My identity has been stolen (my story) email trace/ip help!

Post your questions about tracing the source IP address of an email here.
Locked
davidchan840
New Member
Posts: 1
Joined: Sun May 31, 2015 12:46 am

My identity has been stolen (my story) email trace/ip help!

Post by davidchan840 » Sun May 31, 2015 1:02 am

I recently got hacked and my identity stolen on several accounts on the internet, including bank/paypal information and a steam account that has over 2,000 dollars to my name. He didn't stop there, he got into my facebook and "casually chatted" with a lot of my friends... he definitely has a mental problem(s). He also made an email on yahoo with my own name in it to send me emails to the one email account I have that he didn't hack into. My password was very complicated but I was a dumbass and used it on multiple sites... I think he used a keylogger to gain all of this information from a bad program I download or something... I'm still not quite sure how he did it.

I was able to get on my Facebook and keep him from getting on it. I found away to download my whole facebook archive and was able to match chatlogs with login times/locations. I was finally able to get his IP address from hours of searching. He is in Manassas, Virginia... at least that is what this site tells me, while im in california.

I found his ISP and contacted them earlier today and they referred me to their abuse department and I wrote a long email with evidence and proof, etc. I also called all of my online accounts/or created support tickets to try and see what they can do. I have back access to a few accounts now and am waiting on some other very important ones. I though about contacting my local police department and filling out a fraud affidavit form or whatever it is or contacting his local police department, I might do both. Since, this is impersonation, fraud, federal theft (500+ worth stolen), and harassment.

Today when changing Facebook password again, I got a notice that someone tried to log in from somewhere in Texas. I found that IP and it was through someone's iphone 5 with AT&T as the service. I will contact AT&T tomorrow to see what they can do. I didn't realize this could be a unidentified keylogger/RAT until a few mins ago so he might have seen a lot of the things I changed on my computer to prevent him from doing more harm. I am going to restore my computer now (PC)... I am typing on one of my friend's computers. Maybe he hacked into our router? How could their be two different IPs from two different states? He sounds very weird but sophisticated.

He sent me an email yesterday through yahoo and even though I have his IP (well what I hope is his IP) - I want to match it up with the email he sent me. I can't get a trace on it though, just the ISP location. PLEASE HELP!!!! This has ruined my weekend and stressed me out beyond repair lol.

Thanks very much!




EMAIL HEADER:

