BTLO Write-up Deep Phish
📰 Medium · Cybersecurity
Learn to identify phishing emails by analyzing the sender's email address and online service impersonation
Action Steps
- Analyze the email header to identify the sender's email address
- Decode base64 encoded strings to reveal the sender's name
- Check the email content to identify the online service being impersonated
- Verify the authenticity of the email by checking the sender's email address and online service
- Report suspicious emails to the relevant authorities
Who Needs to Know This
Cybersecurity teams and professionals can benefit from this lesson to improve their phishing detection skills
Key Insight
💡 Phishing emails often impersonate online services and use encoded strings to hide the sender's identity
Share This
🚨 Learn to spot phishing emails by analyzing the sender's email address and online service impersonation 🚨
Key Takeaways
Learn to identify phishing emails by analyzing the sender's email address and online service impersonation
Full Article
Title: BTLO Write-up Deep Phish
URL Source: https://medium.com/@nurayshiralieva/btlo-write-up-deep-phish-312345bd1f59?source=rss------cybersecurity-5
Published Time: 2026-04-22T00:02:25Z
Markdown Content:
# BTLO Write-up Deep Phish. Question 1) What online service is the… | by Nuray Shiraliyeva | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# BTLO Write-up [Deep Phish](https://blueteamlabs.online/home/investigation/deep-phish-567b38a0ef)
[](https://medium.com/@nurayshiralieva?source=post_page---byline--312345bd1f59---------------------------------------)
[Nuray Shiraliyeva](https://medium.com/@nurayshiralieva?source=post_page---byline--312345bd1f59---------------------------------------)
Follow
6 min read
·
Just now
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&user=Nuray+Shiraliyeva&userId=5b9a0ab128bb&source=---header_actions--312345bd1f59---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=---header_actions--312345bd1f59---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=---header_actions--312345bd1f59---------------------post_audio_button------------------)
Share
## Question 1) What online service is the email impersonating? (Format: Online Service Name) _(2 points)_
Press enter or click to view image in full size

From qisminə və gələn mailin ümumi mövzusuna baxdıqda görürük ki gələn phishing mailində attacker özünü Disney+ adıyla göstərir.
> Cavab: Disney+
## Question 2) What is the name of the sender, and what is the true sending email address? (Format: Name, mailbox@domain.tld) _(2 points)_
Press enter or click to view image in full size

Bu hissə əsasdır:
From: =?u tf-8?B?RG1zbmV5Kw==?= <supp@agnisys.com>
* `RG1zbmV5Kw==` → base64 decode olunanda **Disney+** olur
* Real email isə → `supp@agnisys.com`
Smtp from qismində başlıq yazmağa icazə verir və əsasən phisingə burda düşür istifadəçilər.
> Cavab
URL Source: https://medium.com/@nurayshiralieva/btlo-write-up-deep-phish-312345bd1f59?source=rss------cybersecurity-5
Published Time: 2026-04-22T00:02:25Z
Markdown Content:
# BTLO Write-up Deep Phish. Question 1) What online service is the… | by Nuray Shiraliyeva | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# BTLO Write-up [Deep Phish](https://blueteamlabs.online/home/investigation/deep-phish-567b38a0ef)
[](https://medium.com/@nurayshiralieva?source=post_page---byline--312345bd1f59---------------------------------------)
[Nuray Shiraliyeva](https://medium.com/@nurayshiralieva?source=post_page---byline--312345bd1f59---------------------------------------)
Follow
6 min read
·
Just now
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&user=Nuray+Shiraliyeva&userId=5b9a0ab128bb&source=---header_actions--312345bd1f59---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=---header_actions--312345bd1f59---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D312345bd1f59&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40nurayshiralieva%2Fbtlo-write-up-deep-phish-312345bd1f59&source=---header_actions--312345bd1f59---------------------post_audio_button------------------)
Share
## Question 1) What online service is the email impersonating? (Format: Online Service Name) _(2 points)_
Press enter or click to view image in full size

From qisminə və gələn mailin ümumi mövzusuna baxdıqda görürük ki gələn phishing mailində attacker özünü Disney+ adıyla göstərir.
> Cavab: Disney+
## Question 2) What is the name of the sender, and what is the true sending email address? (Format: Name, mailbox@domain.tld) _(2 points)_
Press enter or click to view image in full size

Bu hissə əsasdır:
From: =?u tf-8?B?RG1zbmV5Kw==?= <supp@agnisys.com>
* `RG1zbmV5Kw==` → base64 decode olunanda **Disney+** olur
* Real email isə → `supp@agnisys.com`
Smtp from qismində başlıq yazmağa icazə verir və əsasən phisingə burda düşür istifadəçilər.
> Cavab
DeepCamp AI