{"profiles":[{"schema_version":"0.1","run":{"profile_id":"019d2b91-411b-716f-a0a1-618d500dc3c3","run_id":"23613262288","repository":"jadoonf/pypi-analysis-feed","github_web_origin":"https://github.com","workflow":"Analyse local PyPI archives","job":"pth-payload","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-03-26T19:13:52.919497Z","end_time":"2026-03-26T19:13:52.919497Z","commit_sha":"37966cca5c894bee5a5f80fec6bf806873ea6425","ref":"refs/heads/main","agent_id":"f98bdd18-8523-4d8a-99b9-b5f648bd21e6"},"egress":{"unique_domains":[{"domain":"localhost","process":"provjobd3945567112","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3945567112"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"glb-db52c2cf8be544.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.22","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"results-receiver.actions.githubusercontent","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.22","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"provjobd3945567112","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3945567112"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"provjobd3945567112","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3945567112"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"169.254.169.254","process":"curl","ancestry":["systemd","python3.11","python3.11","dash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["net_suspicious_tool_exec"],"protocol":"TCP","remote_address":"169.254.169.254","result":"attention"},{"domain":"169.254.170.2","process":"curl","ancestry":["systemd","python3.11","python3.11","dash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["net_suspicious_tool_exec"],"protocol":"TCP","remote_address":"169.254.170.2","result":"attention"},{"domain":"blob.bl5prdstrz24a.store.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.86.161","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"blob.bl5prdstrz24a.trafficmanager.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.86.161","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"productionresultssa4.blob.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.86.161","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}}],"total_domains":10,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[]}],"telemetry":{"total_events":7,"total_connections":7,"unique_domains":8},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"workload_identity":null,"filesystem":null,"execution":null},{"schema_version":"0.1","run":{"profile_id":"019d2b90-be2c-7651-8a92-1810aa655be6","run_id":"23613262288","repository":"jadoonf/pypi-analysis-feed","github_web_origin":"https://github.com","workflow":"Analyse local PyPI archives","job":"clean-install","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-03-26T19:13:19.398947Z","end_time":"2026-03-26T19:13:19.398947Z","commit_sha":"37966cca5c894bee5a5f80fec6bf806873ea6425","ref":"refs/heads/main","agent_id":"0e766837-6004-4171-b8e7-7e22668de704"},"egress":{"unique_domains":[],"total_domains":0,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[]}],"telemetry":{"total_events":0,"total_connections":0,"unique_domains":0},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"workload_identity":null,"filesystem":null,"execution":null}],"count":2,"profile":{"schema_version":"0.1","run":{"profile_id":"019d2b91-411b-716f-a0a1-618d500dc3c3","run_id":"23613262288","repository":"jadoonf/pypi-analysis-feed","github_web_origin":"https://github.com","workflow":"Analyse local PyPI archives","job":"pth-payload","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-03-26T19:13:52.919497Z","end_time":"2026-03-26T19:13:52.919497Z","commit_sha":"37966cca5c894bee5a5f80fec6bf806873ea6425","ref":"refs/heads/main","agent_id":"f98bdd18-8523-4d8a-99b9-b5f648bd21e6"},"egress":{"unique_domains":[{"domain":"localhost","process":"provjobd3945567112","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3945567112"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention"},{"domain":"glb-db52c2cf8be544.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.22","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"results-receiver.actions.githubusercontent","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.112.22","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"provjobd3945567112","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3945567112"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"provjobd3945567112","ancestry":["systemd","hosted-compute-agent","sudo","provjobd3945567112"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"}},{"domain":"169.254.169.254","process":"curl","ancestry":["systemd","python3.11","python3.11","dash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["net_suspicious_tool_exec"],"protocol":"TCP","remote_address":"169.254.169.254","result":"attention"},{"domain":"169.254.170.2","process":"curl","ancestry":["systemd","python3.11","python3.11","dash","curl"],"status":"ok","reason":null,"event_ids":[],"detections":["net_suspicious_tool_exec"],"protocol":"TCP","remote_address":"169.254.170.2","result":"attention"},{"domain":"blob.bl5prdstrz24a.store.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.86.161","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"blob.bl5prdstrz24a.trafficmanager.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.86.161","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}},{"domain":"productionresultssa4.blob.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow","interpreter_shell_spawn"],"protocol":"TCP","remote_address":"57.150.86.161","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"}}],"total_domains":10,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[]}],"telemetry":{"total_events":7,"total_connections":7,"unique_domains":8},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"workload_identity":null,"filesystem":null,"execution":null}}