| CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1483 (2013.01)] | 20 Claims |
|
1. A polymorphic non-attributable website monitoring process comprising the steps of:
identifying, by a control server, a threat domain to monitor;
determining, by the control server, first obfuscating criteria;
generating, by the control server, a first obfuscated request based on the first obfuscating criteria;
transmitting, by the control server, the first obfuscated request to the threat domain;
determining, by the control server, whether the threat domain resolves;
determining, by the control server, whether the threat domain is accessible;
storing, by the control server in a database, whether the threat domain resolved and whether the threat domain was accessible;
if the threat domain resolved and was accessible:
capturing, by the control server from the threat domain, site information;
generating, by the control server based on the site information, a current fingerprint for the threat domain;
comparing, by the control server based, the current fingerprint to a prior fingerprint to determine if the threat domain has changed;
capturing, by the control server from the threat domain, a screenshot if the threat domain has changed or if the threat domain was not previously observed;
capturing, by the control server from the threat domain, a response to the first obfuscated request;
determining, by the control server, whether the threat domain is secure;
capturing, by the control server from the threat domain, certificate information if the threat domain is secure; and
storing, by the control server in the database, data observed from the threat domain.
|