Page Reference Monitoring
The Page Reference Monitoring feature enables proactive detection of phishing and brand impersonation attempts through embedded JavaScript code. This mechanism identifies when legitimate websites are cloned and deployed under unauthorized or suspicious domains, allowing the security team to react before reputational or financial damage occurs.
This feature is particularly effective for detecting look-alike sites, credential harvesting pages, or infrastructure reuse targeting users of a known web service or brand.
How It Works
Script Deployment The Inopli platform provides a unique JavaScript snippet for each monitored domain. This script is embedded directly into the HTML of selected web pages (typically login portals, user dashboards, or transaction pages).
Silent Beaconing When the legitimate page is loaded, the script performs passive fingerprinting and silently confirms the origin via a secured beacon back to the Inopli DRP backend.
Clone Detection If the same HTML and JavaScript are reused or mirrored under a different domain—typically during phishing or impersonation attempts—the beacon is still triggered but now exposes a mismatch in origin. This event is logged and surfaced as a Finding in the DRP console.
Threat Attribution The suspicious or unauthorized domain is then enriched and flagged using all standard enrichment processes: WHOIS, DNS, phishing feeds, and the Inopli internal threat graph. If confirmed as malicious, it is escalated via the Response module.
Benefits
Early detection of phishing sites before wide distribution
Passive monitoring, no active scanning required
Lightweight, no impact on page performance
Automatic correlation with brand and infrastructure profiles
Seamless integration with existing DRP findings and workflows
Last updated