I'm trying to determine whether the emails came from the same office or person, but lack the in-depth knowledge of IP6 and understanding of the meaning of the same "subnet prefix".
From the email header, the IP6 from:
Sender A: 2a01:111:f403:7005::72f
Sender B: 2a01:111:f403:7005::609
What can we conclude with certainty from the senders? What can be assumed beyond reasonable doubt?
Not that easy.
The two IP's belong to the same 2a01:111:f403:7005::0/64, which we could normally associate with a single office/connection.
But in this case the main subnet class is 2a01:110::/31, registered by Microsoft; so these IPs are not the users' addresses, but from Microsoft Otulook 365 servers. You can see it in the email headers as they resolve to ***.outbound-protection.outlook.com.
In this case you can't get sender IP address as it is masked by Outlook Online.
