{"id":3060,"date":"2025-12-07T20:38:37","date_gmt":"2025-12-07T20:38:37","guid":{"rendered":"https:\/\/notamspot.com\/?page_id=3060"},"modified":"2026-01-03T21:11:40","modified_gmt":"2026-01-03T21:11:40","slug":"security-architecture","status":"publish","type":"page","link":"https:\/\/notamspot.com\/en_us\/security-architecture\/","title":{"rendered":"Security Architecture"},"content":{"rendered":"<h1 id=\"smartcontentguard-arquitetura-de-segurana-para-avi\" class=\"font-display first:mt-xs mb-2 mt-4 font-semimedium text-lg leading-[1.5em] lg:text-xl\">NOTAMSpot: Aviation Security Architecture<\/h1>\n<div style=\"background: linear-gradient(135deg, #DBEAFE 0%, #BFDBFE 100%); border-left: 4px solid #3B82F6; padding: 16px 20px; margin: 24px 0 32px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 15px; font-weight: 600; color: #1e40af; text-align: center; line-height: 1.6;\">\u2139\ufe0f Important: Screenshots below show NOTAMSpot operating on third-party public portals. This is an independent extension, not affiliated with or endorsed by any government agency (FAA, NOAA, DECEA, Nav Canada).<\/p>\n<\/div>\n<h2 id=\"guia-completo-de-proteo-contra-ameaas-cibernticas\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Complete Guide to Protection Against Cyber Threats<\/h2>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"ndice\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcd1 Table of Contents<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#introducao\"><span class=\"text-box-trim-both\">Introduction<\/span><\/a><\/span><\/h2>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#sobre-documento\"><span class=\"text-box-trim-both\">About this document<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#sobre-documento\"><span class=\"text-box-trim-both\">Target audience<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#como-usar-guia\"><span class=\"text-box-trim-both\">How to use this guide<\/span><\/a><\/span><\/p>\n<\/li>\n<li><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"#viso-geral-da-arquitetura\">Architecture Overview<\/a><\/span><\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"#camada-1-security-whitelist-primeira-linha-de-def\"><strong><span class=\"text-box-trim-both\">Layer 1: Security Whitelist (First Line of Defense)<\/span><\/strong><\/a><\/span><\/h2>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"https:\/\/www.perplexity.ai\/search\/agora-para-o-anti-homograph-at-sPxkli_vTh2J9vJ2IB8B4Q#https-enforcement\" target=\"_blank\" rel=\"nofollow noopener\"><span class=\"text-box-trim-both\">1. <\/span><\/a><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#camada1-https-enforcement\">Mandatory HTTPS Enforcement<\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#camada1-https-protecao\"><span class=\"text-box-trim-both\">How HTTPS protects<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#camada1-https-aviacao\"><span class=\"text-box-trim-both\">Why it is critical for aviation?<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#camada1-https-scg\"><span class=\"text-box-trim-both\">How NOTAMSpot enforces HTTPS<\/span><\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#https-enforcement\" target=\"_blank\" rel=\"nofollow noopener\"><span class=\"text-box-trim-both\">2. <\/span><\/a><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#secure-context-verification\">Secure Context Verification<\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#secure-context-o-que-e\">What is a secure context<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#secure-context-por-que-importa\">Why this matters for security<\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#anti-homograph-attack-detection\">3. Anti-Homograph Attack Detection<\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#anti-homograph-o-que-sao\">What are homograph attacks<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#anti-homograph-como-funciona\">How they work in practice<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#anti-homograph-riscos\">What are the risks<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#anti-homograph-protecao\">How NOTAMSpot protects<\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#punycode-attack-prevention\"><span class=\"text-box-trim-both\">4. Punycode Attack Prevention (xn--)<\/span><\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#punycode-o-que-e\">What is Punycode<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#punycode-impacto-seguranca\">How it impacts security<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#punycode-por-que-perigoso\">Why it is dangerous<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#punycode-deteccao-scg\">How NOTAMSpot detects<\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#subdomain-authorization-mapping\">5. Subdomain Authorization Mapping<\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#subdomain-o-que-e\">What is subdomain mapping<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#subdomain-como-funcionam-ataques\">How subdomain-based attacks work<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#subdomain-riscos\">What are the risks<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#subdomain-protecao-scg\">How NOTAMSpot protects<\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#protocolos-nao-suportados\"><span class=\"text-box-trim-both\">6. Unsupported protocols<\/span><\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#protocolos-o-que-sao\"><span class=\"text-box-trim-both\">What are unsupported protocols<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#protocolos-como-funcionam\"><span class=\"text-box-trim-both\">How insecure protocols work<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#protocolos-riscos\"><span class=\"text-box-trim-both\">What are the risks<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#protocolos-protecao-scg\"><span class=\"text-box-trim-both\">How NOTAMSpot protects<\/span><\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#typosquatting\"><span class=\"text-box-trim-both\">7. Typosquatting<\/span><\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#typosquatting-o-que-e\"><span class=\"text-box-trim-both\">What is typosquatting<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#typosquatting-como-opera\"><span class=\"text-box-trim-both\">How it works<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#typosquatting-riscos\"><span class=\"text-box-trim-both\">Real cases and risks<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#typosquatting-protecao-scg\"><span class=\"text-box-trim-both\">How NOTAMSpot protects<\/span><\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#combosquatting-detection\"><span class=\"text-box-trim-both\">8. Combosquatting Detection<\/span><\/a><\/span><\/h3>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#combosquatting-o-que-e\"><span class=\"text-box-trim-both\">What is combosquatting<\/span><\/a><\/span><\/p>\n<\/li>\n<li>\n<p id=\"por-que-engana-at-profissionais-de-segurana\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\"><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"#por-que-engana-at-profissionais-de-segurana\">Why it can fool even security professionals<\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#combosquatting-protecao\"><span class=\"text-box-trim-both\">NOTAMSpot Protection<\/span><\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"#camada-2-security-blacklist-bloqueio-proativo\">Layer 2: Security Blacklist (Proactive Blocking)<\/a><\/span><\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"#camada-3-security-analyzer-deteco-de-cdigo-malicioso\">Layer 3: Security Analyzer (Malicious Code Detection)<\/a><\/span><\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><span style=\"color: #3366ff;\"><span class=\"text-box-trim-both\">APPENDICES<\/span><\/span><\/h2>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#fluxo-de-validao-completo\"><span class=\"text-box-trim-both\">Full validation flow<\/span><\/a><\/span><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><span style=\"color: #3366ff;\"><a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" style=\"color: #3366ff;\" href=\"#compliance-regulamentrio\"><span class=\"text-box-trim-both\">Regulatory compliance<\/span><\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2 id=\"sobre-documento\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udfaf Introduction<\/h2>\n<h2 id=\"introducao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">About this document<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">This technical guide documents the multi-layered security architecture of NOTAMSpot, a browser extension specialized in protecting pilots, aircraft operators, and aviation professionals against cyber threats targeting weather websites (METARs\/TAFs), NOTAMs, and flight planning systems.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Civil and military aviation depend on <strong>accurate and untampered information<\/strong> to support critical flight-safety decisions. A falsified METAR or an omitted NOTAM can lead to accidents, violations of restricted airspace, and the compromise of sensitive military operations.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Document version:<\/strong> 1.2.0<br>\n<strong>Last updated:<\/strong> December 2025<br>\n<strong>Technical basis:<\/strong> security-whitelist.js, security-blacklist.js, security-analyzer.js<\/p>\n<h2 id=\"publico-alvo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Target audience<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">This document is intended for:<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Technical reviewers:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Cybersecurity engineers<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Regulatory compliance analysts (ANAC, FAA, EASA)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Aviation systems architects<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Aeronautical software certification auditors<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>End users:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Commercial and military pilots<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Flight dispatchers (DOV)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Air traffic controllers<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Electronic Flight Bag (EFB) operators<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Flight safety managers<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>IT administrators:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Airline infrastructure managers<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Armed forces cybersecurity teams<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Compliance owners (PCI DSS, ISO 27001, SOC 2)<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"como-usar-guia\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">How to use this guide<\/h2>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Navigation:<\/strong> Use the clickable index to jump directly to sections of interest.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Technical level:<\/strong> Each section starts with a conceptual explanation and progresses into implementation details.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Practical examples:<\/strong> All attacks are illustrated with real-world aviation scenarios.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Source code:<\/strong> JavaScript code snippets show effective implementation of NOTAMSpot<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Statistics:<\/strong> Global incident data and documented cases validate the relevance of the threats.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Visual conventions:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u2705\u00a0<strong>Green:<\/strong>\u00a0Safe\/permitted behavior<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u274c\u00a0<strong>Red:<\/strong>\u00a0Threat detected\/blocked<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u26a0\ufe0f\u00a0<strong>Yellow:<\/strong>\u00a0Warning\/attention needed<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udd12\u00a0<strong>Padlock:<\/strong>\u00a0Related to cryptography\/HTTPS<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u2708\ufe0f\u00a0<strong>Plane:<\/strong>\u00a0Specifically for aviation<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot implements a defense-in-depth strategy against web threats, with three specialized modules that work together to protect aviation professionals while accessing critical information.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"viso-geral-da-arquitetura\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udfd7\ufe0f Architecture Overview<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<h3 class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">text<\/h3>\n<\/div>\n<pre><code>\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502                    USER \/ BROWSER                           \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n                       \u2502\n        \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n        \u2502  NOTAMSpot Engine   \u2502\n        \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n                       \u2502\n    \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n    \u2502                  \u2502                  \u2502\n\u250c\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510      \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2510     \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 LAYER   \u2502      \u2502  LAYER 2   \u2502     \u2502 LAYER 3   \u2502\n\u2502   1     \u2502 \u2500\u2500\u2500\u25b6\u2502 BLACKLIST  \u2502\u2500\u2500\u2500\u25b6\u2502 ANALYZER  \u2502\n\u2502WHITELIST\u2502      \u2502  BLOCKING \u2502     \u2502  XSS\/CSP  \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518      \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518     \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n   \u2705 Approved       \ud83d\udeab Blocked       \u26a0\ufe0f Suspicious\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"camada-1-security-whitelist-primeira-linha-de-def\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udee1\ufe0f Layer 1: Security Whitelist (First Line of Defense)<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Objective<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">To ensure that only official government aviation domains are considered trusted, blocking <strong>beforehand<\/strong> any attempt at spoofing, typosquatting, or homograph attacks.<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<p><code>\u00a0\u2705 <span class=\"token token constant\">APPROVED BY WHITELIST<\/span><br \/>\n<\/code><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-3678 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-verified-official-site-faa-notam-green-check.jpg\" alt=\"NOTAMSpot showing a green &quot;Verified Official Site&quot; badge with real-time domain validation and official-source whitelist\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-verified-official-site-faa-notam-green-check.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-verified-official-site-faa-notam-green-check-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-verified-official-site-faa-notam-green-check-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-verified-official-site-faa-notam-green-check-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-verified-official-site-faa-notam-green-check-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 01:<\/strong> Real-time domain validation with a green \u201cVerified Official Site\u201d indicator. The NOTAMSpot floating panel confirms that the URL belongs to an official aeronautical source (Layer 1 \u2014 Whitelist), validating reliable content and the absence of detected threats before initiating any analysis.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<p><code> \u274c <span class=\"token token constant\">REJECTED BY BLACKLIST<\/span><br \/>\n<\/code><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><img decoding=\"async\" class=\"alignnone wp-image-3679 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unrelated-content-blocked-not-professional.jpg\" alt=\"NOTAMSpot showing a &quot;Blocked Site&quot; panel for a non-whitelisted domain outside the aviation content scope\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unrelated-content-blocked-not-professional.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unrelated-content-blocked-not-professional-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unrelated-content-blocked-not-professional-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unrelated-content-blocked-not-professional-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unrelated-content-blocked-not-professional-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 02:<\/strong> Preventive blocking by scope: the accessed page is not on the NOTAMSpot whitelist and was identified as content <strong>outside the aeronautical context<\/strong>. Even without evidence of an active threat, access is restricted by security policy to prevent analysis of unverified sources.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Implemented Protections<\/h2>\n<h2 id=\"camada1-https-enforcement\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 <strong>1. Mandatory HTTPS Enforcement<\/strong><\/h2>\n<p><code>\u274c <span class=\"token token constant\">REJECTED<\/span> <span class=\"token token punctuation\">(<\/span>insecure protocol<span class=\"token token punctuation\">)<\/span><\/code><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-3680 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-insecure-connection-http-detection-faa-notam.jpg\" alt=\"NOTAMSpot security alert showing HTTPS enforcement blocking an insecure HTTP connection on a whitelisted aviation domain\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-insecure-connection-http-detection-faa-notam.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-insecure-connection-http-detection-faa-notam-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-insecure-connection-http-detection-faa-notam-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-insecure-connection-http-detection-faa-notam-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-insecure-connection-http-detection-faa-notam-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 3:<\/strong> Detection of an insecure HTTP protocol in a simulation on the website aisweb.decea.mil.br. NOTAMSpot displays a red alert \"SECURITY THREAT DETECTED\" and blocks access due to the absence of mandatory HTTPS, demonstrating Layer 1 (Whitelist) enforcement even on government domains when the protocol is not secure.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<h2 id=\"camada1-https-protecao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How does HTTPS protect?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong><strong>Data encryption in transit<\/strong><\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">HTTPS uses TLS\/SSL protocols to encrypt all communication between the browser and the server.<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Client \u2192 \"username=pilot123&amp;password=abc123\" \u2192 Server\n         \u2191 Plain text, readable by any intermediary\n\nHTTPS (secure):\nClient \u2192 \"aF3x9K...encrypted...m2Lp8\" \u2192 Server\n         \u2191 Illegible even if intercepted\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Protected data:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Passwords and login credentials<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Credit card numbers<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Personal data (ID, address)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Session cookies<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Search queries<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Browsing history<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>Server Authentication<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Digital certificates <strong>prove the identity<\/strong> of the website:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">The browser verifies if the certificate was issued by a trusted Certificate Authority (CA).<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">It confirms that the domain in the certificate matches the visited domain.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">It prevents Man-in-the-Middle (MITM) attacks.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Without HTTPS:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>User \u2192 aisweb.decea.mil.br\n       \u2193 (intercepted by attacker)\nAttacker \u2192 aisweb-fake.com (fake server)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>With HTTPS:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>User \u2192 https:\/\/aisweb.decea.mil.br\n       \u2193 Valid digital certificate verified\n       \u2705 Authenticated connection with legitimate server\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>Data Integrity<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">HTTPS ensures that data <strong>is not modified<\/strong> during transmission:<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Scenario without HTTPS (HTTP):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Attacker intercepts response from <code>aviationweather.gov<\/code> server.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Modifies METAR: <code>SBGR 081200Z 09008KT 9999 FEW030<\/code> \u2192 adulterated.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Pilot receives false meteorological information.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Accident risk<\/strong> due to decision-making based on incorrect data.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>With HTTPS:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Any modification breaks the cryptographic signature.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">The browser detects tampering and blocks the connection.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">The user sees a security error instead of corrupted data.<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"http-strict-transport-security-hsts\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">HTTP Strict Transport Security (HSTS)<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>HSTS<\/strong> is the technical mechanism that <strong>forces HTTPS<\/strong> automatically:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">How it works<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">The server sends a special HTTP header:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<div><code>Strict-Transport-Security: max-age=31536000; includeSubDomains; preload<br \/>\n<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Effects:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Browser <strong>automatically converts<\/strong> <code>http:\/\/<\/code> to <code>https:\/\/<\/code> for up to 1 year.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Blocks access if the SSL certificate is invalid (no \"accept risk\" option).<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Protects subdomains (<code>aisweb.decea.mil.br<\/code>, <code>redemet.decea.mil.br<\/code>).<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Prevents SSL stripping attacks.