Abstract: Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., “shingles”), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.

Abstract: Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the web site information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Abstract: Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Abstract: Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., “shingles”), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.

Abstract: Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Abstract: Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., “shingles”), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.

Abstract: A method includes receiving a seed at a computing device. The method further includes identifying, based on first domain name system (DNS) data, first border gateway protocol (BGP) data, first whois data, or a combination thereof, a plurality of first internet-facing assets related to the seed. The method further includes identifying, based on second DNS data, second BGP data, second whois data, or a combination thereof, a plurality of second internet-facing assets related to at least one of the first internet-facing assets. The method further includes generating a graphical user interface (GUI) that includes a list of internet-facing assets related to the seed, where the list includes the plurality of first internet-facing assets and the plurality of second internet-facing assets.