DET0810 Detection of Search Victim-Owned Websites
| Item |
Value |
| ID |
DET0810 |
| Version |
1.0 |
| Created |
21 October 2025 |
| Last Modified |
21 October 2025 |
Technique Detected: T1594 (Search Victim-Owned Websites)
Analytics
PRE
AN1942
Monitor for suspicious network traffic that could be indicative of adversary reconnaissance, such as rapid successions of requests indicative of web crawling and/or large quantities of requests originating from a single source (especially if the source is known to be associated with an adversary). Analyzing web metadata may also reveal artifacts that can be attributed to potentially malicious activity, such as referer or user-agent string HTTP/S fields.
Log Sources
Mutable Elements