> For the complete documentation index, see [llms.txt](https://docs.inopli.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.inopli.com/drp/page-reference-monitoring.md).

# Page Reference Monitoring

The <mark style="color:green;">**Page Reference Monitoring**</mark> feature enables proactive detection of phishing and brand impersonation attempts through embedded JavaScript code. This mechanism identifies when legitimate websites are cloned and deployed under unauthorized or suspicious domains, allowing the security team to react before reputational or financial damage occurs.

This feature is particularly effective for detecting <mark style="color:green;">**look-alike sites**</mark>, credential harvesting pages, or infrastructure reuse targeting users of a known web service or brand.

***

#### How It Works

1. <mark style="color:green;">**Script Deployment**</mark>\
   The Inopli platform provides a unique JavaScript snippet for each monitored domain. This script is embedded directly into the HTML of selected web pages (typically login portals, user dashboards, or transaction pages).
2. <mark style="color:green;">**Silent Beaconing**</mark>\
   When the legitimate page is loaded, the script performs passive fingerprinting and silently confirms the origin via a secured beacon back to the Inopli DRP backend.
3. <mark style="color:green;">**Clone Detection**</mark>\
   If the same HTML and JavaScript are reused or mirrored under a different domain—typically during phishing or impersonation attempts—the beacon is still triggered but now exposes a mismatch in origin. This event is logged and surfaced as a <mark style="color:green;">**Finding**</mark> in the DRP console.
4. <mark style="color:green;">**Threat Attribution**</mark>\
   The suspicious or unauthorized domain is then enriched and flagged using all standard enrichment processes: WHOIS, DNS, phishing feeds, and the Inopli internal threat graph. If confirmed as malicious, it is escalated via the Response module.

***

#### Benefits

* Early detection of phishing sites before wide distribution
* Passive monitoring, no active scanning required
* Lightweight, no impact on page performance
* Automatic correlation with brand and infrastructure profiles
* Seamless integration with existing DRP findings and workflows


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inopli.com/drp/page-reference-monitoring.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.