What Happens When an Intruder Hits a Fake Portal

Deception technology sounds straightforward in theory. But what actually happens — second by second — when an attacker discovers and interacts with one of your fake assets? Here is the full picture.

The Setup

Before the attacker arrives, Purim NetGo has deployed several deception assets across your network. One of them is a fake admin portal — a convincing login page that mimics your real admin interface. It appears in the same subnet as your real systems and looks completely authentic.

No legitimate employee has any reason to visit it. It exists only to attract unauthorized access.

Second-by-Second: What Happens

🔍

T+0:00 — Discovery

Attacker Finds the Portal

While scanning the network, the attacker finds a list of active hosts. The fake portal appears alongside real systems — indistinguishable. The attacker navigates to it and sees a convincing admin login page.

📡

T+0:01 — First Contact

Purim NetGo Captures the Hit

The moment the browser loads the page, Purim NetGo captures a full intelligence package:

IP Address185.220.101.47

LocationFrankfurt, Germany

ISPTor Exit Node (anonymized)

DeviceDesktop — Linux / Firefox

Timestamp02:14:33 UTC

🚨

T+0:02 — Alert Fired

You Get Notified Instantly

Within seconds, real-time alerts fire across all configured channels — email and SMS. The alert includes the full intelligence capture. You know you have an intruder before they have had a chance to do anything further.

🔎

T+0:05 — Investigation

One-Click IP Lookup

From the Boss Panel, you click the WHO? button next to the event. Purim NetGo runs a deep IP investigation — threat score, ASN, VPN/Tor detection, abuse history — and displays it in seconds.

📄

T+0:10 — Documentation

Incident Report Generated

With one click, a full PDF incident report is generated — capturing all event data, IP intelligence, timestamps, and trap details. Ready for legal, compliance, or law enforcement use immediately.

💡 The attacker has no idea they have been detected. They continue operating while you gather intelligence and prepare your response. That is the strategic advantage of deception technology.

Total Time From Breach to Awareness: Under 60 Seconds

Compare that to the industry average of 200+ days to detect a breach through traditional means. Start your free trial and have your first trap active in minutes.