Method and device for detecting malicious url
US-2015244728-A1 · Aug 27, 2015 · US
Neutralizing malicious locators
US10601846B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10601846-B2 |
| Application number | US-201816236680-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 31, 2018 |
| Priority date | Jun 29, 2016 |
| Publication date | Mar 24, 2020 |
| Grant date | Mar 24, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems for neutralizing malicious locators. Threat actors may shut down their web pages or applications (i.e., resources) that serve malicious content upon receiving request(s) configured to be perceived by the resource as non-browser requests. Therefore, initiating (large-scale) non-browser requests, or requests that are at least perceived as non-browser requests, may effectively act to inhibit, or even nullify, intended attack vectors.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for neutralizing at least one malicious locator accessible through a network, the method comprising: identifying, through a computer interface within a computing device comprising a non-transitory computer-readable medium that is not a transitory signal, a locator referring to a location of a malicious network-accessible resource that serves malicious content; requesting content from the locator via at least one non-browser program a plurality of times until the malicious network-accessible resource discontinues serving the malicious content; and issuing an alert to inform an end-user that the malicious network-accessible resource has discontinued serving the malicious content or adding the locator to a list of malicious network locations. 2. The method of claim 1 wherein the locator is a uniform resource identifier (URI). 3. The method of claim 1 wherein requesting content from the locator includes requesting content through at least one of a curl command and a wget command. 4. The method of claim 1 wherein requesting content from the locator includes requesting content via a plurality of programs configured to be perceived by the resource as non-browser programs. 5. The method of claim 1 further comprising associating the at least one non-browser program with a desired internet protocol (IP) address. 6. The method of claim 1 wherein the locator is a uniform resource locator (URL). 7. The method of claim 1 further comprising requesting content from the locator via at least one browser program. 8. The method of claim 7 further comprising determining the malicious network-accessible resource has discontinued service upon the malicious network-accessible resource not returning content in response to the request for content via the at least one browser program. 9. A system for neutralizing at least one malicious locator accessible through a network, the system comprising: an interface to a non-transitory computer-readable medium; a network interface; and a processor in communication with the medium interface and the network interface, the processor configured to: identify a locator referring to a location of a malicious network-accessible resource that serves malicious content; request content from the locator via at least one non-browser program a plurality of times until the malicious network-accessible resource discontinues serving the malicious content; and issue an alert to inform an end-user that the malicious network-accessible resource has discontinued serving the malicious content or adding the locator to a list of malicious network locations. 10. The system of claim 9 wherein the locator is a uniform resource identifier (URI). 11. The system of claim 9 wherein the processor is configured to request the content from the locator through at least one of a curl command and a wget command. 12. The system of claim 9 wherein the processor is configured to request the content from the locator via a plurality of programs configured to be perceived by the resource as non-browser programs. 13. The system of claim 9 wherein the processor is further configured to associate the at least one non-browser program with a desired internet protocol (IP) address. 14. The system of claim 9 wherein the locator is a uniform resource locator (URL). 15. The system of claim 9 wherein the processor is further configured to request content from the locator via at least one browser program. 16. The system of claim 15 wherein the processor is further configured to determine the malicious network-accessible resource has discontinued service upon the malicious network-accessible resource not returning content in response to the request for content via the at least one browser program. 17. A non-transitory computer readable medium containing computer-executable instructions for performing a method for neutralizing at least one malicious locator accessible through a network, the method comprising: computer-executable instructions for identifying, through a computer interface within a computing device comprising a non-transitory computer-readable medium that is not a transitory signal, a locator referring to a location of a malicious network-accessible resource that serves malicious content; computer-executable instructions for requesting content from the locator via at least one non-browser program a plurality of times until the malicious network-accessible resource discontinues serving the malicious content; and computer-executable instructions for issuing an alert to inform an end-user that the malicious network-accessible resource has discontinued serving the malicious content or adding the locator to a list of malicious network locations.
Assignees
Inventors
Classifications
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10601846B2 cover?
- Methods and systems for neutralizing malicious locators. Threat actors may shut down their web pages or applications (i.e., resources) that serve malicious content upon receiving request(s) configured to be perceived by the resource as non-browser requests. Therefore, initiating (large-scale) non-browser requests, or requests that are at least perceived as non-browser requests, may effectively …
- Who is the assignee on this patent?
- Rapid7 Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 24 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).