Phishing Emails 5
For questions 1-4 and 9, we can get the responses directly viewing the email in Thunderbird :
-
What is the email's timestamp? (answer format: dd/mm/yy hh:mm)
Answer : 06/10/2020 5:58
-
Who is the email from?
Answer : Mr. James Jackson
-
What is his email address?
Answer : [email protected]
-
What email address will receive a reply to this email?
Answer : [email protected]
-
What is the Originating IP?
Answer : 192.119.71.157
-
Who is the owner of the Originating IP? (Do not include the "." in your answer.)
Using BD-IP, we get the ISP.
Answer : Hostwinds LLC
-
What is the SPF record for the Return-Path domain?
I check the retrun-path on Dmarcian :
Answer : v=spf1 include:spf.protection.outlook.com -all
-
What is the DMARC record for the Return-Path domain?
I check the retrun-path on Dmarcian :
Answer : v=DMARC1; p=quarantine; fo=1
-
What is the name of the attachment?
Answer : SWT_#09674321____PDF__.cab
-
What is the SHA256 hash of the file attachment?
Answer : 2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f
-
What is the attachments file size? (Don't forget to add "KB" to your answer, NUM KB)
I use VirusTotal with the hash to get the file size.
Answer : 400.26 KB
-
What is the actual file extension of the attachment?
Answer : rar