element is that the music
in the background is going to be trap
music or drill
music well element one has been
satisfied and the second element of a
skid video is complete and utter
nonsense and you can see um he's trying
to Dos him off the internet and he's
just pinging him through command prompt
that's not how ddosing Works little man
trust me I've tried in like grade four I
tried dosing by school's computers it
did absolutely nothing any who this cord
killer website is exactly the same as
infos SEC it also has customer support
hopefully my problem gets resolved now
looking at cord killer it is exactly the
same thing where you can find someone's
IP from their user ID but I think the
best part about this website is that
when you search up someone's IP using
their exploit you also have a button
where you get to launch an attack where
you dos their IP and considering their
advertisement just had you pinging
someone in your command prompt uh I
doubt this works so we have two websites
that both offer the same service which
means they must know the same exploit
right but somehow me as the chronically
online Discord degenerate I didn't know
about the exploit and my ego started
raising a little bit I thought that
these people were just lying about their
service so that I'd show a video about
it make them all popular and maybe some
people would fall for a scam and lose
$700 but then the table started to shift
a little bit because more and more
people started to talk about how their
IP on Discord was leaked which made me
reconsider is this an actual EXP exploit
well if this was a real exploit then
people would have my IP and send it to
me I'd have a snot-nose kiddo be like no
text to speech I have your IP I'm going
to torture you for the rest of your life
it sounds like a joke but I genuinely
have a lot of people that hate me who
are conveniently also Discord scammers
and fraudsters because I exposed their
scams and yes they do behave like that
anyways I got a DM from this guy here
who sent me an IP 19244 point11
9109 and then they started saying a
whole bunch of names swag type my
and this guy is going to drop
information on how they got my IP if I
give them a shout out this guy ends
every sentence with the same two words
my IP was being held in the hands of
this person with a room temperature IQ
and if I wanted to get to the bottom of
this I would have to shout them out
so shout out to all your horses there
let's just figure out where this IP's
from so this is the same IP I get the IP
details and apparently this is an IP in
Ohio I ain't got no Ohio accent I don't
know what Ohio accent is I'm in Canada
it's very well known but also apparently
my internet service provider is the
Proctor and Gamble company you know the
people that uh make things like Pampers
I use the adult version they make boun
sheets they make Tide laundry detergent
Bounty paper towels tampons I use those
as well grooming no I don't shave hair
care I don't have hair I don't clean my
house don't brush my teeth oh and
Pepto-Bismol so somehow I was accessing
disc at proctoring gambles HQ in Ohio
but maybe this Proctologist and gambler
IP is actually a VPN of mine and uh
Counterpoint this is the VPN client I
use I use nordvpn and uh you can see I
cannot connect to Ohio it is not an
option in fact this is what my IP should
look like if they got one of my vpns
you'll notice it's in Canada because
it's closer to me and I like internet
speeds you'll also notice that the ISP
is net one gmbh remember this very
important so anyways this doofus that
wanted a shout out I uh told him I made
fun of him but hold your horses G goly
goo this was on February 11th and
yesterday I had another clown that
popped up who's talking about a new
Discord ID to IP and they have this
screenshot of oh my gosh it's got my
Discord token my username and my IP
which is the same IP from Ohio Ohio on
but since this fine gentleman was right
in front of my hands I think it was time
for me to interrogate uh interview him
so I did you got my IP how did you do it
this is fantastic acting by me it turns
out this is his own tool how did you do
it and it's discord's database this was
revolutionary stuff now I told this guy
that my IP changed and he said that we
can repo your IP because it's directly
connected the reason why he got my IP is
because of linked apps on Discord
apparently his super cool expl contacts
an API the API pulls your IP when adding
you to a server and it fakes a join to a
server and then it pulls your IP now was
this guy just yapping like a half dead
elderly Chihuahua that refuses to die
yes anyways after I started yelling at
him and saying that he's a comedy genius
he told me to f off I lost my lead I
didn't know where to go but then I got
dm'd by someone who had access to infos
SEC and uh let me tell you this guy was
a lot more helpful than those two other
siblings that got sent head first down
the stairs repeatedly but this new
character was acting a little bit like a
Discord gangster they said they could
find my IP I told them to find my IP and
they got nothing w w but I wanted to get
to the bottom of this so I told them to
try out multiple different accounts
which conveniently were all of my ALT
accounts and it turns out with one
specific account we got a hit we got the
IP of
17643 177 and putting it in the website
if I get the IP details it is in
Vancouver and it is by net1
gmbh this was an IP that I actually used
and this was the break in the case that
will blow this whole mystery wide open
now I have a bunch of Discord alt
accounts because I like to talk to
myself to feel loved and the way I keep
myself organized with all my ALT
accounts is that I use Chrome browser
