| General > General Technical Chat |
| FYI... Getting emails: "Failed Login Attempt" for EEVblog |
| << < (3/4) > >> |
| RJSV:
Of course, cause for being alert, but ... That could be an attempt, for now to just get (you) to reply, or, since you can't (?), Perhaps next they would sent a more 'urgent' status, like, (perhaps): "We've now detected three, (3), partial logins on your account. Your data is now in jeopardy, please reply now, for download fix code ...". Something bogus like that. The play being, that you are 'gratefull', to supply your password, etc. |
| boB:
Got another email from EEVblog today... Hello boB, We have detected a failed login attempt on your account. Matched forum members with same ip address: ktyecz dbjkf vtktif Flamebinder andronych Iaranan Pietrowicz Brightfury Styur gtnjf hecnbr gtnhzrf rctybz JoJojas ufkif Aschoff tyz[f alexanderk vladimirushka tueyz avdotyushka cnfybckfdf gfienf rjcn.hf iroid orme Marianich dfcbkbcf genashe njveyz gettinginvolved hbvf vitalia dflif Reemiel ujif rcif Ninelka ktcz Borislav miach vase Wakenight ajun vfhkty Anusha Hiqur Jerrygod Andreich rfhbyrf Arambat afrosim Vasa Artem Dalara abkbgg buecz shurunya Denisych ktyeif hbnecz Crary ujieyz njkz Bajinn vfhbcz anikitic dtctkmt Antargan loud ktjyblsx bkyz andhe Alsara rfnthbyrf vfhf yfcnfcm.irf ktdjy Nunya efrosim dfczyf rjcz fytkbrf Timokha vvfyebkrf Adrierdin fylhjybr Darim olgusha Babyangel vfhbfyyf yflt[f Adoraris rfkblrf kbysx lovely ufkbf byyeirf fktyz ueif cdtnkfy Allegro uthvfybr Nalme Tenaciri Anicasalar dzxtckfdrf Rusya uheyznrf fylhjybq pouting ktrcfyf trust ckfdeyz rjkzf hbneyz onions Salkree robe uhtwbz Fehuginn Leonty tahjcbybz rjcn.if frcbymirf pbyef Rhettok Dathis aleutinich nastyuha nastasia Maricela witch Kelenin Kornyukha Miroha Middevit Bonnec mitrich Victorians Shanely Miene dfkthf Dular venedim tujhsx Julianich Dickhok ybyfyz yfnfkbq ufkbyf vfrc Itananen Berkohik dzxf daisy tossed tktyz gfdkbyrf Janngoes fighting Androrim Bandilhala dflz nfbcf Jessaka Bloodfire Mohito ufktrf Awenes dctdjkjleirf cnfybckfdrf ybrbnbx Arisha cdtnecz mura Jayday utjhubx Bevisorl dfkthmzy nfnf bkif Angelena dbnyz djkjlzrf arinka Ttexav Llbery goose Kyhner dekabrynych ellochka byekz Ranes Caroline Huongok Rossojok Ivaniusha Aurizar seed vfcz nfyf jktusx vfz vfycz Veniaminych kerfcz fkmby dthjybxrf elvirka leonia Ahrefas rfvbkkf Hermann Alessandra cntgeif Vitasha utvekz fghjcbymz atjljhf niqi alexinka Johneve Loppok xura Balladonara genius genous Celen frcf hemule Nataliya nfbcm.irf Ballagar gelina rjkzif vfhby fynf ybksx lecz nyuta petra efrosin sledge Fordrern Vitana fktif sanyura fybrbnbx vfhktcz Keron fyfcnfcm.irf ybrekf Malanra gtneif yfcnif evdunya vbfcz gfykz Guercio Drelandis genule Bogra venedictushka whale Eynttoh svetlanich petraka Lairius htyz Babeser Lavrushka bjfyy emka Beabor nbvf[f Katyusha lavruha amala maxian djkz lyudaha ahjc.irf fhnyz Qunorrar Groran Amelyan NtenQag Vasyana stepanka fhvtybq Akinohn Emilia ljyzf gtnrf dtlz uthecz bjfyyf gasha darina Irunya angelina petukha tdljrbvsx all-round Quemal arsenia egorka dfcbkmrj emelyasha fuhbgrf Serenya vtkfym.irf dctdjkjlsx Orielomy alexaha yfcnfctz bhfblrf hjvf Silverweaver emmanuilych polinary Agatius cthueyz alexania Niebla Anabor Hagenbuch diya uekz Christoper dfcbkbccf matthewka kf apollinaris nfkbyf fdljrtz IP address of the failed login attempt: 46.161.11.89 |
