Direct answer
What is a phishing knowledge graph? It is a connected model of phishing indicators, evidence, campaigns, sources, infrastructure, brands and fraud routes.
Entities
Useful graph entities include domains, URLs, IPs, brands, sectors, countries, certificates, screenshots, page hashes, kits, phones, IBANs, wallets, handles, source families, evidence artifacts and cases.
Relationships
Edges explain why things belong together: redirect chain, shared IP, same certificate, same favicon, same kit, same sender, same mule route, same ad trace, same brand target or same campaign.
Decision value
The graph helps answer: what is confirmed, what is suspicious, what is early warning, what evidence exists, what can be exported, and what action is safe next.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What is a phishing knowledge graph?
It is a connected model of phishing indicators, evidence, campaigns, sources, infrastructure, brands and fraud routes.
Why is graph intelligence better than a list?
It reveals reuse, concentration, campaign movement and evidence paths that individual rows cannot show.