+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, Tracking a hotmail account in Technical; Hello All, We have had an incident here, where a student has made a hotmail.com account (and yes it is ...
  1. #1
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    908
    Thank Post
    92
    Thanked 118 Times in 95 Posts
    Rep Power
    47

    Tracking a hotmail account

    Hello All,

    We have had an incident here, where a student has made a hotmail.com account (and yes it is hotmail.com on the email address, weird) and sent an email with an image to a member of staff, which is offensive. The issue is the email was sent at around 9pm at night, so I have not been able to do a trace here on our Filtering system. I have emailed the outlook.com abuse account but have only received an automated email back.

    Does anyone have any suggestions on the best way to try and find out whose this email account is. They have not used their school account as a separate account so that doesn't help to track them.

    Thank you all in advance,

  2. #2
    Gaz
    Gaz is online now

    Join Date
    Feb 2011
    Location
    Preston
    Posts
    795
    Thank Post
    137
    Thanked 67 Times in 59 Posts
    Rep Power
    20
    Any clues in the email header?

  3. #3
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    908
    Thank Post
    92
    Thanked 118 Times in 95 Posts
    Rep Power
    47
    not that I can see,

    here is the headers (which teachers email address removed)

    Code:
    Received: from DBXPR04MB319.eurprd04.prod.outlook.com (10.141.232.24) by
    AMSPR04MB310.eurprd04.prod.outlook.com (10.242.107.20) with Microsoft SMTP
    Server (TLS) id 15.0.851.11 via Mailbox Transport; Mon, 20 Jan 2014 21:32:56
    +0000
    Received: from DBXPR04CA007.eurprd04.prod.outlook.com (10.255.191.155) by
    DBXPR04MB319.eurprd04.prod.outlook.com (10.141.232.24) with Microsoft SMTP
    Server (TLS) id 15.0.851.15; Mon, 20 Jan 2014 21:32:55 +0000
    Received: from AM1FFO11FD055.protection.gbl (2a01:111:f400:7e00::100) by
    DBXPR04CA007.outlook.office365.com (2a01:111:e400:9800::27) with Microsoft
    SMTP Server (TLS) id 15.0.851.11 via Frontend Transport; Mon, 20 Jan 2014
    21:32:54 +0000
    Received: from emea01-am1-obe.outbound.protection.outlook.com (157.56.112.28)
    by AM1FFO11FD055.mail.protection.outlook.com (10.174.65.74) with Microsoft
    SMTP Server (TLS) id 15.0.847.12 via Frontend Transport; Mon, 20 Jan 2014
    21:32:52 +0000
    Received: from HKNPR03CA012.apcprd03.prod.outlook.com (10.141.16.22) by
    HKNPR03MB403.apcprd03.prod.outlook.com (10.141.35.17) with Microsoft SMTP
    Server (TLS) id 15.0.851.15; Mon, 20 Jan 2014 21:32:44 +0000
    Received: from DB3FFO11FD010.protection.gbl (2a01:111:f400:7e04::117) by
    HKNPR03CA012.outlook.office365.com (2a01:111:e400:a000::22) with Microsoft
    SMTP Server (TLS) id 15.0.851.11 via Frontend Transport; Mon, 20 Jan 2014
    21:32:43 +0000
    Received: from col0-omc2-s1.col0.hotmail.com (65.55.34.75) by
    DB3FFO11FD010.mail.protection.outlook.com (10.47.216.166) with Microsoft SMTP
    Server id 15.0.847.12 via Frontend Transport; Mon, 20 Jan 2014 21:32:42 +0000
    Received: from COL128-W36 ([65.55.34.73]) by col0-omc2-s1.col0.hotmail.com
    with Microsoft SMTPSVC(6.0.3790.4675);             Mon, 20 Jan 2014 13:32:41 -0800
    X-TMN: [Y8QHG/Z91KBjZYSGPKNf8OofMLQo6EuQ]
    X-Originating-Email: [mrjordanisasheepshager@hotmail.com]
    Message-ID: <COL128-W367AB2E5C376C886B8BD3AD6A50@phx.gbl>
    Return-Path: mrjordanisasheepshager@hotmail.com
    Content-Type: multipart/mixed;
                    boundary="_5c54a73d-b3a8-400f-bbb0-5c089bda1694_"
    From: Mr Jordan is a sheep shagger <mrjordanisasheepshager@hotmail.com>
    To: "%TEACHERS EMAIL%@ntc.kent.sch.uk" <%TEACHERS EMAIL%@ntc.kent.sch.uk>
    Subject:
    Date: Mon, 20 Jan 2014 21:32:41 +0000
    Importance: Normal
    MIME-Version: 1.0
    X-OriginalArrivalTime: 20 Jan 2014 21:32:41.0829 (UTC) FILETIME=[263FE150:01CF1627]
    X-EOPAttributedMessage: 1
    X-Matching-Connectors: 130347271627341080;(d8fcf337-55d8-4128-5d8c-08d0d6cd5b43,91b4c244-d4ec-4e82-4cf7-08cfe15df2fa);()
    X-Forefront-Antispam-Report-Untrusted:
    CIP:65.55.34.75;CTRY:US;IPV:CAL;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(10019001)(6009001)(619001)(189002)(199002)(71186001)(85306002)(87266001)(46316001)(82202001)(77806003)(81686001)(74876001)(87936001)(83072002)(84326002)(5406001)(47446002)(74502001)(512934002)(74366001)(15714825002)(81542001)(85852003)(93516002)(74662001)(90146001)(86362001)(31966008)(80022001)(74706001)(69226001)(573454002)(77982001)(73972005)(56816005)(25636003)(20776003)(76796001)(80976001)(51856001)(53806001)(63696002)(76482001)(54356001)(65816001)(83332001)(47736001)(83322001)(44976005)(49866001)(19580395003)(77096001)(46102001)(564344003)(50986001)(93136001)(81816001)(54316002)(59766001)(56776001)(568964001)(76176001)(79102001)(81342001)(4396001)(47976001)(92726001)(36756003)(76786001)(33656001)(92566001)(15852003)(73022006)(5416002)(11937685003);DIR:OUT;SFP:1102;SCL:1;SRVR:HKNPR03MB403;H:col0-omc2-s1.col0.hotmail.com;CLIP:65.55.34.75;FPR:;RD:col0-omc2-s1.col0.hotmail.com;MX:1;A:1;LANG:;
    X-Forefront-PRVS: 00979FCB3A
    X-MS-Exchange-Organization-MessageDirectionality: Incoming
    X-Forefront-Antispam-Report:
    CIP:157.56.112.28;CTRY:US;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(6009001)(619001)(199002)(189002)(4396001)(84326002)(71186001)(83072002)(81342001)(85306002)(573454002)(74502001)(80022001)(81686001)(77806003)(74876001)(87836001)(31966008)(85852003)(74366001)(90146001)(5406001)(81542001)(56816005)(47446002)(15714825002)(74662001)(65816001)(512934002)(51856001)(20776003)(69226001)(87266001)(76482001)(77982001)(80976001)(47736001)(77096001)(47976001)(83322001)(6806004)(50986001)(46316001)(19580395003)(25636003)(79102001)(83332001)(44976005)(46102001)(53806001)(76796001)(49866001)(54316002)(76786001)(564344003)(93136001)(33656001)(76176001)(63696002)(54356001)(73972005)(92726001)(56776001)(36756003)(93516002)(568964001)(59766001)(92566001)(81816001)(86362001)(74706001)(82202001)(15852003)(73022006)(5416002)(11937685003);DIR:INB;SFP:;SCL:1;SRVR:DBXPR04MB319;H:emea01-am1-obe.outbound.protection.outlook.com;CLIP:157.56.112.28;FPR:;RD:emea01-am1-obe.ptr.protection.outlook.com;A:1;MX:1;LANG:;
    X-MS-Exchange-Organization-Network-Message-Id: 0cbe7a67-3163-45b4-2645-08d0e43e50d8
    X-MS-Exchange-Organization-AVStamp-Service: 1.0
    Received-SPF: SoftFail (DBXPR04MB319: domain of transitioning hotmail.com
    discourages use of 157.56.112.28 as permitted sender)
    X-MS-Exchange-Organization-SCL: 1
    X-MS-Exchange-Organization-AuthSource: AM1FFO11FD055.protection.gbl
    X-MS-Exchange-Organization-AuthAs: Anonymous

