Multiple requests to unreachable domains

ID:unreachable_domain_volume

Data type:DNS, HTTP

Severity:

Low

Description

AlphaSOC detected a high volume of requests to unreachable domains, indicating potential malware communication attempts. This behavior often signifies malware trying to reach command and control (C2) servers, DNS-based botnet activity, or failed spam or phishing campaigns. Threat actors use this technique to establish communication with their infrastructure while evading detection, as failed DNS requests may not trigger immediate alerts in many security systems.

Impact

This traffic patterns may indicate the presence of malware within your system. A compromised system may lead to data exfiltration, lateral movement within the network, and the deployment of additional malware.

Severity

Severity	Condition
Low	Multiple requests to unreachable domains

Investigation and Remediation

Analyze the traffic patterns to identify affected systems. If malicious activity is confirmed, isolate the affected systems and block the suspicious domain. Conduct a thorough security assessment to identify and remove any malware.

Known False Positives

Misconfigured applications or services

Description​

Impact​

Severity​

Investigation and Remediation​

Known False Positives​

Description

Impact

Severity

Investigation and Remediation

Known False Positives