X-Yahoo-Newman-Id: 630987.91487.bm@omp1040.mail.ne1.yahoo.com...
Original-Recipient: rfc822;{removed}@icloud.com
In-Reply-To: <ee91f2c5-575e-4512-b4f3-768205300299@me.com>
Return-Path: <{removed}@yahoo.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151,1.0.33,0.0.0000 definitions=2015-05-30_01:2015-05-29,2015-05-30,1970-01-01 signatures=0
Mime-Version: 1.0
X-Yahoo-Newman-Property: ymail-4
X-Icloud-Spam-Score: 33302230 f=yahoo.com;e=yahoo.com;is=yes;ir=no;pp=ham;spf=pass;dkim=pass;dmarc=?;wl=absent;pwl=absent;clxs=ham;clxl=absent
X-Mantsh: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaHxEKTEMXGx0EGx0YBBIZBBsTEBseGh8 aEQpYTRdLEQptfhcHGxEKTFkXGxoaHxEKWU0XZEVeYF9EQREKX1kXGRkYEQpZSRcdH3EbBhsfG ncGExwGGRpCHAYaBhsaGgYacRoQGncGGgYaBhkaBhoGGgYacRoQGncGGhEKWV4XaG55EQpDThd LGx4aYkIfHVIab04ZeHMHHn8bGBsfWh4RCltDFxpkeh8aGmB8HX17aGIdGxoRClhcFxkEGgQYG AEeB00dGkgZTxJMBRsdBBsdGAQSGQQbExAbHhofGxEKXlkXZ0QaHHkRCk1cFxgZHhEKTFoXaGl ra2sRCkVYF2gRCkxGF2xraxEKQ1oXExIEGxkSBBgYEwQSGBEKQl4XGxEKQkUXZUNya0heRm1wS GgRCkJOF3pEHB1vRWxtRENmEQpCTBd6eWdufHxrEkdBTREKQmwXehhATm1SWUdjR2gRCkJAF2R Qa0UfbGZ6b0hpEQpCWBdpTEVtfHxZaUZmZREKTV4XBxsRCnBnF2JBQ3NIcGR4EntmEQpwaBdsQ kwZUlJtY39wQxEKcGgXZF5aeV1TZWl6QxMRCnBoF2BQSE54YBl/ZW4ZEQpwaBdrSVlLYmhTXEJ bTREKcGgXekRASB9BQE98U3sRCnBsF2JbS1hdbnBeAU1EEQpwTBdlcktSfFl4TFJubhE=
Authentication-Results: st11p00mm-smtpin007.mac.com; spf=pass (st11p00mm-smtpin007.mac.com: domain of {removed}@yahoo.com.. designates 98.138.229.82 as permitted sender) smtp.mailfrom={removed}@yahoo.com...;
Authentication-Results: st11p00mm-smtpin007.mac.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com... header.b=FG/bsQPM; dkim-adsp=pass
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1412110000 definitions=main-1505300163
X-Clx-Spam: false
X-Clx-Score: 1005
Message-Id: <1761888950.1657143.1432987966275.JavaMail.yahoo@mail.yahoo.com>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432988147; bh=vG/BMbbrzbQRCYtimxXOYj6bxrY9jxEGc8AH48slthM=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=FG/bsQPMU6mv+MONlXnUPKD71aRnBZhCxU7KcHHFtVCQ7OomuSy/JcfSoCF+T2dCUwezsHuCXqWBgtk3GfJVa3kEzCmXHVhb/gBRjLAlXeSFFprkN4Y7z5qBpz7A+90wDtgQ4noZrIL1ivFrOUArBY2b9NJZ70lXKMHOBS8iNeHfSmNF1AwcFlVgYp5yFg+vraBAZR7gDzz0Ygkh0uV2J8x7aghUGnJqh8jgrt9oe2opq0/N1SfJkkgIA2ejkXVkZUtF2HHDqVDsW5xqb++JxWHmbBhApfu6u1n8jTG6S3YN5BlryxrI2dNoM+wXNvlng87cjfizBEJHZgZS8frlfA==
X-Clx-Shades: NotJunk
References: <ee91f2c5-575e-4512-b4f3-768205300299@me.com>
X-Ymail-Osg: finn5k8VM1mbTpBmVEWhIyOXQZceEbFU9uMF4NB1Q23m0JS8JlGeULfpVuPp1hD cY.4EWELGA4LQFeZjp4DKoopJe9uv.lI6eqy0wWWWbmc2cNgSJfCUmpuHQIj0EeLM06geOjm34_6 Fn.byVFK9BlA4ZrJqxBC.iTlS7o.CL_k6Oip8Q1_NhePw._gJcS4vlLLJE1if17hH3e5JWumLrJT dSwejuWPiUZFk17.r5ZjTvxBlIqiCu8xgvb.k8p69UlE9TEui_z7.RJBd_ZMvvTZUs0kj0i5Ypea wCG8uqdwwIEfoCqp_H9XZVoS11tRhZ7AndfgZkoma8AxytHrCDZ7AvBvSWsiXfeLt1SOquDAOytw EouhkZAyp4bPBWts9zqwIBQtbysIDquWsGDgp9Z4zs3aZ2p_BvAT7UKoO7xZ7QsEolO6at3cQxO4 W4STFnLlc7nmpE2_dJHC8LfoJyRZ0lVf1TMxthEMFTMXpHJTuqdpyGTAl9CL1PBVcvg--
Content-Type: multipart/alternative; boundary="----=_Part_1657142_1953207215.1432987966269"
X-Dmarc-Info: pass=?; dmarc-policy=(noPolicy); s=; d=
Received-Spf: pass (st11p00mm-smtpin007.mac.com: domain of {removed}@yahoo.com.. designates 98.138.229.82 as permitted sender) receiver=st11p00mm-smtpin016.mac.com; client-ip=98.138.229.82; helo=nm34-vm2.bullet.mail.ne1.yahoo.com; envelope-from={removed}@yahoo.com..;
Received: from st11p00mm-smtpin007.mac.com ([17.172.84.240]) by ms08524.mac.com (Oracle Communications Messaging Server 7u4-27.08 (7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTP id <0NP5003YRWQFXGF0@ms08524.mac.com> for {removed}@icloud.com; Sat, 30 May 2015 12:15:52 +0000 (GMT)
Received: from nm34-vm2.bullet.mail.ne1.yahoo.com ([98.138.229.82]) by st11p00mm-smtpin007.mac.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Feb 12 2015)) with ESMTPS id <0NP500JV7WQBH710@st11p00mm-smtpin007.mac.com> for {removed}@icloud.com (ORCPT {removed}@icloud.com); Sat, 30 May 2015 12:15:51 +0000 (GMT)
Received: from [127.0.0.1] by nm34.bullet.mail.ne1.yahoo.com with NNFMP; Sat, 30 May 2015 12:15:47 +0000
Received: from [98.138.101.130] by nm34.bullet.mail.ne1.yahoo.com with NNFMP; Sat, 30 May 2015 12:12:47 +0000
Received: from [98.138.89.248] by tm18.bullet.mail.ne1.yahoo.com with NNFMP; Sat, 30 May 2015 12:12:47 +0000
Received: from [127.0.0.1] by omp1040.mail.ne1.yahoo.com with NNFMP; Sat, 30 May 2015 12:12:47 +0000
Received: by 98.138.105.215; Sat, 30 May 2015 12:12:47 +0000
Re: Check your fb

User avatar
Chrispcritters
Forum Administrator
Posts: 2464
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: My identity has been stolen (my story) email trace/ip help!

Post by Chrispcritters » Mon Jun 08, 2015 2:34 pm

Unfortunately the source IP address was not included in the email header.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

Locked

Who is online

Users browsing this forum: No registered users and 1 guest