	US 12,470,513 B2
	Systems and methods for discovery of brand-registered domain names
Gaurav Mitesh Dalal, Fremont, CA (US); and Ali Mesdaq, San Jose, CA (US)
Assigned to Proofpoint, Inc., Sunnyvale, CA (US)
Filed by PROOFPOINT, INC., Sunnyvale, CA (US)
Filed on Dec. 21, 2020, as Appl. No. 17/129,804.
Application 17/129,804 is a continuation of application No. 16/244,955, filed on Jan. 10, 2019, granted, now 10,887,278.
Prior Publication US 2021/0112030 A1, Apr. 15, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 61/3015 (2022.01); G06F 16/2458 (2019.01); G06F 16/951 (2019.01); H04L 61/4511 (2022.01)

CPC H04L 61/302 (2013.01) [G06F 16/2468 (2019.01); G06F 16/951 (2019.01); H04L 61/4511 (2022.05)]

20 Claims

1. A method for network domain discovery, comprising:

obtaining, by a computer from a domain name system using at least an Autonomous System Number, an Internet Protocol address, or a company name, infrastructure data for a seed domain owned by a brand-owner, the infrastructure data for the seed domain containing infrastructure details that can be utilized in identifying domains owned by the brand-owner;

determining, using WHOIS data for the seed domain, whether the seed domain is registered privately to anonymize a registrant's personal information;

responsive to determining that the seed domain is registered privately:

performing, by the computer, an infrastructure data matching procedure utilizing the infrastructure details, the infrastructure data matching procedure producing candidate network domains owned by the brand-owner,

wherein the infrastructure data matching procedure comprises at least one of a full match or a configuration parameter match,

wherein the full match comprises determining whether an infrastructure detail of each candidate network domain fully matches a corresponding infrastructure detail of the seed domain, and

wherein the configuration parameter match comprises determining whether an infrastructure detail of each candidate network domain fully matches a user-provided configuration parameter of the seed domain;

performing, by the computer, a reverse lookup procedure for each candidate network domain found through the infrastructure data matching procedure, the reverse lookup procedure comprising:

obtaining, from a WHOIS database, WHOIS data for each candidate network domain;

determining a registered WHOIS field value from the WHOIS data for each candidate network domain; and

querying the WHOIS database for network domains owned by the brand-owner, each of the network domains having a registered WHOIS field value that fully matches the registered WHOIS field value for each candidate network domain; and

generating, by the computer, a user interface for presenting, on a client device, the network domains owned by the brand-owner which are discovered through the reverse lookup procedure.