Owner of IP address 73.225.159.251 is a hacker and tried to hack my account

[Wardrick]

Theymos sent me this PM today advising that *someone* here might be trying to break into my account.



It's a good thing he did because I checked if everything was still OK and I found this email from the forum that somebody had tried to reset my password.



The IP address of the attempted hacker is 73.225.159.251. This is likely a Comcast IP in the Seattle, Washington area and it just so happens that forum member tspacepilot lives near there. The location of the IP was indicated by these anonymized traceroute results:

wardrick@wardrick-PC:~$ traceroute  73.225.159.251
traceroute to 73.225.159.251 (73.225.159.251), 30 hops max, 60 byte packets
****
 6  te-0-3-0-22-pe03.nota.fl.ibone.comcast.net (66.208.233.17)  302.152 ms  288.627 ms  459.877 ms
 7  he-0-1-0-0-cr01.miami.fl.ibone.comcast.net (68.86.82.249)  309.037 ms he-1-10-0-0-cr01.miami.fl.ibone.comcast.net (68.86.84.189)  443.851 ms he-1-9-0-0-cr01.miami.fl.ibone.comcast.net (68.86.82.241)  443.817 ms
 8  be-11624-cr02.dallas.tx.ibone.comcast.net (68.86.86.94)  443.887 ms  443.907 ms  443.924 ms
 9  be-11324-cr01.dallas.tx.ibone.comcast.net (68.86.86.89)  443.945 ms  443.963 ms  443.982 ms
10  be-11315-cr02.losangeles.ca.ibone.comcast.net (68.86.85.142)  401.774 ms  401.759 ms  401.754 ms
11  * * *
12  be-7922-ar01.burien.wa.seattle.comcast.net (68.86.93.30)  401.718 ms  399.424 ms  399.378 ms
13  be-37-sur03.spokane.wa.seattle.comcast.net (68.86.96.226)  399.466 ms  399.476 ms  399.485 ms
14  te-0-1-0-ten05.spokane.wa.seattle.comcast.net (68.87.160.218)  399.414 ms te-0-1-1-ten05.spokane.wa.seattle.comcast.net (68.87.205.198)  399.439 ms te-0-1-0-ten05.spokane.wa.seattle.comcast.net (68.87.160.218)  399.422 ms

I am going to report this incident to abuse@comcast.net and I advise anyone else who has issues with this IP address to do the same.

[1714818527]

1714818527

[1714818527]

1714818527

[1714818527]

1714818527

[1714818527]

1714818527

[--Encrypted--]

no comment on the hacking part. but is it a good idea to post a screenshot with a clear link for the password reset?

[Wardrick]

no comment on the hacking part. but is it a good idea to post a screenshot with a clear link for the password reset?

LOL! It doesn't work, it says "user does not exist".

[Shadow_Runner]

Theymos sent me this PM today advising that *someone* here might be trying to break into my account.



It's a good thing he did because I checked if everything was still OK and I found this email from the forum that somebody had tried to reset my password.



The IP address of the attempted hacker is 73.225.159.251. This is likely a Comcast IP in the Seattle, Washington area and it just so happens that forum member tspacepilot lives near there. The location of the IP was indicated by these anonymized traceroute results:

wardrick@wardrick-PC:~$ traceroute  73.225.159.251
traceroute to 73.225.159.251 (73.225.159.251), 30 hops max, 60 byte packets
****
 6  te-0-3-0-22-pe03.nota.fl.ibone.comcast.net (66.208.233.17)  302.152 ms  288.627 ms  459.877 ms
 7  he-0-1-0-0-cr01.miami.fl.ibone.comcast.net (68.86.82.249)  309.037 ms he-1-10-0-0-cr01.miami.fl.ibone.comcast.net (68.86.84.189)  443.851 ms he-1-9-0-0-cr01.miami.fl.ibone.comcast.net (68.86.82.241)  443.817 ms
 8  be-11624-cr02.dallas.tx.ibone.comcast.net (68.86.86.94)  443.887 ms  443.907 ms  443.924 ms
 9  be-11324-cr01.dallas.tx.ibone.comcast.net (68.86.86.89)  443.945 ms  443.963 ms  443.982 ms
10  be-11315-cr02.losangeles.ca.ibone.comcast.net (68.86.85.142)  401.774 ms  401.759 ms  401.754 ms
11  * * *
12  be-7922-ar01.burien.wa.seattle.comcast.net (68.86.93.30)  401.718 ms  399.424 ms  399.378 ms
13  be-37-sur03.spokane.wa.seattle.comcast.net (68.86.96.226)  399.466 ms  399.476 ms  399.485 ms
14  te-0-1-0-ten05.spokane.wa.seattle.comcast.net (68.87.160.218)  399.414 ms te-0-1-1-ten05.spokane.wa.seattle.comcast.net (68.87.205.198)  399.439 ms te-0-1-0-ten05.spokane.wa.seattle.comcast.net (68.87.160.218)  399.422 ms

I am going to report this incident to abuse@comcast.net and I advise anyone else who has issues with this IP address to do the same.

