▶ EMAIL HEADER FORENSICS LAB
CYBERSECURITY TRAINING ENVIRONMENT — SIMULATED PHISHING SPECIMEN
SANDBOX ACTIVE
THREAT DETECTED
ANALYSIS MODE
KEY:
● CRITICAL Definite phishing indicator — click to investigate
● WARNING Suspicious — requires further analysis
● INFO Notable — context-dependent
FLAGS FOUND: 0/0
SPECIMEN: PHISHING EMAIL HEADER — CASE #2024-PH-0042
RAW HEADER
ROUTING CHAIN
AUTH RESULTS
▸ ANALYST NOTEPAD
THREAT CONFIDENCE SCORE 0%
BEGIN ANALYSIS
DISCOVERED INDICATORS
SUSPICIOUS RELAY ANON RELAY TOR IP SPOOFED DOMAIN FOREIGN REPLY-TO URGENCY LANGUAGE SUSPICIOUS MSG-ID SPF FAIL DKIM FAIL DMARC FAIL PHP MAILER SUSPICIOUS IP HIGH SPAM SCORE
📋 Click any highlighted field in the header to reveal its significance,
then add it to your analyst notes.

Build a complete picture of the phishing attempt.
CRITICAL Field Name
HEADER FIELD
WHAT THIS FIELD DOES
WHY THIS IS SUSPICIOUS