Integration guide

OpenCTI integration

PhishNet’s graph model maps phishing indicators, sources, evidence, campaigns, kits and fraud routes into connected intelligence objects.

Request demoRead researchOpen dashboard

Direct answer

Can PhishNet feed graph systems? Yes. Graph-aware exports are a core capability.

Research framing

OpenCTI users need connected objects, relationships and confidence rather than isolated records.

Attack mechanism

PhishNet graph entities include domains, URLs, brands, kits, campaigns, phones, IBANs, wallets, sources and evidence.

Evidence and source model

Exports should preserve relationships such as redirects, same kit, same mule route, targets brand, seen in source and has evidence.

Belgian and European relevance

Research and CERT workflows can use these relationships to move from observation to case or handoff.

How PhishNet operationalizes this

The public guide explains the mapping; operational connector access belongs inside authenticated deployment.

Analyst implications

The operational question is not whether an isolated row looks interesting. The question is whether the signal is fresh, provenance-rich, corroborated, evidence-ready and connected to brands, sectors, infrastructure, kits, mule routes or public-warning context. PhishNet therefore presents confirmed, corroborated suspicious, review-candidate and context-only states separately.

Limits and uncertainty

No public route triggers graph clustering or export generation.

Research takeaway

Phishing intelligence becomes valuable when repeated structure appears: the same brand on new infrastructure, the same kit across domains, the same phone or IBAN route after takedowns, the same ad/search pathway, or the same evidence pattern in multiple independent source families.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge urlscan.io API documentation Microsoft Ad Library API Common Crawl CDX Index

Common questions

Can PhishNet feed graph systems?

Yes. Graph-aware exports are a core capability.

Related reading

Platform

Phishing OSINT graph platform

A graph-first operating model for phishing, smishing, mule routes, kits, campaigns, sources, evidence and exports.
Solutions

Phishing OSINT research platform for universities and cyber labs

Sanitized public observations, reproducible snapshots and authenticated graph-backed datasets for phishing, smishing, mule-route, kit and campaign research.