Location of the sender... Microsoft Hosting??

Post your questions about tracing the source IP address of an email here.
Locked
diversified
New Member
Posts: 2
Joined: Sun Oct 23, 2016 9:32 pm

Location of the sender... Microsoft Hosting??

Post by diversified » Sun Oct 23, 2016 9:39 pm

a tenant of someone close to me supposedly left the country, went to china and is having a hard time trying to get back.. has long record of money and relationship problems, it turns out. i'm trying to help by checking to see if he was telling truth about where he is.

here is the header:

Code: Select all

Delivered-To: youl77@gmail.com
Received: by 10.202.252.72 with SMTP id a69csp2420974oii;
        Wed, 21 Sep 2016 20:07:37 -0700 (PDT)
X-Received: by 10.202.228.69 with SMTP id b66mr8163017oih.168.1474513657260;
        Wed, 21 Sep 2016 20:07:37 -0700 (PDT)
Return-Path: <steve35082000@hotmail.com>
Received: from BLU004-OMC3S22.hotmail.com (blu004-omc3s22.hotmail.com. [65.55.116.97])
        by mx.google.com with ESMTPS id k4si782842oif.188.2016.09.21.20.07.36
        for <youl77@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 21 Sep 2016 20:07:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of steve35082000@hotmail.com designates 65.55.116.97 as permitted sender) client-ip=65.55.116.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@hotmail.com;
       spf=pass (google.com: domain of steve35082000@hotmail.com designates 65.55.116.97 as permitted sender) smtp.mailfrom=steve35082000@hotmail.com;
       dmarc=pass (p=NONE dis=NONE) header.from=hotmail.com
Received: from NAM04-CO1-obe.outbound.protection.outlook.com ([65.55.116.73]) by BLU004-OMC3S22.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
	 Wed, 21 Sep 2016 20:06:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3aSHdmKC0FJGybRHhzepg0jTx6i6GmFLeoXHmZ/yNU4=; b=O5/VqzxqIWDoVlMS8T2qc33vzFMKeXItL7Lc3F2dZNB0pM4hIO6FTu7TkSTmWcVy+cETTRuOdBky92izCFaUrj/VZqCs73Xnk9TuoWBmWX1NZKAydH0StcH0x33832u3YhDBDxIzifbEZkFZ9pj9gRjZKoHCJS8hohtqHzXTvU9YFBGTMAUvN4/HLRRWm9+F5T16MlaQU+httGePQNY3w5urAvkt90sxc5fQj0zsmcJgexG5qjPik1hg0GcBR2tCeySjgQP5ofgqLvyaP+1QtzWtigGx3sy3Ub7qy1t6ahDFwFYW/LymiMwCTnEdGEULQTZBpBG3tWe+W5uxyLqr6w==
Received: from BN3NAM04FT005.eop-NAM04.prod.protection.outlook.com (10.152.92.60) by BN3NAM04HT125.eop-NAM04.prod.protection.outlook.com (10.152.93.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5; Thu, 22 Sep 2016 03:06:34 +0000
Received: from DM5PR07MB2843.namprd07.prod.outlook.com (10.152.92.54) by BN3NAM04FT005.mail.protection.outlook.com (10.152.92.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5 via Frontend Transport; Thu, 22 Sep 2016 03:06:34 +0000
Received: from DM5PR07MB2843.namprd07.prod.outlook.com ([10.168.101.149]) by DM5PR07MB2843.namprd07.prod.outlook.com ([10.168.101.149]) with mapi id 15.01.0629.006; Thu, 22 Sep 2016 03:06:34 +0000
From: steve SYM <steve35082000@hotmail.com>
To: "youl77@gmail.com" <youl77@gmail.com>
Subject: Steve
Thread-Topic: Steve
Thread-Index: AQHSFH4gOLjHQ+qm60WfIwbMcs7lMA==
Date: Thu, 22 Sep 2016 03:06:34 +0000
Message-ID: <DM5PR07MB2843BB4A42E0704F0463B5CBB2C90@DM5PR07MB2843.namprd07.prod.outlook.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
authentication-results: spf=softfail (sender IP is 10.152.92.54) smtp.mailfrom=hotmail.com; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=fail action=none header.from=hotmail.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning hotmail.com discourages use of 10.152.92.54 as permitted sender)
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [4a/vlvm9UnS+7jhd5t4XKKvzBkGigxlf]
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1;BN3NAM04HT125;6:vjkUk/wQSV8sRsEom8yNHKKMX8Zye+KLmzWlvvoubcb9g5FuSnNghXTz7fzBNmjXslMid8Z0VIHPeUwK7jI++Bvu9FBcRZWkAXGVmi+TBjM9TCqgrwn7YWZGmJ75qMSEbopuWq7EjgCBEX6OtRiNfU2zpOt3uoHR5SNRbdvI4Pra2NhoomesscdfTeyIGolC/L2bbJSrLXKpTVOgEzZyhyyypg8CHdlZuRpJH+2a8dz8eDO17Uhnycogl6TJIPLSYhIMulu5/MmvHONzxIRXe9unN/89kdgBoT7klgdGDXM=;5:fKjSw/7qlmQpwKgdnK/zBuVr9g7YYmQ4XE0vcfxFP6u/dMoSaNcTEOjBlBTy/tyVXlqASSb97z4yy6/G6PA4a02sA9+Mqs+88IPxRBEqEFjxJeZsRVKqfBS56FWUf1BLf/1+AG+0NDDokCgL4oeIEQ==;24:LwaMAbKgDGCokI8GLh07GBjBt8y+8T3ESHN1EVjE3u9rAuf/Vn9wrlUfWL0KR6vHGfzdGXqNZuWWbrj8w6NmiOKCWnyqw50EDqjnOPTxozQ=;7:o7q4xeY/YU1GVPz/j1AxhBey7FLWEXicvntaH749V153tWW5DaAHprw3Fz44qD6cLJh1jHNcVfBTC1QG0Xu0d5N5iegjYhrY9KAnQ9pRXHuHtIL5gciof4Zc0AWMfoAWrnvPcRA1vmQr1NmZoltlRXUZKAv29E0erCw6fJYP9pIome+PB4ZWGxZAwGj24j+QZ/0vw7F9MHrU/HkD7kAqRQnWhsPY3fklfKhsPHCIzy+9c1VcUJbcrxiKXDpvwszFZHy5aHL+qU0SHfORK8sbQILvbzqkMA0McB9hxijEIFN3NaQ1Ue57X/awu5zohcjD
x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(10019020)(98900003);DIR:OUT;SFP:1102;SCL:1;SRVR:BN3NAM04HT125;H:DM5PR07MB2843.namprd07.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id: ac27b9b5-7ac0-42bc-b9db-08d3e29575e7
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(1601124038)(1603103081)(1601125047);SRVR:BN3NAM04HT125;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(432015012)(102415321)(82015046);SRVR:BN3NAM04HT125;BCL:0;PCL:0;RULEID:;SRVR:BN3NAM04HT125;
x-forefront-prvs: 0073BFEF03
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_004_DM5PR07MB2843BB4A42E0704F0463B5CBB2C90DM5PR07MB2843namp_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2016 03:06:34.5156 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT125
Return-Path: steve35082000@hotmail.com
X-OriginalArrivalTime: 22 Sep 2016 03:06:36.0561 (UTC) FILETIME=[54A3A010:01D2147E]

