as I tried to download debian, I noticed that the download was being redirected real time (which in itself doesn't necessarily have to mean bad), what I found a worrying was that:
1) as I used a known public hotspot connection, there was a new hotspot advertising itself as "Wifi4EU" (of course, I didn't bite that bait) 2) getting a connection through (apparently) the right hotspot took way more time than expected 3) downloads were being redirected real time 4) the usual server side responses were not being produced, just: WARNING: certificate common name `ftp.acc.umu.se' doesn't match requested host name `chuangtzu.ftp.acc.umu.se'. 2021-02-17 11:14:47 URL:https://chuangtzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-2.iso [4697370624/4697370624] -> "debian-10.8.0-amd64-DVD-2.iso" [1] WARNING: certificate common name `ftp.acc.umu.se' doesn't match requested host name `laotzu.ftp.acc.umu.se'. 2021-02-17 11:46:46 URL:https://laotzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-3.iso [4679073792/4679073792] -> "debian-10.8.0-amd64-DVD-3.iso" [1] 5) the mirror debian site (ftp.acc.umu.se) had smelly prefixes as subdomains (apparently Chinese transliterations) {chuangtzu, laotzu} 6) whois registry for umu.se $ whois um.se # Copyright (c) 1997- The Swedish Internet Foundation. # All rights reserved. # The information obtained through searches, or otherwise, is protected # by the Swedish Copyright Act (1960:729) and international conventions. # It is also subject to database protection according to the Swedish # Copyright Act. # Any use of this material to target advertising or # similar activities is forbidden and will be prosecuted. # If any of the information below is transferred to a third # party, it must be done in its entirety. This server must # not be used as a backend for a search engine. # Result of search for registered domain names under # the .se top level domain. # This whois printout is printed with UTF-8 encoding. # state: active domain: um.se holder: (not shown) admin-c: - tech-c: - billing-c: - created: 2014-12-02 modified: 2020-11-16 expires: 2021-12-02 transferred: 2017-08-24 nserver: ns1.nameisp.info nserver: ns2.nameisp.info dnssec: unsigned delegation registry-lock: unlocked status: ok registrar: www.NameSRS.com $ 7) the md5 and sha1 hashes that I computed could not be found online 0296cfbeaf3823055901d7ad2077a077 0b742d83d23207db9a24553100d4155eb8c701bf debian 10.8.0-amd64-DVD-2.iso 37baf26293b8132fe95b4bd19262ca6b 122a2612ed63ff89db56eec0765e87268bf72318 debian 10.8.0-amd64-DVD-3.iso I have kept those files in hard drives/computers I never connect to the Internet (that, to me, is the only way to do something with some "privacy"/security). I later downloaded what seem to be the right files, anyway. They would make for some easy and nice forensic analysis (just extracting the content of those iso files, using find and diff) whenever I find the time to do so. lbrtchx