ID20 - SOC105
Requested T.I. URL address
LetsDefend alert triage practice
Alert Overview
Investigation
Initial Triage: Threat Intel
Destination IP 151.101.112[.]133 is not flagged as malicious by any threat intel sources.
Endpoint Security
User accessed the following URL:
hxxps://raw.githubusercontent.com/django/django/master/setup.py
This is a legitimate script for installing the latest version of the Django REST Framework via GitHub, compatible with their Python environment.
No suspicious behavior observed.
Playbook Execution
Analyze Threat Intel Data
non malicious
Verdict
False Positive
Analyst Summary Report
Summary of findings
The alert was triggered by access to a GitHub-hosted setup.py script for Django, originating from 151.101.112[.]133 — a legitimate CDN IP.
Threat intel checks and endpoint context confirm this activity is benign and related to expected developer behavior. No further action is required.
More Alerts!
- ID-085 | SOC109 – Emotet Malware Detected | LetsDefend Walkthrough
- ID-092 | SOC145 – Ransomware Detected | Letsdefend Walkthrough
- ID-257 | SOC282 – Phishing Alert | LetsDefend Walkthrough
- ID-212 | SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected | Letsdefend Walkthrough
- ID-020 | SOC105 – Requested T.I. URL address | LetsDefend Walkthrough
SYN / ACK
Cybersecurity learner, log nerd, and TryHackMe badge hoarder. Let’s connect on LinkedIn before I get pulled into another packet capture.