The metadata that is stored on all requests will show Geo locations. All Geo locations an approximation based on the IP Address.
You could have a recipient upload or download information from a mobile and that GEO location will ping from local cell towers giving an approximate location based on that IP address.
When viewing a PUSH or PULL timeline to see request details on a recipient that you know lives in NY and you notice that timeline shows multiple “email clicks” took place in New York, France and Colorado but the NY downloaded the file… there are a few possibilities here.
1 - receiver is using an email vendor that is routing things locally (NY) and/or abroad (France).. possibly a French based company they are associated with or work for, and they have a ’scrubbing’ layer within the company or email vendor that is checking the link to make sure its not malicious. FYI - You may continue to see similar patterns when sending to business email accounts.
2 - receivers email has been compromised - Most important to note is that this is not a Botdoc compromise or issue, it is related to the receivers email.
You may want to reach out to the receiver and have them inquire the above mentioned. We are confident that your customer will be appreciative of your excellent cyber security hygiene.
You always have the option to TERMINATE the request before a file is downloaded or if file is downloaded making sure that the intended recipient was the one who downloaded the file.