Update: Restorecord was in on it the whole time. They added the code that allowed people to get IPs from users github.com/restorecord-oss/restorecord-new edit: Restorecord DMCA'd the repo to try and prevent people from seeing it. Here's an archive archive.is/DhUUT Also the IP ping statement: I made it a joke because cordkiller's first video didn't show them open up any tool, it was IP straight to command prompt. In their later ads they actually show them putting the IP into a tool and using command prompt to monitor if the IP is down.

My favorite bit is that the “lifetime” subscription only lasts 9,999 days

Inf0sec: "Pay us so we will blacklist your IP from our 'service'." Me: *Files an information takedown notification*

Sage is the winner in this situation, not only is he the main character of this story but he also got paid for snitching everyone involved.

the database view at 15:30 is for planetscale and that screenshot doesn't show how many passwords exist. they'd have to click on the highlighted dropdown to view the existing passwords. in fact, i'd say that screenshot is proof that there are multiple passwords because the name of the password includes the date it was created, and unless restorecord started november 2023, that's not their first password. and not only that, but it's also pretty good reason to believe that they intentionally gave a password to inf0sec, if inf0sec started around november

I already know my ip address. Sorry scammers, better luck next time!

Sage : "Don't make a video about it" Ntts : "Nuh uh"

damn that sage guy is literally a double agent lmfao

Not disclosing a data breach can get you a pretty hefty fine in the EU under the GDPR, if someone where to report them.

Fun fact: your IP adress AT BEST just gives them the location of the nearest data center and not where you live, getting your IP leaked isnt the end of the world

xenos: "It is impossible for 2 people to possess a sigular password" 😑

At this point it's not the fact that this feature needs to be removed it's just that RestoreCord needs to be replaced with a legit backup service lmao.

"I have ur ip" Me with a dynamic IP: *Router goes off then back on*

something people often forgets is that an ip address is designed to be a public info, else it would not be shared with websites. the problem is not the ip address itself but your internet provider, because they may sell a database containing all the ips and their locations so people buying it can see people's location. some internet providers only tells the city, some tells the street, and maybe some (never seen this case) gaves the full address to your home. i have a friend who lives in france but has an internet provider that locates him in germany for some reason.

sorry discord gangsters but i already know where i live.

this leak has a more diverse and entertaining plotline than most movies

I have to be a sweaty nerd about this: DDoS - Distributed Denial of Service - Multiple networks with multiple machines DoS - Denial of Service - one machine When people say the first one, they usually mean the second one.

Hey everyone Just want to let you know having your ip leaked is not dangerous at all The locations are not very accurate and most of you guys have a dynamic ip address like myself which means your ip changes time to time so dont worry about it Edit: if someone somehow is ddosing your ip you can just call your isp and change your ip

I did not know that you suffer from incontinence No Text To Speech 5:06, very brave of you to make that joke.

4:12 I do not understand the people who hate you , I saw 2 of your Videos and instantly subscribed, now I watched like 20 allready and I love every single one of them! 😂 Your one of the most entertaining KZbinrs that I know at the moment.Please keep doing what you're doing 💪🏼💪🏼

Wait, it happened AGAIN?? I have a message from 12/22/2023 that talks about IPs being leaked. My friend said that "apparently it's from restorecord" Now 2 months later the same thing is being brought up

If Zebratic did all this then it is perfectly possible they have a backup of the database lying around. Xenos is a total moron and nobody should use these services anymore.

I honestly think restorecord should be banned for this. I verified my own discord bot a while ago and I needed to disclose every bit where user sensitive information is stored for what purpose and for how long it is stored. I believe that is for GDPR reasons, but therefore, because RestoreCord can be accessed in the EU as well, this should result in a ban. Whyever would someone log IP addresses in a database together with user IDs. There is literally no way this is necessary ,especially not for reasons they mentioned (like the VPN blocking).

Man I couldn't care less about what 15 year olds do on Discord, but this almost documentary-like presentation is really catchy. You make it worth watching, great job.

It depends on the ISP, but even if someone discovers your IP and associates it with you, all they can know is your general location, and that can mean VERY general. For example, literally every Telstra IP address in NSW, Australia locates to a specific point in the Sydney CBD.

"room temperature iq" gotta be the smoothest insult I've seen

I hope Discord take notice of this instead of being a headless chicken

There is actually a way to terminate someone's account. It has to do with Discords API guidelines. If you somehow get a hold of someone's Discord token (what you use to communicate with Discord's API); You can essentially just self-bot using their token and get their account terminated. It is quite literally that easy to do so, the hardest part is getting someone's token.