Let me have email access to that email. Or anyone reputable. ASAP

[Wardrick]

Let me have email access to that email. Or anyone reputable.

Do you not believe me? why not?

Here are the email headers:

From "Bitcoin Forum" Sun Sep 13 06:00:28 2015
X-Apparently-To: appleappsmt@yahoo.com; Sun, 13 Sep 2015 06:00:28 +0000
Return-Path: <apache@bitcointalk.org>
Received-SPF: pass (domain of bitcointalk.org designates 54.235.199.197 as permitted sender)
 c2UgdGhlICdmb3Jnb3QgcGFzc3dvcmQnIGZ1bmN0aW9uIGhhcyBiZWVuIGFw
 cGxpZWQgdG8geW91ciBhY2NvdW50LiBUbyBzZXQgYSBuZXcgcGFzc3dvcmQg
 Y2xpY2sgdGhlIGZvbGxvd2luZyBsaW5rOiBodHRwczovL2JpdGNvaW50YWxr
 Lm9yZy9pbmRleC5waHA_YWN0aW9uPXJlbWluZGVyO3NhPXNldHBhc3N3b3Jk
 O3U9ODUzMTY7Y29kZT1ZRkw5bnV1WU1wIElQOiA3My4yMjUuMQEwAQEBAQN0
 ZXh0L3BsYWluAwMwAgN0ZXh0L2h0bWwDAzI-
X-YMailISG: xns87YMWLDt55ABf7F94jVJUFjIEh.mOqPBu0jYAr02xQdir
 RJ0IpRmhQLPLfN._5B7Li8NXIg166dsNSYDDpROGFQYNSonFincU_Yi43nAL
 A_0HUntPNiib7kD8xXVoFPmE4fxlbPnm2V2x7j4uMJ7BX.SDxb9pE9hQVyYW
 LCWGEhv07n91euzSBp6lWXfTLLT3nuAj3XzmWa_mxF8wBi4h_9Hd0RxYNEy2
 6rATWrn6MJz.3wC7VHl.FTtwdl9XjXm13AJzeuVEmhNV3OKk3jSJ7R7G1z1B
 YkvPdwVwpMQrQrozkS_Bu7PK36XicD4f5fj_nnIJsyfLZi9fqvYJehDWm1qS
 S6TudSGCha4ccXI0kR6HNsk5vGyUUjHn3r46a1nbWvcHUb_4SOMmU39oyQU9
 0FJnBS55TTt11DPAdwvaCS.G01DOyxIdFLz26ThynsKxh9ZoszbHK04Mxkxp
 4vB8Y.xuGo2kDx5_769UMzT9uykL8f9Sx2KUBpAbfMk_Jx42nsrw8AMdUFt6
 04bEifNZ8duTpme5UjoUwCYQypPwx79iFHtw68nJE82mT_ZzMQLLpAq4i5yl
 wnkdTmoEKjIhiP64vlHEmS9pYSJ5ll14bARw6DLaakJtcSBk7WlWy_xli6kA
 Kb96k_qkur6i_8V8dpHVR_vaLghex6f3xRGc7J0HVeYZvRUN9kdv6IRRy_.U
 xwueYBZzkx27NnjKA9MtAW5lJQfZFox9.PDhDQgp.4YPR_qGI1kMQUSWyoDT
 kMAD98OMpPGHPfuAzh7qwyicrKGTzeTMzVIB4CErJdaNYWw7eEMHrqaRfRVK
 EMXACLlJQZ7Hmp2_tyvvp92nLnp3GU7zb926r_A6LKKwfmXDr_f0JBqbSzg6
 qs_clX5ZyABjAZZd3kvBacF0vZU5DYSwdBzY.fZiRj.FuyvmqO2MGrdLKqol
 u_8XqZWCRhP38P5.y0WKoJOne9t.83O7uDRj0fooMyxec9Bxqay4CmCVmAQj
 wb8On0b0iuAlriCVNlJADa8yBfwh5uZk.UfluT_KbJktN4h4IZrfpFE2Vk9_
 OnAXQ16MO878SDk6xQ5VTEtF6wcpk70BkKLSS_0fzA.91fvkCl1ZRZXn_yek
 qM8wdxsulKF4sLLVPAJePouyrg6LUQv9qXipIUM5wiXUzmkq6k3Ha1Z_ubEG
 RUxoEXdUrrssXLUvt51A54DQNFLntQzyDE6sZiOlPVrVl4e7clkhg_V5J8J5
 6j3gPC.KZDesj1daebIfq_eIPpEe7ZyhwUA6sI6xmdXTgXVgc1kWtXJUNn2o
 3OEngzDHJA6ZEUxlofCtpaXvOEXpMnodJli39dZb5AMn_hVsnMMOQ739RsF_
 N7Cb67.7IjuDZzpdp5gHTqHcAUgM918aKGH1SFycFYQLBeimXFQcR7Er.0PR
 3T5qEIJYnPMbm7.516EW0geRimHVNu0zW6iy1w09OTWklLa5YnSAzxQ7qE.s
 nCTMsiFzTu4DEHSti0lnGc0Vbk0eRBryBzWGeQ--
X-Originating-IP: [54.235.199.197]
Authentication-Results: mta1262.mail.bf1.yahoo.com  from=bitcointalk.org; domainkeys=neutral (no sig);  from=bitcointalk.org; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO bitcointalk.org) (54.235.199.197)
  by mta1262.mail.bf1.yahoo.com with SMTP; Sun, 13 Sep 2015 06:00:28 +0000
Received: by bitcointalk.org (Postfix, from userid 48)
   id 16766A81727; Sun, 13 Sep 2015 06:00:28 +0000 (GMT)
To: AppleAppsMT@yahoo.com
Subject: New password for Bitcoin Forum
X-PHP-Originating-Script: 0:Subs-Post.php
From: "Bitcoin Forum" <noreply@bitcointalk.org>
Date: Sun, 13 Sep 2015 06:00:28 -0000
X-Mailer: SMF
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="SMF-228acc1059f0ba94ff4fff594ba5583e"
Content-Transfer-Encoding: 7bit
Message-Id: <20150913060028.16766A81727@bitcointalk.org>
Content-Length: 2979

[Shadow_Runner]

I'd like to see that you didn't edit the email text. Only a moron would send me the header as proof.

[Shadow_Runner]

Give someone access it will clear your name from the circumstantial evidence linking you to another account. If this is fake I think the proof will be sufficient as is with that added on.

[Wardrick]

Give someone access it will clear your name from the circumstantial evidence linking you to another account. If this is fake I think the proof will be sufficient as is with that added on.

I can assure you this is not fake. I am being attacked by another member here from the Washington area. I will PM you the password to the email account as it only contains emails from bitcointalk anyway.

[ndnh]

no comment on the hacking part. but is it a good idea to post a screenshot with a clear link for the password reset?

LOL! It doesn't work, it says "user does not exist".

Yep.

Edit: Code is no longer valid. Otherwise, it would have been a pretty dangerous screenshot.

[subSTRATA]

Give someone access it will clear your name from the circumstantial evidence linking you to another account. If this is fake I think the proof will be sufficient as is with that added on.

I can assure you this is not fake. I am being attacked by another member here from the Washington area. I will PM you the password to the email account as it only contains emails from bitcointalk anyway.

you should change the email on your forum account for a bit if youre going to do that, password reset and all.

[Wardrick]

you should change the email on your forum account for a bit if youre going to do that, password reset and all.

I already did that.

[shorena]

Seatlle 652.405 inhabitants, must be tspacepilot. Whats wrong with you?

[Shadow_Runner]

Wardrick is giving me access to the account I will confirm this info is valid or invalid as soon as I get the login

[laracna]

People try to hack people's accounts every day, and hero accounts that are in DT will attract hackers. Sometimes the hackers even success.

No need to speak like you survived a car bomb explosion or an assassination attempt

[Shadow_Runner]

THIS USER IS A SCAMMER! I will not be posting any evidence yet. I am in communication with someone helping properly format all of this info.

[Pai Mei]

THIS USER IS A SCAMMER! I will not be posting any evidence yet. I am in communication with someone helping properly format all of this info.

Do you mean Wardrick

Do you mean he faked the evidences he shown in this topic?

[Shadow_Runner]

YES

[zeraTunerse]

Just change the email to another and add a much unpredictable secret question which is hard to guess.
and  dox the IP address for the people using it , i can see that it is distributed IP which is much easily provided by local LAN cables.

[redsn0w]

He can simple try to hack his account and staging all this scene. Who knows? It is just an assumption like yours @Wardrick.

[Shadow_Runner]

He can simple try to hack his account and staging all this scene. Who knows? It is just an assumption like yours @Wardrick.

Yes that's why I have more than 1 very reputable person collaborating with me on this.