I typically do not recommend any service in this forum, however, there are a lot of snake oil in the cyber security industry (specially regarding DRM/Obfuscation products), I’ll allow myself to make an exception .
Jscrambler has two features that I believe would be useful for your case:
- Domain Locks.
- Runtime defenses.
Note that they have a startup package that is considerably cheaper, however, they typically reduce the protection strength significantly.
I take a quote from their site regarding the protection that you are interested in:
Preventing Scam Copycat Pages
However, this is not always the case. If attackers for some reason choose to copy the entire source code, there are some preventive measures that can raise the cost of creating the copycat page. For one, protecting the website source code with runtime defenses will make it much more difficult for attackers to retrieve the source code. These runtime defenses not only prevent the usage of debuggers but also derail execution if the protected code is changed (which would be the case when attackers want to create a new scam landing page). Additionally, it’s possible to protect this same source code with domain locks that, when coupled with real-time notifications, trigger a critical security warning when someone attempts to run the code outside of the official company domain.
These, of course, are not foolproof measures, as it’s technically impossible to ensure that a website’s source code can’t be retrieved or reused by attackers. But the key takeaway here is that these security controls can vastly increase the cost of the attack to the point where scammers are more likely to move on to other targets.