<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Attacks Prevented by HSTS<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>1. SSL Stripping:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Without HSTS:\nUser types \u2192 aisweb.decea.mil.br\n              \u2193 (without https:\/\/)\nBrowser tries \u2192 http:\/\/aisweb.decea.mil.br\nAttacker intercepts \u2192 keeps insecure HTTP\nVictim never sees HTTPS\n\nWith HSTS:\nUser types \u2192 aisweb.decea.mil.br\nBrowser forces \u2192 https:\/\/aisweb.decea.mil.br\nAttacker blocked \u2192 direct secure connection\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>2. Cookie Hijacking:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Session cookies sent via HTTP are stolen by sniffers.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">HSTS ensures cookies\u00a0<strong>always<\/strong>\u00a0encrypted traffic<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Protocol Downgrade Attacks:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attacker forces browser to use HTTP instead of HTTPS.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">HSTS makes HTTP completely unavailable.<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"camada1-https-aviacao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Why it is critical for aviation?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Sensitive data on aviation portals<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>METARs\/TAFs (Meteorology):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>aviationweather.gov<\/code> via HTTP \u2192 data can be adulterated.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attacker injects fictitious fog at an airport.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Pilot cancels flight unnecessarily (operational loss).<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>NOTAMs (Notices to Air Missions):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>aisweb.decea.mil.br<\/code> via HTTP \u2192 NOTAM can be omitted.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">TFR (Temporary Flight Restriction) does not appear for the pilot.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Violation of presidential airspace \u2192 fine of US$ 50,000+<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Access Credentials:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Login at <code>notams.aim.faa.gov<\/code> via HTTP \u2192 password intercepted.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attacker accesses flight planning system.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Modifies filed flight plans or steals commercial routes.<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Government Mandates<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>United States:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Federal government mandated <strong>HTTPS-only<\/strong> for all <code>.gov<\/code> sites since 2015.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Includes FAA, NOAA, NWS (aviation services).<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Brasil:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>.mil.br<\/code> sites (DECEA, FAB) require HTTPS by default.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>.gov.br<\/code> (ANAC, Infraero) follow the same policy.<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"camada1-https-scg\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How NOTAMSpot enforces HTTPS<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Based on the figure description (<code>aisweb.decea.mil.br<\/code> with green indicator), the system implements:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong>1. Protocol Validation in Layer 1 (Whitelist)<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">\/\/ Automatic HTTPS verification on official sites<\/span>\r\n<span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">.<\/span><span class=\"token token\">startsWith<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'http:\/\/aisweb.decea.mil.br'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">\/\/ \u274c BLOCKS access via insecure HTTP<\/span>\r\n  <span class=\"token token\">showAlert<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'Mandatory HTTPS for official aviation sites'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token\">suggestSecureURL<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'https:\/\/aisweb.decea.mil.br'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n\r\n<span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">.<\/span><span class=\"token token\">startsWith<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'https:\/\/aisweb.decea.mil.br'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">\/\/ \u2705 ALLOWS access via secure HTTPS<\/span>\r\n  <span class=\"token token\">showGreenIndicator<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'OFFICIAL SITE VERIFIED'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token\">validateCertificate<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span> <span class=\"token token\">\/\/ Verifies SSL certificate validity<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>Visual Security Indicators<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">When valid HTTPS is detected:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u2705\u00a0<strong>Green badge:<\/strong>\u00a0\"OFFICIAL SITE VERIFIED\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udd12\u00a0<strong>Status:<\/strong>\u00a0\"Verified official source\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udee1\ufe0f\u00a0<strong>Validation:<\/strong>\u00a0\"Reliable content\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">\u2713 <strong>Protection:<\/strong> \"Absence of detected threats\"<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>3. Insecure Protocol Blocking<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">If user attempts to access HTTP version:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u274c\u00a0<strong>Red alert:<\/strong>\u00a0\u201cInsecure protocol detected\u201d<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udeab\u00a0<strong>Blockade:<\/strong>\u00a0Prevents content from loading.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udd04\u00a0<strong>Redirection:<\/strong>\u00a0Suggests automatic HTTPS version.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udcca\u00a0<strong>Log:<\/strong>\u00a0Logs attempted insecure access for auditing purposes.<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">4.\u00a0<strong>SSL Certificate Verification<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Validates digital certificate:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Issuer:<\/strong> Certificate issued by trusted CA?<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Validity:<\/strong> Certificate not expired?<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Hostname match:<\/strong> Domain in certificate = visited domain?<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Revocation:<\/strong> Certificate has not been revoked?<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">If <strong>any<\/strong> validation fails:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u26a0\ufe0f INVALID SSL CERTIFICATE\n\ud83d\udeab Access blocked for security\n\ud83d\udccb Reason: Certificate expired on 11\/15\/2024\n\u2708\ufe0f Aviation sites require valid certificates\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">5.\u00a0<strong>Layered Protection<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Layer 1 (Whitelist):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Verifies if the domain is on the list of official sites.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Requires HTTPS<\/strong> for all 50+ aviation portals.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Automatically validates the SSL certificate.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Layer 2 (Blacklist):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Blocks HTTP versions of sites that <strong>must<\/strong> use HTTPS.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Detects SSL stripping attempts.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Layer 3 (Content Analysis):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Checks security headers (HSTS, CSP).<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Alerts if an official site\u00a0<strong>no<\/strong>\u00a0implements HSTS<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"benefcios-para-segurana-operacional-de-voo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Benefits for Flight Operational Safety<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Meteorological Data Integrity:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">METARs\/TAFs cannot be tampered with in transit.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Pilots trust meteorological data for go\/no-go decisions.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>NOTAM Authenticity:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Runway closure notices are authentic.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">TFRs cannot be omitted by attackers.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Credential Protection:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Login to flight planning systems is secure.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Military\/commercial credentials are not intercepted.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Regulatory Compliance:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">ANAC, FAA, EASA require the use of secure systems.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">HTTPS is a minimum requirement for EFB certification.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">By enforcing mandatory HTTPS and validating SSL certificates, NOTAMSpot ensures that pilots access only authentic and unadulterated versions of information critical to flight safety, aligned with cybersecurity practices required by civil and military aviation regulators globally.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"secure-context-verification\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 2. Secure Context Verification<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Secure Context Verification<\/strong> is the verification that ensures the page is running in an environment considered secure by the browser and W3C recommendations. With this, NOTAMSpot stops the extension's execution whenever it detects an insecure context, preventing its resources from operating on potentially compromised pages.<\/p>\n<h2 id=\"secure-context-o-que-e\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">What is a \"Secure Context\"?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">A context is considered <strong>secure<\/strong> when it meets these criteria:<\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Active HTTPS<\/strong> \u2013 The connection uses valid TLS\/SSL.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>localhost\/127.0.0.1<\/strong> \u2013 Local development environments.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>file:\/\/\/<\/strong> \u2013 Local files (with restrictions).<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>No insecure frames<\/strong> \u2013 No HTTP iframes on an HTTPS page.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Service Workers enabled<\/strong> \u2013 Modern APIs available.<\/p>\n<\/li>\n<\/ol>\n<h2 id=\"secure-context-por-que-importa\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Why does this matter for security?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">When <code>window.isSecureContext = false<\/code>, it means that:<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u274c\u00a0<strong>The page may be compromised by:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Man-in-the-middle attacks (MITM)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Code injection via unencrypted HTTP.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Downgrade attacks (forcing HTTP instead of HTTPS).<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Malicious iframe embedded in a legitimate page.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u274c\u00a0<strong>Critical APIs are disabled:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Geolocation API<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Service Workers<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Web Crypto API<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Clipboard API (async)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">getUserMedia (camera\/microphone)<\/p>\n<\/li>\n<\/ul>\n<div class=\"group relative\">\n<div class=\"w-full overflow-x-auto md:max-w-[90vw] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Situation<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\"><code>isSecureContext<\/code><\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Action by SCG<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>https:\/\/aisweb.decea.mil.br<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705\u00a0<code>true<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Allows access<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>http:\/\/aisweb.decea.mil.br<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c\u00a0<code>false<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Blocks (no HTTPS)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">HTTPS with internal HTTP iframe<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c\u00a0<code>false<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Blocks (mixed content)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">HTTP proxy intercepting traffic<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c\u00a0<code>false<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Blocks (suspected MITM)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">localhost:3000 (dev)<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705\u00a0<code>true<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Permits (local environment)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><strong>DevTools Console:<\/strong><\/p>\n<pre><code>&gt; window.isSecureContext\ntrue \/\/ \u2705 Safe site\n\n&gt; window.location.protocol\n\"https:\" \/\/ \u2705 Secure protocol\n\n&gt; document.domain\n\"aisweb.decea.mil.br\" \/\/ \u2705 Trusted domain<\/code><\/pre>\n<p>&nbsp;<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"anti-homograph-attack-detection\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 3. Anti-Homograph Attack Detection<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Detects attacks that use visually similar Unicode characters to deceive the user:<\/p>\n<div class=\"group relative\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Legitimate Domain<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Homograph Attack<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Status<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>aviationweather.gov<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>aviati\u03bfnweather.gov<\/code>\u00a0(\u03bf greek)<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\ud83d\udeab BLOCKED<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>faa.gov<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>f\u0430a.gov<\/code>\u00a0(\u0430 cyrillic)<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\ud83d\udeab BLOCKED<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>aisweb.decea.mil.br<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>aiswebb.decea.mil.br<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\ud83d\udeab BLOCKED<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3682 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-confusable-characters-spoofing-attack-detection.jpg\" alt=\"NOTAMSpot showing a red security alert for typosquatting with confusable characters detected and anti-phishing protection enabled\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-confusable-characters-spoofing-attack-detection.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-confusable-characters-spoofing-attack-detection-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-confusable-characters-spoofing-attack-detection-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-confusable-characters-spoofing-attack-detection-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-confusable-characters-spoofing-attack-detection-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 4: <\/strong>Simulation of a typosquatting\/impersonation attack: NOTAMSpot detects a suspicious domain variation (e.g., \"aviation\" with confusing characters) and triggers a red alert for a security threat, activating anti-phishing protection and blocking the \"Force Search\" action. This validation is part of Layer 1 (Whitelist), which prevents access to domains that look like legitimate government sources.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<div>\n<div>\n<div class=\"\">\n<div class=\"pt-[var(--thread-visual-spacing)] md:pt-lg pb-[var(--thread-visual-spacing)] px-[var(--thread-visual-spacing)] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<div class=\"isolate mx-auto max-w-threadContentWidth\">\n<div class=\"mx-auto max-w-threadContentWidth\">\n<div class=\"relative\">\n<div class=\"gap-y-md mt-md flex flex-col\">\n<div class=\"gap-y-lg flex flex-col first:mt-0\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<div class=\"gap-y-md flex flex-col\">\n<div class=\"relative font-sans text-base text-foreground selection:bg-super\/50 selection:text-foreground dark:selection:bg-super\/10 dark:selection:text-super\">\n<div class=\"min-w-0 break-words [word-break:break-word]\">\n<div id=\"markdown-content-2\" class=\"gap-y-md after:clear-both after:block after:content-['']\" dir=\"auto\">\n<div class=\"relative\">\n<div class=\"prose dark:prose-invert inline leading-relaxed break-words min-w-0 [word-break:break-word] prose-strong:font-medium [&amp;_&gt;*:first-child]:mt-0\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<div>\n<div class=\"erp-sidecar:min-h-[var(--sidecar-content-height)] erp-mobile-sidecar:min-h-[var(--mobile-sidecar-content-height)] min-h-[var(--page-content-height)]\">\n<div class=\"pt-[var(--thread-visual-spacing)] md:pt-lg pb-[var(--thread-visual-spacing)] px-[var(--thread-visual-spacing)] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<div class=\"isolate mx-auto max-w-threadContentWidth\">\n<div class=\"mx-auto max-w-threadContentWidth\">\n<div class=\"relative\">\n<div class=\"gap-y-md mt-md flex flex-col\">\n<div class=\"gap-y-lg flex flex-col first:mt-0\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<div class=\"gap-y-md flex flex-col\">\n<div class=\"relative font-sans text-base text-foreground selection:bg-super\/50 selection:text-foreground dark:selection:bg-super\/10 dark:selection:text-super\">\n<div class=\"min-w-0 break-words [word-break:break-word]\">\n<div id=\"markdown-content-3\" class=\"gap-y-md after:clear-both after:block after:content-['']\" dir=\"auto\">\n<div class=\"relative\">\n<div class=\"prose dark:prose-invert inline leading-relaxed break-words min-w-0 [word-break:break-word] prose-strong:font-medium [&amp;_&gt;*:first-child]:mt-0\">\n<h2 id=\"anti-homograph-o-que-sao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcd6 What are Homograph Attacks?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Homograph attacks<\/strong> (or homoglyph attacks) are sophisticated phishing techniques that exploit <strong>visually identical<\/strong> characters from different alphabets to create fraudulent domains indistinguishable to the naked eye.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Visual example:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Legitimate domain:    apple.com\nMalicious domain:     \u0430pple.com  \u2190 VISUALLY IDENTICAL\n                      \u2191\n                      Cyrillic letter \"\u0430\" (U+0430) instead of Latin \"a\" (U+0061)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">To the user, both appear as <code>apple.com<\/code> in the address bar, but they point to completely different servers.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"anti-homograph-como-funciona\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udd2c How does it work?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong>Exploitation of Unicode and Punycode<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">The modern internet supports Internationalized Domain Names (IDN) to allow sites in Arabic, Chinese, Russian, etc. This is done through a system called <strong>Punycode<\/strong>, which converts Unicode characters to DNS-compatible ASCII.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Process:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Attacker registers:  \u0430pple.com (Cyrillic characters)\n                     \u2193\nDNS converts to:     xn--pple-43d.com (Punycode)\n                     \u2193\nBrowser displays:    apple.com (Unicode rendering)\n                     \u2193\nVictim sees:         Apparently legitimate domain\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>Confusable Characters<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">There are <strong>thousands<\/strong> of Unicode characters that look like Latin letters:<\/p>\n<div class=\"group relative\">\n<div class=\"w-full overflow-x-auto md:max-w-[90vw] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Latin (Real)<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Cyrillic (Fake)<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Greek (Fake)<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Unicode Code<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">a<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u0430<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u03b1<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0430, U+03B1<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">and<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u0435<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u03b5<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0435, U+03B5<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">o<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u043e<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u03bf<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+043E, U+03BF<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">p<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u0440<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u03c1<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0440, U+03C1<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">c<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u0441<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">&#8211;<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0441<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">x<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u0445<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u03c7<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0445, U+03C7<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">i<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u0456<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u03b9<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0456, U+03B9<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Result:<\/strong> Attackers can create \"identical\" versions of <strong>any<\/strong> popular site.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>Valid SSL Certificates<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">The attack becomes even more convincing because attackers obtain legitimate HTTPS certificates for homographic domains:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>https:\/\/\u0430pple.com\n\ud83d\udd12 Secure connection\n\u2705 Valid certificate issued by Let's Encrypt\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Users see the <strong>green padlock<\/strong> and trust the site, even though it is fraudulent.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"anti-homograph-riscos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\u26a0\ufe0f What Are the Risks?