Why Geo locations are different - strange IP address

The metadata that is stored on all requests will show Geo locations. All Geo locations an approximation based on the IP Address.

You could have a recipient upload or download information from a mobile and that GEO location will ping from local cell towers giving an approximate location based on that IP address.

When viewing a PUSH or PULL timeline to see request details on a recipient that you know lives in NY and you notice that timeline shows multiple “email clicks” took place in New York, France and Colorado but the NY downloaded the file… there are a few possibilities here.

1 - receiver is using an email vendor that is routing things locally (NY) and/or abroad (France).. possibly a French based company they are associated with or work for, and they have a ’scrubbing’ layer within the company or email vendor that is checking the link to make sure its not malicious.  FYI - You may continue to see similar patterns when sending to business email accounts.  

2 - receivers email has been compromised - Most important to note is that this is not a Botdoc compromise or issue, it is related to the receivers email.   

You may want to reach out to the receiver and have them inquire the above mentioned.   We are confident that your customer will be appreciative of your excellent cyber security hygiene. 

You always have the option to TERMINATE a PUSH request before a file is downloaded or if file is downloaded making sure that the intended recipient was the one who downloaded the file.

Note: the GEO location data should be used as a data point not as an absolute

UPDATE as of July 2021

Some users are noticing that when sending a PUSH to a gmail.com email address that the Botdoc timeline is showing 2 downloads even though the only download is from the intended recipient.

We are aware that Gmail has recently (as of June 2021) made some changes on their platform when it comes to “protecting” their links but it’s a bit vague and they are testing this in only certain locations.  You can see their support ticket info here:  Click-time link protections in third-party email clients - Gmail Help   You can also see the FAQ on this same link for more details.

 

We did our own testing as well to Gmail accounts and its also producing 2 downloads in certain locations (even though the only true download was from the recipient) and we are pretty sure its Googles Anti-Virus downloading the files to protect against the behavior they are testing.

FULL VIEW CLICK HERE