Phishing Analysis 2
Lab URL: https://blueteamlabs.online/home/challenge/phishing-analysis-2-a1091574b8
Question 1
What is the sending email address?
Search for "From"
Answer: amazon@zyevantoby.cn
Question 2
**What is the recipient email address?
Search for "To"
Answer: saintington73@outlook.com
Question 3
What is the subject line of the email?
Search for "Subject"
Answer: Your Account has been locked
Question 4
What company is the attacker trying to imitate?
Look for "From"
Answer: amazon
Question 5
What is the date and time the email was sent? (As copied from a text editor)
Search for "Date"
Answer: Wed, 14 Jul 2021 01:40
Question 6
What is the URL of the main call-to-action button?
Copy base64 encoded section
CyberChef base64 decode
Copy Output
Create a ".html" file and paste decoded codes
Open it with browser
Hold you mouse cursor on the link
Copy the malicious link
Question 7
Look at the URL using URL2PNG. What is the first sentence (heading) displayed on this site? (regardless of whether you think the site is malicious or not)
Go to the link or use URL2PNG
Answer: This web page could not be loaded.
Question 8
When looking at the main body content in a text editor, what encoding scheme is being used?
Search for "Encoding"
Answer: base64
Question 9
What is the URL used to retrieve the company’s logo in the email?
Search for "logo"
Question 10
For some unknown reason one of the URLs contains a Facebook profile URL. What is the username (not necessarily the display name) of this account, based on the URL?
Search for "facebook"
Answer: amir.boyka.7
Thank you for taking the time to read this write-up! I hope you found it insightful and helpful.
Keep learning and stay sharp. 👊
Keep up the good work!