# Surface Web Monitoring The *Surface Web Monitoring* section of the DRP program focuses on open, searchable parts of the internet where security-relevant traces frequently appear first. It looks for brand misuse, exposed data, and infrastructure signals that indicate phishing, impersonation, or operational exposure well before these issues turn into incidents. #### What We Monitor * **Open web & targeted searches****:** public pages and indexed content using OSINT queries to surface mentions of companies, VIPs, and sensitive strings, as well as exposed API specs or cloud resources. * **Public code repositories****:** GitHub, GitLab, and Bitbucket for credentials, configuration files, and proprietary material committed by mistake. * **Domain ecosystem & certificates****:** newly issued TLS certificates and domain permutations that resemble official brands, helping reveal phishing sites and look-alike infrastructure. * **Look-alike domains (abuse)****:** detection of typosquatting and related variants that exploit visual or keyboard similarities to mislead users. * **App stores and extensions****:** listings that impersonate brands, misuse trademarks, or bundle malicious functionality. * **DNS and subdomains****:** public records and subdomain enumeration that reveal misconfigurations or unintended exposure of services. #### Why This Matters Surface-web signals often foreshadow phishing campaigns, fraud, and data exposure. Early visibility into look-alike domains, leaked code or credentials, risky app listings, and misconfigured services enables faster takedown, containment, and stakeholder notification. ### Next pages * [Surface Web](https://docs.inopli.com/drp/surface-web-monitoring/surface-web) * [Domain & Brand Look-Alikes](https://docs.inopli.com/drp/surface-web-monitoring/domain-and-brand-look-alikes) * [Risk Signals Detected](https://docs.inopli.com/drp/surface-web-monitoring/risk-signals-detected) * [Enrichment Strategies](https://docs.inopli.com/drp/surface-web-monitoring/enrichment-strategies)