Integration guide

TAXII phishing feed access

TAXII-style access lets qualified teams ingest PhishNet intelligence while preserving source, confidence, liveness and evidence metadata.

Request demoRead researchOpen dashboard

Direct answer

Is TAXII access public? No. Public pages document the model; operational feed access is qualified and controlled.

Research framing

Automated feeds are only useful when fields are stable and quality labels are preserved.

Attack mechanism

PhishNet feed access can separate country packs, confirmed items, review candidates, verified-live records and campaign clusters.

Evidence and source model

Consumers should ingest confidence, confirmation state, freshness, liveness, evidence link, Belgian relevance reason and source tier.

Belgian and European relevance

Public examples stay schema-oriented and sanitized.

How PhishNet operationalizes this

Operational access is appropriate for authorized buyers and partners.

Analyst implications

The operational question is not whether an isolated row looks interesting. The question is whether the signal is fresh, provenance-rich, corroborated, evidence-ready and connected to brands, sectors, infrastructure, kits, mule routes or public-warning context. PhishNet therefore presents confirmed, corroborated suspicious, review-candidate and context-only states separately.

Limits and uncertainty

The platform remains snapshot-first so feed publication does not block user pages.

Research takeaway

Phishing intelligence becomes valuable when repeated structure appears: the same brand on new infrastructure, the same kit across domains, the same phone or IBAN route after takedowns, the same ad/search pathway, or the same evidence pattern in multiple independent source families.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge urlscan.io API documentation Microsoft Ad Library API Common Crawl CDX Index

Common questions

Is TAXII access public?

No. Public pages document the model; operational feed access is qualified and controlled.

Related reading

Integrations

MISP and STIX phishing sharing

How PhishNet packages phishing evidence, provenance and confidence for MISP and STIX workflows.
Platform

Data API and exports

Feed confirmed and reviewable phishing intelligence into existing tooling.