| Ian.M:
*None* of the user names I've tried to search for from the above list are valid. Try some yourself. https://www.eevblog.com/forum/mlist/?sa=search Maybe that just shows our moderator team are excellent at bouncing malicious users, but IMHO it would be a *VERY* good idea to verify the email you received is genuine, in case RJH is correct and someone is trying to set you up to try to scam you for your EEVblog login. To do so you need the help of a moderator by PM to advise how to submit the email for Dave or Gnif to examine the raw email headers and body, and match it to the server logs. *DON*T post the headers anywhere public! |
| T3sl4co1l:
Could also be VPNs, though maybe I'd expect a few random legit users are using random VPNs so maybe there should be a few results in that case (or maybe not, there are a lot of VPN servers out there?). Tim |
| boB:
Yep, those names do look bogus, don't they ? Not sure why. The return address "says" it is from do_not_reply@eevblog.com I would think that there are plenty of folks here that understand more than I do about this. A partial part of the header says received from : from [192.200.109.226] ([192.200.109.226:44348] helo=cpanel1.eevblog.com) by smtp14.gate.ord1d.rsapps.net (envelope-from <eevblog@eevblog.com>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 98/18-16649-28E11A26; Wed, 08 Jun 2022 18:11:14 -0400 Doing a Trace Route I get... C:\Users\boBWin10Fast>tracert 192.200.109.226 Tracing route to cpanel1.eevblog.com [192.200.109.226] over a maximum of 30 hops: 1 2 ms 2 ms 2 ms router.asus.com [192.168.50.1] 2 22 ms 20 ms 17 ms 10.61.243.130 3 14 ms 24 ms 11 ms 24.153.84.237 4 9 ms 10 ms 9 ms 69.139.162.214 5 10 ms 10 ms 10 ms 69.139.160.245 6 10 ms 10 ms 12 ms 24.124.128.249 7 13 ms 12 ms 16 ms 24.124.128.122 8 11 ms 11 ms 10 ms be-36121-cs02.seattle.wa.ibone.comcast.net [68.86.93.5] 9 10 ms 11 ms 23 ms be-2201-pe01.seattle.wa.ibone.comcast.net [96.110.39.206] 10 * * * Request timed out. 11 20 ms 14 ms * port-channel4.core2.pdx1.he.net [184.105.64.138] 12 40 ms 39 ms * port-channel1.core2.slc1.he.net [184.105.80.114] 13 40 ms 39 ms 42 ms 100ge1-1.core1.slc1.he.net [184.105.80.113] 14 40 ms 40 ms 39 ms webnx-inc.100gigabitethernet0-25.switch2.slc1.he.net [64.71.130.42] 15 40 ms 41 ms 41 ms 104-250-156-210.static.gorillaservers.com [104.250.156.210] 16 41 ms 39 ms 41 ms cpanel1.eevblog.com [192.200.109.226] Trace complete. So, from this at least, it looks legit. I don't know how good people can spoof these days but I have a feeling this is correct. gorillaservers.com was another name I saw when doing a whois on an IP in the header so that makes sense. Comcast/xfinity is my internet provider here north of Seattle and those are the first several hops. boB |
| Navigation |
| Message Index |
| Next page |
| Previous page |