Data processing systems for tracking reputational risk via scanning and registry lookup

US 10,104,103 B1
Filed: 01/19/2018
Issued: 10/16/2018
Est. Priority Date: 01/19/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for scanning and analyzing a plurality of web domains, the method comprising:

determining, by one or more processors, one or more terms associated with the first entity;

scanning, by the one or more processors, a plurality of web domains to determine whether the plurality of web domains contain one or more domains related to the one or more terms;

in response to determining that the plurality of web domains contain one or more domains related to the one or more terms, performing, by one or more processors, a registry lookup for the one or more domains to retrieve registry information for each of the one or more domains;

determining, by the one or more processors, based at least in part on the registry information, whether each of the one or more domains are associated with a first entity;

in response to determining that a particular domain of the one or more domains is associated with a second entity, rather than the first entity, analyzing, by one or more processors, one or more webpages within the particular domain to determine a level of risk posed by the particular domain to the first entity;

determining, by the one or more processors, whether the level of risk exceeds a threshold level of risk; and

in response to determining that the level of risk exceeds a threshold level of risk, determining, by the one or more processors, based at least in part on the registry information of the particular domain of the one or more domains, an identified registrant of the particular domain;

generating, by the one or more processors, a takedown notice to provide to the identified registrant of the particular domain that is associated with the second entity; and

automatically transmitting the takedown notice to the identified registrant of the particular domain that is associated with the second entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A domain scanning and website analysis system may be utilized to determine whether an entity is registering one or more websites maliciously in the name of a particular organization (e.g., or using a particular brand name, trademark, or other protected name of the organization). The system may be configured to: (1) scan a plurality of web domains to identify a particular name or variation thereof; (2) perform a registry lookup for any identified web domains that include the particular name; (3) determine based on registration information determined from the registry lookup, whether the identified domain or sub-domain is registered to a potentially malicious entity; (4) scan one or more webpages in the identified domain to determine content; and (5) determine, based on the determined content and whether the web domain is registered to a potentially malicious entity, whether to take action against the identified domain or sub-domain.

Citations

19 Claims

1. A computer-implemented data processing method for scanning and analyzing a plurality of web domains, the method comprising:
- determining, by one or more processors, one or more terms associated with the first entity;
  
  scanning, by the one or more processors, a plurality of web domains to determine whether the plurality of web domains contain one or more domains related to the one or more terms;
  
  in response to determining that the plurality of web domains contain one or more domains related to the one or more terms, performing, by one or more processors, a registry lookup for the one or more domains to retrieve registry information for each of the one or more domains;
  
  determining, by the one or more processors, based at least in part on the registry information, whether each of the one or more domains are associated with a first entity;
  
  in response to determining that a particular domain of the one or more domains is associated with a second entity, rather than the first entity, analyzing, by one or more processors, one or more webpages within the particular domain to determine a level of risk posed by the particular domain to the first entity;
  
  determining, by the one or more processors, whether the level of risk exceeds a threshold level of risk; and
  
  in response to determining that the level of risk exceeds a threshold level of risk, determining, by the one or more processors, based at least in part on the registry information of the particular domain of the one or more domains, an identified registrant of the particular domain;
  
  generating, by the one or more processors, a takedown notice to provide to the identified registrant of the particular domain that is associated with the second entity; and
  
  automatically transmitting the takedown notice to the identified registrant of the particular domain that is associated with the second entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer-implemented data processing method of claim 1, wherein the predefined action comprises:
    - generating, by one or more processors, a report comprising the particular domain and the level of risk; and
      
      displaying, by one or more processors, the report to an individual associated with the first entity.
  - 3. The computer-implemented data processing method of claim 1, wherein the one or more terms associated with the first entity comprise one or more terms selected from the group consisting of:
    - i. one or more brand names associated with the first entity; and
      
      ii. one or more trademarks associated with the first entity.
  - 4. The computer-implemented data processing method of claim 3, wherein the method further comprises:
    - determining, by the one or more processors, one or more common misspellings for the one or more terms; and
      
      scanning, by the one or more processors, the plurality of web domains to determine whether the plurality of web domains comprise or more domains containing the one or more common misspellings.
  - 5. The computer-implemented data processing method of claim 1, wherein determining whether each of the one or more domains is associated with the first entity comprises determining whether each of the one or more domains are registered to a blind corporation.
  - 6. The computer-implemented data processing method of claim 5, wherein determining whether each of the one or more domains is associated with the first entity further comprises determining whether the first entity is associated with the blind corporation.
  - 7. The computer-implemented data processing method of claim 1, wherein analyzing the one or more webpages within the particular domain to determine a level of risk posed by the particular domain to the first entity comprises analyzing one or more pieces of content on the one or more webpages.
  - 8. The computer-implemented data processing method of claim 1, wherein analyzing the one or more webpages within the particular domain to determine a level of risk posed by the particular domain to the first entity comprises:
    - identifying a first link on the one or more webpages;
      
      determining a target webpage of the first link; and
      
      determining whether the target webpage is associated with an entity other than the first entity.
  - 9. The computer-implemented data processing method of claim 8, wherein the method comprises determining the level of risk based on whether the target webpage is associated with an entity other than the first entity.
  - 10. The computer-implemented data processing method of claim 9, wherein:
    - analyzing the one or more webpages within the particular domain to determine a level of risk posed by the particular domain to the first entity comprises analyzing one or more pieces of content on the one or more webpages; and
      
      the step of determining a level of risk posed by the particular domain to the first entity comprises determining the level of risk based, at least in part, on the analyzed one or more pieces of content.
  - 11. The computer-implemented data-processing method of claim 1, wherein:
    - analyzing the one or more webpages within the particular domain comprises analyzing one or more pieces of content on the one or more webpages within the particular web domain;
      
      analyzing one or more pieces of content on the one or more webpages within the particular web domain comprises;
      
      identifying one or more pieces of text within the one or more webpages; and
      
      determining whether the one or more pieces of text comprise one or more negative words associated with the one or more terms; and
      
      determining the level of risk posed by the particular domain to the first entity comprises determining the level of risk based on whether the one or more pieces of text comprise one or more negative words associated with the one or more terms.
  - 12. The computer-implemented data-processing method of claim 1, wherein:
    - analyzing the one or more webpages within the particular domain comprises analyzing one or more pieces of content on the one or more webpages within the particular web domain;
      
      the one or more pieces of content comprise a first link; and
      
      analyzing the one or more pieces of content on the one or more webpages within the particular web domain comprises;
      
      determining a target website of the first link;
      
      determining a target website registrant of the first link; and
      
      determining whether the target website registrant is a competitor of the first entity; and
      
      determining the level of risk posed by the particular domain to the first entity comprises determining the level of risk based on whether the target website registrant is a competitor of the first entity.
  - 13. The computer-implemented data-processing method of claim 12, wherein:
    - the one or more pieces of content comprise a second link; and
      
      analyzing the one or more pieces of content on the one or more webpages within the particular web domain comprises determining whether a first target website of the second link redirects to a second target website; and
      
      determining a level of risk posed by the particular domain to the first entity comprises determining the level of risk based on whether the first target website of the second link redirects to a second target website.
  - 14. The computer-implemented data-processing method of claim 1, wherein:
    - the scanning step is a first scanning step that comprises scanning a plurality of subdomains within a particular top-level domain;
      
      the particular domain of the one or more domains is a subdomain of the particular top-level domain; and
      
      the method further comprises performing a second scan of a second particular top-level domain for the subdomain.
  - 15. The computer-implemented data-processing method of claim 1, wherein:
    - the scanning step is a first scanning step;
      
      the method comprises performing a second scan, by the one or more processors, of the plurality of web domains and a plurality of subdomains to the plurality of web domains to identify a second particular web domain of the plurality of web domains plurality of subdomains that comprises the one or more terms, wherein;
      
      the second scan occurs at a time after the first scanning step.

16. A computer-implemented data-processing method of analyzing a risk level of a particular web domain to a first entity, the method comprising:
- determining, by one or more processors, one or more terms associated with the first entity;
  
  determining, by the one or more processors, one or more common misspellings of the one or more terms;
  
  scanning, by the one or more processors, a plurality of web domains to identify a particular web domain of the plurality of web domains that comprises the one or more terms or the one or more common misspellings;
  
  in response to identifying the particular domain, performing, by one or more processors, a registry lookup for the particular domain to determine a registrant of the particular domain;
  
  determining, the by one or more processors, based at least in part on the registry information, whether the registrant is associated with the first entity;
  
  identifying, by the one or more processors, a first link on one or more webpages within the particular web domain;
  
  determining, by the one or more processors, a target webpage of the first link;
  
  determining, by the one or more processors, whether the target webpage is associated with an entity other than the first entity;
  
  determining, by the one or more processors, based at least in part on whether the registrant is associated with the first entity and whether the target webpage is associated with an entity other than the first entity, a level of risk posed by the particular web domain to the first entity;
  
  determining, by the one or more processors, whether the level of risk exceeds a threshold level of risk; and
  
  in response to determining that the level of risk exceeds a threshold level of risk, determining, by the one or more processors, based at least in part on the registry information of the particular domain of the one or more domains, an identified registrant of the particular domain;
  
  generating, by the one or more processors, a takedown notice to provide to the identified registrant of the particular domain that is associated with the second entity; and
  
  automatically transmitting the takedown notice to the identified registrant of the particular domain that is associated with the second entity.
- View Dependent Claims (17, 18, 19)
- - 17. The computer-implemented data-processing method of claim 16, wherein determining, whether the target webpage is associated with an entity other than the first entity comprises analyzing the content of the target webpage to determine whether the content comprises content associated with a competitor of the first entity.
  - 18. The computer-implemented data-processing method of claim 17, wherein determining whether the target webpage is associated with an entity other than the first entity further comprises:
    - determining a host domain of the target webpage; and
      
      determining whether the host domain is registered by an entity associated with the first entity.
  - 19. The computer-implemented data-processing method of claim 18, wherein the predefined action is selected from a group consisting of:
    - i. generating a report comprising the particular domain and the level of risk, and displaying the report to an individual associated with the first entity; and
      
      ii. substantially automatically generating and issuing a takedown notice for the particular domain; and
      
      automatically transmitting the takedown notice to the second entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Beaumont, Richard, Mannix, John
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/875,570
Time in Patent Office

270 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

Data processing systems for tracking reputational risk via scanning and registry lookup

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for tracking reputational risk via scanning and registry lookup

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links