Direct answer
What is a phishing intelligence feed? It is a structured stream of phishing observations with provenance, confidence, confirmation state, freshness, liveness and export metadata.
Problem
CERT teams need more than a blocklist. They need a feed that separates confirmed threats from corroborated suspicious signals and review candidates, while preserving evidence and source provenance.
PhishNet unique data
The feed combines official warnings, open phishing feeds, CT/URL evidence, country and brand relevance, active OSINT categories, mule-route signals, kit/campaign links and last-good snapshots.
Public-safe proof module
Each landing page can show cached public metrics: fresh indicators, source families, confirmation split, sanitized examples and country comparison without triggering collection.
Integration path
Operational buyers can consume JSONL, CSV, STIX, MISP, PDF summaries and API endpoints with confidence, freshness, liveness, source tier and evidence/detail URLs.
Conversion path
CTA: request a sample country feed, request CERT briefing, or request MISP feed access with page/topic attribution included in the request.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What is a phishing intelligence feed?
It is a structured stream of phishing observations with provenance, confidence, confirmation state, freshness, liveness and export metadata.
How is this different from a blocklist?
PhishNet keeps evidence, source quality, graph links and uncertainty visible instead of returning only allow/block decisions.