  4. #4

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Looks like Hotmail have removed the X-Originating-IP header they used to have, which is a shame.

    Depending on the level of offensiveness of the image, you may be able to involve law enforcement. If the message is "grossly offensive, indecent, obscene, menacing or false" it is an offence under The Communications Act 2003 section 127. The police would be able to formally request more detail from Microsoft about the sender.

    Even if that criteria isn't met, or if involving the police isn't desirable, I'm sure many of your teachers will be familiar with the concept of using the threat of involving the police to extract a confession from pupils.
    Last edited by AngryTechnician; 22nd January 2014 at 10:38 AM.

  5. #5
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    908
    Thank Post
    92
    Thanked 118 Times in 95 Posts
    Rep Power
    47
    Thank you all,

    I didn't find it that offensive, it is an image of a t-shirt with a sheep looking over it's shoulder and the words "#1 Sheep Sh**ger" (without the stars) the teachers himself isn't too worried, this pressure is coming from the deputy head to find out who it is.

  6. #6

    Join Date
    Jun 2008
    Location
    Northants
    Posts
    86
    Thank Post
    16
    Thanked 17 Times in 17 Posts
    Rep Power
    15
    Hotmail have Microsoft servers as the originating IP (received from), they will however have the users own IP stored somewhere, good luck in getting it though!

  7. #7
    Gaz
    Gaz is online now

    Join Date
    Feb 2011
    Location
    Preston
    Posts
    795
    Thank Post
    137
    Thanked 67 Times in 59 Posts
    Rep Power
    20
    Its kids being kids. He should probably come in wearing the t-shirt. The only one that doesn't laugh is the guilty one as they will be more shocked than the rest lol.

    Don't actually try that^

    At least you have the time the email was sent so you could send an email to the parents to check their computer history around the time. They also probably used Google to do the search so looking at the history on Google too just in case they deleted the browser cache.

  8. #8
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    908
    Thank Post
    92
    Thanked 118 Times in 95 Posts
    Rep Power
    47
    Thank you @Gaz

    TBH I am not THAT worried, I will be waiting for the decision from the Deputy Head

SHARE:
+ Post New Thread

Similar Threads

  1. Hotmail account blocked. Recovery process keeps saying . . .
    By bodminman in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 22nd November 2012, 10:51 AM
  2. Konica Photocopier Account Track Problems
    By Matyb2k in forum Hardware
    Replies: 3
    Last Post: 20th September 2011, 06:45 PM
  3. Hotmail account hacked
    By sippo in forum General Chat
    Replies: 10
    Last Post: 4th August 2010, 02:23 PM
  4. Does hotmail still disable unused accounts?
    By pete in forum General Chat
    Replies: 2
    Last Post: 29th January 2010, 05:25 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •