Threat Intelligence & Misuse Indicators
Our monitoring systems have identified several recurring patterns used in the unauthorized replication of our digital infrastructure. Use this intelligence to identify and mitigate risks.
Common Misuse Patterns
Deceptive UI Patterns
Unauthorized entities often use "pixel-perfect" CSS cloning to mimic our interface. Look for:
- Missing custom font subsets (falling back to system fonts).
- Incorrectly mapped SVG paths in the brand mark.
- Hardcoded values in dynamic UI components.
Cloned Environments
Full-site mirroring using automated scrapers. Indicators include:
- Broken relative links pointing to internal staging IPs.
- Outdated metadata from previous infrastructure versions.
- Presence of 'Wget' or 'HTTrack' signatures in headers.
Unauthorized API Usage
Direct calls to our backend services from unverified origins. Indicators include:
- Missing or malformed CORS headers.
- Invalid API handshake tokens.
- High-frequency polling from residential IP blocks.
Technical Threat Matrix
| Threat ID | Vector | Severity | Detection Method |
|---|---|---|---|
| TH-BOB-092 | Domain Squatting | Medium | WHOIS Monitoring / DNS Probing |
| TH-BOB-115 | JS Injection / Mirroring | High | Subresource Integrity (SRI) Mismatch |
| TH-BOB-044 | Credential Harvesting | Critical | SSL Fingerprint Anomaly |
Mitigation Strategy
If any of these indicators are detected, immediate action is required. We recommend:
- Documenting the technical evidence (Headers, DNS, SSL).
- Submitting a report via the Reporting Center.
- Updating local firewall rules to block identified malicious IP ranges.