11:43 an anime PFP and a Hellenistic statue PFP. Perfect duo😂

10:35 funfact: every website on this planet logs your ip address, don't need any feature for that. A webserver needs your ip to serve you information 👍

sage being a snitch literally helped lol

Nice video! However, the reason why they were pinging the person was not as a DOS attack, it was so that the people watching the video can see when the target goes offline.

Shouldn't ever "verify" using links, ever. So many large trusted servers have remote verification when users join them, and it normalizes this concept of verifying externally, which opens you to the epic DDOS threads CordKiller was doing (plus IP leak and shit). It frustrates me, we don't want people to fall for this stuff, and yet we make it super easy by turning it into the norm. Like, wow, what a surprise, clicking an external link may bite you in the back! "well how was I supposed to know r/deltarune requires similar verifiation so i didn't expect any problems!"

Haven't finished the video yet (7:55) but this is something I (we) have been doing in multiple servers for many years now (at least 3), discord bots disguised as verification bots, among other things, which get not just your IP but the user-agent, your email and connected servers, etc. depending on the scopes, as you verify or log in or authorize it all goes into a database. This in dozens of servers with dozens of thousands of people. EDIT: After watching a bit more, it is confirmed, but this is by no means the only bot stealing data, there are hundreds. Also: Zebratic doesn't need access to the database. Xenos said he had access to the servers, if that's true, he can get the IP/User-Agent, etc. anyway and send it to another database he controls, in addition to Restorecord's, without ever having access to their db. On the other hand, he also said only the servers have access to the DB and Zebraic only had access to the servers so it's also possible depending on the exact permissions he has that he can see the whole credential to connect to the DB. In any case, it wouldn't be necessary and not even desirable, you want to be more stealthy than that and if you're not managing the db you don't want logs accessing all the records. EDIT 2: It seems this was really RC db or he was in on it somehow. It was done in a very poor way, hence why it was discovered so easily. Anyway, it's a good thing for everyone's privacy, good job you and bad job RC!

16:13 bro cooked too much 🔥💀

Thanks for clearing many peoples paranoia about gettin their ip's stolen out of blue! You're the best

Firefox has container tabs, which is like a per tab profile. Also there is a program called ferdium, that just lets you login into tons of stuff, including multiple discord accounts. Chrome profiles sound pretty tedious.

I was confused this had 155k views but i saw this was uploaded 6h ago. This deserves 1M+ views

16:30 "42 megaton missle - my obese ass, pointed directly at him" God damn that made me laugh harder than it should've.

5:18 "Tampons! I use that as well." WHAT.

this is def one of the most craziest things you discovered. everything had so much plot twist

This guy is seriously like a superhero for discord

why was that whole "sage" ark so much more interesting than all your other videos combined

I checked the 192.44 IP and it's the P&G IP. And finding the exact person using the IP is very difficult if you're not an ISP. Because there can be hundreds in your neighbourhood using the same IP as you. Location is more reliable than IP lookup.

Without looking at the context it's hard to say, but the ping thing could just be a way to check if a target has gone down or not (and if not how badly they're lagging).

The fact that he actually called the file "Snitch-7" at 17:01 is just funny and i don't know why

Daily dose of ntts helping me learn more about discord than the actual scammers on yt ❤

Every single website you visit needs to know your IP - consider a web request as sending a letter. If you don't include a return address, the server has no idea where to send the response to. Your IP being leaked is nothing to worry about, and if you are worried, just restart your router. IP based geolocation is inaccurate, most people have dynamic IPs, DoSing is not a major concern for anyone, and more and more people are ending up behind CGNAT (tldr shared IPs) anyway.

At 2:50 he's showing that he's pinging the victim's IP successfully, and then when he sends the attack, the IP fails to respond because the victim's internet goes down

5:10 is the most chaotic sequence of deadpan narration I think I have ever heard in so little time

2:06 is crazy

5:53 GmbH is meant for a German company. GmbH stands for "Gesellschaft mit beschränkter Haftung" translated as "Limited liability company"

"because theres no way to magically terminate someone on discord" says the person that magically terminated that scammer's account a few weeks ago.

8:40 Lucky it was in the last 90 days, given Chrome (and Chromium-based browsers) don't retain browsing history locally longer than that.

Amazing video - this channel is turning into real investigative journalism!

