Solved

IP Address of the originating desktop

Posted on 2014-03-05
16
464 Views
Last Modified: 2014-03-10
Good day to all and thank you in advance for your time and expertise.

How do I find the IP address of the desktop from where an email was send. The email account was created on the fly, meaning it is obviously a temporary address. The person created an account with outlook.com. What I'm able to find is the address of the MS server but not the originating IP address. Here's the Header information :

Received: from mx21.exchange.telus.com (10.9.6.104) by
 HEXHUB12.hostedmsx.local (10.9.6.102) with Microsoft SMTP Server id
 8.3.298.1; Sat, 1 Mar 2014 07:54:32 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgYCAGrzEVNBNr5RnGdsb2JhbABagkKGdaVklywWDgEBAQEBBg0JCRQoghwcBoEFAYEfNYdCARScB4NbAqQdFYdfF5IAgRQEiRM4iHCbdw
X-IronPort-AV: E=Sophos;i="4.97,568,1389769200";
   d="scan'208,217";a="42643293"
Received: from bay0-omc2-s6.bay0.hotmail.com ([65.54.190.81])  by
 mx21.exchange.telus.com with ESMTP; 01 Mar 2014 07:54:32 -0700
Received: from BAY181-W17 ([65.54.190.124]) by bay0-omc2-s6.bay0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675);       Sat, 1 Mar 2014 06:54:32 -0800
X-TMN: [pRWocxOE1AKwK8RgJN0d78ERpKAyhEEZ]
X-Originating-Email: [verite_@outlook.com]
Message-ID: <BAY181-W173C187F1D0E97A27E4B249A8D0@phx.gbl>
Return-Path: verite_@outlook.com
Content-Type: multipart/alternative;
      boundary="_315c5d21-9f4f-4e8f-9246-52e93bb08649_"
From: Anonyme personne <verite_@outlook.com>
To: "nathalie.tankova@apecq.org" <nathalie.tankova@apecq.org>
Subject: Commentaire
Date: Sat, 1 Mar 2014 09:54:31 -0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 01 Mar 2014 14:54:32.0033 (UTC) FILETIME=[27584D10:01CF355E]
0
Comment
Question by:andy951
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906680
Received: from mx21.exchange.telus.com (10.9.6.104) by

has a public IP of 205.206.208.34
0
 

Author Comment

by:andy951
ID: 39906684
Hi thanks, is that the person computer or the mail server?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906701
Looks like the mail server (which could also be a web mail server).
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:andy951
ID: 39906715
Is there a way to find the originating IP address? The person probably used IE to create the outlook.com email address. To send the message the originating IP must be included, is it not?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906777
The originating IP could be the server if it is also running a webmail app.  

Because the client IP is handled via HTTPS, I do believe that it will show in the SMTP headers.
0
 

Author Comment

by:andy951
ID: 39906788
How do I get a hold of the SMTP header?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39906807
According to http://whatismyipaddress.com/trace-email

The source IP address is 65.54.190.124

According to ARIN that address belongs to Microsoft

http://whois.arin.net/rest/ip/65.54.190.124
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39906815
pony10us is correct.  I was reading the headers in the incorrect order.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39907232
If someone uses webmail then you don't get the senders actual ip address but the address of the server
0
 

Author Comment

by:andy951
ID: 39907251
Do you know if it can be requested from MS.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39907276
Probably not.  Once you get this far it usually takes a subpeona to get that type of information.
0
 

Author Comment

by:andy951
ID: 39917304
How can I prove this to my boss she doesn't believe that the IP address can not be found. She is certain it can. Is there any documentation which will convince her?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39917552
You will not get a company, service provider or not, just randomly handing out information regarding an IP address.

And, unless a significant amount of money is involved or a law has been broken in your jurisdiction, filing a report with the police won't do much good either -- a subpoena is about the only way to get it.  Having said that, that information will not be available to you unless the police decide to press charges.
0
 

Author Comment

by:andy951
ID: 39917581
What if I use a email service which provides data on emails. Will that include the IP address of the computer the email was opened on?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39917607
No company in the US  is going to violate -- or shouldn't -- the privacy of its users.
0
 

Author Comment

by:andy951
ID: 39917632
I get it, it's some else that does not. But i will close this question. Thank you for all your help.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question