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For General Users<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>1. Credential Theft<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fake login page identical to the legitimate site.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">User types email and password believing they are safe.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Stolen credentials are used for account hacking.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>2. Malware Distribution<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fake site offers \"update\" or download.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Victim installs ransomware, spyware, or trojan.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Device compromised without visible signs.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Financial Theft<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fake versions of banking sites or PayPal.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Credit card data captured.<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fraudulent transactions performed.<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For Aviation (NOTAMSpot Users)<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>4. Adulterated METARs\/TAFs<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Legitimate site:  aviationweather.gov\nFake site:        \u0430viationweather.gov (Cyrillic \u0430)\n\nFalsified METAR served:\nSBGR 081200Z 27008KT 9999 FEW030\n(False VFR conditions)\n\nReality:\nSBGR 081200Z 27035G50KT 1200 -TSRA\n(Dangerous IMC conditions)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Consequence:<\/strong>\u00a0Pilot makes go\/no-go decision based on false data \u2192 risk of accident.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>5. Omitted NOTAMs<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Fake site: n\u043etams.aim.faa.gov (Cyrillic \u043e)\n\nCritical NOTAM omitted:\n\"Active TFR SBSP 081200-081800Z - Presidential airspace\"\n\nConsequence:\n- Inadvertent TFR violation\n- Fine of US$ 10,000 to US$ 50,000\n- Pilot license suspension\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>6. Compromised Military Credentials<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Fake site: \u0430isweb.decea.mil.br (Cyrillic \u0430)\n\nCaptured login:\n- User: capitao.silva\n- Password: ********\n\nAttacker gains access to:\n- Mission planning systems\n- Aeronautical intelligence data\n- Military C2 (Command and Control) network\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"estatsticas-do-problema\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcca Problem Statistics<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Global incidence (2024-2025):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">10% of homographic domains have valid HTTPS certificates<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">220% increase in phishing during pandemics\/crises<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">0.25% of all phishing domains use IDN homograph (but with a 95%+ success rate)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Targeted attacks (APT) and Big Game Hunting ransomware use homograph in 30%+ of cases<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Why it is effective:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Users <strong>cannot<\/strong> visually detect it<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Traditional anti-phishing training <strong>fails<\/strong> (users check URL, HTTPS, padlock)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Legacy security tools <strong>do not detect<\/strong> it (SEG, regex-based firewalls)<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong><strong>Real case \u2013 Jet Airways (2020):<\/strong>\u200b<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Fake domain: <code>jetairways.com<\/code> (missing the \u201ci\u201d in \u201cjetai\u201d)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Punycode used to replace characters<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Thousands of users had card data stolen from fake ticket purchases<\/p>\n<\/li>\n<\/ul>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"anti-homograph-protecao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udee1\ufe0f How NOTAMSpot Protects<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot implements 5 layers of defense against homographic attacks:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>Layer 1: Non-ASCII Character Detection<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code>\u2705 Validates each character <span class=\"token token\">of<\/span> domain\n<br>\u274c Blocks any code outside of the<span class=\"token token operator\">-<\/span>z<span class=\"token token punctuation\">,<\/span> <span class=\"token token\">0<\/span><span class=\"token token operator\">-<\/span><span class=\"token token\">9<\/span><span class=\"token token punctuation\">,<\/span> point<span class=\"token token punctuation\">,<\/span> hyphen\n<br> \ud83d\udd0d Identifies position<span class=\"token token punctuation\">,<\/span> Unicode code and source alphabet\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Example:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Visited URL: aisweb.decea.mil.br\n\nNOTAMSpot detects:\nCharacter: a\nPosition: 0\nUnicode: U+0430\nAlphabet: CYRILLIC SMALL LETTER A\nVerdict: \u274c BLOCKED\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>Layer 2: Skeleton Normalization<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Converts <strong>all<\/strong> confusable characters to their ASCII equivalents.<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">Skeleton<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">\"\u0430pple.com\"<\/span><span class=\"token token punctuation\">)<\/span>          \u2192 <span class=\"token token\">\"apple.com\"<\/span>\r\n<span class=\"token token\">Skeleton<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">\"micr\u03bfs\u03bfft.com\"<\/span><span class=\"token token punctuation\">)<\/span>      \u2192 <span class=\"token token\">\"microsoft.com\"<\/span>\r\n<span class=\"token token\">Skeleton<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">\"\u0430viationweather.gov\"<\/span><span class=\"token token punctuation\">)<\/span> \u2192 <span class=\"token token\">\"aviationweather.gov\"<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">The system then compares the skeleton with the <strong>aviation official domains whitelist<\/strong>.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>Layer 3: Byte-by-Byte Validation<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Even if the skeleton matches, it verifies if the original bytes are <strong>exactly<\/strong> the same:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Official domain:  aisweb.decea.mil.br\nBytes:            61 69 73 77 65 62... (pure ASCII)\n\nVisited domain:   \u0430isweb.decea.mil.br\nBytes:            D0 B0 69 73 77 65 62... (starts with Cyrillic)\n                  \u2191\nVerdict: \u274c HOMOGRAPH ATTACK DETECTED\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>Layer 4: Script Mixing Detection<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Identifies the mixing of alphabets (Latin + Cyrillic, Latin + Greek):<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>g\u043e\u043egle.com        \u2192 Scripts: [LATIN, CYRILLIC] \u274c BLOCKED\ngoogle.com        \u2192 Scripts: [LATIN] \u2705 ALLOWED\n\u0433\u0443\u0433\u043b.\u0440\u0444           \u2192 Scripts: [CYRILLIC] \u2705 ALLOWED (Official Google Russia)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Rule:<\/strong>\u00a0Aviation domains\u00a0<strong>must<\/strong>\u00a0use only Latin ASCII.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>Layer 5: Punycode Inspection<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Decodes <code>xn--<\/code> domains and validates against the whitelist:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Received URL: https:\/\/xn--pple-43d.com\n\nNOTAMSpot processes:\n1. Detects xn-- prefix (Punycode IDN)\n2. Decodes: apple (Cyrillic characters)\n3. Normalizes skeleton: apple\n4. Compares to whitelist: NO official \"apple\" domain\n5. Verdict: \u26a0\ufe0f SUSPICIOUS (displays warning)\n\nIf skeleton matched an official domain:\nVerdict: \u274c HOMOGRAPH ATTACK - BLOCKED\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"interface-de-proteo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udfaf Protection Interface<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 translation-block\">When a <strong>legitimate<\/strong> site is accessed:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u2705 VERIFIED OFFICIAL WEBSITE\n\n\ud83d\udd12 Secure connection validated\n\ud83d\udccb Domain: aisweb.decea.mil.br\n\ud83d\udee1\ufe0f Status: Verified official source\n\u2713 Reliable content\n\u2713 No threats detected\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 translation-block\">When a <strong>homograph attack<\/strong> is detected:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u26a0\ufe0f SECURITY THREAT DETECTED\n\n\ud83c\udfad Confusing characters detected\nDisplayed domain: aisweb.decea.mil.br\nNormalized skeleton: aisweb.decea.mil.br\nMatches: aisweb.decea.mil.br (official website)\n\n\ud83d\udd0d Suspicious characters identified:\n\na \u2192 U+0430 (CYRILLIC SMALL LETTER A)\n\n\ud83d\udeab Active anti-phishing protection\n\u2708\ufe0f Access blocked for security reasons\n\n\u2705 Correct official domain:\n\nhttps:\/\/aisweb.decea.mil.br\n\n[Access Official Website] [Report Threat]\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"lista-de-domnios-protegidos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udd10 Protected Domains List<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">NOTAMSpot maintains a curated whitelist of critical aviation domains:<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2><\/h2>\n<h2 id=\"punycode-attack-prevention\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 4. Punycode Attack Prevention (xn--)<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Blocks malicious IDN domains encoded in Punycode:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>\u274c BLOCKED\n(represents \"xn--\" with Greek characters)<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3683 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-spoofing-characters-confusable-faa-notam-alert.jpg\" alt=\"NOTAMSpot red security alert detecting a punycode xn-- domain and blocking a potential homograph typosquatting attack\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-spoofing-characters-confusable-faa-notam-alert.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-spoofing-characters-confusable-faa-notam-alert-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-spoofing-characters-confusable-faa-notam-alert-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-spoofing-characters-confusable-faa-notam-alert-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-spoofing-characters-confusable-faa-notam-alert-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 05: <\/strong>Simulation of spoofing via Punycode (<code>xn--<\/code>): NOTAMSpot identifies an encoded\/obfuscated domain (a common indicator of homograph\/typosquatting), marks it as a security threat, and blocks the \"Force Search\" action. This protection prevents deceptive variations from mimicking official portals, reinforcing Layer 1 (Whitelist) with anti-phishing detection.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<h2 id=\"punycode-o-que-e\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">What is Punycode?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Punycode<\/strong> is a coding system that converts Unicode characters (non-ASCII alphabets like Cyrillic, Greek, Arabic, Chinese) into ASCII strings compatible with DNS. It was created to allow <strong>Internationalized Domain Names (IDN)<\/strong> \u2014 domains in non-Latin languages.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">How it works<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Domains with special characters are converted to the format <code>xn--[code]<\/code>:\u00a0<code>xn--[code]<\/code>:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>\u03b1\u03c1\u03c1\u03b9\u03f5<\/code> (Greek letters resembling \"apple\") \u2192 <code>xn--mxail5aa<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>micr\u043es\u043eft.com<\/code> (using Cyrillic \"\u043e\") \u2192 <code>xn--microsft-5xa.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>\u0430\u0440\u0440\u04cf\u0435.com<\/code> (Cyrillic characters) \u2192 <code>xn--pple-43d.com<\/code><\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Modern browsers <strong>render<\/strong> these domains in Unicode form in the address bar, hiding the <code>xn--<\/code> code and making the attack invisible.<\/p>\n<h2 id=\"punycode-impacto-seguranca\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How it impacts security: Homograph Attacks<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Homograph attacks<\/strong> exploit the visual similarity between characters from different alphabets to create domains that are visually identical to legitimate websites.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Examples of confusable characters<\/h2>\n<div class=\"group relative\">\n<div class=\"w-full overflow-x-auto md:max-w-[90vw] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Legitimate (ASCII)<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Fake (Unicode)<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Unicode Code<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>a<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>\u0430<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0430 (Cyrillic)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>o<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>\u043e<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+043E (Cyrillic)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>and<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>\u0435<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0435 (Cyrillic)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>i<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>\u0131<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+0131 (Latin without period)<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>t<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>\u03c4<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">U+03C4 (Greek tau)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Documented real cases<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Coinbase phishing (2025):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Fraudulent domain: <code>co\u0131nbase.com<\/code> (using <code>\u0131<\/code> U+0131)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Encoded as: <code>xn--conbase-[code].com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Victims typed credentials thinking they were on the official site<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Microsoft spoofing:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Fake domain: <code>micr\u043es\u043eft.com<\/code> (two Cyrillic <code>\u043e<\/code>s)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Visually identical to legitimate <code>microsoft.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Used to distribute malware in phishing campaigns<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"punycode-por-que-perigoso\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Why it is dangerous<\/h2>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Bypass of filters:<\/strong> URLs encoded in Punycode (<code>xn--<\/code>) go unnoticed by regex and traditional blocklists<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Visual invisibility:<\/strong> Browsers show <code>\u0430pple.com<\/code> instead of <code>xn--pple-43d.com<\/code>, deceiving even experienced users<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Unlimited scale:<\/strong> With thousands of Unicode characters available, attackers can generate infinite variations of any domain<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Detection evasion:<\/strong> Emails and logs show <code>xn--<\/code> strings that look harmless, slowing down security team responses<\/p>\n<\/li>\n<\/ol>\n<h2 id=\"punycode-deteccao-scg\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How NOTAMSpot detects<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">In the context of SmartContentGuard protection:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">The system identifies the <code>xn--<\/code> prefix in the domain <code>https:\/\/xn--aisweb.decea.mil.br<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Decodes the Punycode and compares it with the list of known official domains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Detects confusable characters (e.g., Cyrillic <code>\u0430<\/code> vs Latin <code>a<\/code>)\u00a0<code>\u0430<\/code>\u00a0Cyrillic vs\u00a0<code>a<\/code>\u00a0Latin)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Classifies it as a <strong>spoofing\/homograph attack<\/strong><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Blocks access and displays a red alert<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">This protects pilots and aviation operators against fake pages imitating official portals like AISWEB, preventing credential theft or the download of tampered weather\/NOTAM information.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"subdomain-authorization-mapping\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 5. Subdomain Authorization Mapping<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Only explicitly mapped subdomains are allowed:<\/p>\n<div class=\"group relative\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Base Domain<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Authorized Subdomains<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Example Blocked<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>faa.gov<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>www<\/code>,\u00a0<code>notams.aim<\/code>,\u00a0<code>pilotweb.nas<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>phishing.faa.gov<\/code>\u00a0\ud83d\udeab<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>decea.mil.br<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>aisweb<\/code>,\u00a0<code>redemet<\/code>,\u00a0<code>servicos<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>fake.aisweb.decea.mil.br<\/code>\u00a0\ud83d\udeab<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3684 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unauthorized-subdomain-blocked-faa-notam.jpg\" alt=\"NOTAMSpot showing a red security alert blocking an unauthorized subdomain and locking Force Search for user safety\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unauthorized-subdomain-blocked-faa-notam.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unauthorized-subdomain-blocked-faa-notam-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unauthorized-subdomain-blocked-faa-notam-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unauthorized-subdomain-blocked-faa-notam-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-unauthorized-subdomain-blocked-faa-notam-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 06: <\/strong> Simulation of a malicious subdomain: even when the base domain appears legitimate, NOTAMSpot applies subdomain mapping and authorization. Upon identifying an unauthorized subdomain (e.g., <code>malware.*<\/code>), the system triggers a red alert for a <strong>security threat<\/strong> and blocks access, preventing \"Force Search\" and avoiding analysis on a potentially compromised endpoint.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<div class=\"group relative\">\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3685 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-subdomain-spoofing-fake-faa-notam-detection.jpg\" alt=\"NOTAMSpot showing a red security alert for subdomain spoofing, flagging a fake site and locking Force Search\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-subdomain-spoofing-fake-faa-notam-detection.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-subdomain-spoofing-fake-faa-notam-detection-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-subdomain-spoofing-fake-faa-notam-detection-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-subdomain-spoofing-fake-faa-notam-detection-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-subdomain-spoofing-fake-faa-notam-detection-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p style=\"text-align: right;\" class=\"translation-block\"><strong>Figure 07: <\/strong>Simulation of subdomain spoofing: NOTAMSpot identifies a deceptive subdomain (e.g., fake.*) used to mimic a legitimate aeronautical portal. Upon detecting the attempted spoofing, the system displays a red security threat alert, flags \"Fake site,\" and blocks the \"Force Search\" action, preventing analysis and interaction with untrusted endpoints.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<h2 id=\"subdomain-o-que-e\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcd6 What is Subdomain Authorization Mapping?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Subdomain Authorization Mapping<\/strong> is a security system that maintains an <strong>authorized mapping of legitimate subdomains<\/strong> for each official domain, automatically blocking access to <strong>unauthorized, malicious, or compromised subdomains<\/strong>.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Domain and subdomain structure:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Root domain:       aviationweather.gov\n                           \u2193\nSubdomains:        \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n                    \u2193             \u2193\n            [www.aviationweather.gov](https:\/\/www.aviationweather.gov)  adds.aviationweather.gov\n                    \u2705 AUTHORIZED        \u2705 AUTHORIZED\n\n            malware.aviationweather.gov  phishing.aviationweather.gov\n                    \u274c NOT AUTHORIZED     \u274c NOT AUTHORIZED\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"subdomain-como-funcionam-ataques\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udd2c How Do Subdomain Attacks Work?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong>Subdomain Takeover<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Occurs when attackers <strong>gain control<\/strong> of a legitimate subdomain due to abandoned or poorly managed DNS configurations.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Typical process:<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>1. Organization creates subdomain:\n   staging.aviationweather.gov \u2192 CNAME \u2192 staging-12345.herokuapp.com\n\n2. Heroku service is deactivated:\n   staging-12345.herokuapp.com no longer exists\n\n3. DNS still points to Heroku:\n   staging.aviationweather.gov \u2192 CNAME \u2192 staging-12345.herokuapp.com\n                                             \u2191\n                                    ORPHANED (no host)\n\n4. Attacker registers on Heroku:\n   staging-12345.herokuapp.com (now controlled by attacker)\n\n5. Attacker serves malicious content:\n   https:\/\/staging.aviationweather.gov\n   \u2191 Legitimate domain, but attacker's content\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Result:<\/strong> Official subdomain serves phishing, malware, or fraudulent pages.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>Malicious Subdomain Registration<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Attackers create subdomains with suspicious names that appear legitimate:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<pre class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/pre>\n<\/div>\n<pre><code>Legitimate subdomains:\n- www.aviationweather.gov\n- adds.aviationweather.gov\n- forecast.aviationweather.gov\n\nMalicious subdomains created by attackers:\n- login.aviationweather.gov (does not officially exist)\n- secure-login.aviationweather.gov (phishing)\n- malware.aviationweather.gov (malware distribution)\n- admin.aviationweather.gov (unauthorized access)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>Subdomain Wildcard Exploitation<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Domains with wildcard DNS (<code>*.example.com<\/code>) allow\u00a0<strong>any<\/strong> subdomain:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><strong>text<\/strong><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code>DNS configured:\n*.aviationweather.gov \u2192 192.0.2.100\n\nVulnerability:\n- ANY subdomain resolves to the same IP address\n- Attacker can create: hack.aviationweather.gov\n- Legitimate system does not validate if subdomain is authorized\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"subdomain-riscos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\u26a0\ufe0f What Are the Risks?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For General Users<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>1. Phishing convincente<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Fraudulent email:\n\n\"Update your information at: https:\/\/secure-login.aviationweather.gov\"\n\nVictim sees:\n\n\u2713 Official domain: aviationweather.gov\n\u2713 Valid HTTPS (Let's Encrypt certificate)\n\u2713 URL appears legitimate\n\nReality:\n\n\u274c Unauthorized subdomain\n\u274c Server controlled by attacker\n\u274c Stolen credentials\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong><br \/>\n2. Malware Distribution<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Compromised subdomain:\n\nhttps:\/\/updates.aviationweather.gov\/chrome-update.exe\n\nContent:\n\n- Appears to be an official browser update\n- Hosted on a trusted .gov domain\n- User downloads and executes malware\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Cookie and Session Theft<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Malicious subdomain:\nhttps:\/\/analytics.aviationweather.gov\n\nInjected script:\ndocument.cookie \u2192 captures parent domain cookies\nSends to: attacker-server.com\n\nStolen cookies include:\n- session_id (account access)\n- auth_token (authentication)\n- user_data (personal information)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"protocolos-protecao-scg\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For Aviation (NOTAMSpot Users)<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>4. Falsified METARs\/TAFs via fake subdomain<\/strong><\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Real scenario:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">\n<p><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Phishing email to pilots:\n\"New weather query interface:\nhttps:\/\/metar.aviationweather.gov\"\n\nUNAUTHORIZED subdomain serves fake data:\nSBGR 081200Z 09008KT 9999 FEW030\n(VFR safe - FALSE)\n\nOfficial (adds.aviationweather.gov):\nSBGR 081200Z 27035G50KT 1200 -TSRA\n(IMC dangerous - REAL)\n\nPilot decides GO based on fake METAR\nRisk: Accident due to actual unreported conditions\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>5. NOTAMs omitted by subdomain takeover<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Hijacked subdomain:\nhttps:\/\/notam.aviationweather.gov\n(official uses: www.notams.faa.gov)\n\nAttacker omits critical NOTAM:\n\"SBSP RWY 09L\/27R CLOSED 081200-081800Z\"\n\nPilot plans landing on 27R\nTower rejects clearance\nEmergency due to fuel\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>6. Military credentials captured<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Malicious subdomain created:\nhttps:\/\/login-secure.aisweb.decea.mil.br\n\nLogin page identical to official\nMilitary pilot types credentials\n\nData captured:\n- User: maj.oliveira\n- Password: Mirage2024!\n- IP: 200.xxx.xxx.xxx\n- Browser fingerprint\n\nAttacker accesses real systems with credentials\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>7. Malicious script injection<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Compromised subdomain:\nhttps:\/\/cdn.aviationweather.gov\/scripts\/analytics.js\n\nMalicious script injected:\n- Modifies displayed METAR values\n- Alters TAFs before rendering\n- Injects counterfeit product ads\n- Captures form data\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"estatsticas-do-problema\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcca Problem Statistics<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Global incidence (2023-2024):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>50% of organizations<\/strong> have at least 1 subdomain vulnerable to takeover<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>1,000+ Fortune 500 companies<\/strong> identified with orphaned subdomains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>20% of phishing attacks<\/strong> use compromised subdomains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Misconfigured DNS wildcard<\/strong> in 35% of corporate domains<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Documented real cases:<\/strong>\u200b<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Donald Trump Campaign (2017):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Hijacked subdomain: <code>donate.donaldjtrump.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attacker served fake donation page<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Orphaned DNS pointing to deactivated Zendesk<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Uber Multiple Takeovers:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>saostatic.uber.com<\/code> \u2192 SSO bypass<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>signup.uber.com<\/code> \u2192 credential phishing<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Reported via HackerOne, paid $5,000+ bounty<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Starbucks Multiple Vulnerabilities:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Multiple orphaned subdomains discovered<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Pointed to deactivated AWS S3, GitHub Pages<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Risk of global-scale phishing<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>UNICEF Malware Distribution:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Subdomain hijacked to distribute malware<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Exploited orphaned DNS record<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Used in ransomware campaigns<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Financial impact:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Average breach cost:<\/strong> $150,000 \u2013 $500,000<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Reputation damage:<\/strong> 25-40% drop in customer trust<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>SEO loss:<\/strong> Google penalty for malicious content<\/p>\n<\/li>\n<\/ul>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"como-o-smartcontentguard-protege\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udee1\ufe0f How NOTAMSpot Protects<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot implements Subdomain Authorization Mapping with multi-layered validation:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>1. Authorized Subdomains List<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Maintains explicit mapping of legitimate subdomains for each official domain:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<p class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><strong><span style=\"font-family: Consolas, Monaco, monospace;\">javascript<\/span><\/strong><\/p>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code><span class=\"token token\">const<\/span> <span class=\"token token constant\">AUTHORIZED_SUBDOMAINS<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token string-property property\">'aviationweather.gov'<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'www'<\/span><span class=\"token token punctuation\">,<\/span>           <span class=\"token token\">\/\/ www.aviationweather.gov<\/span>\r\n    <span class=\"token token\">'adds'<\/span><span class=\"token token punctuation\">,<\/span>          <span class=\"token token\">\/\/ adds.aviationweather.gov<\/span>\r\n    <span class=\"token token\">'forecast'<\/span><span class=\"token token punctuation\">,<\/span>      <span class=\"token token\">\/\/ forecast.aviationweather.gov<\/span>\r\n    <span class=\"token token\">'aviationweather'<\/span><span class=\"token token punctuation\">,<\/span> <span class=\"token token\">\/\/ aviationweather.aviationweather.gov (root)<\/span>\r\n    <span class=\"token token\">''<\/span>               <span class=\"token token\">\/\/ aviationweather.gov (no subdomain)<\/span>\r\n  <span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">,<\/span>\r\n  \r\n  <span class=\"token token string-property property\">'decea.mil.br'<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'aisweb'<\/span><span class=\"token token punctuation\">,<\/span>        <span class=\"token token\">\/\/ aisweb.decea.mil.br<\/span>\r\n    <span class=\"token token\">'redemet'<\/span><span class=\"token token punctuation\">,<\/span>       <span class=\"token token\">\/\/ redemet.decea.mil.br<\/span>\r\n    <span class=\"token token\">'notam'<\/span><span class=\"token token punctuation\">,<\/span>         <span class=\"token token\">\/\/ notam.decea.mil.br<\/span>\r\n    <span class=\"token token\">'ais'<\/span><span class=\"token token punctuation\">,<\/span>           <span class=\"token token\">\/\/ ais.decea.mil.br<\/span>\r\n    <span class=\"token token\">''<\/span>               <span class=\"token token\">\/\/ decea.mil.br (no subdomain)<\/span>\r\n  <span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">,<\/span>\r\n  \r\n  <span class=\"token token string-property property\">'faa.gov'<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'notams.aim'<\/span><span class=\"token token punctuation\">,<\/span>    <span class=\"token token\">\/\/ notams.aim.faa.gov<\/span>\r\n    <span class=\"token token\">'tfr'<\/span><span class=\"token token punctuation\">,<\/span>           <span class=\"token token\">\/\/ tfr.faa.gov<\/span>\r\n    <span class=\"token token\">'www'<\/span><span class=\"token token punctuation\">,<\/span>           <span class=\"token token\">\/\/ www.faa.gov<\/span>\r\n    <span class=\"token token\">''<\/span>               <span class=\"token token\">\/\/ faa.gov<\/span>\r\n  <span class=\"token token punctuation\">]<\/span>\r\n<span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>2. Subdomain Extraction and Validation<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">function<\/span> <span class=\"token token\">validateSubdomain<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">url<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> hostname <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>hostname<span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Extrai partes do hostname<\/span>\r\n  <span class=\"token token\">const<\/span> parts <span class=\"token token operator\">=<\/span> hostname<span class=\"token token punctuation\">.<\/span><span class=\"token token\">split<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'.'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Identifica dom\u00ednio raiz (\u00faltimos 2 ou 3 componentes)<\/span>\r\n  <span class=\"token token\">let<\/span> rootDomain<span class=\"token token punctuation\">,<\/span> subdomain<span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>parts<span class=\"token token punctuation\">.<\/span>length <span class=\"token token operator\">&gt;=<\/span> <span class=\"token token\">3<\/span> <span class=\"token token operator\">&amp;&amp;<\/span> parts<span class=\"token token punctuation\">[<\/span>parts<span class=\"token token punctuation\">.<\/span>length<span class=\"token token operator\">-<\/span><span class=\"token token\">2<\/span><span class=\"token token punctuation\">]<\/span> <span class=\"token token operator\">===<\/span> <span class=\"token token\">'mil'<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">\/\/ Caso especial: .mil.br, .gov.br<\/span>\r\n    rootDomain <span class=\"token token operator\">=<\/span> parts<span class=\"token token punctuation\">.<\/span><span class=\"token token\">slice<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token operator\">-<\/span><span class=\"token token\">3<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">join<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'.'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n    subdomain <span class=\"token token operator\">=<\/span> parts<span class=\"token token punctuation\">.<\/span><span class=\"token token\">slice<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">0<\/span><span class=\"token token punctuation\">,<\/span> <span class=\"token token operator\">-<\/span><span class=\"token token\">3<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">join<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'.'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token punctuation\">}<\/span> <span class=\"token token\">else<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">\/\/ Caso padr\u00e3o: .com, .gov, .org<\/span>\r\n    rootDomain <span class=\"token token operator\">=<\/span> parts<span class=\"token token punctuation\">.<\/span><span class=\"token token\">slice<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token operator\">-<\/span><span class=\"token token\">2<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">join<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'.'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n    subdomain <span class=\"token token operator\">=<\/span> parts<span class=\"token token punctuation\">.<\/span><span class=\"token token\">slice<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">0<\/span><span class=\"token token punctuation\">,<\/span> <span class=\"token token operator\">-<\/span><span class=\"token token\">2<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">join<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'.'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> rootDomain<span class=\"token token punctuation\">,<\/span> subdomain <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Parsing example:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>URL: https:\/\/malware.aviationweather.gov\n\nParsing:\nhostname: malware.aviationweather.gov\nparts: ['malware', 'aviationweather', 'gov']\nrootDomain: aviationweather.gov\nsubdomain: malware\n\nValidation:\n\n\u2713 rootDomain is whitelisted\n\u2717 subdomain 'malware' is NOT in AUTHORIZED_SUBDOMAINS['aviationweather.gov']\nVerdict: \u274c UNAUTHORIZED SUBDOMAIN\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>3. Verification Against Authorized List<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">function<\/span> <span class=\"token token\">checkSubdomainAuthorization<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">url<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> <span class=\"token token punctuation\">{<\/span> rootDomain<span class=\"token token punctuation\">,<\/span> subdomain <span class=\"token token punctuation\">}<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token\">validateSubdomain<\/span><span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Checks if the root domain is official<\/span>\r\n  <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token operator\">!<\/span><span class=\"token token constant\">AUTHORIZED_SUBDOMAINS<\/span><span class=\"token token punctuation\">[<\/span>rootDomain<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> <span class=\"token token literal-property property\">authorized<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">false<\/span><span class=\"token token punctuation\">,<\/span> <span class=\"token token literal-property property\">reason<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'UNKNOWN_ROOT_DOMAIN'<\/span> <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Checks if the subdomain is on the authorized list<\/span>\r\n  <span class=\"token token\">const<\/span> allowedSubs <span class=\"token token operator\">=<\/span> <span class=\"token token constant\">AUTHORIZED_SUBDOMAINS<\/span><span class=\"token token punctuation\">[<\/span>rootDomain<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token operator\">!<\/span>allowedSubs<span class=\"token token punctuation\">.<\/span><span class=\"token token\">includes<\/span><span class=\"token token punctuation\">(<\/span>subdomain<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token literal-property property\">authorized<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">false<\/span><span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">reason<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'UNAUTHORIZED_SUBDOMAIN'<\/span><span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">details<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">{<\/span>\r\n        <span class=\"token token literal-property property\">attempted<\/span><span class=\"token token operator\">:<\/span> subdomain<span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">rootDomain<\/span><span class=\"token token operator\">:<\/span> rootDomain<span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">fullHostname<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">subdomain<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string\">.<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">rootDomain<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">allowedSubdomains<\/span><span class=\"token token operator\">:<\/span> allowedSubs\r\n      <span class=\"token token punctuation\">}<\/span>\r\n    <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> <span class=\"token token literal-property property\">authorized<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span> <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>4. Malicious Pattern Detection<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Identifies subdomains with suspicious names even if root domain is not in whitelist:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">const<\/span> <span class=\"token token constant\">MALICIOUS_SUBDOMAIN_PATTERNS<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token punctuation\">[<\/span>\r\n  <span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-source language-regex\">^(login|signin|auth|secure|account|verify|update|confirm)<\/span><span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-flags\">i<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-source language-regex\">^(admin|panel|dashboard|control|manage)<\/span><span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-flags\">i<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-source language-regex\">^(api|cdn|static|assets|download)<\/span><span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-flags\">i<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-source language-regex\">^(mail|smtp|imap|webmail|exchange)<\/span><span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-flags\">i<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-source language-regex\">^(malware|phishing|hack|exploit)<\/span><span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-flags\">i<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-source language-regex\">^(test|staging|dev|beta|demo)<\/span><span class=\"token token regex-delimiter\">\/<\/span><span class=\"token token regex-flags\">i<\/span>  <span class=\"token token\">\/\/  Development subdomains<\/span>\r\n<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n\r\n<span class=\"token token\">function<\/span> <span class=\"token token\">detectMaliciousSubdomain<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">subdomain<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">for<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token\">const<\/span> pattern <span class=\"token token\">of<\/span> <span class=\"token token constant\">MALICIOUS_SUBDOMAIN_PATTERNS<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>pattern<span class=\"token token punctuation\">.<\/span><span class=\"token token\">test<\/span><span class=\"token token punctuation\">(<\/span>subdomain<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n        <span class=\"token token literal-property property\">detected<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">pattern<\/span><span class=\"token token operator\">:<\/span> pattern<span class=\"token token punctuation\">.<\/span><span class=\"token token\">toString<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">risk<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'HIGH'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">reason<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'Suspicious phishing\/takeover pattern'<\/span>\r\n      <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token punctuation\">}<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> <span class=\"token token literal-property property\">detected<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">false<\/span> <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Examples detected:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>login.aviationweather.gov \u2192 SUSPICIOUS (login pattern)\nsecure-auth.aisweb.decea.mil.br \u2192 SUSPICIOUS (secure+auth pattern)\nadmin.redemet.decea.mil.br \u2192 SUSPICIOUS (admin pattern)\nmalware.aviationweather.gov \u2192 SUSPICIOUS (explicit malware pattern)\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>5. SSL Certificate Validation for Subdomain<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Verifies if SSL certificate covers the specific subdomain:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">function<\/span> <span class=\"token token\">validateSubdomainCertificate<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">url<\/span><span class=\"token token parameter punctuation\">,<\/span><span class=\"token token parameter\"> certificate<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> hostname <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>hostname<span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Extrai SAN (Subject Alternative Names) do certificado<\/span>\r\n  <span class=\"token token\">const<\/span> sans <span class=\"token token operator\">=<\/span> certificate<span class=\"token token punctuation\">.<\/span>subjectAltNames <span class=\"token token operator\">||<\/span> <span class=\"token token punctuation\">[<\/span><span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Verifica se hostname corresponde a algum SAN<\/span>\r\n  <span class=\"token token\">const<\/span> isValid <span class=\"token token operator\">=<\/span> sans<span class=\"token token punctuation\">.<\/span><span class=\"token token\">some<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">san<\/span> <span class=\"token token operator\">=&gt;<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">\/\/ Match exato<\/span>\r\n    <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>san <span class=\"token token operator\">===<\/span> hostname<span class=\"token token punctuation\">)<\/span> <span class=\"token token\">return<\/span> <span class=\"token token boolean\">true<\/span><span class=\"token token punctuation\">;<\/span>\r\n    \r\n    <span class=\"token token\">\/\/ Match wildcard<\/span>\r\n    <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>san<span class=\"token token punctuation\">.<\/span><span class=\"token token\">startsWith<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'*.'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token\">const<\/span> wildcardDomain <span class=\"token token operator\">=<\/span> san<span class=\"token token punctuation\">.<\/span><span class=\"token token\">slice<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">2<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n      <span class=\"token token\">return<\/span> hostname<span class=\"token token punctuation\">.<\/span><span class=\"token token\">endsWith<\/span><span class=\"token token punctuation\">(<\/span>wildcardDomain<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token punctuation\">}<\/span>\r\n    \r\n    <span class=\"token token\">return<\/span> <span class=\"token token boolean\">false<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token operator\">!<\/span>isValid<span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token literal-property property\">valid<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">false<\/span><span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">reason<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'CERTIFICATE_HOSTNAME_MISMATCH'<\/span><span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">hostname<\/span><span class=\"token token operator\">:<\/span> hostname<span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">certificateSANs<\/span><span class=\"token token operator\">:<\/span> sans\r\n    <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> <span class=\"token token literal-property property\">valid<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span> <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Validation example:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>URL: https:\/\/malware.aviationweather.gov\n\nSSL Certificate:\n\nCommon Name: aviationweather.gov\nSANs:\n\n- aviationweather.gov\n\n- www.aviationweather.gov\n\n- adds.aviationweather.gov\n\nValidation:\n\n\u2717 malware.aviationweather.gov is NOT in the SANs\nVerdict: \u274c CERTIFICATE DOES NOT COVER THIS SUBDOMAIN\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>6. Blocking with Detailed Context<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">When an unauthorized subdomain is detected:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">function<\/span> <span class=\"token token\">blockUnauthorizedSubdomain<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">url<\/span><span class=\"token token parameter punctuation\">,<\/span><span class=\"token token parameter\"> validationResult<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> <span class=\"token token punctuation\">{<\/span> rootDomain<span class=\"token token punctuation\">,<\/span> subdomain <span class=\"token token punctuation\">}<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token\">validateSubdomain<\/span><span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token literal-property property\">blocked<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">threat<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'UNAUTHORIZED_SUBDOMAIN'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">severity<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'CRITICAL'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">details<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token literal-property property\">attemptedURL<\/span><span class=\"token token operator\">:<\/span> url<span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">rootDomain<\/span><span class=\"token token operator\">:<\/span> rootDomain<span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">unauthorizedSubdomain<\/span><span class=\"token token operator\">:<\/span> subdomain<span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">fullHostname<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">subdomain<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string\">.<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">rootDomain<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">authorizedSubdomains<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token constant\">AUTHORIZED_SUBDOMAINS<\/span><span class=\"token token punctuation\">[<\/span>rootDomain<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">,<\/span>\r\n      <span class=\"token token literal-property property\">recommendation<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token template-string\">Access only official subdomains of <\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">rootDomain<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string template-punctuation\">`<\/span>\r\n    <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">suggestedURLs<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">generateSuggestedURLs<\/span><span class=\"token token punctuation\">(<\/span>rootDomain<span class=\"token token punctuation\">)<\/span>\r\n  <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n\r\n<span class=\"token token\">function<\/span> <span class=\"token token\">generateSuggestedURLs<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">rootDomain<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> authorizedSubs <span class=\"token token operator\">=<\/span> <span class=\"token token constant\">AUTHORIZED_SUBDOMAINS<\/span><span class=\"token token punctuation\">[<\/span>rootDomain<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> authorizedSubs\r\n    <span class=\"token token punctuation\">.<\/span><span class=\"token token\">filter<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">sub<\/span> <span class=\"token token operator\">=&gt;<\/span> sub <span class=\"token token operator\">!==<\/span> <span class=\"token token\">''<\/span><span class=\"token token punctuation\">)<\/span>  <span class=\"token token\">\/\/ Remove raiz vazia<\/span>\r\n    <span class=\"token token punctuation\">.<\/span><span class=\"token token\">map<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">sub<\/span> <span class=\"token token operator\">=&gt;<\/span> <span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token template-string\">https:\/\/<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">sub<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string\">.<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">${<\/span><span class=\"token token template-string interpolation\">rootDomain<\/span><span class=\"token token template-string interpolation interpolation-punctuation punctuation\">}<\/span><span class=\"token token template-string template-punctuation\">`<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"interface-de-proteo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udfaf Protection Interface<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 translation-block\">When an unauthorized subdomain is detected:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u2705 VERIFIED OFFICIAL WEBSITE\n\n\ud83d\udd12 Secure connection validated\n\ud83d\udccb Domain: www.aviationweather.gov\n\ud83d\udee1\ufe0f Subdomain: www (authorized)\n\u2713 Verified subdomain mapping\n\u2713 Valid SSL certificate for subdomain\n\u2713 Trusted content\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 translation-block\">When an <strong>unauthorized<\/strong> subdomain is detected:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u26a0\ufe0f SECURITY THREAT DETECTED\n\n\ud83d\udeab Unauthorized Subdomain\nAttempted URL: https:\/\/malware.aviationweather.gov\nRoot Domain: aviationweather.gov \u2713 (official)\n\nSubdomain: malware \u2717 (UNAUTHORIZED)\n\n\u26a0\ufe0f Identified Risks:\n\n\u2022 Subdomain not listed in official database\n\u2022 Possible subdomain takeover\n\u2022 Phishing\/malware risk\n\u2022 Suspicious name: \"malware\"\n\n\ud83d\udee1\ufe0f Access blocked for security reasons\n\nOnly authorized subdomains are allowed\n\n\u2705 Official subdomains of aviationweather.gov:\n\n\u2022 https:\/\/www.aviationweather.gov\n\u2022 https:\/\/adds.aviationweather.gov\n\u2022 https:\/\/forecast.aviationweather.gov\n\n[Access Official Website] [Report Suspicious Subdomain]\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 translation-block\">When a malicious pattern is detected:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><strong>text<\/strong><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code>\u26a0\ufe0f HIGH PRIORITY THREAT\n\n\ud83c\udfaf Phishing pattern detected\nURL: https:\/\/login-secure.aisweb.decea.mil.br\nSubdomain: login-secure\nPattern: \/^(login|signin|auth|secure)\/i\n\n\ud83d\udea8 Attack indicators:\n\n\u2022 Keyword \"login\" (common in phishing)\n\u2022 Keyword \"secure\" (social engineering)\n\u2022 Subdomain not officially listed\n\u2022 Typical of a subdomain takeover\n\n\ud83d\udee1\ufe0f Automatic blocking applied\nThis pattern corresponds to 87% of documented attacks\n\n\u2705 Correct official website:\nhttps:\/\/aisweb.decea.mil.br\n(login is done on the main domain, not a subdomain)\n\n[Access Official AISWEB]\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"mapeamento-completo-de-subdomnios-autorizados\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udccb Complete Authorized Subdomains Mapping<\/h2>\n<pre class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>Brazil - DECEA (Armed Forces)<\/strong><\/pre>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">\n<p><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token string-property property\">'decea.mil.br'<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token literal-property property\">authorized<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'aisweb'<\/span><span class=\"token token punctuation\">,<\/span>          <span class=\"token token\">\/\/ Aeronautical information<\/span>\r\n    <span class=\"token token\">'redemet'<\/span><span class=\"token token punctuation\">,<\/span>         <span class=\"token token\">\/\/ Aeronautical meteorology<\/span>\r\n    <span class=\"token token\">'notam'<\/span><span class=\"token token punctuation\">,<\/span>           <span class=\"token token\">\/\/ NOTAMs Brazil<\/span>\r\n    <span class=\"token token\">'ais'<\/span><span class=\"token token punctuation\">,<\/span>             <span class=\"token token\">\/\/ Aeronautical information services<\/span>\r\n    <span class=\"token token\">'icea'<\/span><span class=\"token token punctuation\">,<\/span>            <span class=\"token token\">\/\/ Airspace Control Institute<\/span>\r\n    <span class=\"token token\">'pame'<\/span><span class=\"token token punctuation\">,<\/span>            <span class=\"token token\">\/\/ Emergency Mutual Aid Plan<\/span>\r\n    <span class=\"token token\">''<\/span>                 <span class=\"token token\">\/\/ decea.mil.br (root)<\/span>\r\n  <span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token literal-property property\">blocked_examples<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'login.decea.mil.br'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'secure.decea.mil.br'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'admin.decea.mil.br'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'api.decea.mil.br'<\/span>\r\n  <span class=\"token token punctuation\">]<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>EUA &#8211; NOAA\/NWS\/FAA<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token string-property property\">'aviationweather.gov'<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token literal-property property\">authorized<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'www'<\/span><span class=\"token token punctuation\">,<\/span>             <span class=\"token token\">\/\/ Main portal<\/span>\r\n    <span class=\"token token\">'adds'<\/span><span class=\"token token punctuation\">,<\/span>            <span class=\"token token\">\/\/ Aviation Digital Data Service<\/span>\r\n    <span class=\"token token\">'forecast'<\/span><span class=\"token token punctuation\">,<\/span>        <span class=\"token token\">\/\/ Expert forecasts<\/span>\r\n    <span class=\"token token\">'aviationweather'<\/span><span class=\"token token punctuation\">,<\/span> <span class=\"token token\">\/\/ Alias do root<\/span>\r\n    <span class=\"token token\">''<\/span>                 <span class=\"token token\">\/\/ aviationweather.gov (root)<\/span>\r\n  <span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token literal-property property\">blocked_examples<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'malware.aviationweather.gov'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'login.aviationweather.gov'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'metar.aviationweather.gov'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'secure.aviationweather.gov'<\/span>\r\n  <span class=\"token token punctuation\">]<\/span>\r\n<span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">,<\/span>\r\n\r\n<span class=\"token token string-property property\">'faa.gov'<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token literal-property property\">authorized<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token punctuation\">[<\/span>\r\n    <span class=\"token token\">'www'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token\">'notams.aim'<\/span><span class=\"token token punctuation\">,<\/span>      <span class=\"token token\">\/\/ NOTAM System<\/span>\r\n    <span class=\"token token\">'tfr'<\/span><span class=\"token token punctuation\">,<\/span>             <span class=\"token token\">\/\/ Temporary Flight Restrictions<\/span>\r\n    <span class=\"token token\">'registry'<\/span><span class=\"token token punctuation\">,<\/span>        <span class=\"token token\">\/\/ Aircraft registration<\/span>\r\n    <span class=\"token token\">''<\/span>\r\n  <span class=\"token token punctuation\">]<\/span>\r\n<span class=\"token token punctuation\">}<\/span><\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div><code><br \/>\n<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"recomendaes-de-segurana\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udf93 Security Recommendations<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For Pilots and Operators<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 Always verify:<\/strong><\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Subdomain is in the official list (see site documentation)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">NOTAMSpot displays \u201cVERIFIED OFFICIAL SITE\u201d<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Exact<\/strong> URL matches documented one<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">No \"unauthorized subdomain\" alerts<\/p>\n<\/li>\n<\/ol>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u274c Never:<\/strong><\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Access undocumented \"login\" or \"secure\" subdomains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Ignore unauthorized subdomain alerts<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Click email links with unknown subdomains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Trust only the root domain (example.gov may have malicious sub.example.gov)<\/p>\n<\/li>\n<\/ol>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For IT Administrators<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 Configure:<\/strong><\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Explicit list of authorized subdomains in DNS<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Removal of orphaned DNS records (pointing to deactivated services)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Continuous monitoring of newly created subdomains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">SSL certificates with explicit SANs (avoid wildcard)\u00a0<code>*<\/code>)<\/p>\n<\/li>\n<\/ol>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 Disable:<\/strong><\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Wildcard DNS (<code>*.example.com<\/code>) if not absolutely necessary<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Development subdomains in production (<code>test.<\/code>, <code>staging.<\/code>)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Third-party services without validation (Heroku, Netlify, GitHub Pages)<\/p>\n<\/li>\n<\/ol>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 Monitor:<\/strong><\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Tools: SubFinder, Amass, Aquatone, can-i-take-over-xyz<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Automatic alerts for newly detected subdomains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Periodic validation of orphaned CNAME records<\/p>\n<\/li>\n<\/ol>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"casos-de-uso-especficos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udd2c Specific Use Cases<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Accessing METARs (correct vs incorrect)<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u274c SUSPICIOUS:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>bash<\/strong><\/p>\n<\/div>\n<pre><code>https:\/\/metar.aviationweather.gov\r\n<span class=\"token token\"># Subdomain: metar (UNAUTHORIZED)<\/span>\r\n<span class=\"token token\"># Risco: Pode servir dados falsificados<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 CORRECT:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>bash<\/strong><\/p>\n<\/div>\n<pre><code>https:\/\/www.aviationweather.gov\/metar\r\n<span class=\"token token\"># Subdomain: www (AUTHORIZED)<\/span>\r\n<span class=\"token token\"># Path: \/metar (official resource)<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Login em sistemas DECEA<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u274c PHISHING:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>bash<\/strong><\/p>\n<\/div>\n<pre><code>https:\/\/login-secure.aisweb.decea.mil.br\r\n<span class=\"token token\"># Subdomain: login-secure (UNAUTHORIZED)<\/span>\r\n<span class=\"token token\"># Malicious pattern detected<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<pre class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 LEGITIMATE<\/strong><\/pre>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">\n<p><strong>bash<\/strong><\/p>\n<\/div>\n<pre><code>https:\/\/aisweb.decea.mil.br\/login\r\n<span class=\"token token\"># Subdomain: aisweb (AUTHORIZED)<\/span>\r\n<span class=\"token token\"># Login is a page on the main domain<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"concluso\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\u2708\ufe0f Conclusion<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Subdomain takeover<\/strong> and <strong>malicious subdomains<\/strong> represent sophisticated threats that exploit trust in official domains, deceiving even experienced users. In aviation, where pilots rely on weather data and NOTAMs for critical flight decisions, ensuring that only <strong>authorized subdomains<\/strong> are accessed is <strong>essential<\/strong> for operational safety.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot implements <strong>Subdomain Authorization Mapping<\/strong> validating each subdomain against curated lists of official subdomains, detecting malicious patterns, and blocking 100% of attempts to access unauthorized subdomains before any content is displayed.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"protocolos-nao-suportados\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 6. Unsupported Protocols<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Blocks unsupported protocols:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>https:\/\/official-aviation-test.com\/ \u2705 ALLOWED\nftp:\/\/official-aviation-test.com\/ \ud83d\udeab BLOCKED (protocol not supported)<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p><code><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3686 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/metadados-seo-para-imagem-12-protocol-blocking-security-alert-slug-notamspot-unsupported-protocol-blocked-security.jpg\" alt=\"NOTAMSpot showing a red security alert blocking an unsupported FTP protocol and locking Force Search for safety\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/metadados-seo-para-imagem-12-protocol-blocking-security-alert-slug-notamspot-unsupported-protocol-blocked-security.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/metadados-seo-para-imagem-12-protocol-blocking-security-alert-slug-notamspot-unsupported-protocol-blocked-security-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/metadados-seo-para-imagem-12-protocol-blocking-security-alert-slug-notamspot-unsupported-protocol-blocked-security-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/metadados-seo-para-imagem-12-protocol-blocking-security-alert-slug-notamspot-unsupported-protocol-blocked-security-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/metadados-seo-para-imagem-12-protocol-blocking-security-alert-slug-notamspot-unsupported-protocol-blocked-security-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/code><\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\" style=\"text-align: right;\"><strong>Figure 8: <\/strong> Simulation of access via a dangerous protocol (FTP). Even when the host appears to belong to a legitimate government source, NOTAMSpot blocks unsupported\/insecure protocols and displays a red alert for a security threat, preventing the \"Force Search\" action to avoid unencrypted traffic and the risk of interception.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<h2 id=\"protocolos-o-que-sao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcd6 What are Unsupported Protocols?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Unsupported protocols<\/strong> are network communication methods considered <strong>insecure or obsolete<\/strong> that should not be used to access sensitive sites, especially those containing critical aviation information.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Main protocols blocked:<\/h2>\n<div class=\"group relative\">\n<div class=\"w-full overflow-x-auto md:max-w-[90vw] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Protocol<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Port<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Status<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Risk<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>HTTP<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">80<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c Insecure<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">No encryption<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>FTP<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">21<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c Insecure<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Credentials in plain text<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>Telnet<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">23<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c Insecure<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Unencrypted sessions<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>HTTPS<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">443<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 Secure<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">TLS\/SSL encryption<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<div class=\"flex\">\u200b<\/div>\n<\/div>\n<\/div>\n<h2 id=\"protocolos-como-funcionam\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udd2c How Insecure Protocols Work<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong>FTP (File Transfer Protocol)<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Designed in 1971<\/strong>, FTP was created when the internet was a trusted network between universities \u2013 <strong>security was not a priority<\/strong>.