Tracing Where a Hotmail Account was Created


Mar 23, 2007
6
0
#1
:roll: Hi I would be grateful if someone could help me with a situation we are experiencing on msn. My daughter has an account and one of her so called friends i think is pretending to be a boy who keeps talking to my daughter, things have gone on which has left my daughter extremely frightened and i would like to prove it is this girl who is sending these messages, she has made "his" account up from a hotmail account and I was wandering if there was any way in which I could prove it was coming from her computer/account. This girl has been know through primary school to be a menace with msn but upto date no one has proof which I would like to obviously gain in order to put a stop to it. Speaking to her mother proved no hellp what so ever.

I wait in anticipation for your reply many thanks and kind regards. :)
 

Complete

Administrator
Aug 19, 2006
861
0
#2
If your daughter has been threatened or the emails have crossed the line to become criminal in nature, contact the police. They will be able to send subpoena's to find out who set up the account or was using the specific IP Address the mail was being sent from. This is obviously the best route.

If you want to do some of your own investigation, you can probably get the IP Address from the headers in the sent email. Figure out how to view extended headers or the message source. Somewhere within the header should be, "X-Originating-IP: [xxx.xxx.xxx.xxx]". The xxx's should be the sender's IP Address.

I just tested this using my hotmail account and that is where I found my IP Address.

You can then try using a geolocation service to try to narrow down where the IP Address is being used. Do a Google search or try: maxmind.com/app/locate_ip

I tried it on my IP and the latitude/longitude coordinates were close, but not exactly in my neighborhood. I'm pretty sure it goes to my ISP's local station.

You're now about as far as you're going to get. You can send complaints to the ISP and/or hotmail, but I doubt you're going to get them to reveal the account owner.

Good luck.
 

techdude

New Member
Oct 29, 2006
54
0
#3
The IP address used at the time the account was created is stored at MSN as well as any IP address from the previous 36 hour period for log-ins. However the only way you will be able to get access to that information is via subpoena – no amount of sweet talking will get the folks there to help. Under certain circumstances you may be able to decode some general information in the email header received from an MSN email account but once again the originating ISP will not release any information with a court order. Basically there are many ways to get the IP address but only one to get the name of the account holder – call an attorney for information on how to file suit.

Sorry I could not be any more helpful.
 

kern

New Member
Mar 9, 2007
567
0
#4
eeeh grimsby n cleethorpes, seafront memories :) .... anyways,
Hi ragdolly, have you contacted the local police for advice?

If its like BT with dodgy calls, providers will not do anything unless you first make a complaint to the police and usually the police will want you to agree to prosecution should the person be caught, before they get involved in asking your net provider to trace someone.
Once all thats done, its usually trivial for them to trace it back to whoever and wherever.

The problem with previous suggestions regarding header info is that it depends on their service provider whether they get a static IP address or one that changes each time they connect. Tiscali change, but telewest are reasonably static. are you Cable there or ADSL ?

If the IP is static, maybe try and get both "the boy" and the friend to send an email each. or check previous ones. if the headers match, its a good sign that its the same PC thats sending the msgs.

Another path you might consider is talking to the school as malicious txt and msging could be covered under rules about bullying.

hth
kern
 

ddow

New Member
Jul 18, 2006
1,380
0
#5
Don't give up all hope if the ISP uses dynamic address assignment. They usually log the IP/User/time relationship. As Kern indicated, the first issue is to get some power on your side.
 
Mar 23, 2007
6
0
#6
tracing hotmail accounts via msn

<t>I would just like to say a big thank you to you all for your help and advice. We have tried the route of "the boy" sending an email but this doesn't seem to happen which makes me more convinced it is the "friend" doing it. All this at only 11 what have I got to come?!!!! I will try some of your suggestions with the header and ip address if I don't get anywhere I will talk to the local police and tell them I don't know if this "boy" is a girl or a pervert that should get something done. Again many thanks Ragdolly37x</t>
 

warlock40

New Member
Dec 10, 2006
18
0
#7
Also in addition to the above Microsoft has policies for logging without warrant. However LE has to make the request through THEIR local contact. MS will then log all activity for a period until a warrant is received. (They won't release it).. At least this happens here in canada.

I believe the appropriate documentation is posted somewhere on their site about release of information procedures. (generally involving some law enforcement insititution.)
 

ddow

New Member
Jul 18, 2006
1,380
0
#9
All email have "full" headers. The only question is if you can display them. In every email program I've used (web and local) there was a way. It just took a little looking. Once you have the headers there's many web resources that tell you what the various entries mean.

Dennis
 
Mar 26, 2007
3
0
#10
Ive had a wee problem with my hotmail too and am wishing to trace who created a certain email address.

I had my hotmail account hacked into, so extremely that the password was changed, the secret question was changed and also the alternative email address connected to my hotmail account was changed too. This meant I had absolutely no way of accessing my account. I contacted MSN and they were very helpful and speedy in their response, and after answering specific questions I managed to reset my account and regain access. On doing so I discovered the email address that had been entered as the alternative, and am now wishing to trace who created this.

I have a good idea who it might be, but need some evidence before I can do anything about it. Is there a way of finding out the IP address of who created the address? Im not sure if the police would get involved as the person only tried to steal my account and am not sure if this is a crime.

Thanks for any advice you can give
 

koolage

New Member
Feb 13, 2007
57
0
#12
another way to go about it is to download a trial of emailtrackerpro
you can google it.

it will take all your header info from the email and give you a path that the email took to get to you.
same features as complete has stated.
it work really well, to least narrow down to the town location.
 

kern

New Member
Mar 9, 2007
567
0
#13
iirc the IP address is traceable only to the main ISP's nearest host.

i traced my own, using one of those GeoIP progs, and its not even in the same county. probably the physical address of the isp host.

the actual PC location would be traceable by the ISP itself, based upon address, and as someone above mentioned, down to the login time if its a dynamic address.

No Internet Provider is going to give a real physical location/account holder away unless its accompanied by some form of (legal) authority.

kern
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu