Skip to content

Hide Navigation Hide TOC

Suspicious Network Connection to IP Lookup Service APIs (edf3485d-dac4-4d50-90e4-b0e5813f7e60)

Detects external IP address lookups by non-browser processes via services such as "api.ipify.org". This could be indicative of potential post compromise internet test activity.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Network Connection to IP Lookup Service APIs (edf3485d-dac4-4d50-90e4-b0e5813f7e60) Sigma-Rules System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1