{"profiles":[{"schema_version":"0.1","run":{"profile_id":"019d2b7b-af56-7254-ad63-481f90748573","run_id":"23612133106","repository":"jadoonf/trivy-threat-research","github_web_origin":"https://github.com","workflow":"TeamPCP Attack Replay (Garnet Instrumented)","job":"teampcp-replay","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-03-26T18:50:19.344032Z","end_time":"2026-03-26T18:50:19.344032Z","commit_sha":"7184e1dca33234bc6028766eb83b9bcfc391e438","ref":"refs/heads/main","agent_id":"beeef517-52d4-4c92-b434-f6103b2d940b"},"egress":{"unique_domains":[{"domain":"check.trivy.dev","process":"trivy","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","entrypoint.sh","trivy"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec"],"protocol":"TCP","remote_address":"104.26.3.26","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"}},{"domain":"localhost","process":"provjobd3182931304","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3182931304"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"curl","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"python3.12","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","python3.12"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"curl","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","bash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"trivy","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","entrypoint.sh","trivy"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"glb-db52c2cf8be544.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"results-receiver.actions.githubusercontent","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"provjobd3182931304","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3182931304"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"provjobd3182931304","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3182931304"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"boundary.dfinity.network","process":"python3.12","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","python3.12"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"23.142.184.129","result":"pass","remote_geo_info":{"latitude":37.4226,"longitude":-122.138,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"Palo Alto","isp":"DFINITY USA Research, LLC","org":"DFINITY USA Research, LLC","asname":"DFINITY-NET"}},{"domain":"tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io","process":"python3.12","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","python3.12"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"23.142.184.129","result":"pass","remote_geo_info":{"latitude":37.4226,"longitude":-122.138,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"Palo Alto","isp":"DFINITY USA Research, LLC","org":"DFINITY USA Research, LLC","asname":"DFINITY-NET"}},{"domain":"scan.aquasecurtiy.org","process":"curl","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","bash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"45.148.10.212","result":"pass","remote_geo_info":{"latitude":52.3759,"longitude":4.8975,"continent":"Europe","continent_code":"EU","country":"Netherlands","country_code":"NL","region":"NH","region_name":"North Holland","city":"Amsterdam","isp":"Techoff SRV Limited","org":"Techoff SRV Limited","asname":"DMZHOST"}},{"domain":"blob.bl5prdstrz24a.store.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.27.1","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"blob.bl5prdstrz24a.trafficmanager.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.27.1","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"productionresultssa3.blob.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.27.1","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}}],"total_domains":12,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[]}],"telemetry":{"total_connections":9,"unique_domains":12},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"workload_identity":null,"filesystem":null,"execution":null}],"count":1,"profile":{"schema_version":"0.1","run":{"profile_id":"019d2b7b-af56-7254-ad63-481f90748573","run_id":"23612133106","repository":"jadoonf/trivy-threat-research","github_web_origin":"https://github.com","workflow":"TeamPCP Attack Replay (Garnet Instrumented)","job":"teampcp-replay","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-03-26T18:50:19.344032Z","end_time":"2026-03-26T18:50:19.344032Z","commit_sha":"7184e1dca33234bc6028766eb83b9bcfc391e438","ref":"refs/heads/main","agent_id":"beeef517-52d4-4c92-b434-f6103b2d940b"},"egress":{"unique_domains":[{"domain":"check.trivy.dev","process":"trivy","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","entrypoint.sh","trivy"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec"],"protocol":"TCP","remote_address":"104.26.3.26","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"}},{"domain":"localhost","process":"provjobd3182931304","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3182931304"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"curl","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"python3.12","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","python3.12"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"curl","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","bash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"trivy","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","entrypoint.sh","trivy"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"glb-db52c2cf8be544.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"results-receiver.actions.githubusercontent","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"provjobd3182931304","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3182931304"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"provjobd3182931304","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3182931304"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"boundary.dfinity.network","process":"python3.12","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","python3.12"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"23.142.184.129","result":"pass","remote_geo_info":{"latitude":37.4226,"longitude":-122.138,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"Palo Alto","isp":"DFINITY USA Research, LLC","org":"DFINITY USA Research, LLC","asname":"DFINITY-NET"}},{"domain":"tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io","process":"python3.12","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","python3.12"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"23.142.184.129","result":"pass","remote_geo_info":{"latitude":37.4226,"longitude":-122.138,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"Palo Alto","isp":"DFINITY USA Research, LLC","org":"DFINITY USA Research, LLC","asname":"DFINITY-NET"}},{"domain":"scan.aquasecurtiy.org","process":"curl","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","bash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"45.148.10.212","result":"pass","remote_geo_info":{"latitude":52.3759,"longitude":4.8975,"continent":"Europe","continent_code":"EU","country":"Netherlands","country_code":"NL","region":"NH","region_name":"North Holland","city":"Amsterdam","isp":"Techoff SRV Limited","org":"Techoff SRV Limited","asname":"DMZHOST"}},{"domain":"blob.bl5prdstrz24a.store.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.27.1","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"blob.bl5prdstrz24a.trafficmanager.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.27.1","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"productionresultssa3.blob.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.27.1","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}}],"total_domains":12,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[]}],"telemetry":{"total_connections":9,"unique_domains":12},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"workload_identity":null,"filesystem":null,"execution":null}}