--_004_DM5PR07MB2843BB4A42E0704F0463B5CBB2C90DM5PR07MB2843namp_
Content-Type: multipart/alternative; boundary="_000_DM5PR07MB2843BB4A42E0704F0463B5CBB2C90DM5PR07MB2843namp_"

--_000_DM5PR07MB2843BB4A42E0704F0463B5CBB2C90DM5PR07MB2843namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

User avatar
Chrispcritters
Forum Administrator
Posts: 2445
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Location of the sender... Microsoft Hosting??

Post by Chrispcritters » Mon Oct 24, 2016 5:26 am

Unfortunately Hotmail no longer includes the sender's IP address.

In general I would doubt the validity of any email requesting money. The person needs to be verified by some means other than email. A call to them, a known family member, or a friend for example.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

diversified
New Member
Posts: 2
Joined: Sun Oct 23, 2016 9:32 pm

Re: Location of the sender... Microsoft Hosting??

Post by diversified » Mon Oct 24, 2016 10:57 am

Ahh... much unfortunate!

Thanks anyway Chrispcritters!! ;)

nielsencl1
Active Member
Posts: 333
Joined: Sun Dec 23, 2012 5:47 pm
Location: Minneapolis, MN

Re: Location of the sender... Microsoft Hosting??

Post by nielsencl1 » Tue Oct 25, 2016 3:27 pm

Yes, have them call you. And perhaps have them call you from a public place like a hotel or someplace else where you can confirm the phone number on the Internet and then ask for them at that phone number. If they come to the phone, then you know they are at that location.

Even if they are I don't know that I would trust them...

Locked

Who is online

Users browsing this forum: No registered users and 2 guests