suspect sign in

I just received a very original looking warning from Microsoft about a suspicious sign in but since i don't use Windows and don't use the hotamil account i can't see how it was generated by me
this is the address it came from but all the links seemed to work:
This is the rest of the header:
Created on:    14 October 2016 at 21:40 (Delivered after 16 seconds)
Subject:    Microsoft account unusual sign-in activity SPF:    PASS with IP xx.xx.xxx.xxx Learn more DMARC:    PASS Learn more....
Any ideas? Someone on a forum trying to crack my password?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That is not an address.

This is not all the headers. In particular, where are the Received-from: headers? And note that the From: header is trivial to forge. I expect you can do it yourself in your email client.
--
"Once you adopt the unix paradigm, the variants cease to be a problem - you
bitch, of course, but that's because bitching is fun, unlike M$ OS's, where
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.