Abstract: Polymorphic non-attributable processes and architectures to monitor threat domains (e.g., pharming or phishing websites) are disclosed. Obfuscated requests may be generated by control servers to be blended in with normal traffic sent over cloud networks with randomized exit nodes or with normal traffic sent through an anonymization network. Requests may be sent at randomized intervals or time periods determined algorithmically. The requests are obfuscated in order to mask the origination information and location so that the threat actor does not detect that the website is being monitored. User agents may be spoofed and requests may present as if they originated from residential IP addresses. Automatic real-time monitoring can be provided to determine when sites resolve and are addressable. Fingerprint information, screenshots, security certificate, and other threat domain data can be captured. Request responses can be scanned for threat indicia.

Abstract: Polymorphic non-attributable processes and architectures to monitor threat domains (e.g., pharming or phishing websites) are disclosed. Obfuscated requests may be generated by control servers to be blended in with normal traffic sent over cloud networks with randomized exit nodes or with normal traffic sent through an anonymization network. Requests may be sent at randomized intervals or time periods determined algorithmically. The requests are obfuscated in order to mask the origination information and location so that the threat actor does not detect that the website is being monitored. User agents may be spoofed and requests may present as if they originated from residential IP addresses. Automatic real-time monitoring can be provided to determine when sites resolve and are addressable. Fingerprint information, screenshots, security certificate, and other threat domain data can be captured. Request responses can be scanned for threat indicia.

Abstract: Apparatus and methods for leveraging machine learning algorithms to identify, detect, respond to, and mitigation obfuscation techniques and attacks are provided. A program may create a test environment, automatically test obfuscation techniques against programs to determine when the obfuscation techniques are successful or unsuccessful. A machine learning model may analyze the tests to identify additional programs that may be susceptible to a particular obfuscation technique. The model may also determine methods to efficiently detect when a malicious actor utilizes an obfuscation technique, as well as responses and mitigation strategies against various obfuscation techniques.