Author

Topic: ip: 46.38.62.225 - Coin Stealer (Read 1009 times)

newbie
Activity: 33
Merit: 0
March 16, 2014, 10:09:20 AM
#6
lesson learned. for different accounts use different password. you are lucky that you did not learn this lesson the hard way. the intruder could easily wipe out all of your accounts.
hero member
Activity: 661
Merit: 502
March 15, 2014, 09:50:40 PM
#5
This is EXACTLY why you should use a different random password for each and every pool and any other website. I've long known some don't encrypt the passwords for the exact reason of phishing them.

Very good point. Also using unique passwords in conjunction with something like LastPass/Keepass avoids scenarios where databases get leaked and attackers will use that combination on other sites.

http://whatismyipaddress.com/ip/46.38.62.225

The IP address above belongs to a VPS node in Russia and the ISP has been known to host malicious content, whether or not it may be intentionally allowed by the owner is questionable but doesn't change the fact that the host is used to serve and facilitate in less than kosher activities.

Sources:

Query on IP
Query on host company
Forum post
MyWOT report
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
March 15, 2014, 07:07:06 PM
#4
This is EXACTLY why you should use a different random password for each and every pool and any other website. I've long known some don't encrypt the passwords for the exact reason of phishing them.
member
Activity: 106
Merit: 10
Your Pool Your Way - Admin
March 15, 2014, 06:35:33 AM
#3
Well i have no idea where this dude got my user and password... but i assume it must be from a Mpos pool that doesn't encrypt passwords :l

This was the email i recieved from BTC-E

Successful authorization.

Login: theonegilly
IP: 46.38.62.225
Date and time: 13.03.14 19:36


And ive got logins for all 3 of my altcoins.pw pools. ( for users of my pools - NOTHING was compromised - everything on the pool requires you to confirm changes via email before anything happens.)

Your account has successfully logged in

User: theonegilly

IP: 46.38.62.225

Time: 03/13/14 19:40:52

If you initiated this login, you can ignore this message. If you did NOT, please notify an administrator.


legendary
Activity: 2212
Merit: 1199
March 14, 2014, 06:47:38 PM
#2
Well thanks for letting us know.

Can you tell us something more about it?

Some more details?
member
Activity: 106
Merit: 10
Your Pool Your Way - Admin
March 14, 2014, 02:30:45 PM
#1
Hello,

the coin stealers ip: 46.38.62.225 (Russia)

I have notifications for all my mpos accounts and my BTC-e account all come through today about logins... thankfully i didn't have any coins on any of them but its just a warning to everyone.

Im changing all my passwords as i type so i recommend you all do the same.
Jump to: