Skip to main content

BrandSafe Incidents

Each brand threat detected by BrandSafe is surfaced as an incident in the CyberXTron platform with full context and recommended actions.

Viewing Incidents

Via Dashboard

Navigate to BrandSafe → Incidents in the CyberXTron dashboard. Filter by threat type, severity, status, or date.

Via API

# List all BrandSafe incidents
curl \
  -H "XTRON-ORG-KEY: your_org_key" \
  -H "XTRON-ORG-SECRET: your_org_secret" \
  "https://incidents.cyberxtron.com/api/v1/brandsafe/incidents"

# Filter by brand domain and severity
curl \
  -H "XTRON-ORG-KEY: your_org_key" \
  -H "XTRON-ORG-SECRET: your_org_secret" \
  "https://incidents.cyberxtron.com/api/v1/brandsafe/incidents?brand_domain=example.com&severity=Critical&status=Open"

Full Incidents API Reference

Incident Types

Phishing Site

A website actively impersonating your brand to steal user credentials, payment information, or personal data.

Severity: Critical (if active and collecting data) / High

Response:

  1. Verify the site is live and actively phishing
  2. Identify the hosting provider and registrar
  3. Submit abuse reports to the registrar, hosting provider, and browser safe browsing lists (Google, Microsoft)
  4. If customers may have been targeted, consider a customer notification
  5. Report to relevant law enforcement if significant fraud is involved

Quick takedown resources:

Typosquatting Domain

A domain registered with a small variation of your brand name that could redirect traffic, host phishing content, or be used for spear-phishing emails.

Response:

  1. Assess the intent — is it parked, actively impersonating, or sending emails?
  2. If actively malicious: file a UDRP (Uniform Domain-Name Dispute-Resolution Policy) complaint or registrar abuse report
  3. If parked and not yet weaponized: monitor for escalation
  4. Consider defensive registration of high-risk typosquat variants

Fake Social Media Profile

An account on LinkedIn, X (Twitter), Facebook, Instagram, or other platforms falsely claiming to represent your brand or executives.

Response:

  1. Report directly to the platform using their impersonation reporting tool
  2. Document the profile before reporting (screenshot, URL, username)
  3. Alert your genuine social media team to monitor for user confusion

Fake App

An app in an official or third-party app store using your brand name, logo, or description.

Response:

  1. For official stores (Google Play, Apple App Store): submit a developer removal request via the platform's brand protection form
  2. For third-party stores: submit abuse reports directly
  3. Publish a security advisory on your website warning users about the fake app if it's widespread

Incident Fields

FieldTypeDescription
idintegerUnique numeric ID
titlestringShort description of the threat
taskKeystringTicket key (e.g., BSINC-789)
status_statusCdstringOpen, In Progress, Closed
severity_labelstringCritical, High, Medium, Low
category_namestringThreat category (e.g., Phishing, Typosquat)
taskType_namestringSpecific incident type
descriptionstringFull details of the threat
brand_namestringMonitored brand name
brand_domainstringMonitored brand domain
urlstringURL of the infringing asset
ip_addressstringIP address of the infringing host
platformstringPlatform where the threat was detected
registrarstringDomain registrar
webhost_authoritystringHosting provider
webhost_countrystringCountry where the site is hosted
phone_numbersstringPhone numbers found on the infringing site
impactstringPotential impact
recommendationstringSuggested response action
createdDtintegerCreation Unix timestamp
updatedDtintegerLast update Unix timestamp

Requesting a Takedown

Update an incident's status and track takedown progress via the CyberXTron dashboard under BrandSafe → Incidents → [incident] → Update Status. Add investigation notes to document abuse reports submitted and their outcomes.