Avatar of Michael Fulton
Michael Fulton
Flag for United States of America

asked on 

Email header shows extra IP address in the Received: section

Email Header analyzing.  
I am going through suspected phishing emails to verify that they are phishing and then find a way to block them since they were not already blocked.
Normally pretty straight forward approach.
I have one that has me baffled though with the analyzation portion.  I have attached the header.

I use two different sites to analyze the header;

The question I have is in regards to the "Reeceived headers" section.  The first line reported by both of the above sites.
ON MXToolbox it shows the from as "server.curaduria2bogota.com.co"
On the Azure it shows a little more information "[] (port=11638 helo=[])"

So the question I have is what does this other IP tell me?  The  The header says:
Received: from [] (port=11638 helo=[])       by

But the address of server.curaduria2bogota.com.co is not that 192 address.

Looking for someone smarter than me for input on this.

thank you!
* scam emailsAzure* Email Header

Avatar of undefined
Last Comment
Michael Fulton

8/22/2022 - Mon