Writeup BTLO- Phising Analysis

Simple Writeup, Bluteam CTF from Blue Team Labs Online

Scenario

A user has received a phishing email and forwarded it to the SOC. Can you investigate the email and attachment to collect useful artifacts?

https://blueteamlabs.online/home/challenge/16

Challenge Submission

1. Who is the primary recipient of this email ?

Answer : kinnar1975@yahoo.co.uk

2. What is the subject of this email ?

Answer : Undeliverable: Website contact form submission

3. What is the date and time the email was sent ?

Answer : 18 March 2021 04:14

4. What is the Originating IP?

Answer : 103.9.171.10

5. Perform reverse DNS on this IP address, what is the resolved host? (whois.domaintools.com) ?

Answer : c5s2-1e-syd.hosting-services.net.au

6. What is the name of the attached file ?

Answer : Website contact form submission.eml

7. What is the URL found inside the attachment ?

Answer : https://35000usdperwwekpodf.blogspot.sg?p=9swghttps://35000usdperwwekpodf.blogspot.co.il?o=0hnd

8. What service is this webpage hosted on ?

Answer : blogspot

9. What service is this webpage hosted on ?

Answer : Blog Has been removed