-
November 5th, 2003, 01:39 PM
#1
Registered User
Tracking IP addresses
I'm not sure if I put this in the right section, but I my g/f has had her hotmail account hacked it to. They changed her password and is emailing people out of it pretending to be her. I got she got some kind of keylogger or something on her computer to be able to get her password. My question is, is it possible to be able to track down the IP address of who is doing this, and if so, could anything legally happen to the person that hacked into her account?
-
November 5th, 2003, 02:36 PM
#2
Banned
Originally Posted by Social Enemy
I'm not sure if I put this in the right section, but I my g/f has had her hotmail account hacked it to. They changed her password and is emailing people out of it pretending to be her. I got she got some kind of keylogger or something on her computer to be able to get her password. My question is, is it possible to be able to track down the IP address of who is doing this, and if so, could anything legally happen to the person that hacked into her account?
Sometimes, but often not except by Hotmail themselves.
Have you contacted MS/Hotmail about this?
-
November 5th, 2003, 02:57 PM
#3
Avatar Goes Here
Just contact [email protected] they were pretty good about taking care of things when someone got my little sisters account
:::Asus A8N-Sli Premium:::AMD 3500+ @ 2.4ghz:::2x80GB 8mb cache RAID0 Array:::GeForce 7800GTX OC:::2GB Corsair XMS Memory:::500 Watt Enermax Liberty PSU:::16x Lite-on DVDRW:::
Counter Strike Source Forum and Server @ http://www.nvpclan.com -=Ninjas Vs. Pirates=-
-
November 6th, 2003, 08:41 AM
#4
look at the headers of the email, it will show what ip it came from even if was hotmail account. ex. below I sent from my hotmail account to another account that I open with outlook express. In outlook inbox I right click on the message and chose properties, then click details tab. then u can see the headers. (changed the real ip and servernames).
What you look for is the line that says originating IP. Doesnt matter if they use hotmail, yahoo, etc.. they all log the ip that sent it. Some might have a internal IP, but then their server they go through would have a legit one.
Received: from mail.isp.com (localsrv [32.41.237.5]) by server.isp.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id VLNHHF1A; Thu, 6 Nov 2003 08:32:31 -0500
Received: from exprod6mx22.postini.com(12.158.35.162) by mail.isp.com via csmap
id 2af71878_105e_11d8_96d1_000347efbbaa_22342;
Thu, 06 Nov 2003 08:36:04 -0500 (EST)
Received: from source ([65.54.245.99]) by exprod6mx22.postini.com ([12.158.35.251]) with SMTP;
Thu, 06 Nov 2003 05:33:49 PST
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Thu, 6 Nov 2003 05:33:49 -0800
Received: from 32.41.237.52 by by1fd.bay1.hotmail.msn.com with HTTP;
Thu, 06 Nov 2003 13:33:48 GMT
X-Originating-IP: [32.41.237.52]
X-Originating-Email: [[email protected]]
From: "John Smith" <[email protected]>
To: [email protected]
Bcc:
Subject: test
Date: Thu, 06 Nov 2003 13:33:48 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <[email protected]>
X-OriginalArrivalTime: 06 Nov 2003 13:33:49.0164 (UTC) FILETIME=[9C4322C0:01C3A46A]
X-pstn-levels: (S: 5.0991 R:95.9108 P:95.9108 M:99.4056 C:78.1961 )
X-pstn-settings: 4 (1.5000:4.5000) r p m C
X-pstn-addresses: from <[email protected]> [724/28]
SO then take the X-Originating-IP: [32.41.237.52]
and go to www.arin.net, put the ip in the search whois window.
and youll see what isp owns that IP address. You can then either forward this to ur isp or maybe complain directly at the owning company. in this ex. from the arin.net on the ip of 32.41.237.52 you can see their is a contact name, number, etc... listed for the owning isp.
Search results for: 32.41.237.52
OrgName: AT&T Global Network Services
OrgID: ATGS
Address: 3200 Lake Emma Road
City: Lake Mary
StateProv: FL
PostalCode: 32746
Country: US
NetRange: 32.0.0.0 - 32.255.255.255
CIDR: 32.0.0.0/8
NetName: ATT-32-0-0-0-A
NetHandle: NET-32-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS.UK.PRSERV.NET
NameServer: NS.DE.PRSERV.NET
NameServer: NS.NL.PRSERV.NET
Comment:
RegDate:
Updated: 2002-03-28
TechHandle: PS4071-ARIN
TechName: Sides Jr., Phil
TechPhone: +1-301-962-7817
TechEmail: [email protected]
-
November 6th, 2003, 08:46 AM
#5
Registered User
Thanks for all the help, I contacted [email protected] and got the password reset. Thats alot of good info msargex2, I'll try that and see what I come up with.
-
November 6th, 2003, 09:18 AM
#6
Registered User
Let us know if you find out who it was.
-
November 6th, 2003, 09:20 AM
#7
Banned
Welcome to WinDrivers msargex2!
Good info for Social Enemy which I was going to point out to him, but you do finally end up at a brick wall where you must contact someone in the end to actually find the culprit.
-
November 6th, 2003, 10:38 AM
#8
Registered User
If someone had a keylogger on your/your girlfriends machine, keep an eye on your credit if you had any financial/personal info on it.
Deliver me from Swedish furniture!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks