1. X-Originating-IP - The IP address of the email was sent from (this is known as an X-header)
2. Smtp.mailfrom/header.from - The domain the email was sent from (these headers are within Authentication-Results)
3. Reply-To - Instead of replying the From email address, this is the email address specific to receiving replying emails
Reference: https://web.archive.org/web/20221219232959/https://mediatemple.net/community/products/all/204643950/understanding-an-email-header
[TryHackMe] URL Shortener
Common URL Shorteners are shown as follows.
bit.ly
goo.gl
ow.ly
s.id
smarturl.it
tiny.pl
tinyurl.com
x.co
Append "+" to the shortened URL to see the original URL.
Example:
What you saw in the URL above is adıdas.de which has the Punycode of http://xn--addas-o4a.de/
Tool:
Punycode can be inserted through Microsoft Word.
Punycode translator:
https://www.punycoder.com/
https://metadefender.com/
https://talosintelligence.com/
https://www.virustotal.com/gui/home/upload
https://intelligence.any.run/analysis/lookup
https://bazaar.abuse.ch/browse/
https://malshare.com/search.php
PS: Obtain SHA256 under Windows
#CertUtil -hashfile [FILENAME] SHA256
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
https://web.archive.org/web/20200901140719/http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/danielmiessler/SecLists
