Tracking where an email came from
We received a suspicious email from someone with a gmail address. Looking at the headers we ascertained the email came from:
Code Block |
---|
Received: from mail-vc0-f179.google.com (mail-vc0-f179.google.com [209.85.220.179]) |
There is no DNS LOC record for this host and UDNS UnDNS (part of RocketFuel) cannot find it.
...
GeoIPTools (http://www.geoiptool.com/en/?ip=209.85.220.179), IPLocation (http://www.iplocation.net/click/1), IPLigence (http://www.iplocation.net/click/2), IPFinger (http://www.ipfingerprints.com/) and GeoPlugin (http://www.geoplugin.com/) identify it at Mountain View California (home of Google HQ in Mountain View California).
Using using TULIP we find it probably located in is probably located in S. Carolina near Manning. The nearest Google data center is 17 in the map below. It is located at Goose Creek S. Carolina.. The distance between the Manning and Goose Creek is 49.3 miles as the crow flies.
TULIP estimate (orange balloon)of the location of the gmail server, near Manning S. Carolina | Location of Google data centers, note 17 at Goose Creek S. Carolina | Map showing Tulip estimate (orange balloon tip at top) & Goose Creek at the bottom | Driving map from Manning to Goose Creek |
---|---|---|---|