How to harvest the maximum information from the mail?
In this article I will tell you how to search by mail address. For example, I will use the mailing address of scammers.
Where to begin?
- info @ bookairporttransfers.com – Example of regular mail. I highlighted the nickname and italicized the domain.
Usually we have a username , a domain, this is either a mail service like Gmail or Mail.ru, or this is the site of some organization that owns the mail itself. We can move on to examining the domain itself if it is an organization domain. About the study of sites, I will tell you later. After all, the essence of this article is the identification of the owner of an email address.
Checking mail for existence.
2ip – This is a service (Russian) that will check if an email address exists. Everything is simple. If there is no mail, the inscription “email does not exist” will appear, if the mail exists, the opposite result will come out accordingly.
Was mail used for other purposes?
To check mail for use for other purposes, we just need to google it. You can try using google dorks to improve your search performance.
By searching mail in search engines, we can find data such as phone numbers, related domains, identities and other interesting data.
View the shipping path.
All email clients have such a function as “view original”. This function may be called differently, but it will always be present. In fact, this is just viewing the path of the letter, we will see all the intermediate servers. It is worth viewing the original from the bottom to the top, since the bottom is the end point of the letter (recipient), and the top is the start point of the letter (sender).
You should pay attention to such fields as Authentication-Results, Return-Path, Return-SPF. By viewing the sending path, we can find out the address of the servers, the IP addresses of the servers, and possibly other mail addresses. I advise you to analyze the information received well, it is possible to write out the elements that are important to you.
Leaked passwords
Why do we need these leaked passwords, you ask. We are not going to brute someone, they are not even relevant.
Yes, we are not going to brute anyone and the passwords are really not relevant, but using the password you can access other accounts, possibly on social networks, or other emails. Services such as havibeenpwned, dehashed or even god’s eye are able to find leaked passwords, later using god’s eye or similar services, you can find out where else the password was used. And so go to other accounts.
I used the [email protected] mail as an example, and not the mail of our scammers, since I did not find the leaked passwords associated with it.
haveibeenemotet – This service will help us to find out if the mail has been hacked by “Emotet” malware. If the mail is compromised, we learn that the distribution is not on behalf of the owner of the email box.
Let’s convert email to phone.
email2phonenumber – This is a very interesting software that restores numbers using various services. The program uses the “Forgot password” function. She will restore the number on the maximum number of services and try to pick up the remaining digits.
Additionally
In addition, you can analyze the nickname using @maigret_osint_bot and search engines, so you can go to other accounts. I also advise you to analyze the domain, if it is the domain of an organization, check the site using whois and other services, you can find all this, find all this on 2ip.ru.
REFERENCE: https://medium.com/@ibederov_en
If you can’t find anything, you can always use additional software like IPLogger. I will talk about such traps as IPLogger in the next article, so subscribe to our channel
Posted by: @ESPYER