Direct answer
Can active OSINT be used in production? Yes, when authorization, retention, sensitivity and audit controls are recorded and collection is isolated in workers.
Collection classes
Telegram/forum watch, SMS trap feeds, email traps, honeypot callbacks, paste/code exposure and kit marketplace references all reveal evidence competitors often miss.
Governance
Every active source needs mandate metadata, source lifecycle, retention policy, sensitivity level, redaction status and provenance. Active OSINT remains review-first unless corroborated or analyst-confirmed.
Worker-only architecture
Collection, screenshots, OCR, liveness, graphing and exports run in workers. Public and authenticated pages read snapshots and last-good projections.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
Can active OSINT be used in production?
Yes, when authorization, retention, sensitivity and audit controls are recorded and collection is isolated in workers.
Does active OSINT confirm a threat by itself?
No. It creates review candidates or corroborated suspicious leads unless supported by trusted evidence, official warnings or analyst confirmation.