Systems and methods for top-level domain analysis
Abstract
A system may be configured to identify a Person of Interest by analyzing top level domains. Some implementations may include receiving a target top-level domain (TLD) (e.g., originating from a geographic area of interest). A network packet of internet traffic may be captured and it may be determined that a destination port of the captured network traffic is an open port. A counter may be incremented based on the determined open port and/or determining a payload of the network packet comprises an expression matching the target TLD. An alert associated with the target TLD may be transmitted based on determining the counter exceeds a threshold. The internet traffic may be disrupted based on determining the counter exceeds a threshold.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer program product comprising:
a computer-readable storage medium; and instructions stored on the computer-readable storage medium that, when executed by a processor, causes the processor to:
receive a target top-level domain (TLD);
capture a network packet of internet traffic;
determine a destination port of the captured network packet is an open port;
increment, based on the determined open port and determining a payload of the network packet comprises an expression matching the target TLD, a counter; and
transmit, based on determining the counter exceeds a threshold, an alert associated with the target TLD.
2 . The computer-readable medium product of claim 1 , wherein the destination port is determined based on a Transmission Control Protocol/Internet Protocol (TCP/IP) Transport Layer (Layer 4) of the network packet.
3 . The computer program product of claim 1 , wherein the instructions further cause the processer to generate a log entry associated with the network packet.
4 . The computer program product of claim 1 , wherein the instructions further cause the processer to disrupt, based on determining the counter exceeds a threshold, the internet traffic.
5 . The computer program product of claim 1 , wherein the destination port is associated with encrypted traffic and the expression comprises a name field.
6 . The computer program product of claim 1 , wherein the destination port is associated with domain name system (DNS) queries and the expression comprises a server name indication.
7 . The computer program product of claim 1 , wherein the target TLD is received from a database.
8 . The computer program product of claim 1 , wherein the TLD originates from a geographic area of interest.
9 . A system comprising:
one or more processors; and memory including instructions that, when executed by the one or more processors, cause the system to:
receive a target top-level domain (TLD);
capture a network packet of internet traffic;
determine a destination port of the captured network packet is an open port;
determine, based on the determined open port, a payload of the network packet comprises an expression matching the target TLD; and
transmit, based the expression matching the target TLD, an alert associated with the target TLD.
10 . The system of claim 9 , wherein the destination port is determined based on a Transmission Control Protocol/Internet Protocol (TCP/IP) Transport Layer (Layer 4) of the network packet.
11 . The system of claim 9 , wherein the instructions further cause the system to generate a log entry associated with the network packet.
12 . The system of claim 9 , wherein the instructions further cause the system to disrupt, based on the expression matching the target TLD, the internet traffic.
13 . The system of claim 9 , wherein the destination port is associated with encrypted traffic and the expression comprises a name field.
14 . The system of claim 9 , wherein the destination port is associated with domain name system (DNS) queries and the expression comprises a server name indication.
15 . The system of claim 9 , wherein the target TLD is received from a database.
16 . The system of claim 9 , wherein the TLD originates from a geographic area of interest.
17 . A method comprising:
receiving a target top-level domain (TLD); capturing a network packet of internet traffic; determining, based on determining a destination port of the captured network packet is an open port, a payload of the network packet comprises an expression matching the target TLD; and incrementing, based on the expression matching the target TLD, a counter; determining the counter exceeds a threshold; transmitting, based on the counter exceeding the threshold, an alert associated with the target TLD.
18 . The method of claim 17 , wherein the destination port is determined based on a Transmission Control Protocol/Internet Protocol (TCP/IP) Transport Layer (Layer 4) of the network packet.
19 . The method of claim 17 , wherein the destination port is associated with encrypted traffic and the expression comprises a name field.
20 . The method of claim 17 , wherein the destination port is associated with domain name system (DNS) queries and the expression comprises a server name indication.Join the waitlist — get patent alerts
Track US2023254345A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.