Content scraping and competitive intelligence operations target high-ranking sites to understand what is working. A competitor or intelligence platform that can map the full content architecture of a successful site — every page, every geo target, every article topic — can attempt to replicate the strategy. Blocking these operators entirely reveals that they have been detected. Serving them maze content lets them believe they have successfully gathered intelligence while learning nothing real.
When the gate classifies a visitor as FOE, the request is transparently forwarded to the mirror maze handler. The maze serves HTML pages with plausible content structure, correct HTTP 200 status codes, and realistic response times. Links within maze pages lead to other maze pages, keeping the adversary in the maze across a full session.
The maze content is not random — it is structured to appear coherent and complete to an automated scraper while being useless for replication. Page titles exist. Navigation exists. Content exists. But the architecture, the geographic targeting logic, the article clustering, and the SEO signals that produce rankings are absent or inverted.
The maze includes fingerprinting — adversary classes receive content with inverted infrastructure signatures. Tencent-class visitors receive pages fingerprinted to look like Alibaba infrastructure. Alibaba-class visitors receive Zayo fingerprints. If two adversary actors from different classes compare their intelligence reports about the same site, they find contradictions.
The canary link system detects crossover — hidden URLs in maze content that, if followed, confirm the maze session has led to a real site request. A canary hit is evidence that maze content is crossing over into real research operations, providing intelligence about adversary information-sharing behavior.
The MM deployment mirror maze was first deployed on Day 29 at 5:41 PM. The first catch occurred 32 seconds later. By Day 37, 175 foe IPs had been logged, 11 confirmed maze sessions had run, and the canary link had been hit once — confirming crossover from a Tencent-class actor carrying Zayo fingerprints back to a session that accessed a real URL.