Tracking where an email came from
We received a suspicious email from someone with a gmail address. Looking at the headers we ascertained the email came from:
Received: from mail-vc0-f179.google.com (mail-vc0-f179.google.com [209.85.220.179])
There is no DNS LOC record for this host and UnDNS (part of RocketFuel) cannot find it.
SatSig (http://www.satsig.net/maps/lat-long-finder.htm) identifies the host as being near Ankara, Turkey.
GeoIPTools (http://www.geoiptool.com/en/?ip=209.85.220.179), IPLocation (http://www.iplocation.net/click/1), IPLigence (http://www.iplocation.net/click/2), IPFinger (http://www.ipfingerprints.com/) and GeoPlugin (http://www.geoplugin.com/) identify it at Mountain View California (home of Google HQ).
Using TULIP we find it is probably located in S. Carolina near Mannin. The nearest Google data center is 17 in the map below. The distance between the two is 52 miles.:
| TULIP estimate of the location of the gmail server, near Manning S. Carolina | Location of Google data centers, note 17 at Goose Creek S. Carolina | Map showing Tulip estimate (orange ballon tip at top) & Goose Creek at the bottom |
|---|---|---|
 |  |  |