Author

Topic: Help me tracking down the IP to those transactions or following them now! (Read 1471 times)

legendary
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
anybody knows a program to detect keyloggers? so i can check out if there is still something active-.

I use System explorer (freeware)
http://systemexplorer.net

And, on demand, Emsisoft Emergency Kit  (freeware)
http://www.emsisoft.com/en/software/eek/

hero member
Activity: 484
Merit: 500
anybody knows a program to detect keyloggers? so i can check out if there is still something active-.
hero member
Activity: 484
Merit: 500
also he seems to have deleted stroncoin account history..does he thin i am that dumb to not check blockchain one second after disovering that?


somehow i cant get rid of the feeling that strongcoins security seems compromised..

I am in no way a noob or whatever..besides 2 fac auth  I had every other safeguard there..

hero member
Activity: 484
Merit: 500
So, someone stole your money and went to play satoshidice with it?
It happened when someone else had coins stolen, too. It's no good at mixing, so I don't really understand the point. Fwiw, some amount of coins ended up at 15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK which is a Bitcoin faucet. The thief may've just been bored. We really need to hire these guys instead of letting them run loose with idle hands.  Lips sealed  Tongue

I would hire him from the spot lol
hero member
Activity: 484
Merit: 500
Thanks for all the hints !

it is really strange ..

i have eset nod32 running ..everything is highly secured..long passwords..everywhere other apasswords..customized win7 where nearly all shit is disabled....i have to manualy allow every fucking connecting program..

i am with computers 20years and it seems i got OWNED the first time..

also funny the thief left 20 other coins in strongcoin which he could have easily stolen too..


i cannot get how that worked..

fucking shit really..

I have seen that i did tor logins disallowed but had lastpass history disabled..


i am trying to find out what happened..

i put a traffic sniffer on my computer and wait now if the guy is brazen enough agaibn,..


the real strange thing is thoug...if he had a keylogger he should have known that this is the address is my mining motherload..

so why he didnt wait another 24hrs for the next 100 btc (100 btc autowd is enabled @ pool) or wait for much more time until 10k + are there ?
donator
Activity: 1218
Merit: 1015
So, someone stole your money and went to play satoshidice with it?
It happened when someone else had coins stolen, too. It's no good at mixing, so I don't really understand the point. Fwiw, some amount of coins ended up at 15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK which is a Bitcoin faucet. The thief may've just been bored. We really need to hire these guys instead of letting them run loose with idle hands.  Lips sealed  Tongue
donator
Activity: 1218
Merit: 1079
Gerald Davis
Not really. You can see the IP which relayed that, but it frequently isn't the person who actually sent the transaction. The IP that comes up for the withdrawals is 127.0.0.1, which is useless.

so that is done through tor?
Actually this is my adress located at strongcoin
the WD began yesterday evening and are now beeing tubled..

Maybe or maybe not the point is that the origination IP address is never recorded.  blockchain.info saying the IP address is x simply means that is the first node which relayed it to blockchain.info.   It could be the IP address of entity who submitted that transaction but it also could just happen to be a node which received the tx from another node who received it from another node who recieved it from another node ..... who received it from the source.

Quote
It is actually impossible to get in without knowing my megahyper password or having acess to lastpass..and even lastpass doesnt know it..
i am baffled on how this is possible..

My guess just based on past thefts is a keylogger.  Your PC is infected and the attacker recorded the password the last time you logged in and then just logged in as you.

Use 2 factor authentication.  If a service doesn't offer 2 factor authentication then don't use the service.

A password which is "fj32!89r@pnfejSSnfds9X089RD03j^lkj%sa&uyi2nk;ff" doesn't provide any more security than "password123" if the attacker is using a keylogger.   

Use 2 factor authentication.
Use 2 factor authentication.
Use 2 factor authentication.
Use 2 factor authentication.
Use 2 factor authentication.

I have yet to see one of these reports from someone who's account was protected by 2 factor authentication. 
While nothing is "hackproof" 2 factor does raise the bar very high and as such it is far more likely a hacker will just exploit weaker targets.
legendary
Activity: 1358
Merit: 1002
So, someone stole your money and went to play satoshidice with it?
donator
Activity: 1218
Merit: 1015
Not really. You can see the IP which relayed that, but it frequently isn't the person who actually sent the transaction. The IP that comes up for the withdrawals is 127.0.0.1, which is useless.

so that is done through tor?

Actually this is my adress located at strongcoin

the WD began yesterday evening and are now beeing tubled..

It is actually impossible to get in without knowing my megahyper password or having acess to lastpass..and even lastpass doesnt know it..

i am baffled on how this is possible..


If you have any VNC-type software (tightVNC, realVNC, TeamViewer - whatever), including the Windows' Remote Assistance app (if you happen to be on Windows), I'd disconnect the network right now, move over important docs to a different hard drive, then do a clean install of your OS (request a new IP address from ISP while you're at it).

Alternately, if you use the SC password for anything else, that could be the problem. It may also be that your email account is compromised, with which they could have "recovered" your SC account. Since you're being individually targeted, it's probably a good idea to go through your LastPass login history and make sure all the IP addresses are your own. To see history, go to LastPass vault. In top-right is your email address with a drop-down button right next to it. Click it and then go to "History" where it'll show you all recent events and which IP those events originated again. You can find your IP address at cmyip.com
hero member
Activity: 484
Merit: 500
Not really. You can see the IP which relayed that, but it frequently isn't the person who actually sent the transaction. The IP that comes up for the withdrawals is 127.0.0.1, which is useless.

so that is done through tor?

Actually this is my adress located at strongcoin

the WD began yesterday evening and are now beeing tubled..

It is actually impossible to get in without knowing my megahyper password or having acess to lastpass..and even lastpass doesnt know it..

i am baffled on how this is possible..

donator
Activity: 1218
Merit: 1015
Not really. You can see the IP which relayed that, but it frequently isn't the person who actually sent the transaction. The IP that comes up for the withdrawals is 127.0.0.1, which is useless.
hero member
Activity: 484
Merit: 500
it looks like it is beeing tumbled correct?
hero member
Activity: 484
Merit: 500
I will pay for that !

http://blockchain.info/address/1MmFPFbztUQ8NawgRS2qmogeGrqs18mwbW

I need the Ip from where those transactions are made..is this possible?

thanks !
Jump to: