Your evidence packet contains three sections: first, a copy of the website as it was when my scraper last saw it; second, a cookie-cutter description of the scam and it's identifying characteristics; and third, a short comment and a signed certification of bona fide belief. All reports are individually reviewed and signed by me, despite the fact that the contents are largely auto-generated for convenience.
Please do not share your evidence packet link. You are welcome to use the evidence packet however you wish internally, but I ask that you do not publicly share the link to reduce the burden on my infrastructure. I also do not want to be accused of distributing copyrighted material if any is contained within the report by coincidence, despite the collected evidence itself being fair use under United States law.
The purpose of the packet format is to reduce the amount of effort it takes for me to submit reports, and to reduce the amount of effort it takes for you to review them.
Included at the top of your evidence packet are four downloads available
to you. image.webp and contents.html are rendered
images of the website that you can use to view a copy of the website as it
was when my scraper viewed it.
These are included in the unlikely event that the website is abandoned in between the time of report and review, so that you can still take action against the user if so desired.
The second segment is a cookie-cutter description that is selected by me to help you properly analyze and contextualize the evidence. The description includes previous examples of other instances of the scam—not necessarily accurate to the current report—as examples for you to reference.
Typically, if code is reused by the threat actor, I'll also include snippets of code that clearly display malicious behavior. If third party analysis exists, then I will also link that for your review.
I write a short comment before generating each evidence report. It might be one or two words, but it was always written by me specifically for that report. The end of each report includes the following sentence:
I, [Name], affirm that I have a bona fide belief that the information and allegations contained in this report are accurate and complete.
[Name] is replaced by me by typing into a text input on my back-of-house panel. Every declaration requires me to type my own name out for the statement to be complete.