Welcome to ThePhish!

ThePhish is an automated phishing email analysis tool that is able to analyze suspicious emails in EML format. It automates the analysis through TheHive and Cortex and gives a verdict about the maliciousness of the email.

To use ThePhish, the analyst can click on the "List emails" button at the top of the page and select an email to analyze from the table.

In case of uncertainty, the email will be marked as suspicious and the analyst can go directly on TheHive and Cortex using the buttons on the left-hand side of the page to see the details and gain more insights in order to give a final verdict. Otherwise, the email will be marked either as malicious or safe, but the analyst can go check on TheHive and Cortex the information about the analysis anyway.

If the email is marked as malicious, the case opened on TheHive by ThePhish will be closed and exported to MISP.

The user who sent the suspicious email will be notified by ThePhish when the analysis of his email starts and when it ends.

In order for the email to be analyzed by ThePhish, the user must forward it as an attachment in EML format to the designated email address.

  Go back to analyze a new e-mail
UID Date From Subject Message Subject of the email to analyze