Catcher

Overview

Demo data mode: synthetic Catcher cases and notification events are being displayed.

Case Detail

INC-20260511-0009

Limited time renewal discount

Triage

Verdict
spam
Severity
medium
Risk
41.2%
Confidence
medium
Action
route_to_spam
Status
analysis_running
  • Bulk marketing footer
  • List-Unsubscribe present
  • Link-heavy message

AI Summary

The message is probably spam or bulk marketing rather than phishing, but the link volume justifies keeping it in the analyst queue until enrichment finishes.

Advisory
yes
Status
ok
Classification
spam
Model
demo-llm
Generated
2026-05-11T12:28:40Z
Action
route_to_spam
  • Bulk footer language
  • List-Unsubscribe present
  • Link-heavy message

Manual Triage Summary

No manual triage summary has been saved yet.

Action Broker

Governed action state shown for analyst review before mutation approval.

Action path
securityfabric.action-broker -> catcher.triage/route
Approval tier
analyst_review
Execution mode
dry_run
Dispatch status
queued
Blocked reason
-
Result
pending_dispatch

Dry-run vs mutation mode is controlled by dry_run and policy approval tier.

Closure evidence: queue_position: 3

Callback request/action IDs: tenant-dev/CORR-INC-20260511-0009/ABR-20260511-0009

Callback publish/ingest: pending / pending

Message

From
Newsletter <promo@mailer.example>
Sender domain
mailer.example
Reporter
sam.finance@example.test
Reply-To
promo@mailer.example
Return-Path
bounce@mailer.example
Message ID
<m365-report-0009@example.test>

Signals

SPF
pass
DKIM
pass
DMARC
none
Clickable URLs
7
Shorteners
0
Attachments
0
Attachment reputation
clean
Stego reviews
0
QR decoded
-
Containers
-
Lure theme
-
Platforms
-
Objectives
-
URL enrichment
-
Domain enrichment
-
Redirects
-
Final mismatch
-
Browser forms
-/-
Threat intel
-
Intel matches
-

URL Enrichment

Status
-
Attempted
-
Redirected
-
Max hops
-
Shorteners expanded
-
Blocked/errors
-/-

No URL trace items are available.

Browser Metadata

Items
-
Password / OTP
-/-
CAPTCHA/checks
-
Brand mismatch
-
Browser final mismatch
-
Blocked/errors
-/-

No browser metadata items are available.

Domain Infrastructure

Status
-
Domains
-
DNS / TLS
-/-
New domains
-
Recent certs
-
Blocked/errors
-/-

No domain infrastructure items are available.

Attachment Coverage

QR URLs
none
PDF QR URLs
none
PDF QR scan
available or not needed
OCR login page
not detected
Disk image / LNK
-
Unsupported containers
-

Threat Intel

Status
-
Matches
-
Malicious
-
Suspicious
-
Sources
-

No SecurityFabric threat-intel hits are attached to this case.

Pipeline

Tenant
tenant-dev
Evidence ID
EVID-20260511-0009
Queue job
44
Run ID
20260511_122407_0000_EVID-20260511-0009
Closed by
-
Close reason
-
Closure note
-

Artifacts

evidence_json
runs/tenant-dev/20260511_122407_0000_EVID-20260511-0009/artifacts/evidence.json
score_debug_json
runs/tenant-dev/20260511_122407_0000_EVID-20260511-0009/artifacts/score.debug.json

Comments

No analyst comments yet.

    Notifications

    No notification events yet.

      Edit Manual Summary

      Add Comment

      Close Case