I received a text with my Emby info

[Bvaring 2]

Today I received a text from the number 1410200501 that says:

2 of 2/192.168.0.6:8096> on Emby - http://192.168.0.6:8096(End)

I have no idea how I would get a text with this information from my private home network.  Emby doesn't have my mobile number - there are no notifications going to my mobile. What or who would know the private IP address Emby is running on and my cell phone number?

- Brad

[darkassassin07 652]

Quote

2 of 2

I wonder where the other half of the message went.

 

192.168.0.6 is the actual lan ip your server uses?

 

192.168.0.x is typical a lan ip range, if the last number doesn't match as well, it wasn't likely about you/your server. Maybe wrong number or phishing?

 

The 141 area code is Glasgow, Scotland, but it gets commonly used in robo call scams.

[Bvaring 2]

Yes, it is exactly the local private IP address Emby uses.

[darkassassin07 652]

Hmm. There's not many places that info could come from then. 

 

I know the server itself will provide it to clients so they can try connecting directly when on LAN. @Lukeis this info only available to authenticated clients, or publicly accessible? @Bvaringdo you have your server exposed publicly? (have you setup port forwarding and can reach it from wan?)

 

The only other thing that comes to mind is emby connect, but that would only be provided to an authed user that's been setup with their connect email. Ie someone you know.

 

No idea how that'd get linked with your phone number though. And I'm still curious about the '2 of 2' ... '(end)'. That gets added by sms when a long message is split into multiple parts. Why'd only the second half get delivered.

 

This is really odd. The info itself is pretty harmless, but if they have that, what else is/was leaked?

 

I hope you've updated and run your anti-virus.

[ebr 16185]

Hi.  What plugins are installed on your server?

[Luke 42081]

It’s only available after authentication.

[Dickydodah! 154]

A quick google of the number confirms it is a scam. 

 

[justinrh 260]

Do you have any other apps or services that send you notifications?  Something else (like anti-malware or firewall) could have been triggered by Emby activity?

[Bvaring 2]

If it's a scam I don't know how they got that much info.  My identity was stolen a while back.  They got credit cards, emails and even texted me.  Funny thing is they did no damage. They bought a phone for over a $1,000 but didn't go pick it up from Best Buy.  They attempted to buy other things but nothing went through.  It made me think someone knows everything about me and has access to everything but they just wanted to screw with me and not really so anything.  Since them everything has been changed and my computer wiped and reloaded.

I have any port for forwarding.  Actually I have Emby Connect but thing aren't setup right because I haven't taken the time to fix it.  I'll have to get back to you the list of plugins I have...I'm not at home and don't have access.

 

[Luke 42081]

What version of the server are you on?

[TeamB 2438]

do you have a firewall or some sort of network intrusion software that has notifications set up to send notifications to your mobile?

[Bvaring 2]

On 1/3/2024 at 4:56 PM, Luke said:

What version of the server are you on?

Emby 4.7.14.0

[Neminem 1519]

@Bvaring you should delete that picture.

We can see your Wan ip.

[Luke 42081]

Has this happened again?

[Bvaring 2]

Thanks, I wasn't thinking - pic removed.  No, it hasnt happened again.  Now I can;'t connect remotely at all with emby connect.

[pwhodges 2012]

For the Connect issue (it isn't actually) read here (Also linked in your other thread):

Paul