diff --git a/scripts/policy/frameworks/intel/seen/http-headers.bro b/scripts/policy/frameworks/intel/seen/http-headers.bro
index 2a74548023..b9393c93a6 100644
--- a/scripts/policy/frameworks/intel/seen/http-headers.bro
+++ b/scripts/policy/frameworks/intel/seen/http-headers.bro
@@ -8,12 +8,18 @@ event http_header(c: connection, is_orig: bool, name: string, value: string)
 		{
 		switch ( name ) 
 			{
-			case "HOST": 
-			Intel::seen([$indicator=value,
-			             $indicator_type=Intel::DOMAIN,
-			             $conn=c,
-			             $where=HTTP::IN_HOST_HEADER]);
-			break;
+                        case "HOST":
+                                if (  is_valid_ip(value) )
+                                        Intel::seen([$host=to_addr(value),
+                                                     $conn=c,
+                                                     $where=HTTP::IN_HOST_HEADER]);
+                                else
+                                        Intel::seen([$indicator=value,
+                                                     $indicator_type=Intel::DOMAIN,
+                                                     $conn=c,
+                                                     $where=HTTP::IN_HOST_HEADER]);
+                        break;
+
 
 			case "REFERER":
 			Intel::seen([$indicator=sub(value, /^.*:\/\//, ""),