Raw email header

Forwarded by CFO. Subject: "URGENT — wire transfer needed before EOD"

Return-Path: <ceo@acme-corp.example>
Delivered-To: cfo@acme-corp.example
Received: from mx1.acme-corp.example (mx1.acme-corp.example. [198.51.100.20])
        by mailfront-3 with SMTPS id ABC123
        for <cfo@acme-corp.example>;
        Thu, 22 May 2026 08:14:11 +0530 (IST)
Received: from vps-rage.fake-sender.tld (vps-rage.fake-sender.tld. [45.77.221.18])
        by mx1.acme-corp.example with ESMTPS id XYZ456
        for <cfo@acme-corp.example>
        (using TLSv1.2 cipher ECDHE-RSA-AES128-GCM-SHA256);
        Thu, 22 May 2026 08:14:09 +0530 (IST)
Received-SPF: fail (acme-corp.example: domain of ceo@acme-corp.example does
        not designate 45.77.221.18 as permitted sender)
        client-ip=45.77.221.18; envelope-from=ceo@acme-corp.example
Authentication-Results: mx1.acme-corp.example;
        spf=fail (acme-corp.example: domain of ceo@acme-corp.example does not designate 45.77.221.18 as permitted sender) smtp.mailfrom=ceo@acme-corp.example;
        dkim=none (message not signed) header.d=none;
        dmarc=fail (p=quarantine) header.from=acme-corp.example
DKIM-Signature: (none)
Message-ID: <phish-id-xxx@vps-rage.fake-sender.tld>
From: "Rajesh Kumar (CEO)" <ceo@acme-corp.example>
To: cfo@acme-corp.example
Subject: URGENT — wire transfer needed before EOD
Date: Thu, 22 May 2026 08:14:00 +0530
Reply-To: ceo-private@gmail-secure-mail.tld
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
X-Mailer: PHPMailer 6.0