Direct answer
Does active OSINT become confirmed automatically? No. It remains review-first unless independently corroborated, official, trusted or analyst-confirmed.
Source classes
Telegram/forum, Discord where authorized, SMS traps, email traps, honeypots, sinkholes, paste/code, kit artifacts and public marketplace chatter.
Controls
Authorization profile, source lifecycle, retention, sensitivity, redaction, provenance and review-cadence metadata.
Outputs
Active OSINT delta, mule recruitment watch, email-trap campaigns, honeypot predeployment, redacted code/paste exposure and fraud route graph.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
Does active OSINT become confirmed automatically?
No. It remains review-first unless independently corroborated, official, trusted or analyst-confirmed.
Does this run from user pages?
No. Active OSINT runs in workers; pages read snapshots.