profiles which allows me to have all my
ALT accounts ready to go at any point in
time but there's a hidden benefit to
this because if I'm logged into an ALT
account I can actually just go to my
browser history and see what I was doing
on a specific day so remember that alt
account that got its IP exposed the
username was the bin Laden don't ask why
but if I copy the user ID of this
profile and we paste it in this is the
same ID as the one in the screenshot so
to get to the bottom of this I had to
look through my history and figure out
what I possibly did to leak my IP now I
went through pages and pages of weird
Discord rabbit holes but in that
screenshot there was a timestamp and on
November 19th 20123 I see the truth of
this exploit on that specific day I
joined a Discord server that required me
to to verify using a bot called restore
cord now if you didn't know restore cord
is a Discord bot that is the backbone
for the Dark Side of Discord every
single evil Discord server uses a bot
like restore cord whether it be
extortion communities that extort young
girls into harming themselves all the
way up to cyber criminal communities
that steal money from innocent people
all of those Discord servers use a
backup bot like restore cord now why do
they use restore cord well here's an
example of a Discord server that sells
fortnite cheats which probably has
hidden malware in it anyways but when
you join the server you are forced to
verify and when you click on verify
it'll tell you to authorize this Discord
bot there's two things I want to point
out first this bot is hosted by restore
cord and the second thing is that when
you authorize this Discord bot it has
permission to join servers for you and
this permission is something Discord has
and they refuse to get rid of and what
it allows people to do is that if this
Discord server gets terminated the owner
here will make a new Discord server and
since you verified using this bot this
bot will make you join the new disc
Discord server that they just made so at
the end of the day when this server gets
banned it's as if nothing happened in
the first place and by the way this is
attempt number 15 of me telling Discord
to get rid of this permission but I
digress let's get back to the exploit
but when you verify with this Discord
bot you will notice that I get sent to
drum roll please what website could it
be oh restore cord.com and when you
visit restore cord it will log your IP
because restore cord has a feature of
like antip so it will check your IP and
see if you are on a VPN and it will log
that information and since my ALT
account's IP was found during the time I
used restore cord that must mean that
all those people getting their IP leaked
is because of restore cord right well I
didn't want to base my whole entire
investigation off one potential
coincidence so I decided to split my
investigation into two paths so path
number one was wait and see I wanted to
wait and see if other people came to the
same conclusion I did so I just dwelled
in my basement avoiding the Sun for days
on end and I monitored chats and hopped
into all of my favorite Discord servers
to spy on but nothing came up so I
needed to look at another approach and
the second approach that I took path to
was doing a little bit of background
research I wanted to see who was Behind
These websites so I decided to take a
look back at the websites infos SEC and
cord killer now I've unfortunately had
the displeasure of talking to the cord
killer owners before but these guys were
so stupid that I really doubt they
hacked into restore cord remember they
were trying to Dos someone by pinging
their IP through command prompt so I
decided to move my focus towards infos
and figure out who the owner was behind
it and if we look at the infosec website
right now and we scroll down there is a
telegram and a support link now when I
click on the support link we get this
person here sasu who seems to be the
owner of infos SEC but he isn't the
original owner the old owner of infos
SEC was a guy named Zeb or zetic but
just before I was about to do anything
my path one of just waiting and seeing
actually work like a gosh Dar charm Boos
because it turns out while I was waiting
and seeing these people had a little bit
of a group chat and they were doing
their own research so one person had
access to infos SEC but they searched
for a Discord ID and they got a result
on November 3rd of 2023 so this guy here
checks his history and it turns out he
also accessed restore cord around that
date we have one confirmation we have
another guy my time stamp is around
November 20th and on November 20th he
accessed restore cord and we have
another person who got their IP sent to
them and their time stamp was December
17th and on December 17th they went on
restore cord so instead of this being an
exploit it definitely feels like a
restore cord database leak and since
these people were using infosec how did
infosec manage to break into the restore
Court database let's take a look back at
zetic but I did some intense research
AKA I went on Google so looking at my
detective investigation backend we can
see that zetic has a GitHub profile
which uh actually really leads to
nothing but they also have a Twitter
profile and and this is where the lead
started kind of piling on because let's
see who follows zetic Twitter being
Twitter again but if I click on
followers and we at the very top I
didn't even need to scroll down the
official restore Court account is
following zetic my suspicions were
Rising a little bit but that's just a
hunch well a hunch didn't even matter
because if you go to the restore cord
telegram there is a zetic account and uh
