Direct answer
What should a phishing report include? Source, timestamp, evidence, liveness, confidence, affected brand and safe action request.
Problem
Providers receive noisy reports. The valuable reports include evidence, timestamps, provenance, liveness, relationships and action history.
PhishNet unique data
PhishNet packages URLs, domains, screenshots, redirect chains, source context, campaign/kit links and evidence readiness.
Public-safe proof module
Public proof includes takedown/evidence methodology and sanitized report examples.
Integration path
Exports can support JSONL/CSV/PDF handoff packs, graph screenshots and status audit trails.
Conversion path
CTA: request evidence handoff example or provider integration discussion.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What should a phishing report include?
Source, timestamp, evidence, liveness, confidence, affected brand and safe action request.
Can PhishNet suppress false positives?
Yes, official baselines and analyst decisions help avoid weak reports.