BTLO : Phishing Analysis 2

Put your phishing analysis skills to the test by triaging and collecting information about a recent phishing campaign.

Challenge Submission

Download the zip folder and open the email document in a text editor with Email syntax enabled. The first 5 questions can be answered.

What is the sending email address? (1 points)

What is the recipient email address? (1 points)

What is the subject line of the email? (1 points)

What company is the attacker trying to imitate? (1 points)

What is the date and time the email was sent? (As copied from a text editor) (1 points)

What is the URL of the main call-to-action button? (1 points)

The body of the email has been base64 encoded. Use Cyberchef to decode the text and the URLs can be found right below the text.

Look at the URL using URL2PNG. What is the first sentence (heading) displayed on this site? (regardless of whether you think the site is malicious or not) (1 points)

When looking at the main body content in a text editor, what encoding scheme is being used? (1 points)


What is the URL used to retrieve the company’s logo in the email? (1 points)

The company’s logo has been retrieved from the squarespace site.

For some unknown reason one of the URLs contains a Facebook profile URL. What is the username (not necessarily the display name) of this account, based on the URL? (1 points)

At the bottom of the text there is a link leading to a user’s Facebook account.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: