New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How Concerned Should I Be?
I looked up the IP address and its showing as coming back to UK Ministry of Defence...
Source: whois.ripe.netIP Address: 25.162.130.149
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '25.0.0.0 - 25.255.255.255'
% Abuse contact for '25.0.0.0 - 25.255.255.255' is '[email protected]'
inetnum: 25.0.0.0 - 25.255.255.255
netname: UK-MOD-19850128
country: GB
org: ORG-DMoD1-RIPE
admin-c: MN1891-RIPE
tech-c: MN1891-RIPE
status: LEGACY
mnt-by: UK-MOD-MNT
mnt-domains: UK-MOD-MNT
mnt-routes: UK-MOD-MNT
mnt-by: RIPE-NCC-LEGACY-MNT
created: 2005-08-23T10:27:23Z
last-modified: 2016-04-14T09:56:26Z
source: RIPE # Filtered
organisation: ORG-DMoD1-RIPE
org-name: UK Ministry of Defence
org-type: LIR
address: Not Published
address: Not Published
address: Not Published
address: UNITED KINGDOM
phone: +44(0)3067700816
admin-c: MN1891-RIPE
abuse-c: MH12763-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: UK-MOD-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: UK-MOD-MNT
created: 2004-04-17T12:18:23Z
last-modified: 2016-10-06T11:09:40Z
source: RIPE # Filtered
person: Mathew Newton
address: Network Technical Authority
address: UK Ministry of Defence
phone: +44 (0)00 000 00000
abuse-mailbox: [email protected]
nic-hdl: MN1891-RIPE
created: 2005-03-18T10:42:04Z
last-modified: 2016-09-22T10:16:55Z
source: RIPE # Filtered
mnt-by: UK-MOD-MNT
% Information related to '25.160.0.0/11AS203665'
route: 25.160.0.0/11
descr: UK Ministry of Defence
origin: AS203665
mnt-by: UK-MOD-MNT
created: 2015-11-25T11:02:00Z
last-modified: 2015-11-25T11:02:00Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.88 (HEREFORD)
I checked the email headers, everything looks completely legitimate too..
Comments
It's not surprising, it's the U.K. after all...
Yes, be very concerned.
I am personally not from the UK nor have I ever visited.
Pfft, microsoft.com, who cares.
Now if that had been your lowendtalk.com login...
Nice.
Well, it's either that or 'random Chinese university' network these days
My concern is according to that email they had my password, right?
Which seems a bit of a stretch unless of course lastpass has been breached in which case...fuck me.
Is it Hilary's email account?
I thought I was the only having that one. What's more concerning is it does not show up in the recent activity feed under their Security. And I'm not even close to the UK.
Yep that's the mod range alright, however you need to keep in mind that every workstation goes on an actual IP as well, so you have hundreds of thousands of squaddies using them, maybe someone's email/ms account is the similar to yours.
Could be that simple.
It's not that sinister if it was you would not have even got the email Microsoft work for the MOD as part of the Atlas consortium
That IP does belong to UK Ministry of Defence but it's unroutable (does not appear in routing tables via BGP) which means it's impossible to establish a TCP connection so I'm not sure how they would've logged into your email address. For something like this to happen, there needs to be some big players involved.
I checked BGPlay and there hasn't been any routing information since the 19th to now. Maybe microsoft just derp'd? Better email them and ask.
Some of the MOD ipv4 range was sold last year
http://www.theregister.co.uk/2015/12/14/mod_ipv4_addresses_invoice_scam/
I had one of these with Google Apps tonight, and it looks legit as well. To be safe I didn't click the link, just went into my profile normally and swapped passwords/reset 2FA.
However it appeared to be someone in India trying to hack an old account, not the ministry of defence trying to get my Brazzers login.
Always have 2FA enabled for your most sensitive data, until you lose or break your phone.
The email suggests they had both my email and password, no? It notes Microsoft performed additional verification which to me means they logged in and hit the 2 step verification.
The password was also a randomly generated one of over 20 characters and symbols...kinda hard to believe they didn't get my password from somewhere.
Indeed, I do have it enabled, always have.
It doesn't show in my activity log either...
Maybe something hiccuped on Microsoft's side, but having the IP it did in the email doesn't make that any more reassuring...
Maybe next month we see you in the Ecuadorian Embassy in London with the Albino Wizard?
The UK will visit you then.
It is all proxied out
fair one, i missed that.
Any chance you logged in from a MoD IP?
What Mod IP stands for ? if it is like mobile device ip i though about that too because i experienced it. One day i went into mailbox account settings and discover ips outside of France logging into my mailbox after a small research i discovered ip block was held by my mobile operator + i remembered i was on my mails over the phone at that moments.
In this case MOD means Ministry of Defence.
I've had a similar problem and saw ips from that range. It was due I was running Hamachi which uses that range for private networks. Maybe you are running Hamachi and that ip was somehow mixed with your public one.
wow, that's ridiculous
Not sure how long Microsoft will have that hiccup though since I've had that notification for at least 3 - 4 times from what I can remember on that same IP but never showed on my activity log.
Perhaps a sophisticated phishing attempt?
the mod would not log in like that anyway they would use backdoors or goto the ISP themself