Phishing Analysis Fundamentals

Email dates back to what time frame?

1970s

What port is classified as Secure Transport for SMTP?

465

What port is classified as Secure Transport for IMAP?

993

What port is classified as Secure Transport for POP3?

995

What email header is the same as "Reply-to"?

Return-Path

Once you find the email sender's IP address, where can you retrieve more information about the IP?

http://www.arin.net

In the above screenshots, what is the URI of the blocked image?

https://i.imgur.com/LSWOtDI.png

In the above screenshots, what is the name of the PDF attachment?

Payment-updateid.pdf

In the attached virtual machine, view the information in email2.txt and reconstruct the PDF using the base64 data. What is the text within the PDF?

THM{BENIGN_PDF_ATTACHMENT}

What trusted entity is this email masquerading as?

Home Depot

What is the sender's email?

support@teckbe.com

What is the subject line?

Order Placed : Your Order ID OD2321657089291 Placed Successfully

What is the URL link for - CLICK HERE? (Enter the defanged URL)

hxxp[://]t[.]teckbe[.]com/p/?j3=EOowFcEwFHl6EOAyFcoUFV=TVEchwFHlUFOo6lVTTDcATE7oUE7AUET==

Page updated

Google Sites

Report abuse