Skip to main content

Traffic to an IP lookup service

ID:ip_lookup
Data type:DNS, IP, HTTP
Severity:
Low
MITRE ATT&CK:TA0007:T1614

Description

AlphaSOC detected network traffic to a known IP address lookup service. These services allow users to obtain information about IP addresses, such as geolocation, ISP, and other network details. Threat actors may use these services during reconnaissance to gather information about target networks, assess potential vulnerabilities, and plan further attacks.

Impact

The use of IP lookup services can help threat actors map a target's network infrastructure and identify potential entry points. This is a reconnaissance activity that may indicate a future attack.

Severity

SeverityCondition
Low
Traffic to a known IP lookup service

Investigation and Remediation

Investigate the context of the IP lookup activity, including the user and device. Review logs for signs of compromise.

Known False Positives

  • Legitimate use of IP lookup services