The Above picture is the Spam Mail is wish to explain. Basically to trace the IP and location from which the Email has been sent is determined from the "Original Message" of the mail. The Header section of the Original Message of this Email is given Below.
---------------------------------------------------------------------
Delivered-To: #########@gmail.com
Received: by 10.229.91.76 with SMTP id l12cs41945qcm;
Thu, 4 Jun 2009 18:04:45 -0700 (PDT)
Received: by 10.224.74.16 with SMTP id s16mr3025851qaj.320.1244163851087;
Thu, 04 Jun 2009 18:04:11 -0700 (PDT)
Return-Path:
Received: from ip10.waspcom.com (ip10.waspcom.com [64.21.165.10])
by mx.google.com with SMTP id 12si3264373qyk.63.2009.06.04.18.04.10;
Thu, 04 Jun 2009 18:04:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of n.266.5901807@waspcom.com designates 64.21.165.10 as permitted sender) client-ip=64.21.165.10;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of n.266.5901807@waspcom.com designates 64.21.165.10 as permitted sender) smtp.mail=n.266.5901807@waspcom.com
Date: Thu, 04 Jun 2009 20:49:06 -0400
From: "robert allen"
To: ##########@gmail.com
Subject: Stop working long hours
MIME-Version: 1.0
X-Mailer: rws v8.3.4.1000.5901807
Reply-To: r.266.5901807@waspcom.com
Message-Id: <20090604170005.erzuendpwf@waspcom.com>
Content-Type: multipart/alternative;
boundary="=_4c4684c84d04d9efd613a810054472bf"
---------------------------------------------------------------------------
This is quiet difficult to get the IP location from the above Header. With the help of IPLIGENCE.COM, and copying this Header to the Email Tracer Text Box and Clicking on the "Trace" link will trace this email's IP address and Location of the server, which is used by the spammer. Though the Spammer's Location couldn't be determined, We can report about Abuse mail to the server, so that the server Admin can look after the Spammer and control them in accessing the server again.
After Getting the IP and Location of the server, I use the information to Trace the Domain Owner. From the above header "WASPCOM.COM" is the server used to Send this email. But with the help of DNSCHART.COM --> "IP Whois" Option, I found that the IP address and Domain doesn't match. The IP Address determined from the mail was "64.21.165.10", But the email was sent from "NAC.NET". This proves that this is a Spam email.
This Mail consists of Links in it, Which leads to Phishing Sites. Phishing sites were maily used to Steal Information from the Internet user. Due to unawarness among people, Many give out their personal details and get into trouble. To Create awarness among Internet Users, I pubished this Blog. If you have received such email, Be aware and report it to the server admin in Advance.
For More information on Phishing Websites, Visit these links:
http://edode.blogspot.com/2009/04/i-can-help-you-trace-email-spammer.html
http://edode.blogspot.com/2008/11/know-about-phishing-websites.html
No comments:
Post a Comment