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Critical problems:<\/strong><\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>a) Plain text transmission<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Client \u2192 FTP Server\n\nUSER pilot123       \u2190 Readable by any intermediary\nPASS mypassword     \u2190 Password visible without encryption\nRETR metar.txt      \u2190 Commands exposed\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Anyone monitoring network traffic sees <strong>exactly<\/strong> what is being transmitted.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>b) Unencrypted credentials<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>FTP login captured by attacker:\n\n220 aisweb.decea.mil.br FTP server ready\nUSER capitao.silva\n331 Password required\nPASS SecretPass2024\n230 User logged in\n\nAttacker now has:\n\u2713 User: capitao.silva\n\u2713 Password: SecretPass2024\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>c) No data integrity<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Files can be <strong>modified in transit<\/strong> without detection<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attacker can inject malicious data<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Receiver has no way to verify authenticity<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>HTTP (HyperText Transfer Protocol)<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">HTTP <strong>does not encrypt<\/strong> communications between browser and server.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Vulnerabilities:<\/strong><\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>a) Eavesdropping<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>GET \/metar?station=SBGR HTTP\/1.1\nHost: aviationweather.gov\nCookie: session=abc123xyz\n\n\u2190 All data readable by intermediaries\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>b) Man-in-the-Middle (MITM)<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<p class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><strong>text<\/strong><\/p>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code>Pilot \u2192 [Attacker] \u2192 Legitimate Server\n           \u2191\n      Intercepts and modifies response\n\nOriginal METAR: SBGR 081200Z 27035G50KT\nModified METAR: SBGR 081200Z 27008KT\n                                \u2191\n                        Wind falsely reduced\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>c) Session hijacking<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Session cookies stolen<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attacker authenticates as victim<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Full account access without password<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>Protocol Downgrade Attacks<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Attackers <strong>force<\/strong> systems to use old and vulnerable protocols.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Example \u2013 POODLE Attack:<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Client attempts: TLS 1.3 (secure)\n\n\u2193 Attacker intercepts handshake\n\u2193 Forces downgrade: SSL 3.0 (broken since 2014)\n\n\u2193 Attacker decrypts traffic with 256 requests\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Result:<\/strong> Communication that should be secure is compromised.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"quais-os-riscos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\u26a0\ufe0f What Are the Risks?<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For General Users<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>1. Credential Theft<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Passwords transmitted in plain text via FTP\/HTTP<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Capture by sniffers on public networks (airports, cafes)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Unauthorized access to personal\/corporate accounts<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>2. Data interception<\/strong>\u200b<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Public WiFi network at airport:\n\nPilot accesses: http:\/\/aisweb.decea.mil.br\nAttacker captures: Login + Password + Flight plan\nMalicious use: Modifies route, steals sensitive data\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Data manipulation<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Files downloaded via FTP can be tampered with<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Malware injected into downloads<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Victim executes payload unknowingly<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>4. Regulatory non-compliance<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>PCI DSS:<\/strong> Prohibits transmission of card data via FTP\/HTTP<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>HIPAA:<\/strong> Health data must be encrypted<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>GDPR:<\/strong> Personal data protection mandatory<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Fines:<\/strong> Up to \u20ac20 million or 4% of global revenue<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">For Aviation (NOTAMSpot Users)<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>5. Intercepted and tampered METARs\/TAFs<\/strong><\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Real scenario:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Pilot on public WiFi accesses:\nftp:\/\/aviationweather.gov\/metar\/SBGR.txt\n\nAttacker intercepts FTP:\n1. Captures request\n2. Serves fake METAR:\n   SBGR 081200Z 09008KT 9999 FEW030\n   (VFR safe - FALSE)\n\nReality at airport:\n   SBGR 081200Z 27035G50KT 1200 -TSRA\n   (IMC dangerous - REAL)\n\nPilot makes GO decision based on fake data\nRisk: Accident due to unreported windshear\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong><br \/>\n6. Exposed military credentials<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Brazilian Air Force officer accesses via HTTP:\nhttp:\/\/aisweb.decea.mil.br\n\nCaptured login:\n- User: maj.santos\n- Password: Falcon2024!\n- IP: 200.xxx.xxx.xxx\n\nAttacker uses credentials to:\n\u2713 Access classified flight plans\n\u2713 Modify NOTAMs for restricted areas\n\u2713 Obtain aeronautical intelligence data\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>7. Modified flight plans<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Pilot sends plan via insecure FTP:\nftp:\/\/ais.decea.mil.br\/upload\/plan.txt\n\nAttacker intercepts and modifies:\n- Original route: SBSP DCT SBGR\n- Modified route: SBSP [restricted area] SBGR\n                          \u2191\n                    Presidential TFR\n\nConsequence:\n- Airspace violation\n- $50,000 fine\n- License suspension\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong><br \/>\n8. Omitted NOTAMs<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>Legacy system serves NOTAMs via HTTP:\nhttp:\/\/notam.decea.mil.br\/query\n\nMITM attacker removes critical NOTAM:\n\"SBGR RWY 09R\/27L CLOSED - MAINTENANCE\"\n\nPilot plans landing on 27L\nATC rejects clearance\nCritical fuel \u2192 emergency\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"estatsticas-do-problema\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcca Problem Statistics<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Global incidence (2024):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>45%<\/strong>\u00a0<strong> of organizations<\/strong> still lack a complete encryption plan<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>FTP still in use:<\/strong> 30% of regulated sectors (healthcare, finance) use FTP without SFTP\/FTPS<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>HTTP without redirect:<\/strong> 18% of government sites allow HTTP even with HTTPS available<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Downgrade attacks:<\/strong> 120% increase in 2024 vs 2023<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Regulations prohibiting insecure protocols:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>PCI DSS<\/strong> (Payment Card Industry): Prohibits FTP\/HTTP for card data<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>HIPAA<\/strong> (Health Insurance): Requires encryption in transit<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>GLBA<\/strong> (Gramm-Leach-Bliley): Requires financial data protection<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>ANAC\/FAA:<\/strong> Aviation systems must use secure protocols<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Penalties for violations:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fines in the millions of dollars<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Operations suspension<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Loss of certifications (ISO 27001, SOC 2)<\/p>\n<\/li>\n<\/ul>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"como-o-smartcontentguard-protege\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udee1\ufe0f How NOTAMSpot Protects<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot implements proactive blocking of insecure protocols:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>1. Protocol Validation at URL Start<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">Extracts protocol from visited URL.<\/span>\r\n<span class=\"token token\">const<\/span> protocol <span class=\"token token operator\">=<\/span> url<span class=\"token token punctuation\">.<\/span><span class=\"token token\">split<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">':'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">[<\/span><span class=\"token token\">0<\/span><span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">toLowerCase<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n\r\n<span class=\"token token\">\/\/ List of blocked protocols<\/span>\r\n<span class=\"token token\">const<\/span> <span class=\"token token constant\">BLOCKED_PROTOCOLS<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token punctuation\">[<\/span>\r\n  <span class=\"token token\">'ftp'<\/span><span class=\"token token punctuation\">,<\/span>      <span class=\"token token\">\/\/ File Transfer Protocol<\/span>\r\n  <span class=\"token token\">'ftps'<\/span><span class=\"token token punctuation\">,<\/span>     <span class=\"token token\">\/\/ FTP over SSL (still vulnerable)<\/span>\r\n  <span class=\"token token\">'http'<\/span><span class=\"token token punctuation\">,<\/span>     <span class=\"token token\">\/\/ HyperText Transfer Protocol<\/span>\r\n  <span class=\"token token\">'telnet'<\/span><span class=\"token token punctuation\">,<\/span>   <span class=\"token token\">\/\/ Terminal Network<\/span>\r\n  <span class=\"token token\">'gopher'<\/span><span class=\"token token punctuation\">,<\/span>   <span class=\"token token\">\/\/ Gopher Protocol (obsolete)<\/span>\r\n  <span class=\"token token\">'file'<\/span><span class=\"token token punctuation\">,<\/span>     <span class=\"token token\">\/\/ Accessing local files<\/span>\r\n<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n\r\n<span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token constant\">BLOCKED_PROTOCOLS<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">includes<\/span><span class=\"token token punctuation\">(<\/span>protocol<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token literal-property property\">blocked<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">reason<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'UNSUPPORTED_PROTOCOL'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">protocol<\/span><span class=\"token token operator\">:<\/span> protocol<span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">risk<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'CRITICAL'<\/span>\r\n  <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>2. Allowed Protocols Whitelist<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Only secure protocols are accepted:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">const<\/span> <span class=\"token token constant\">ALLOWED_PROTOCOLS<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token punctuation\">[<\/span>\r\n  <span class=\"token token\">'https'<\/span><span class=\"token token punctuation\">,<\/span>    <span class=\"token token\">\/\/ HTTP over TLS\/SSL<\/span>\r\n  <span class=\"token token\">'wss'<\/span><span class=\"token token punctuation\">,<\/span>      <span class=\"token token\">\/\/ WebSocket Secure<\/span>\r\n<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n\r\n<span class=\"token token\">\/\/ Validates against whitelist<\/span>\r\n<span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token operator\">!<\/span><span class=\"token token constant\">ALLOWED_PROTOCOLS<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">includes<\/span><span class=\"token token punctuation\">(<\/span>protocol<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">blockAccess<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">'Protocol is not on the permitted list'<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>3. Specific Validation for Aviation Domains<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Official aviation websites must use HTTPS:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">const<\/span> <span class=\"token token constant\">AVIATION_DOMAINS<\/span> <span class=\"token token operator\">=<\/span> <span class=\"token token punctuation\">[<\/span>\r\n  <span class=\"token token\">'aisweb.decea.mil.br'<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token\">'aviationweather.gov'<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token\">'redemet.decea.mil.br'<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token\">'notams.aim.faa.gov'<\/span><span class=\"token token punctuation\">,<\/span>\r\n  <span class=\"token token\">\/\/ ... 50+ dom\u00ednios<\/span>\r\n<span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n\r\n<span class=\"token token\">function<\/span> <span class=\"token token\">validateAviationProtocol<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">url<\/span><span class=\"token token parameter punctuation\">,<\/span><span class=\"token token parameter\"> hostname<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> protocol <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>url<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>protocol<span class=\"token token punctuation\">.<\/span><span class=\"token token\">replace<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token\">':'<\/span><span class=\"token token punctuation\">,<\/span> <span class=\"token token\">''<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Verifica se \u00e9 dom\u00ednio de avia\u00e7\u00e3o<\/span>\r\n  <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span><span class=\"token token constant\">AVIATION_DOMAINS<\/span><span class=\"token token punctuation\">.<\/span><span class=\"token token\">includes<\/span><span class=\"token token punctuation\">(<\/span>hostname<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">\/\/ EXIGE HTTPS<\/span>\r\n    <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>protocol <span class=\"token token operator\">!==<\/span> <span class=\"token token\">'https'<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n        <span class=\"token token literal-property property\">blocked<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">reason<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'AVIATION_DOMAIN_REQUIRES_HTTPS'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">attempted<\/span><span class=\"token token operator\">:<\/span> protocol<span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">required<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'https'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">domain<\/span><span class=\"token token operator\">:<\/span> hostname\r\n      <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token punctuation\">}<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> <span class=\"token token literal-property property\">blocked<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">false<\/span> <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>4. Detection of Downgrade Attempts<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Monitors attempts to force insecure protocols:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">\n<p><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">\/\/ Hist\u00f3rico de URLs visitadas<\/span>\r\n<span class=\"token token\">const<\/span> urlHistory <span class=\"token token operator\">=<\/span> <span class=\"token token punctuation\">[<\/span><span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n\r\n<span class=\"token token\">function<\/span> <span class=\"token token\">detectDowngradeAttempt<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">currentURL<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> previous <span class=\"token token operator\">=<\/span> urlHistory<span class=\"token token punctuation\">[<\/span>urlHistory<span class=\"token token punctuation\">.<\/span>length <span class=\"token token operator\">-<\/span> <span class=\"token token\">1<\/span><span class=\"token token punctuation\">]<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>previous <span class=\"token token operator\">&amp;&amp;<\/span> currentURL<span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token\">const<\/span> prevProtocol <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>previous<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>protocol<span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token\">const<\/span> currProtocol <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>currentURL<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>protocol<span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token\">const<\/span> prevHost <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>previous<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>hostname<span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token\">const<\/span> currHost <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>currentURL<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">.<\/span>hostname<span class=\"token token punctuation\">;<\/span>\r\n    \r\n    <span class=\"token token\">\/\/ Mesmo host, mas protocolo degradado<\/span>\r\n    <span class=\"token token\">if<\/span> <span class=\"token token punctuation\">(<\/span>prevHost <span class=\"token token operator\">===<\/span> currHost <span class=\"token token operator\">&amp;&amp;<\/span> \r\n        prevProtocol <span class=\"token token operator\">===<\/span> <span class=\"token token\">'https:'<\/span> <span class=\"token token operator\">&amp;&amp;<\/span> \r\n        currProtocol <span class=\"token token operator\">===<\/span> <span class=\"token token\">'http:'<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n      <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n        <span class=\"token token literal-property property\">detected<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">type<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'PROTOCOL_DOWNGRADE'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">from<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'https'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">to<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'http'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">risk<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'HIGH'<\/span><span class=\"token token punctuation\">,<\/span>\r\n        <span class=\"token token literal-property property\">possibleMITM<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span>\r\n      <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n    <span class=\"token token punctuation\">}<\/span>\r\n  <span class=\"token token punctuation\">}<\/span>\r\n  \r\n  urlHistory<span class=\"token token punctuation\">.<\/span><span class=\"token token\">push<\/span><span class=\"token token punctuation\">(<\/span>currentURL<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span> <span class=\"token token literal-property property\">detected<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">false<\/span> <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\"><strong>5. Blocking with Correction Suggestion<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">When an insecure protocol is detected, it offers a secure alternative:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">function<\/span> <span class=\"token token\">suggestSecureAlternative<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token parameter\">blockedURL<\/span><span class=\"token token punctuation\">)<\/span> <span class=\"token token punctuation\">{<\/span>\r\n  <span class=\"token token\">const<\/span> url <span class=\"token token operator\">=<\/span> <span class=\"token token\">new<\/span> <span class=\"token token\">URL<\/span><span class=\"token token punctuation\">(<\/span>blockedURL<span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">\/\/ Converts to HTTPS<\/span>\r\n  url<span class=\"token token punctuation\">.<\/span>protocol <span class=\"token token operator\">=<\/span> <span class=\"token token\">'https:'<\/span><span class=\"token token punctuation\">;<\/span>\r\n  \r\n  <span class=\"token token\">return<\/span> <span class=\"token token punctuation\">{<\/span>\r\n    <span class=\"token token literal-property property\">blocked<\/span><span class=\"token token operator\">:<\/span> blockedURL<span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">suggested<\/span><span class=\"token token operator\">:<\/span> url<span class=\"token token punctuation\">.<\/span><span class=\"token token\">toString<\/span><span class=\"token token punctuation\">(<\/span><span class=\"token token punctuation\">)<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">message<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token\">'Redirecting to secure version (HTTPS)'<\/span><span class=\"token token punctuation\">,<\/span>\r\n    <span class=\"token token literal-property property\">autoRedirect<\/span><span class=\"token token operator\">:<\/span> <span class=\"token token boolean\">true<\/span>  <span class=\"token token\">\/\/ Automatically redirects<\/span>\r\n  <span class=\"token token punctuation\">}<\/span><span class=\"token token punctuation\">;<\/span>\r\n<span class=\"token token punctuation\">}<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Example:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<div class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">text<\/div>\n<\/div>\n<div class=\"translation-block\"><code>URL attempted:  http:\/\/aisweb.decea.mil.br<br>\nBlocked:        \u2713<br>\nSuggested:      https:\/\/aisweb.decea.mil.br<br>\nAction:         Automatic redirect<br>\n<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"interface-de-proteo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udfaf Protection Interface<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 translation-block\">When a <strong>secure<\/strong> protocol is used:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u2705 SECURE CONNECTION VALIDATED\n\n\ud83d\udd12 Protocol: HTTPS (TLS 1.3)\n\ud83d\udccb Domain: aisweb.decea.mil.br\n\ud83d\udee1\ufe0f Certificate: Valid until 06\/15\/2026\n\u2713 Strong encryption (AES-256-GCM)\n\u2713 Guaranteed integrity\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">When an\u00a0<strong>insecure<\/strong> is detected:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u26a0\ufe0f SECURITY THREAT DETECTED\n\n\ud83d\udeab Protocol not supported\nURL attempted: ftp:\/\/aisweb.decea.mil.br\/\nProtocol: FTP (File Transfer Protocol)\n\n\u26a0\ufe0f Identified risks:\n\u2022 Credentials transmitted in plain text\n\u2022 Unencrypted data\n\u2022 Vulnerable to interception\n\u2022 Not compatible with security policies\n\n\ud83d\udd12 Protocol blocked for security reasons\nAviation websites require HTTPS\n\n\u2705 Secure alternative available:\nhttps:\/\/aisweb.decea.mil.br\/\n\n[Access Secure Version] [Report Problem]\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">When downgrade is detected:<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>text<\/strong><\/p>\n<\/div>\n<pre><code>\u26a0\ufe0f POSSIBLE ATTACK DETECTED\n\n\ud83c\udfaf Protocol downgrade attempt\nPrevious connection: https:\/\/aisweb.decea.mil.br\nCurrent attempt: http:\/\/aisweb.decea.mil.br\n\n\ud83d\udea8 Man-in-the-Middle Indicators:\n\u2022 Same domain, degraded protocol\n\u2022 Possible active interception\n\u2022 High risk of compromised data\n\n\ud83d\udee1\ufe0f Access automatically blocked\nMaintaining secure protocol (HTTPS)\n\n\u2705 Reconnecting via HTTPS...