back
PHISHOPS
Guided Phishing Investigation — 7-step tracker with checklists, IOC aggregation, and export.
0 / 39 checks (0%)
Step 1 of 7
Header Analysis
Extract and analyze email headers — From, Reply-To, Return-Path, SPF, DKIM, and DMARC verdicts.
From
"Microsoft Security" <security@microsoft-verify.com>
Reply-To
phish-actor@evil-domain.xyz
Return-Path
bounce@evil-domain.xyz
SPF
FAIL (domain evil-domain.xyz does not designate 203.0.113.42 as sender)
DKIM
FAIL (signature domain mismatch: d=evil-domain.xyz)
DMARC
none (no policy — fallthrough)
Checklist (0/6)
Extract From address and verify against display name
Check Reply-To and Return-Path for mismatch
Review SPF pass/fail verdict
Review DKIM signature and domain alignment
Review DMARC policy and disposition
Trace Received hop chain for origination IP