Platform capability

Evidence workbench

Evidence is what turns OSINT into action: preserved pages, provenance, source quality and review decisions.

Request demoRead researchOpen dashboard

Direct answer

What is evidence-ready? Evidence-ready means enough artifacts and provenance exist to support analyst decision or handoff.

Evidence types

Screenshots, HTML, redirects, headers, archives, extracted entities, source provenance, liveness checks and analyst decisions.

Workflow

Discovery, evidence candidate, analyst decision, case escalation, export and human-approved action.

Exports

CSV, JSONL, STIX, MISP, PDF summaries and evidence bundles.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge urlscan.io API documentation Microsoft Ad Library API Common Crawl CDX Index

Common questions

What is evidence-ready?

Evidence-ready means enough artifacts and provenance exist to support analyst decision or handoff.

Are public examples raw IOCs?

No. Public examples are redacted; full evidence remains authenticated.

Related reading

Knowledge

Phishing evidence and takedown

How evidence, provenance and human approval turn intelligence into safe action.
Knowledge

URLScan, OSINT and phishing evidence

How submitted URLs, screenshots, DOM hashes and redirect chains support phishing investigations.