diff --git a/CHANGES b/CHANGES
index 67ebf5f93b..af5a16a5c8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.5-beta-35 | 2016-10-02 17:38:31 -0400
+
+  * Normalize http host in seen script.  (Johanna Amann)
+
 2.5-beta-33 | 2016-10-02 14:42:22 -0400
 
   * Handle removing non-existent intel items. (Jan Grashoefer)
diff --git a/VERSION b/VERSION
index 7812fb25a3..4eac6cb17b 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.5-beta-33
+2.5-beta-35
diff --git a/scripts/policy/frameworks/intel/seen/http-headers.bro b/scripts/policy/frameworks/intel/seen/http-headers.bro
index 864b685126..382bae439e 100644
--- a/scripts/policy/frameworks/intel/seen/http-headers.bro
+++ b/scripts/policy/frameworks/intel/seen/http-headers.bro
@@ -6,16 +6,18 @@ event http_header(c: connection, is_orig: bool, name: string, value: string)
 	{
 	if ( is_orig )
 		{
-		switch ( name ) 
+		switch ( name )
 			{
 			case "HOST":
-			if ( is_valid_ip(value) )
-				Intel::seen([$host=to_addr(value),
+			# The split is done to remove the occasional port value that shows up here (see also base script)
+			local host = split_string1(value, /:/)[0];
+			if ( is_valid_ip(host) )
+				Intel::seen([$host=to_addr(host),
 					     $indicator_type=Intel::ADDR,
 					     $conn=c,
 					     $where=HTTP::IN_HOST_HEADER]);
 			else
-				Intel::seen([$indicator=value,
+				Intel::seen([$indicator=host,
 					     $indicator_type=Intel::DOMAIN,
 					     $conn=c,
 					     $where=HTTP::IN_HOST_HEADER]);