\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"lista-de-protocolos---status-de-segurana\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udccb Protocol List \u2013 Security Status<\/h2>\n<div class=\"group relative\">\n<div class=\"w-full overflow-x-auto md:max-w-[90vw] border-subtlest ring-subtlest divide-subtlest bg-transparent\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Protocol<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Port<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Encryption<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">SCG Status<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Recommended Use<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>HTTP<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">80<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c None<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\ud83d\udeab BLOCKED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Never for sensitive data<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>HTTPS<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">443<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 TLS 1.2+<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 ALLOWED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Only acceptable for web<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>FTP<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">21<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c None<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\ud83d\udeab BLOCKED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Obsolete, use SFTP<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>SFTP<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">22<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 SSH<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u26a0\ufe0f RESTRICTED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">OK for internal transfers<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>FTPS<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">990<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 TLS\/SSL<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u26a0\ufe0f RESTRICTED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Prefer SFTP<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>Telnet<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">23<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c None<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\ud83d\udeab BLOCKED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Obsolete, use SSH<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>SSH<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">22<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 SSH<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 ALLOWED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Secure terminal<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><strong>WSS<\/strong><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">443<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 TLS<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 ALLOWED<\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">Secure WebSocket<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<h2 id=\"casos-de-uso-especficos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udea8 Specific Use Cases<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Accessing METARs\/TAFs<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u274c INSECURE:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>bash<\/strong><\/p>\n<\/div>\n<pre><code>ftp:\/\/aviationweather.gov\/data\/metar\/SBGR.TXT\r\n<span class=\"token token\"># Protocol: FTP (blocked)<\/span>\r\n<span class=\"token token\"># Risk: Data can be tampered with.<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 SECURE:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>bash<\/strong><\/p>\n<\/div>\n<pre><code>https:\/\/aviationweather.gov\/data\/api\/metar?ids<span class=\"token token operator\">=<\/span>SBGR\r\n<span class=\"token token\"># Protocol: HTTPS (allowed)<\/span>\r\n<span class=\"token token\"># Protection: TLS 1.3 encryption<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">NOTAM Queries<\/h2>\n<pre class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u274c INSECURE:<\/strong><\/pre>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><strong>bash<\/strong><\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code>http:\/\/notams.aim.faa.gov\/notamSearch\r\n<span class=\"token token\"># Protocol: HTTP (blocked)<\/span>\r\n<span class=\"token token\"># Risk: Session may be hijacked<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>\u2705 SECURE:<\/strong><\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><strong>bash<\/strong><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code>https:\/\/notams.aim.faa.gov\/notamSearch\r\n<span class=\"token token\"># Protocol: HTTPS (allowed)<\/span>\r\n<span class=\"token token\"># Protection: Encrypted session cookies<\/span><\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"concluso\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\u2708\ufe0f Conclusion<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Insecure protocols such as FTP and HTTP transmit data <strong>without encryption<\/strong>, exposing credentials, METARs, TAFs, and NOTAMs to interception and tampering. In aviation, where decisions based on meteorological information can determine flight safety, ensuring the <strong>integrity and confidentiality<\/strong> of data is <strong>critical<\/strong>.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot proactively blocks insecure protocols, requires HTTPS for all official aviation domains, and detects downgrade attempts that indicate man-in-the-middle attacks, protecting 100% of connections before any sensitive data is transmitted.<\/p>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2><\/h2>\n<h2 id=\"typosquatting\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 7. Typosquatting Detection<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Validate URLs with missing or duplicate letters:<\/p>\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3687 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-typosquatting-phishing-faa-notam-detection.jpg\" alt=\"NOTAMSpot showing a red security alert detecting typosquatting on a lookalike aviation portal domain and locking Force Search \" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-typosquatting-phishing-faa-notam-detection.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-typosquatting-phishing-faa-notam-detection-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-typosquatting-phishing-faa-notam-detection-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-typosquatting-phishing-faa-notam-detection-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-typosquatting-phishing-faa-notam-detection-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/div>\n<div style=\"text-align: right;\">\n<p class=\"translation-block\"><strong>Figure 9: <\/strong>Simulation of <em>typesquatting<\/em> by visual similarity: a fraudulent website replicates the appearance of an official portal to deceive the user. NOTAMSpot detects the domain as <strong>similar to a verified aeronautical source<\/strong>, displays a red threat alert, and blocks the \u201cForce Search\u201d action, reducing the risk of credential collection and dissemination of malicious content.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h2 id=\"typosquatting-o-que-e\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcd6 What is Typosquatting?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Typosquatting<\/strong>\u00a0<strong>Typosquatting<\/strong> (also called URL hijacking or domain mimicry) is a social engineering attack where cybercriminals register domains with <strong>intentional typos<\/strong> of popular websites, expecting users to make mistakes when typing URLs.\u00a0<strong>typos<\/strong>\u00a0intentional tactics from popular websites, hoping that users will make mistakes when typing URLs.<\/p>\n<h2 id=\"typosquatting-como-opera\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">How it works<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Attackers exploit common human errors when typing addresses in the browser bar:<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>1. Spelling errors:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>facbook.com<\/code>\u00a0\u2192\u00a0<code>facebook.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>goggle.com<\/code>\u00a0\u2192\u00a0<code>google.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>amazan.com<\/code>\u00a0\u2192\u00a0<code>amazon.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>2. Adjacent keys (QWERTY typos):<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>foogle.com<\/code>,\u00a0<code>hoogle.com<\/code>,\u00a0<code>boogle.com<\/code>\u00a0\u2192\u00a0<code>google.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Duplicate\/omitted letters:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>faceebook.com<\/code>\u00a0\u2192\u00a0<code>facebook.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>yuube.com<\/code>\u00a0\u2192\u00a0<code>youtube.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>4. Wrong extensions:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>facebook.cm<\/code>\u00a0\u2192\u00a0<code>facebook.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>airfrance.co<\/code>\u00a0\u2192\u00a0<code>airfrance.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>5. Malformed WWW:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>wwwfacebook.com<\/code>\u00a0(without dot) \u2192\u00a0<code>www.facebook.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>6. Visual substitution:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>rnarriott.com<\/code>\u00a0(rn looks like m) \u2192\u00a0<code>marriott.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Malicious objectives<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Credential phishing:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fake page identical to original requests login<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">User types email\/password thinking they're on legitimate site<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Credentials are stolen and resold or used for invasion<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Malware distribution:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Visitors are redirected to automatic downloads<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Examples: Magniber ransomware exploited typos in popular domains via Chrome\/Edge<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Installation of PUPs (Potentially Unwanted Programs)<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Advertising fraud:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fake domains filled with fraudulent ads<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Example: <code>amazan.com<\/code> redirected to malicious ad pages<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Disinformation campaigns:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fake sites publish fabricated news<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Example:\u00a0<code>wikiepdia.org<\/code>\u00a0poderia publicar artigos falsificados<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Cryptocurrency theft:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">2024 study documented thousands of crypto transactions sent to typosquatting addresses<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Users typed wrong wallet addresses<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"typosquatting-riscos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Documented real cases<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Google\/Goggle.com (2006):<\/strong>\u200b<br \/>\nFirst major case; domain operated as a phishing site for years.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Microsoft\/Hotmail typos (Alf Temme):<\/strong>\u200b<br>\nRegistered\u00a0<code>ho0tmail.com<\/code>,\u00a0<code>hot5mail.com<\/code>\u00a0redirecting to a website for exercise equipment; Microsoft sued for $2.4M<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Air France:<\/strong>\u200b<br>\n<code>airfrance.com<\/code>\u00a0diverted traffic for fraudulent travel sales<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Lands End:<\/strong>\u200b<br>\nTyposquatters registered dozens of variations (<code>lnadsend.com<\/code>,\u00a0<code>klandsend.com<\/code>) to exploit affiliate programs<\/p>\n<h2 id=\"typosquatting-protecao-scg\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How NOTAMSpot protects<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Based on the simulation description you mentioned earlier (<code>aisweb.decee\u0430.mil.br<\/code>), the system implements multiple detection layers:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong>1. Domain similarity analysis<\/strong><\/h2>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Compares visited hostname with list of known official sites (whitelist)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Calculates edit distance (Levenshtein distance) between domains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Detects variations with 1-2 different characters<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>Typosquatting pattern detection<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<pre class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">javascript<\/pre>\n<\/div>\n<pre><code><span class=\"token token\">\/\/ Examples of patterns detected:<\/span>\r\n<span class=\"token token operator\">-<\/span> Duplication of letters<span class=\"token token operator\">:<\/span> aiswebb<span class=\"token token punctuation\">.<\/span>decea<span class=\"token token punctuation\">.<\/span>mil<span class=\"token token punctuation\">.<\/span>br\r\n<span class=\"token token operator\">-<\/span> Omission of letters<span class=\"token token operator\">:<\/span> aiswb<span class=\"token token punctuation\">.<\/span>decea<span class=\"token token punctuation\">.<\/span>mil<span class=\"token token punctuation\">.<\/span>br\r\n<span class=\"token token operator\">-<\/span> Swapping adjacent letters<span class=\"token token operator\">:<\/span> iasweb<span class=\"token token punctuation\">.<\/span>decea<span class=\"token token punctuation\">.<\/span>mil<span class=\"token token punctuation\">.<\/span>br\r\n<span class=\"token token operator\">-<\/span> Incorrect extensions<span class=\"token token operator\">:<\/span> aisweb<span class=\"token token punctuation\">.<\/span>decea<span class=\"token token punctuation\">.<\/span>mil<span class=\"token token punctuation\">.<\/span>com\r\n<span class=\"token token operator\">-<\/span> Character insertion<span class=\"token token operator\">:<\/span> aisweeb<span class=\"token token punctuation\">.<\/span>decea<span class=\"token token punctuation\">.<\/span>mil<span class=\"token token punctuation\">.<\/span>br\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>Validation against official aviation domains<\/strong><\/h2>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Maintains a curated list of legitimate portals:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>aisweb.decea.mil.br<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>aviationweather.gov<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>redemet.decea.mil.br<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>notams.aim.faa.gov<\/code><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">4.\u00a0<strong>Immediate visual alert<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">When it detects typosquatting:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u274c Displays red \"THREAT DETECTED\" alert<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udcca Shows message: \"Typosquatting detected \u2013 Domain similar to official site\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udeab Blocks access to page content<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udd0d Suggests the correct domain to the user<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">5.\u00a0<strong>5. Aviation-specific protection<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Critical in aeronautical context because:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Pilots access METARs\/TAFs\/NOTAMs from official sites<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Tampered weather data can cause unsafe flight decisions<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Typosquatting of aviationweather.gov \u2192 aviationwether.gov could serve false information\u00a0<code>aviationweather.gov<\/code>\u00a0\u2192\u00a0<code>aviationwether.gov<\/code>\u00a0poderia servir informa\u00e7\u00f5es falsas<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Stolen credentials from aisweb.decea.mil.br allow unauthorized access to critical systems<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">This multi-layered protection ensures that even users typing URLs quickly (common in flight operations under pressure) are not victims of malicious domains visually identical to official weather and NOTAM portals.<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"combosquatting-detection\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\u2705 8. Combosquatting Detection<\/h2>\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3688 size-full\" src=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-security-threat-detection-faa-notam-phishing.jpg\" alt=\"NOTAMSpot showing a red security alert detecting combosquatting with suspicious hyphen or pluralization and locking Force Search\" width=\"1280\" height=\"800\" srcset=\"https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-security-threat-detection-faa-notam-phishing.jpg 1280w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-security-threat-detection-faa-notam-phishing-300x188.jpg 300w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-security-threat-detection-faa-notam-phishing-1024x640.jpg 1024w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-security-threat-detection-faa-notam-phishing-768x480.jpg 768w, https:\/\/notamspot.com\/wp-content\/uploads\/2025\/12\/notamspot-security-threat-detection-faa-notam-phishing-18x12.jpg 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/div>\n<div style=\"text-align: right;\">\n<p class=\"translation-block\"><strong>Figure 10: <\/strong>Simulation of combosquatting: NOTAMSpot detects domain manipulation through subtle variations (pluralization and\/or suspicious hyphen insertion), a common technique for imitating official portals. Upon identifying the pattern, the system displays a red security threat alert and blocks the \"Force Search\" action, preventing the user from interacting with a potentially fraudulent address.<\/p>\n<div style=\"background: linear-gradient(135deg, #FEF3C7 0%, #FDE68A 100%); border-left: 4px solid #F59E0B; padding: 12px 16px; margin: 16px 0 24px 0; border-radius: 6px; box-shadow: 0 2px 4px rgba(0,0,0,0.08);\">\n<p style=\"margin: 0; font-size: 14px; font-weight: 600; color: #92400e; text-align: center; line-height: 1.5;\">\u26a0\ufe0f Independent extension. Not affiliated with or endorsed by any government agency.<\/p>\n<\/div>\n<\/div>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<h2 id=\"combosquatting-o-que-e\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udcd6 What is Combosquatting?<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Combosquatting<\/strong> is a cyberattack technique where attackers register domains that <strong>combine a legitimate brand with additional words<\/strong> (usually separated by hyphens) to create URLs that appear official but are fraudulent.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Fundamental difference from Typosquatting<\/h2>\n<div class=\"group relative\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\"><span style=\"color: #000000;\">Attack<\/span><\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\"><span style=\"color: #000000;\">Method<\/span><\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\"><span style=\"color: #000000;\">Example<\/span><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><span style=\"color: #000000;\"><strong>Typosquatting<\/strong><\/span><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><span style=\"color: #000000;\">Exploits typing errors<\/span><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><span style=\"color: #000000;\"><code>gogle.com<\/code>,\u00a0<code>amazom.com<\/code><\/span><\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><span style=\"color: #000000;\"><strong>Combosquatting<\/strong><\/span><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><span style=\"color: #000000;\">Adds legitimate words<\/span><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><span style=\"color: #000000;\"><code>google-login.com<\/code>,\u00a0<code>amazon-security.com<\/code><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">In combosquatting, <strong>there is no typo<\/strong> \u2014 the brand name is correct, but comes with terms that create a false sense of legitimacy.<\/p>\n<h2 id=\"como-opera\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How it works<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Common combosquatting patterns<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>1. Urgency\/security terms:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>paypal-security.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>microsoft-alert.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>netflix-verify.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>2. Functional terms:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>amazon-shop.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>facebook-login.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>apple-support.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Geographic terms:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>google-brasil.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>skype-international.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>4. Technical terms:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>microsoft-online.