Author

Topic: break in attempt to my blockchain wallet (Read 823 times)

newbie
Activity: 5
Merit: 0
April 09, 2013, 11:30:53 PM
#13
In the future, try two factor authentication
newbie
Activity: 17
Merit: 0
if you see an ip 94 something in there, that's mine, I resecured the wallet and fortunately I had no BTC in there when they went into it. Just wondering how they got into it in the first place, I think they got in my email to get the passcode that is generated anytime somebody attempts a login
newbie
Activity: 17
Merit: 0
I found the IP from the email from blockchain

Delivered-To: [email protected]
Received: by 10.180.77.227 with SMTP id v3csp66822wiw;
        Tue, 9 Apr 2013 08:56:06 -0700 (PDT)
X-Received: by 10.181.11.164 with SMTP id ej4mr20901257wid.29.1365522966205;
        Tue, 09 Apr 2013 08:56:06 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mini1.blockchain.info ([91.203.74.106])
        by mx.google.com with ESMTP id u3si37726033eeg.221.2013.04.09.08.56.05;
        Tue, 09 Apr 2013 08:56:06 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 91.203.74.106 as permitted sender) client-ip=91.203.74.106;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning [email protected] does not designate 91.203.74.106 as permitted sender) [email protected]
Received: from 185.7.149.10 ([185.7.149.10])
          by mini1.blockchain.info (JAMES SMTP Server 2.3.2) with SMTP ID 75
          for <[email protected]>;
          Tue, 9 Apr 2013 16:56:05 +0100 (BST)
Date: Tue, 9 Apr 2013 16:56:05 +0100 (BST)
From: [email protected]
To: [email protected]
Message-ID: <507199439.6757.1365522963682.JavaMail.admin@server8>
Subject: My Wallet Confirmation Code
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----=_Part_6756_665728387.1365522963680"

------=_Part_6756_665728387.1365522963680
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable







   

Helvetica, sans-serif !important; line-height: 1.5 !important;">
: 2%; border: 1px solid #E5E5E5; float: left; width: 80%; min-width: 800px"=
>
    http://blockchain.info//Resources/cube39.png" class=3D"logo=
"  style=3D"float: right; margin-top: 10px;" />
   

nt-size: 1.4em;">Confirmation Required



   

An attempt has been made to login to your My wallet account from ip =
address 95.211.6.197. Enter the confirmation code below to access your acco=
unt. If it was not you who made this login attempt you can ignore this emai=
l.



   

8EA57



   


        2013-04-09 15:56:03
   



   

adding: 20px 4.8%; border-top: 1px solid #AAD3F0; border-bottom: 1px solid =
#AAD3F0; background-color: #F6F6FD; line-height: 2">
        Your wallet identifier is:  bold;" href=3D"https://blockchain.info/wallet/62bd1e4e-bc2e-e571-c176-f8ee=
298478bd">62bd1e4e-bc2e-e571-c176-f8ee298478bd - (https://bl=
ockchain.info/wallet/unsubscribe?guid=3DBwNQIAVVdiQAVFIAIQBUBHIAACEJcwQAJAE=
jUQYBCgAHCVsm">Unsubscribe)
   






------=_Part_6756_665728387.1365522963680--
hero member
Activity: 560
Merit: 500
The first response already identified the IP address as a Tor exit node. Further attempts to identify will be fruitless.
Quote
an attempt to login to my wallet account from I.P. address 95.211.6.197
It seems like he found that IP from the website, not from the email. I was trying to see if we could figure out if the email was faked and figure out if he needs to worry about phishing.
legendary
Activity: 1512
Merit: 1036
April 09, 2013, 02:46:46 PM
#9
The first response already identified the IP address as a Tor exit node. Further attempts to identify will be fruitless. You should focus on re-securing your funds, ideally sending all funds to a new blockchain wallet account with a new email address.

Secondly, the email may be a phishing attempt, do not click on any links in the email as they may go to a hacker's site that impersonates blockchain.info and attempts to trick you into putting in your credentials.
full member
Activity: 228
Merit: 100
This is not good for my Chi... Yifu
hero member
Activity: 560
Merit: 500
April 09, 2013, 11:43:03 AM
#7
You'll have to post it via the forums, I don't have access to your email account.
newbie
Activity: 17
Merit: 0
April 09, 2013, 11:31:08 AM
#5
[email protected]

Confirmation Required

An attempt has been made to login to your My wallet account from ip address 95.211.6.197. Enter the confirmation code below to access your account. If it was not you who made this login attempt you can ignore this email.
hero member
Activity: 560
Merit: 500
April 09, 2013, 11:28:15 AM
#4
Mind posting the full headers of the email?
http://whatismyipaddress.com/find-headers
newbie
Activity: 54
Merit: 0
April 09, 2013, 11:26:58 AM
#3
you can lookup an ip add, here
http://whatismyipaddress.com/ip-lookup

but i don't think it will help alot.

 Smiley
member
Activity: 83
Merit: 10
April 09, 2013, 11:25:47 AM
#2
Regarding the IP address, it's a TOR exit node so you'll never find out who it is by the IP address alone.
newbie
Activity: 17
Merit: 0
April 09, 2013, 11:20:05 AM
#1
I had an email with my wallet confirmation code sent to me saying an attempt to login to my wallet account from I.P. address 95.211.6.197. has been made, whoever did it took off the wallet confirmation code part so now all they would need is the password. So I would thing they have my password. Is there any way to see what this I.P. address is?
Jump to: