Phishing Email
Last updated
Last updated
Always open malware in a secure environment like a VM.
We will be using the REMnux distribution which is specifically made for reverse engineering.
Let's first open the email using the Thunderbird client.
If we go to More > View Source
, we can see the HTML source of the email.
There is also a Return-Path
field which contains the answer.
We can left click on the button and Copy Link Location
to a notepad.
Since the question is asking for the domain name, we do not need the entire URL.
Using VirusTotal we can check whether a URL is malicious or not.
It has been flagged as Phishing
by Abusix
.
As we saw in the Virustotal analysis, the email is a phishing email.