For starters we see several details that can make us suspect: in the first paragraph tells us that there was a problem with an account of Bankia (spanish bank), however in the origin and the rest of the email it told that is from BBVA (another spanish bank).
Viewing the source code of the message, see the IP from which the mail, in this case 81.94.206.18
Here we will use the service we offer ADSLayuda , we find out from which region has sent us the mail:
We see that the domain that owns this IP is Redstation.net.uk. Now, we go to any website whois type (eg http://whois.domaintools.com/ ) and find out information about this domain :
Domain name:
redstation.net.uk
Registrant:
Redstation Limited
Registrant type:
UK Limited Company, (Company number: 3590745)
Registrant's address:
2 Frater Gate Business Park
Aerodrome Road
Gosport
Hampshire
PO13 0GW
United Kingdom
Registrar:
Redstation Limited [Tag = REDSTATION]
URL: http://www.redstation.com
Relevant dates:
Registered on: 11-Apr-2005
Renewal date: 11-Apr-2013
Last updated: 03-Apr-2011
Registration status:
Registered until renewal date.
Name servers:
dns1.redstation.co.uk 80.84.49.135
dns2.redstation.co.uk 80.84.49.136
If we are going to the website redstation.com, we see that it’s a company that offering dedicated servers to host websites or whatever you want.
Here is another example of mail that comes from a different place. The contents of the mail is similar, but the IP is different:
This IP is 81.208.35.150. And geolocation the IP, that comes from Italy, specifically in Bologna:
But in this case, we don’t see the domain. Perhaps in this case the site is not hosted by a hosting company, but on another “private” server.
I will have already been able to ascertain, this method does not work only to find the source of spam, but it can be used in any email we received.
0 comentarios:
Post a Comment