Knowledge
What is phishing?
A plain-English but expert-level explanation of phishing, why it works, and how defenders should read phishing data.
The phishing attack chain
How phishing moves from preparation to delivery, capture, monetization and reuse.
Phishing attack kits
How phishing kits work, what they leak, and why kit intelligence is a high-value OSINT layer.
AiTM and reverse-proxy phishing
A careful overview of adversary-in-the-middle phishing and the indicators defenders can track safely.
Smishing in Belgium
How Belgian SMS phishing uses parcel, identity, tax, bank and support narratives.
Malicious ads and search abuse
Why phishing increasingly competes for visibility through sponsored results, social ads and fake support pages.
Fake investment platforms
How cloned firms, fake trading platforms and recovery-room scams overlap with phishing intelligence.
Mule routes: IBANs, phones and wallets
Why payment and contact routes are central to phishing intelligence.
Certificate Transparency for phishing discovery
How CT logs help detect brand impersonation and pre-deployment infrastructure.
URLScan, OSINT and phishing evidence
How submitted URLs, screenshots, DOM hashes and redirect chains support phishing investigations.
The phishing knowledge graph
Why phishing intelligence becomes more powerful when indicators are connected into a graph.
The societal impact of phishing
How phishing harms citizens, institutions, businesses and public trust.
Malware and credential theft
Where phishing overlaps with credential exposure, stealers, malicious attachments and account takeover.
Phishing evidence and takedown
How evidence, provenance and human approval turn intelligence into safe action.
Phishing OSINT research
How open-source phishing research becomes operational intelligence for public-sector and CERT teams.
Belgium phishing landscape
A Belgium-first view of phishing, smishing, fake platforms, mule routes and public-sector impersonation.
Active OSINT collection for phishing
How authorized active OSINT expands phishing intelligence beyond commodity feeds.
Phishing kit weakness intelligence
How kit reuse, exposed panels, debug artifacts and webhook patterns support CERT-safe investigations.
Campaign DNA and attacker infrastructure
How infrastructure reuse, timing, language, kits, certificates and mule routes reveal campaign structure.
CERT handoff and evidence packs
How phishing intelligence becomes a defensible package for CERT, regulator, abuse-desk or police workflows.
The psychology of phishing attacks
How urgency, authority, trust transfer, loss aversion and local context make phishing effective.
The economics of phishing
How kits, ads, hosting, credentials, mule routes and fake platforms form a repeatable fraud market.
Phishing kit families and campaign DNA
How kit fingerprints, AiTM markers, panel paths and safe weakness intelligence connect campaigns.
Belgium versus Europe: phishing patterns and country differences
How Belgian phishing differs from neighbouring markets in language, brands, TLDs, lures and payment routes.
Audiences
For journalists covering phishing and online fraud
Journalists need defensible context, safe examples, charts, quotes and methodology without publishing live victim-harm artifacts. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For phishing and fraud researchers
Researchers need reproducible snapshots, source provenance, bias notes, confirmation states and datasets that can be cited. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For CERT and CSIRT teams
CERT and CSIRT teams need early warning, evidence readiness, MISP/STIX sharing, takedown packs and national or sector context. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For cyber analysts and SOC teams
Analysts need to pivot from one IOC into campaign, source, evidence, liveness, kit and export context fast. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For banks and fraud teams
Banks need brand impersonation, fake investment platforms, mule routes, payment references and evidence that can support response. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For telecom and smishing teams
Telecom teams need sender IDs, callback numbers, shortlinks, carrier timing and country-language lure patterns. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For MSSPs, MDRs and SOC providers
Service providers need repeatable client-ready feeds, source quality, export health, false-positive control and evidence links. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
For abuse desks and infrastructure providers
Abuse teams need prioritized evidence, hosting/ASN recurrence, liveness, takedown context and repeat infrastructure patterns. PhishNet answers it with public-safe data, research context, graph evidence and a direct route into operational access.
Data products
Belgium phishing snapshot
A public-safe daily view of Belgian phishing pressure, confirmation split, source families and evidence readiness.
Benelux smishing routes
A sanitized view of shortlink, callback, lure-family and country-language smishing patterns.
Fake investment platform watch
Public warning overlap, fake platform themes, celebrity-ad abuse and cloned-firm risk patterns.
Phishing kit reuse
A public view of kit-family, fingerprint, panel-path and campaign-reuse patterns without exposing exploit detail.
Brand abuse on non-local TLDs
Belgian brand impersonation on `.top`, `.xyz`, `.shop` and other non-local domain spaces.
Source quality and evidence readiness
A public-safe view of how source contribution, corroboration and evidence completeness affect phishing response.
Country comparison
Comparable public-safe snapshots for Belgium, Netherlands, Luxembourg, France, Germany, UK and EU-level phishing patterns.
Reports
Belgium Phishing Landscape
Quarterly public report on Belgian phishing pressure, source families, attacked brands and evidence readiness.
Benelux Smishing and Mule Routes
Report on smishing routes, shortlinks, callback paths and mule/payment behavior across Benelux.
Fake Investment Platforms and Celebrity Abuse
Report on fake finance funnels, cloned firms, celebrity-abuse ads and regulator-warning overlap.
Phishing Kit Reuse and Weakness Intelligence
Report on kit fingerprints, reuse patterns, safe weakness categories and CERT handoff value.
Source Quality and Evidence Readiness
Report on source contribution, confirmation states, evidence gaps and export readiness.
