BTLO Write-up Deep Phish

📰 Medium · Cybersecurity

Learn to identify phishing emails by analyzing the sender's email address and online service impersonation

intermediate Published 22 Apr 2026
Action Steps
  1. Analyze the email header to identify the sender's email address
  2. Decode base64 encoded strings to reveal the sender's name
  3. Check the email content to identify the online service being impersonated
  4. Verify the authenticity of the email by checking the sender's email address and online service
  5. Report suspicious emails to the relevant authorities
Who Needs to Know This

Cybersecurity teams and professionals can benefit from this lesson to improve their phishing detection skills

Key Insight

💡 Phishing emails often impersonate online services and use encoded strings to hide the sender's identity

Share This
🚨 Learn to spot phishing emails by analyzing the sender's email address and online service impersonation 🚨

Key Takeaways

Learn to identify phishing emails by analyzing the sender's email address and online service impersonation

Full Article

Title: BTLO Write-up Deep Phish

URL Source: https://medium.com/@nurayshiralieva/btlo-write-up-deep-phish-312345bd1f59?source=rss------cybersecurity-5

Published Time: 2026-04-22T00:02:25Z

Markdown Content:
# BTLO Write-up Deep Phish. Question 1) What online service is the… | by Nuray Shiraliyeva | Apr, 2026 | Medium

[Sitemap](https://medium.com/sitemap/sitemap.xml)

[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)

Sign up

[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)

Get app

[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)

[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)

Sign up

[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

![Image 1](https://miro.medium.com/v2/resize:fill:32:32/1*dmbNkD5D-u45r44go_cf0g.png)

# BTLO Write-up [Deep Phish](https://blueteamlabs.online/home/investigation/deep-phish-567b38a0ef)

[![Image 2: Nuray Shiraliyeva](https://miro.medium.com/v2/da:true/resize:fill:32:32/0*DR1tu7MF8hRkiVFD)](https://medium.com/@nurayshiralieva?source=post_page---byline--312345bd1f59---------------------------------------)

[Nuray Shiraliyeva](https://medium.com/@nurayshiralieva?source=post_page---byline--312345bd1f59---------------------------------------)

Follow

6 min read

·

Just now

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&user=Nuray+Shiraliyeva&userId=5b9a0ab128bb&source=---header_actions--312345bd1f59---------------------clap_footer------------------)

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=---header_actions--312345bd1f59---------------------bookmark_footer------------------)

[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=---header_actions--312345bd1f59---------------------post_audio_button------------------)

Share

## Question 1) What online service is the email impersonating? (Format: Online Service Name) _(2 points)_

Press enter or click to view image in full size

![Image 3](https://miro.medium.com/v2/resize:fit:700/1*cXgYehKXT6CRSD8JtcnKXw.png)

From qisminə və gələn mailin ümumi mövzusuna baxdıqda görürük ki gələn phishing mailində attacker özünü Disney+ adıyla göstərir.

> Cavab: Disney+

## Question 2) What is the name of the sender, and what is the true sending email address? (Format: Name, mailbox@domain.tld) _(2 points)_

Press enter or click to view image in full size

![Image 4](https://miro.medium.com/v2/resize:fit:700/1*yR530yU8Gl117xZUriZpuw.png)

Bu hissə əsasdır:

From: =?u tf-8?B?RG1zbmV5Kw==?= <supp@agnisys.com>
* `RG1zbmV5Kw==` → base64 decode olunanda **Disney+** olur
* Real email isə → `supp@agnisys.com`

Smtp from qismində başlıq yazmağa icazə verir və əsasən phisingə burda düşür istifadəçilər.

> Cavab
Read full article → ← Back to Reads

Related Videos

NordVPN Vs ExpressVPN 2026 | Which VPN Should You Choose?
NordVPN Vs ExpressVPN 2026 | Which VPN Should You Choose?
Tutorial Stack
NordVPN Vs Surfshark 2026 | Which VPN Should You Choose?
NordVPN Vs Surfshark 2026 | Which VPN Should You Choose?
Tutorial Stack
Secure Your WordPress Website 2026 | Solid Security Basic & Pro Tutorial
Secure Your WordPress Website 2026 | Solid Security Basic & Pro Tutorial
Matt Tutorials
DPDPA India for CISOs – A pragmatic approach to essentials vs. hearsay
DPDPA India for CISOs – A pragmatic approach to essentials vs. hearsay
AKITRA
BYC Ventures’ partnership with cybersecurity company CeQureX is intended to provide dedicated specia
BYC Ventures’ partnership with cybersecurity company CeQureX is intended to provide dedicated specia
BitPinas - Crypto News Philippines
Surfshark Review — The Honest Pros, Cons and Final Verdict (2026)
Surfshark Review — The Honest Pros, Cons and Final Verdict (2026)
Tutorial Stack