Platform capability

OSINT fusion for phishing and fraud

PhishNet is graph-based phishing OSINT: source intake, enrichment, evidence and action in one model.

Request demoRead researchOpen dashboard

Direct answer

Is this a blocklist? No. It is an OSINT fusion and evidence workflow.

Fusion model

The platform joins phishing feeds, regulator warnings, DNS, CT, URLScan-style evidence, active OSINT, ads/search, credential metadata, mule routes and official baselines.

Operational separation

Confirmed, corroborated suspicious, review candidate and context-only states are kept separate.

Performance model

User pages read snapshots; workers handle ingestion, enrichment, liveness, clustering, research and exports.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge urlscan.io API documentation Microsoft Ad Library API Common Crawl CDX Index

Common questions

Is this a blocklist?

No. It is an OSINT fusion and evidence workflow.

Does public browsing trigger collection?

No. Public pages use static content and cached daily modules.

Related reading

Knowledge

The phishing knowledge graph

Why phishing intelligence becomes more powerful when indicators are connected into a graph.
Knowledge

The phishing attack chain

How phishing moves from preparation to delivery, capture, monetization and reuse.