Web activity investigation
The questions below are from the BOTSv2 dataset, questions 100-104. Some additional questions were added.
The focus is on Amber Turing and her communication with a competitor.
Amber Turing was hoping for Frothly to be acquired by a potential competitor which fell through, but visited their website to find contact information for their executive team. What is the website domain that she visited?
index="botsv2" 10.0.2.101 sourcetype="stream:HTTP" "beer" | dedup site | table site
Amber found the executive contact information and emailed him. What image file displayed the executive’s contact information? Answer example:
index="botsv2" 10.0.2.101 sourcetype="stream:HTTP" "www.berkbeer.com" | table uri_path
What is the CEO’s name? Provide the first and last name.
index="botsv2" sourcetype="stream:smtp" "*berkbeer.com"
One of the results is an email sent from
email@example.com. Expand the
What is the CEO’s email address?
After the initial contact with the CEO, Amber contacted another employee at this competitor. What is that employee’s email address?
What is the name of the file attachment that Amber sent to a contact at the competitor?
index="botsv2" sourcetype="stream:smtp" "amber"
What is Amber’s personal email address?
In the email reply to
firstname.lastname@example.org, under content_body, it is base64 encoded in the field
content_transfer_encoding. Decode the content body.