> For the complete documentation index, see [llms.txt](https://docs.inopli.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.inopli.com/drp/surface-web-monitoring.md).

# Surface Web Monitoring

The *<mark style="color:green;">Surface Web Monitoring</mark>* section of the DRP program focuses on open, searchable parts of the internet where security-relevant traces frequently appear first. It looks for brand misuse, exposed data, and infrastructure signals that indicate phishing, impersonation, or operational exposure well before these issues turn into incidents.

#### What We Monitor

* <mark style="color:green;">**Open web & targeted searches**</mark>**:** public pages and indexed content using OSINT queries to surface mentions of companies, VIPs, and sensitive strings, as well as exposed API specs or cloud resources.&#x20;
* <mark style="color:green;">**Public code repositories**</mark>**:** GitHub, GitLab, and Bitbucket for credentials, configuration files, and proprietary material committed by mistake.
* <mark style="color:green;">**Domain ecosystem & certificates**</mark>**:** newly issued TLS certificates and domain permutations that resemble official brands, helping reveal phishing sites and look-alike infrastructure.
* <mark style="color:green;">**Look-alike domains (abuse)**</mark>**:** detection of typosquatting and related variants that exploit visual or keyboard similarities to mislead users.
* <mark style="color:green;">**App stores and extensions**</mark>**:** listings that impersonate brands, misuse trademarks, or bundle malicious functionality.
* <mark style="color:green;">**DNS and subdomains**</mark>**:** public records and subdomain enumeration that reveal misconfigurations or unintended exposure of services.

#### Why This Matters

Surface-web signals often foreshadow phishing campaigns, fraud, and data exposure. Early visibility into look-alike domains, leaked code or credentials, risky app listings, and misconfigured services enables faster takedown, containment, and stakeholder notification.

### Next pages

* [Surface Web](/drp/surface-web-monitoring/surface-web.md)
* [Domain & Brand Look-Alikes](/drp/surface-web-monitoring/domain-and-brand-look-alikes.md)
* [Risk Signals Detected](/drp/surface-web-monitoring/risk-signals-detected.md)
* [Enrichment Strategies](/drp/surface-web-monitoring/enrichment-strategies.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inopli.com/drp/surface-web-monitoring.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.