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>office365-cloud.com<\/code>\u200b<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Distribution strategies<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Unlike typosquatting (which depends on users mistyping), combosquatting uses:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Phishing emails<\/strong> with embedded malicious links<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Paid ads<\/strong> (malvertising) in search engines<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Manipulated SEO<\/strong> search results<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>SMS\/WhatsApp<\/strong> with fraudulent links<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong><strong>Social media<\/strong> with fake sponsored posts<\/strong>\u00a0with fake sponsored posts<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"escala-do-problema\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Scale of the problem<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Georgia Tech\/Stony Brook Study (2017):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Identified <strong>orders of magnitude more<\/strong> combosquatting domains than typosquatting<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Attack space is almost infinite (attackers can combine any word)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Domains cost less than $1 to register<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Used in all types of known cyberattacks<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>SSL Certificate Data (Let's Encrypt):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>468,000+<\/strong> certificates issued for combosquatting domains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Only <strong>3,011<\/strong> certificates for typosquatting<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Confirms they are distinct attacks with different strategies<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"objetivos-maliciosos\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Malicious objectives<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>1. Credential harvesting:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>outlook-alert.com<\/code> simulates Microsoft security alert<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">User types email\/password thinking they're on official portal<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Credentials are stolen instantly<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>2. Nation-state attacks:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Authoritarian governments use combosquatting for targeted phishing<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Example: <code>google-security.com<\/code> used in cyber espionage<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>3. Drive-by downloads:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Visitors are automatically infected with malware<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Ransomware, botnets, spyware<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>4. Business Email Compromise (BEC):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fraudulent emails appear to come from corporate domains<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>microsoft-login.com<\/code> used to attack employees<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Average losses of <strong>$120,000<\/strong> per successful BEC attack<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>5. Financial fraud:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>paypal-payments.com<\/code> diverts legitimate payments<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>stripe-billing.com<\/code> steals credit card data<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"por-que-engana-at-profissionais-de-segurana\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Why it can fool even security professionals<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Quote from researcher Panagiotis Kintis (Georgia Tech):<\/p>\n<blockquote>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">&#8220;These attacks can even fool security people who may be looking at network traffic for malicious activity. When they see a familiar trademark, they may feel a false sense of comfort with it.&#8221;<\/p>\n<\/blockquote>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Reasons:<\/strong><\/p>\n<ol class=\"marker:text-quiet list-decimal\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Brand is correct<\/strong> \u2014 there is no apparent spelling error<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Additional words seem legitimate<\/strong> \u2014 \"security\", \"login\", \"support\" are expected terms<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Valid SSL certificates<\/strong> \u2014 many malicious domains have HTTPS\/green padlock<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><strong>Superficial traffic analysis<\/strong> \u2014 logs show \"amazon-shop.com\" and analysts assume it's legitimate<\/p>\n<\/li>\n<\/ol>\n<h2 id=\"casos-reais-documentados\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">Documented real cases<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Netflix phishing (2023):<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>netflix-payments.com<\/code> used to steal card data<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fraudulent emails claimed \"billing problem\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Thousands of victims before takedown<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Microsoft Office 365:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>login.microsoftonline.com<\/code> is legitimate<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Attackers created <code>microsoft-login.com<\/code>, <code>office365-signin.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Used in BEC campaigns against Fortune 500 companies<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Amazon shopping:<\/strong>\u200b<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>amazon-shop.com<\/code>,\u00a0<code>amazon-deals.com<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Redirected to phishing sites or malware<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"combosquatting-protecao\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">How NOTAMSpot protects<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Based on the description mentioned (<code>aviation-weathers.gov<\/code>), the system detects combosquatting through:<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">1.\u00a0<strong>Suspicious hyphen pattern analysis<\/strong><\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<p class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\"><strong>javascript<\/strong><\/p>\n<\/div>\n<pre><code><span class=\"token token\">\/\/ Detects hyphen insertions not present in the official domain<\/span>\r\naviationweather<span class=\"token token punctuation\">.<\/span>gov \u2192 \u2705 <span class=\"token token constant\">LEG<\/span>\u00cd<span class=\"token token constant\">TIMO<\/span>\r\naviation<span class=\"token token operator\">-<\/span>weathers<span class=\"token token punctuation\">.<\/span>gov \u2192 \ud83d\udeab <span class=\"token token constant\">COMBOSQUATTING<\/span> <span class=\"token token punctuation\">(<\/span>hyphen <span class=\"token token operator\">+<\/span> <span class=\"token token\">\"s\"<\/span> extra<span class=\"token token punctuation\">)<\/span>\r\naviation<span class=\"token token operator\">-<\/span>weather<span class=\"token token punctuation\">.<\/span>gov \u2192 \ud83d\udeab <span class=\"token token constant\">COMBOSQUATTING<\/span> <span class=\"token token punctuation\">(<\/span>hyphen inserted<span class=\"token token punctuation\">)<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">2.\u00a0<strong>Validation against known domains<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Maintains list of official portals without hyphens:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>aviationweather.gov<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>aisweb.decea.mil.br<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>redemet.decea.mil.br<\/code><\/p>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Any variation with hyphen is automatically suspicious.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">3.\u00a0<strong>Trigger word detection<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Identifies common combosquatting combinations in aviation:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>aviation-weather<\/code>,\u00a0<code>aviation-met<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>aisweb-login<\/code>,\u00a0<code>aisweb-secure<\/code><\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code>notam-faa<\/code>,\u00a0<code>metar-taf<\/code><\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">4.\u00a0<strong>Specific visual alert<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">When combosquatting is detected:<\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\u274c Red alert: \"SECURITY THREAT DETECTED\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udcca Message: \"Combosquatting detected \u2013 Suspicious hyphen insertion\"<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udd0d Shows the correct legitimate domain<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">\ud83d\udeab Blocks access to malicious content<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">5.\u00a0<strong>Critical protection for aviation<\/strong><\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Why is it especially dangerous in aviation:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Falsified METARs\/TAFs:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><code><code>aviationweather-gov.com<\/code> could serve tampered weather data<\/code>\u00a0poderia servir dados meteorol\u00f3gicos adulterados<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Pilot makes flight decision based on false information<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Risk of accident due to actual unreported conditions<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Fraudulent NOTAMs:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>notams-faa.gov<\/code> may omit airspace restrictions<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Inadvertent violations of TFRs (Temporary Flight Restrictions)<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Fines of $10,000+ or license suspension<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\"><strong>Pilot credential theft:<\/strong><\/p>\n<ul class=\"marker:text-quiet list-disc\">\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\"><code>aisweb-login.decea.mil.br<\/code> captures military pilot logins<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Unauthorized access to flight planning systems<\/p>\n<\/li>\n<li class=\"py-0 my-0 prose-p:pt-0 prose-p:mb-2 prose-p:my-0 [&amp;&gt;p]:pt-0 [&amp;&gt;p]:mb-2 [&amp;&gt;p]:my-0\">\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Compromise of sensitive missions<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">NOTAMSpot acts as a <strong>last line of defense<\/strong>, blocking access even when the user clicks on phishing links in fraudulent emails, protecting critical aviation operations against falsified weather information\/NOTAMs.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"camada-2-security-blacklist-bloqueio-proativo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83d\udeab Layer 2: Security Blacklist (Proactive Blocking)<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Objective<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2 translation-block\">Proactively block entire categories of sites that should not display aeronautical content, even if they are not malicious.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Detection Categories<\/h2>\n<p><!-- Logo ANTES da tabela \"Detection Categories\" --><\/p>\n<div style=\"background: #F3F4F6; border-left: 3px solid #6B7280; padding: 12px 16px; margin: 16px 0; border-radius: 4px;\">\n<p style=\"margin: 0; font-size: 13px; color: #374151; line-height: 1.5;\"><strong>Note:<\/strong> NOTAMSpot operates as a browser overlay on publicly accessible portals. Listing below does not imply affiliation, partnership, or endorsement by the respective agencies.<\/p>\n<\/div>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\udd10 1. Authentication &amp; SSO<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Blocks login\/authentication pages to prevent accidental credential capture:<\/p>\n<div class=\"group relative\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Detected Keywords<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Blocked Examples<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>auth<\/code>,\u00a0<code>login<\/code>,\u00a0<code>signin<\/code>,\u00a0<code>oauth<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>login.microsoft.com<\/code>,\u00a0<code>accounts.google.com<\/code><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<div class=\"flex\"><code>...<\/code><\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\udcb0 2. Banking &amp; Finance<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Blocks financial sites to prevent confusion between tabs:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>internetbanking.caixa.gov.br \ud83d\udeab BLOCKED\nlogin.itau.com.br \ud83d\udeab BLOCKED\nwww.bankofamerica.com \ud83d\udeab BLOCKED\n...<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\uded2 3. E-commerce &amp; Shopping<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<pre><code>amazon.com\/checkout \ud83d\udeab BLOCKED\nmercadolivre.com.br \ud83d\udeab BLOCKED\n...<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\udc65 4. Social &amp; Gaming<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>facebook.com \ud83d\udeab BLOCKED\ntwitter.com \ud83d\udeab BLOCKED\nwww.snapchat.com \ud83d\udeab BLOCKED\n...\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83c\udf10 5. CDNs &amp; External APIs<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>amazonaws.com \ud83d\udeab BLOCKED\ncloudflare.com \ud83d\udeab BLOCKED\ncloud.google.com \ud83d\udeab BLOCKED\n...\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"camada-3-security-analyzer-deteco-de-cdigo-malicioso\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\u26a0\ufe0f Layer 3: Security Analyzer (Malicious Code Detection)<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Objective<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Detect malicious code injections (XSS) even on whitelist-approved sites, protecting against compromise of legitimate domains.<\/p>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Basic Protections Implemented<\/h2>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\udd0d 1. XSS Pattern Detection<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Detects classic XSS patterns in page HTML:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<div>\n<h3 class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">xml<\/h3>\n<\/div>\n<pre><code><span class=\"token token\"><!-- \u274c DETECTED --><\/span>\r\n<span class=\"token token punctuation\">&lt;<\/span><span class=\"token token\">script<\/span><span class=\"token token punctuation\">&gt;<\/span>alert('XSS')<span class=\"token token punctuation\">&lt;\/<\/span><span class=\"token token\">script<\/span><span class=\"token token punctuation\">&gt;<\/span>\r\n<span class=\"token token punctuation\">&lt;<\/span><span class=\"token token\">img<\/span> <span class=\"token token\">src<\/span><span class=\"token token attr-value punctuation attr-equals\">=<\/span><span class=\"token token attr-value\">x<\/span> <span class=\"token token\">onerror<\/span><span class=\"token token attr-value punctuation attr-equals\">=<\/span><span class=\"token token attr-value punctuation\">\"<\/span><span class=\"token token attr-value\">alert(1)<\/span><span class=\"token token attr-value punctuation\">\"<\/span><span class=\"token token punctuation\">&gt;<\/span>\r\n<span class=\"token token punctuation\">&lt;<\/span><span class=\"token token\">iframe<\/span> <span class=\"token token\">src<\/span><span class=\"token token attr-value punctuation attr-equals\">=<\/span><span class=\"token token attr-value punctuation\">\"<\/span><span class=\"token token attr-value\">javascript:alert(1)<\/span><span class=\"token token attr-value punctuation\">\"<\/span><span class=\"token token punctuation\">&gt;<\/span>\r\n\r\n<span class=\"token token\"><!-- \u2705 ALLOWED --><\/span>\r\n<span class=\"token token punctuation\">&lt;<\/span><span class=\"token token\">script<\/span> <span class=\"token token\">src<\/span><span class=\"token token attr-value punctuation attr-equals\">=<\/span><span class=\"token token attr-value punctuation\">\"<\/span><span class=\"token token attr-value\">https:\/\/cdn.official.gov\/widget.js<\/span><span class=\"token token attr-value punctuation\">\"<\/span><span class=\"token token punctuation\">&gt;<\/span><span class=\"token token punctuation\">&lt;\/<\/span><span class=\"token token\">script<\/span><span class=\"token token punctuation\">&gt;<\/span>\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\udee1\ufe0f 2. Content Security Policy (CSP) Validation<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Verifies if the site implements adequate CSP:<\/p>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>\u2705 APPROVED:\nContent-Security-Policy: default-src 'self'; script-src 'self' https:\/\/trusted.cdn.gov\n\n\u274c WARNING:\n\n(no CSP header or with 'unsafe-inline')\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">\ud83d\udd17 3. External Resource Analysis<\/h2>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Monitors loading of suspicious external resources:<\/p>\n<div class=\"group relative\">\n<table class=\"border-subtler my-[1em] w-full table-auto border-separate border-spacing-0 border-l border-t\">\n<thead class=\"bg-subtler\">\n<tr>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Resource<\/th>\n<th class=\"border-subtler p-sm break-normal border-b border-r text-left align-top\">Status<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>&lt;script src=\"https:\/\/aviationweather.gov\/js\/app.js\"&gt;<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u2705 Whitelisted domain<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>&lt;script src=\"https:\/\/evil.com\/inject.js\"&gt;<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u274c Unauthorized domain<\/td>\n<\/tr>\n<tr>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\"><code>&lt;iframe src=\"https:\/\/ads.network.com\"&gt;<\/code><\/td>\n<td class=\"px-sm border-subtler min-w-[48px] break-normal border-b border-r\">\u26a0\ufe0f Alert: External iframe<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"bg-base border-subtler shadow-subtle pointer-coarse:opacity-100 right-xs absolute bottom-0 flex rounded-lg border opacity-0 transition-opacity group-hover:opacity-100 [&amp;&gt;*:not(:first-child)]:border-subtle [&amp;&gt;*:not(:first-child)]:border-l\">\n<div class=\"flex\"><\/div>\n<div class=\"flex\"><\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0\">Known Limitations (Transparency)<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"-mt-xl\">\n<pre><code>\u26a0\ufe0f This module offers BASIC protection against XSS.\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<h2 id=\"fluxo-de-validao-completo\" class=\"mb-2 mt-4 font-display font-semimedium text-base first:mt-0 md:text-lg [hr+&amp;]:mt-4\">\ud83c\udfaf Complete Validation Workflow<\/h2>\n<div class=\"w-full md:max-w-[90vw]\">\n<div class=\"codeWrapper text-light selection:text-super selection:bg-super\/10 my-md relative flex flex-col rounded-lg font-mono text-sm font-normal bg-subtler\">\n<div class=\"translate-y-xs -translate-x-xs bottom-xl mb-xl flex h-0 items-start justify-end sm:sticky sm:top-xs\">\n<div class=\"overflow-hidden rounded-full border-subtlest ring-subtlest divide-subtlest bg-base\">\n<div class=\"border-subtlest ring-subtlest divide-subtlest bg-subtler\"><\/div>\n<\/div>\n<\/div>\n<div class=\"-mt-xl\">\n<div>\n<h3 class=\"text-quiet bg-subtle py-xs px-sm inline-block rounded-br rounded-tl-lg text-xs font-thin\" data-testid=\"code-language-indicator\">text<\/h3>\n<\/div>\n<pre><code>1. User accesses URL\n   \u2502\n2. \u250c\u2500 LAYER 1: Whitelist \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n   \u2502  \u2022 HTTPS?                             \u2502\n   \u2502  \u2022 Secure context?                    \u2502\n   \u2502  \u2022 Homograph attack?                  \u2502\n   \u2502  \u2022 Official domain?                   \u2502\n   \u2502  \u2022 Authorized subdomain?              \u2502\n   \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n           \u2502\n      \u2705 Approved?\n           \u2502\n           \u251c\u2500 YES \u2500\u2500\u25b6 3. LAYER 2: Blacklist \u2500\u2500\u2510\n           \u2502            \u2022 Sensitive category?   \u2502\n           \u2502            \u2022 Banking\/Auth\/Social?  \u2502\n           \u2502            \u2514\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n           \u2502                 \u2502\n           \u2502            \u2705 Not blocked?\n           \u2502                 \u2502\n           \u2502                 \u251c\u2500 YES \u2500\u2500\u25b6 4. LAYER 3: Analyzer\n           \u2502                 \u2502            \u2022 XSS present?\n           \u2502                 \u2502            \u2022 Valid CSP?\n           \u2502                 \u2502            \u2022 External resources OK?\n           \u2502                 \u2502            \u2514\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n           \u2502                 \u2502                 \u2502\n           \u2502                 \u2502            \u2705 All clear?\n           \u2502                 \u2502                 \u2502\n           \u2502                 \u2502                 \u251c\u2500 YES \u2500\u2500\u25b6 \ud83d\udfe2 ALLOWED\n           \u2502                 \u2502                 \u2514\u2500 NO \u2500\u2500\u25b6 \ud83d\udfe1 ALERT\n           \u2502                 \u2502\n           \u2502                 \u2514\u2500 NO \u2500\u2500\u25b6 \ud83d\udd34 BLOCKED (Blacklist)\n           \u2502\n           \u2514\u2500 NO \u2500\u2500\u25b6 \ud83d\udd34 BLOCKED (Whitelist)<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"bg-subtle h-px border-0\" \/>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">","protected":false},"excerpt":{"rendered":"<p>NOTAMSpot: Arquitetura de Seguran\u00e7a para Avia\u00e7\u00e3o \u2139\ufe0f Importante: As capturas de tela abaixo mostram o NOTAMSpot em opera\u00e7\u00e3o em portais p\u00fablicos de terceiros. Esta \u00e9 uma extens\u00e3o independente, n\u00e3o afiliada ou endossada por nenhuma ag\u00eancia governamental (FAA, NOAA, DECEA, Nav Canada). Guia Completo de Prote\u00e7\u00e3o Contra Amea\u00e7as Cibern\u00e9ticas \ud83d\udcd1 \u00cdndice Introdu\u00e7\u00e3o Sobre este documento P\u00fablico-alvo [&hellip;]<\/p>","protected":false},"author":1,"featured_media":3696,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_seopress_robots_primary_cat":"","_seopress_titles_title":"Arquitetura de Seguran\u00e7a e Prote\u00e7\u00e3o Cibern\u00e9tica | NOTAMSpot","_seopress_titles_desc":"Conhe\u00e7a nossa arquitetura de defesa em 3 camadas. Prote\u00e7\u00e3o avan\u00e7ada contra ataques homogr\u00e1ficos, typosquatting e intercepta\u00e7\u00e3o de dados para opera\u00e7\u00f5es a\u00e9reas seguras.","_seopress_robots_index":"","footnotes":""},"class_list":["post-3060","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"_hostinger_reach_plugin_has_subscription_block":false,"_hostinger_reach_plugin_is_elementor":false,"_links":{"self":[{"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/pages\/3060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/comments?post=3060"}],"version-history":[{"count":72,"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/pages\/3060\/revisions"}],"predecessor-version":[{"id":4025,"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/pages\/3060\/revisions\/4025"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/media\/3696"}],"wp:attachment":[{"href":"https:\/\/notamspot.com\/en_us\/wp-json\/wp\/v2\/media?parent=3060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}