BTLO : Phishing Analysis

A user has received a phishing email and forwarded it to the SOC. Can you investigate the email and attachment to collect useful artifacts?

Challenge Submission

Who is the primary recipient of this email? (1 points)

What is the subject of this email? (1 points)

What is the date and time the email was sent? (1 points)

What is the Originating IP? (1 points)

Perform reverse DNS on this IP address, what is the resolved host? (whois.domaintools.com) (1 points)

What is the name of the attached file? (2 points)

What is the URL found inside the attachment? (1 points)

What service is this webpage hosted on? (1 points)

Using URL2PNG, what is the heading text on this page? (Doesn’t matter if the page has been taken down!) (1 points)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: