Polymorphic non-attributable website monitor

Assignee

• Bank of America Corporation · US

Inventors

• Robert Riley Zink · Golden, US
• Eric Joseph DePree · Evanston, US
• Stephanie Pirman · Chicago, US
• Jared Wilson · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1483
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Polymorphic non-attributable processes and architectures to monitor threat domains (e.g., pharming or phishing websites) are disclosed. Obfuscated requests may be generated by control servers to be blended in with normal traffic sent over cloud networks with randomized exit nodes or with normal traffic sent through an anonymization network. Requests may be sent at randomized intervals or time periods determined algorithmically. The requests are obfuscated in order to mask the origination information and location so that the threat actor does not detect that the website is being monitored. User agents may be spoofed and requests may present as if they originated from residential IP addresses. Automatic real-time monitoring can be provided to determine when sites resolve and are addressable. Fingerprint information, screenshots, security certificate, and other threat domain data can be captured. Request responses can be scanned for threat indicia.