Pishing analysis | Blue Team Labs
Scenary
A user has received a phishing email and forwarded it to the SOC. Can you investigate the email and attachment to collect useful artifacts?
Press enter or click to view image in full size
Who is the primary recipient of this email? (1 points)
Answer: kinnar1975@yahoo.co.uk
What is the subject of this email? (1 points)
Answer: Website contact form submission
The answers are in this part.
What is the Originating IP? (1 points)
Press enter or click to view image in full size
Answer: 103.9.171.10
Perform reverse DNS on this IP address, what is the resolved host? (whois.domaintools.com) (1 points)
c5s2–1e-syd.hosting-services.net.au
What is the name of the attached file? (2 points)
Answer: Website contact form submission.eml
What is the URL found inside the attachment? (1 points)
https://35000usdperwwekpodf.blogspot.sg?p=9swghttps://35000usdperwwekpodf.blogspot.co.il?o=0hnd
Press enter or click to view image in full size
Virus total
Press enter or click to view image in full size
What service is this webpage hosted on? (1 points)
blogspot
Blogspot (commonly known as Blogger) is a free, user-friendly blog-publishing service owned by Google that allows users to create and host blogs with a .blogspot.com subdomain. It acts as a Content Management System (CMS), providing templates, hosting, and monetization options through AdSense. It is ideal for beginners and personal projects but has limited advanced functionality compared to platforms like WordPress.
Using URL2PNG, what is the heading text on this page? (Doesn’t matter if the page has been taken down!) (1 points)
Answer: Blog has been removed
Press enter or click to view image in full size
Press enter or click to view image in full size