Solutions
Phishing intelligence for public sector and national cyber teams
Country-level phishing OSINT, evidence, campaigns, kit intelligence and exports for public cyber responsibility.
Phishing and fraud intelligence for banks and payments
Brand attacks, fake investment platforms, mule routes and evidence-ready phishing data for financial institutions.
Smishing intelligence for telecom and mobile abuse teams
Sender IDs, shortlinks, callback numbers, carrier timing and Belgian lure families.
Phishing intelligence for logistics and postal brands
Parcel-lure monitoring, fake tracking flows, SMS links, payment pages and brand abuse.
Brand impersonation and phishing monitoring
Lookalikes, ads, fake apps, CT discovery, public abuse surfaces and evidence-backed action.
Phishing OSINT for MSSPs, SOCs and MDR teams
Client-specific phishing data, export profiles, source quality and campaign insight.
Phishing OSINT for CERT and CSIRT teams
Country-level phishing, smishing, active OSINT, kit intelligence, evidence and export workflows for national and sector response teams.
Phishing OSINT for banks and payment providers
Fresh domains, fake support routes, mule routes, fake investment platforms and graph-backed evidence for financial fraud teams.
Phishing OSINT research platform for universities and cyber labs
Sanitized public observations, reproducible snapshots and authenticated graph-backed datasets for phishing, smishing, mule-route, kit and campaign research.
Phishing intelligence feed for CERT and CSIRT teams
A country-scoped phishing feed with evidence, source quality, confirmation state, liveness and MISP/STIX-ready exports.
MISP and STIX phishing feed for public-sector teams
MISP/STIX-compatible phishing intelligence with provenance, confidence, liveness and evidence references.
Fake investment platform monitoring
Detect fake trading platforms, recovery-room scams, cloned regulated firms, celebrity-ad abuse and payment-route signals.
Belgian smishing intelligence for telecom teams
Sender IDs, shortlinks, callback numbers, carrier timing, lure families and evidence-ready SMS phishing exports.
Phishing OSINT API for MSSPs and SOC teams
Client-scoped phishing OSINT, evidence, source quality and export-ready datasets for service providers.
Phishing dataset access for research institutions
Reproducible public snapshots and authenticated graph-backed datasets for universities, labs and policy institutes.
For MISP communities
MISP-ready phishing intelligence with explicit confidence, provenance, liveness and evidence links.
For universities and applied cyber labs
Public-safe phishing research, reproducible snapshots and authenticated data partnerships.
For cyber insurers
Phishing pressure, evidence readiness, brand exposure and sector benchmarks for underwriting and claims context.
For abuse desks and hosting providers
Evidence-ready phishing, source provenance, graph context and takedown-ready handoff packages.
Belgium phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for Belgium with source provenance and export paths.
Netherlands phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for Netherlands with source provenance and export paths.
Luxembourg phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for Luxembourg with source provenance and export paths.
France phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for France with source provenance and export paths.
Germany phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for Germany with source provenance and export paths.
UK phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for UK with source provenance and export paths.
EU phishing intelligence
Country-scoped phishing, smishing, fake-platform and evidence intelligence for EU with source provenance and export paths.
Banking phishing intelligence
Sector-specific phishing, impersonation, evidence and export intelligence for banking teams.
Telecom phishing intelligence
Sector-specific phishing, impersonation, evidence and export intelligence for telecom teams.
Postal logistics phishing intelligence
Sector-specific phishing, impersonation, evidence and export intelligence for postal logistics teams.
Public sector phishing intelligence
Sector-specific phishing, impersonation, evidence and export intelligence for public sector teams.
Insurance phishing intelligence
Sector-specific phishing, impersonation, evidence and export intelligence for insurance teams.
Marketplaces phishing intelligence
Sector-specific phishing, impersonation, evidence and export intelligence for marketplaces teams.
Platform
OSINT fusion for phishing and fraud
How PhishNet fuses open sources, active OSINT, evidence, graph relationships and exports into one operating picture.
PhishNet knowledge graph
How domains, URLs, brands, kits, phones, IBANs, evidence, sources and cases become connected phishing intelligence.
Authorized active OSINT operations
Telegram/forum, SMS/email trap, honeypot, paste/code and public chatter intelligence under authorization.
Kit intelligence and weakness discovery
Phishing kit fingerprints, safe weakness summaries, campaign DNA and CERT handoff context.
Evidence workbench
Archive, preserve, review and export phishing evidence.
Data API and exports
Feed confirmed and reviewable phishing intelligence into existing tooling.
Cyber insurance risk intelligence
Outside-in posture, loss-event monitoring, evidence observations and portfolio accumulation datasets for underwriting and claims context.
Phishing OSINT graph platform
A graph-first operating model for phishing, smishing, mule routes, kits, campaigns, sources, evidence and exports.
Evidence and takedown workflows
Turn phishing OSINT into preserved evidence, analyst decisions, abuse-desk exports and CERT handoff packs.
How to ingest PhishNet into MISP
A public-safe guide to structuring PhishNet phishing intelligence for MISP sharing communities.
PhishNet STIX and TAXII schema
How PhishNet represents phishing observations, evidence, campaigns and confidence in STIX-style exports.
Belgian phishing OSINT dataset methodology
How PhishNet builds public-safe and authenticated phishing datasets with provenance, redaction and bias notes.
CERT handoff pack example
What an evidence-ready phishing handoff package should contain for CERT and abuse workflows.
Evidence readiness scoring guide
How PhishNet explains whether a phishing observation is ready for action, export, research or handoff.