./BACK_TO_PROJECTS
Threat Intelligence2025

Phishing Threat Detection

Real-time browser extension analyzing URLs in <50ms, intercepting attacks and redirecting threat actors to honeypots.

Interceptor Pipeline

01. Navigation Intercept

Extension hook captures `onBeforeRequest` event. Suspends page load for analysis window.

USER ACTION● PENDING
GET https://g00gle-login.com/...
ENGINESCANNING
Typosquatting: High (0.92)
Age: < 24 Hours
SSL issuer: Free Tier

02. Heuristic Analysis

Local ML model checks for homograph attacks, domain age, and SSL discrepancies in <10ms.

03. Honeypot Redirection

Malicious requests are silently redirected to a sandboxed environment to capture attacker TTPs.

VERDICTBLOCKED
Redirect → /sandbox/login.html

Active Deception Logic

When a high-confidence threat is detected, the system doesn't just block it—it engages the attacker. The request is redirected to a Shadow DOM honeypot that logs keystrokes and interaction patterns.

JavaScript
background/interceptor.js
chrome.webRequest.onBeforeRequest.addListener(
    function(details) {
        const url = new URL(details.url);
        
        // 1. Calculate Threat Score (0-100)
        const score = threatEngine.analyze(url.hostname);
        
        if (score > 85) {
            // 2. Log incident to SIEM
            logger.push({ type: 'PHISHING_ATTEMPT', target: url.hostname, timestamp: Date.now() });
            
            // 3. Redirect to local Honeypot (Sandboxed)
            return { redirectUrl: chrome.runtime.getURL("honeypot/login.html") };
        }
        
        return { cancel: false };
    },
    { urls: ["<all_urls>"] },
    ["blocking"]
);

Defense Stack

Client Engine

JavaScriptManifest V3TensorFlow.js

Backend Ops

Python / FlaskRedis Cache

Intelligence

VirusTotal APIWhoIs Lookup

System Efficacy

50ms
Avg Latency
99.2%
Detection Rate
30%
Redirected
Auto
Takedown
Request Threat Demo