he's admin I don't think we need to rely
on a hunch anymore Boos uh it's pretty
clear this guy has good connections with
the owner of restore cord the original
owner of the infos website which is
zetic is an admin for the restore cord
telegram which means that the owner of
restore cord knows this guy maybe they
had an under the table exchange or maybe
zetic stole the database without anyone
knowing but just as I answer one
question three others pop up but then
another DM remember that dude that sent
my ALT accounts IP well his name is Sage
now I've known Sage for a very long time
in fact for probably 2 years because
he's been constantly dming me about a
Discord scam that he made and he's
trying to get into one of my videos well
congratulations Sage you've made it but
not for any good reason because it turns
out Sage is an absolute snitch because
he basically exposed this whole thing
and placed it right upon my lap because
what Sage did is he went on Telegram and
contacted zenos the owner of restore
cord and he sent me the DMS another
mistake can I speak to you privately I'm
just wondering if you're allowing zetic
to do whatever he's doing or is he using
your database without permission to
restore cord database now zenos the
owner is just refusing and denying
everything I don't know what he's doing
no one has access to the database the
only access is the actual servers
running the site his Discord IP lookups
the only IDs on there are people who
verified with a restore cord and the
timestamps match too send the link so he
sends the link to infos SEC next page
please my good sir thank you send
account with subscription I can't it'll
get banned I can screen share and he
sends screenshots of a group DM of
people figure ing out that this infos
SEC website matches exactly with restore
cord like I've shown you before just
send a screen recording man Sage doesn't
listen to instructions very well I don't
know what zetic is doing cuz no one has
access maybe coincidence and just make
note of that he's denying everything and
saying that it's a
coincidence there is no such thing as a
coincidence no it's not a coincidence
we've tested it with 50 people time
stamps and everything match send
screenshot and he sends a screenshot of
the infos website and zenos the owner of
restore cord sends this screenshot here
which shows the database and how it only
has one password or in the perfect
English cuz password only once so he's
denying that subarctic has access to the
restore cord database because there's
only one password it's either he has
access and you don't know how or you're
giving him access this question here
wasn't an actual question because
everyone's going to say that they just
got hacked and they didn't know denial
up the Wazoo and of course zenos went
directly for that no one has access to
the database except the actual servers
it would be impossible according
according to zenos again quite fishy now
zenos is going to look into it but
remember Sage is a snitch he is
discord's biggest snitch because not
only did he snitch on zenos but Sage
also snitched me out to zenos what the
what is this guy doing and after he
sends the screenshots of me basically
saying that this is restore cord and
I'll look into it Sage makes it really
clear this could ruin restore cord's
reputation which is already dog water if
you watch my videos and ladies and
gentlemen the denial man zenos changes
his tone a little bit probably because
he has a 42 Megaton missile my obese
pointed directly at him with a whole
potential video on restore cord having a
database leak which is this video by the
way and his tone definitely changes oh
goody two shoes I'll reset the database
credentials so he resets the credentials
Sage tests out the website and guess
what all the searches are coming back in
as nothing found the website got broken
zenos is happy it's confirmed that he
was using the restore cord database and
zenos said thank you so much much we
walk away everyone's happy no more IPS
being leaked that'd be if we were stupid
and we didn't ask questions because
there's a whole bunch of fishiness
around this whole entire thing first off
I dm' sage and told him that the restore
cord owner zenos he had a data breach
and he needs to disclose it and if you
look at restore cord in any channels
there is no disclosure of a breach so
heads up you're getting it from me not
from the owner restore cord got breached
but I'm even more suspicious about zenos
because it turns out our little snitch
Sage was paid $100 by zenos and I think
there was a little bit of an under the
table handshake because Sage tried
convincing me to not make a video about
this because of course it could ruin
restore cord reputation and well Sage
you failed so case closed this Discord Z
day exploit is actually just restore
cord's database which either was sold
maliciously or sold without the owner's
knowledge personally I think it's more
of an inside job but that is just my
opinion but that isn't stopping this
leaked restore cord data base from
spreading like wildfire because it was
allout cyber warfare across the internet
you had skids and people on the bad side
of Discord leaking each other's IP it
was a war zone and I was just in the
sidelines I was on the bleachers
cheering everyone on like a cheerleader
I was excited about all this happening I
do want to make it clear though that the
restore cord database is apparently
closed and secure but these websites are
still operating whether it be they
downloaded the restore cord data or the
database is still wide open for anyone
to buy if they have the money to anyways
gamers I hope you enjoyed this
investigation bye-bye I love you mAh
5.0 / 5 (0 votes)