Direct answer
How is this different from a feed? It combines source quality, evidence readiness, graph relationships, active OSINT and analyst decisions instead of only delivering raw indicators.
National picture
PhishNet gives Belgium-first visibility into fresh phishing domains and URLs, attacked brands, smishing routes, fake financial platforms, mule/payment routes, active OSINT and campaign clusters.
Operational workflows
Analysts can pivot from Belgian Live Feed to Evidence, Fusion Graph, Kit Intelligence, Campaign DNA, Source Factory and CERT handoff packs.
Integration
MISP, STIX, JSONL, CSV, API feeds and PDF summaries make the data usable inside existing CERT and SOC processes.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
How is this different from a feed?
It combines source quality, evidence readiness, graph relationships, active OSINT and analyst decisions instead of only delivering raw indicators.
Can weak signals be separated from confirmed threats?
Yes. Confirmation state remains explicit across UI, exports and graph views.