Investigating Suspicious Network Traffic Using VirusTotal and WHOIS
In this project, I investigated suspicious network activity by analysing network logs and verifying the reputation of external IP addresses using threat intelligence tools such as VirusTotal and WHOIS . The goal of this investigation was to determine whether outbound connections from internal systems were legitimate or potentially malicious. By analysing the logs and researching the destination IP addresses, I was able to identify one anomalous connection that could indicate suspicious activity. This type of investigation reflects a common task performed by Security Operations Center (SOC) analysts , who monitor alerts and investigate unusual network behaviour. Investigation Overview The investigation focused on analysing network logs that recorded outbound HTTPS connections from internal hosts to various external IP addresses. Several factors were considered during the investigation: • Destination IP address • Reputation of the IP address • Connection frequency and pattern •...