Direct answer
What is a phishing OSINT graph? It is a connected intelligence model that links phishing indicators to brands, sources, evidence, infrastructure, kits, campaigns and fraud routes.
Graph-first intelligence
Domains, URLs, IPs, brands, certificates, nameservers, ASNs, phones, IBANs, wallets, handles, sender IDs, email headers, kit families, campaigns, sources, evidence and cases are treated as connected entities.
Explainable relationships
The graph captures redirects, shared infrastructure, shared certificates, same favicon or DOM hash, same kit, same sender, mule-route reuse, operator-handle reuse, campaign overlap, source provenance and evidence links.
Operational output
The graph feeds Belgian Live Feed, Entity Workbench, Campaign DNA, Kit Intelligence Lab, CERT handoff packs and export profiles for MISP, STIX, CSV and JSONL.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What is a phishing OSINT graph?
It is a connected intelligence model that links phishing indicators to brands, sources, evidence, infrastructure, kits, campaigns and fraud routes.
Why is it useful for Belgium?
It combines Belgium-specific sources, active OSINT, official baselines, mule-route extraction and evidence workflows that generic global feeds do not provide out of the box.