Phishing Kits
Catch the kit before it catches your customers
Phishing kits — pre-packaged HTML/JS payloads designed to mimic your login page — are identifiable by their file signatures and HTML structure. Brandefense fingerprints active kits on detected domains before victims arrive.
Fingerprinting methodology
Kit detection via HTML hash and file signature matching
Known phishing kits have predictable HTML structures, file paths, and JavaScript patterns. Brandefense maintains a signature database of kit variants and cross-references every detected lookalike domain against it.
HTML hash matching — page source is hashed and compared against known kit signatures. 16Shop, xBalti, EvilProxy, and regional banking kit families are all catalogued.
File path fingerprinting — kits often include distinctive file paths (e.g. specific JS file names, image directory structures). These serve as secondary signatures when HTML content is obfuscated.
Screenshot analysis — automated screenshots of detected domains are cross-referenced against brand asset libraries to detect visual impersonation regardless of kit signature match.
Get started
Active phishing kits targeting your brand
Brandefense fingerprints kits on detected domains and escalates immediately.