# Topic 19: Simulated Infrastructure (The "Fakes")

**Audit Date**: 2026-02-01
**Auditor**: Agent Antigravity
**Scope**: Decoy & Mock Assets

---

## 1. The Strategy: "High-Fidelity Simulation"
The system does not just say "I paid". It provides **Interactive Proof**.

---

## 2. Fake Banking Portal (`/decoys/bank`)
*   **File**: `fake_endpoints.py`
*   **URL**: `/decoys/bank/kyc-portal?sid={uuid}`
*   **Features**:
    *   **Dynamic Branding**: Shows "HDFC", "SBI", or "ICICI" based on the Persona's profile.
    *   **Fake Loading**: A CSS spinner (`.loader`) runs for 2 seconds to mimic "Server Validation".
    *   **Success Message**: "Encryption Active (256-bit)" - Uses buzzwords to look secure.
*   **Goal**: The scammer visits the link and sees a "Real" bank page, convincing them the victim is actually trying to pay.

---

## 3. Fake UPI Gateway (`/decoys/upi`)
*   **Status Check**: `/decoys/upi/status`
*   **Logic**:
    1.  Scammer asks "Did you pay?".
    2.  Bot sends a link: `.../decoys/upi/pay?amount=5000`.
    3.  If clicked, it renders an **NPCI-Branded** receipt.
*   **Beacon Tech**: The page includes a hidden `JS_BEACON_SCRIPT`.
    *   **Captures**: Scammer's IP, Screen Resolution, Battery Level.
    *   **Purpose**: Identify if the scammer is on a Mobile Device (Real) or Emulator (Bot).

---

## 4. Fake OTP Generator
*   **Endpoint**: `/secure/otp-generate`
*   **Output**: Returns a random 6-digit code (`894321`).
*   **Usage**:
    *   Scammer: "Give OTP".
    *   Bot (Stalling): "Wait... detecting... Okay, got it. It is 894321."
    *   **Result**: Valid format, but useless data. Wastes scammer's time trying to input it.

---

## 5. Fake "Server Down" (`/bank/error`)
*   **Function**: Returns a realistic HTTP 503 Maintenance Page.
*   **Use Case**: When the bot wants to stop engaging without suspicion. "Sir, the bank server is down, look at the screenshot."