It's so wild how many of these websites are made by absolute idiots. They know just enough to make systems talk to each other and pull some data. And use a website template, and if you said the words "best practises" to them they'd just drool and blink with both eyes. And in this case add some maliciousness and greed.

You actually used to be able to DoS people using ping. Send a "Ping of Death" to a Windows 95 machine, and it will BSOD.

Bro put my ip in the thumbnail

What’s hilarious to me is that he says, “See? Only one password,” as if you couldn’t log into the server with that password if you knew it. I didn’t get a good look at the screenshot admittedly so I could be missing something but still. Absolutely insane logic.

As a cyber security student I can say that finding someone's IP is the same as looking at the door of a house to break in, attack is depends on how secure the door is, if the door is secure enough you have nothing, attack by only IP is same thing

16:31 i love this man

13:40 Nah I think they had an under the blanket exchange 💀

a lot of people are worrying about their ip getting leaked but it's not that bad at all. first of all your ip can only show approximate location second of all ip change from time to time when for example router reloads so they are dynamic and third of all, your ip is being sent EVERY time you access ANYTHING on internet. even just turning on your computer or mobile, you send thousands of requests to various domains.

2:50 The ping command while not normally executed in CMD is actually the exact way DDoS works (given with multiple users hence the "Distriuted" Denial of Service). That's why blocking ICMP on your router will completely mitigate the attack as your devices will no longer respond to ping requests.

11:25 It is possible to DoS someone through pinging someone, but you cannot physically type it fast enough to send enough volume to cause problems. You'd need a script for that, and the fact they weren't using one suggests they cannot code.

assuming restorecord is based in the US or EU, they have up to 72 hours to report a data breach before facing legal consequences

2:48 ermm actually 🤓 (nerd note) this is DOS and not DDOS (also on one of my classes we did a little funny DOS attack on my city's website to see views counter go up on one of the posts lmao)

Thanks man, it’s a relief I don’t use discord often enough to ever come across this bot, your doing gods work, appreciate you bb ❤

the "his tone changed because i was now looking at him" went so hard i had to throw it on rewind and watch it back

17:04 i love how you named the file on your computer "snitch"

3:20 who the heck is Dura and why are we attacking them? ;w;

4:48 i know this guy from another discord, he really has the IQ of an antarctic thermostat

2:01 what. Is. This.

The "there is no such thing as a coincidence" clip fuckin sent me

Literally the first 24 characters of your token is your UserID encoded in base64. Thats why they didn't show all of his token in 6:06

I think NTTS lied in 5:58 he doesn't have any friends 😔

3:45 they fr be making mee6 look like a good deal

1:55 DDoS services work pretty similar 💀

I don’t know what it is but you are cracking me up! The way you go about your videos I just hilarious I mean by far what made me laugh aside for the many scenarios you have in this video was the “and oh my goodness” lol 😆

$age- the hero we didn’t ask for, nor the hero we wanted

If you think your useless, remember the blur in the thumbnail.

3:05 alright bro

4:04 bro doxxed me 💀

"i stole your ip" "ok" "i know your location" "actually it's not a precise location" "i uhh have your cookies" "im lactose intolerant" "i hate you" "have a good day too"

"no text to speeech i have your ipee im gonna torture you for the rest of your lifeee" accent is crazy and funny

2:08 im traumatized

As an indian livung under 1000s of NATs what can you possibly do with my ip?💀💀

7:29 WOMP WOMP

In where I live, having my IP address is pretty useless since it only point you to the server's address which almost never within your city lol

9:12, Lethal Ape is a VR Game that uses gorilla tag locomotion. it also is a horror game. and i sadly dont know anything more about it.

6:20 OOH MA GAWD 🤣 that got me good

The payment proof 💀

2:08 buddy

you should be a cyber detective or something wtf bro this is cool as hell🏆 new sub!

its pretty funny how nonchalantly you converse back and forth with hackers who hate you

The biggest issue there is: "WHY RC needs your IP" ??? There is absolutely no reason to store such information except than to use it for malicious reasons

$age is literally the winner in this situation, he was the double agent, snitching everyone out and not only getting out unscathed but also walking away with 100 dollars

8:09 How did you do this i wana do it too

2:53 he was trying to ping the guy to show that when the DDoS finally kicked in he could no longer get a response from the IP address, to prove that the DDoS actually occurred

They're obviously not trying to DDoS using command prompt, it's a way of pinging an ip to see responses.