Direct answer
What makes phishing evidence usable? Usable evidence has source provenance, preserved artifacts, timing, confidence, liveness state, extracted entities and an analyst decision path.
Evidence readiness
Useful evidence includes screenshots, HTML, redirect chains, DNS/HTTP liveness, source provenance, extracted entities, timestamps, archive references and analyst decisions.
Human-approved action
PhishNet can prepare exports, case notes and takedown material, but external disruption or reporting remains a human-approved workflow.
Why provenance matters
Provenance protects against false positives. It shows whether an item came from an official warning, trusted phishing feed, active OSINT, ad discovery, trap, public scan or analyst confirmation.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What makes phishing evidence usable?
Usable evidence has source provenance, preserved artifacts, timing, confidence, liveness state, extracted entities and an analyst decision path.
Can takedown be automated safely?
External reports should be human-approved, especially when evidence is incomplete or signals are only suspicious.