Email Header analyzing.
I am going through suspected phishing emails to verify that they are phishing and then find a way to block them since they were not already blocked.
Normally pretty straight forward approach.
I have one that has me baffled though with the analyzation portion. I have attached the header.
I use two different sites to analyze the header;
The question I have is in regards to the "Reeceived headers" section. The first line reported by both of the above sites.
ON MXToolbox it shows the from as "server.curaduria2bogota.c
On the Azure it shows a little more information "[22.214.171.124] (port=11638 helo=[126.96.36.199])"
So the question I have is what does this other IP tell me? The 188.8.131.52. The header says:
Received: from [184.108.40.206]
(port=11638 helo=[220.127.116.11]) by
But the address of server.curaduria2bogota.co
m.co is 18.104.22.168 not that 192 address.
Looking for someone smarter than me for input on this.