1. Home
  2. Data Components
  3. Response Content

Response Content

Captured network traffic that provides details about responses received during an internet scan. This data includes both protocol header values (e.g., HTTP status codes, IP headers, or DNS response codes) and response body content (e.g., HTML, JSON, or raw data). Examples:

  • HTTP Scan: A web server responds to a probe with an HTTP 200 status code and an HTML body indicating the default page is accessible.
  • DNS Scan: A DNS server replies to a query with a resolved IP address for a domain, along with details like Time-To-Live (TTL) and authoritative information.
  • TCP Banner Grab: A service listening on a port (e.g., SSH or FTP) responds with a banner containing service name, version, or other metadata.
ID: DC0104
Domains: Enterprise
Version: 2.0
Created: 20 October 2021
Last Modified: 12 November 2025

Log Sources

Name Channel
Internet Scan None
NSM:Flow Suspicious changes in TLS certificate responses or redirected domains

Detection Strategy

ID Name Technique Detected
DET0895 Detection of Acquire Infrastructure T1583
DET0820 Detection of Client Configurations T1592.004
DET0885 Detection of Compromise Infrastructure T1584
DET0853 Detection of Develop Capabilities T1587
DET0844 Detection of Digital Certificates T1587.003
DET0848 Detection of Digital Certificates T1588.004
DET0825 Detection of Drive-by Target T1608.004
DET0826 Detection of Gather Victim Host Information T1592
DET0887 Detection of Hardware T1592.001
DET0840 Detection of Install Digital Certificate T1608.003
DET0893 Detection of Link Target T1608.005
DET0836 Detection of Malvertising T1583.008
DET0859 Detection of Network Devices T1584.008
DET0850 Detection of Obtain Capabilities T1588
DET0881 Detection of SEO Poisoning T1608.006
DET0874 Detection of Server T1584.004
DET0871 Detection of Server T1583.004
DET0829 Detection of Serverless T1583.007
DET0864 Detection of Serverless T1584.007
DET0888 Detection of Software T1592.002
DET0839 Detection of Stage Capabilities T1608
DET0824 Detection of Upload Malware T1608.001
DET0834 Detection of Upload Tool T1608.002
DET0854 Detection of Virtual Private Server T1584.003
DET0838 Detection of Virtual Private Server T1583.003
DET0882 Detection of Web Services T1584.006
DET0896 Detection of Web Services T1583.006
DET0411 Detection Strategy for Hide Infrastructure T1665