New evidence is moving now.
Public-safe counters from the running platform. Raw URLs, victims, and sensitive evidence stay behind the authenticated workspace.
Three jobs, one evidence spine.
PhishNet is not another disconnected feed. It turns collector evidence into decisions, actions, reports, and product-specific workspaces without losing provenance.
See the threat
Early warning across phishing, smishing, sanctions, credential exposure, ransomware, attack surface, and OT advisories.
Decide the response
AI briefs, lifecycle state, source health, risk scores, and human-approved action paths for the people who own the decision.
Prove the work
Raw artifacts, SHA-256 provenance, citations, run lifecycle metadata, export profiles, and evidence packets for audit and prosecution.
Same platform, different vocabularies.
A CCERT director, an MLRO, an OT operator, and an underwriter should not have to read the same page. The site routes each buyer into the language of their work.
Coordination without the coordination problem.
Citizen reports in. Cases, action queues, playbooks, evidence packets, and public-safe outputs out.
- PhishNet
- SmishNet
- RansomWatch
- OTguard
Screening that is defensible at audit.
Sanctions, PEP, regulator-warning federation, crypto overlays, and SAR-ready evidence.
- Sentinel
- CredLeak
- PhishNet
- Datasets
Underwrite with conditions, not with hope.
Outside-in posture, loss events, peer benchmarks, dependencies, and portfolio aggregation.
- Cyber Risk
- InfraExpose
- CredLeak
- OTguard
One finding propagates everywhere.
When a collector adds a sanctions hit, a lookalike app, a KEV advisory, or a regulator warning, the platform resolves the entity once and fans out entitlement-safe summaries to the surfaces that need it.
Federated products
Sentinel, Cyber Risk, Institution workspaces, Cases, Action Queue, Brand and Reports all read from the same resolved event.
Evidence by design
Every claim links back to a collector run, a raw artifact hash, source URI, parse state, timestamp, and confidence score.
Eight products, one platform.
Each product speaks the buyer’s language while sharing the same collectors, action lifecycle, AI brief contract, export center, and provenance spine.
PhishNet
Disrupt the phishing wave before it pivots to your customers.
SmishNet
Stop fraud SMS at the route, not at the report.
RansomWatch
Track ransomware victims, groups, and leak sites in one feed.
InfraExpose
Your attack surface, KEV deadlines, and NIS2 evidence.
CredLeak
Credential exposure across stealer logs, dumps, and code.
Cyber Risk
Outside-in risk intelligence for cyber insurance decisions.
Sentinel
EU sanctions, PEP, and regulator-warning screening.
OTguard
ICS advisory intelligence for NIS2 essential entities.
Public intelligence
Public outputs remain useful, defanged, and citable.
Keep the public dashboard, daily research, `/check`, embed widgets, and quarterly reports public-safe. Specific live URLs, victim identities, brand-sensitive details, and operational case state stay behind role-gated workspaces.
Public check and evidence reporting stays available for citizens and partners: check a suspicious link, submit screenshots or email evidence, then read public research such as Attack-kit vault research and raw cyber evidence observation metadata. For underwriters, the cyber-insurance risk intelligence path connects public research to product-grade evidence.
Daily signal, quarterly synthesis.
The public layer has a cadence: the dashboard is the fixed daily aggregate, research turns notable patterns into short citable field notes, and quarterly reports synthesize what changed for executives, journalists, and institutional buyers.
Public dashboard
Aggregate, defanged, country and sector metrics from a daily materialized cut. Built for citation, embeds, and safe public awareness.
Research notes
400-700 word observations, campaign profiles, trend explainers, methodology pieces, and guest notes with stable URLs and UTC timestamps.
Landscape reports
Executive synthesis: sector movement, geographic spread, kit-family evolution, citizen-reporting impact, disruption outcomes, and next-quarter forecasts.
Built where the regulation is written.
Belgian engineering, EU jurisdiction, GDPR-native processing, multilingual output, data minimization, row-level controls, and no casual US data egress. The trust story is structural, not decorative.
Data residency
EU-hosted infrastructure and processing patterns designed for institutional security reviews.
Audit-ready evidence
Run lifecycle, raw artifacts, citations, and export profiles keep the answer to “how did you know?” close to the claim.
Belgian operating context
KBO-based entity resolution and Belgian/EU regulatory vocabulary across workspaces and public pages.
Book a 30-minute platform tour.
Bring the audience you care about: CCERT coordination, bank compliance, OT advisory tracking, cyber underwriting, brand protection, or public research.