URL User Request GET HTTP/2IP18.185.254.211:443
CertificateIssuerAmazon Subjecteuc1-friendly-vaughan240130.alb.internal.jamfcloud.com Fingerprint32:A0:56:41:CC:8B:3D:26:8C:E7:02:8F:78:C6:2D:EC:D6:AB:B1:C8 ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 27 Feb 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash4aa7a432bb447f094408f1bd6229c605 1965c4952cc8c082a6307ed67061a57aab6632fa 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 18.185.254.211
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Tue, 07 May 2024 08:40:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://18.185.254.211:443/
|
| 18.185.254.211/static/jamf.css | 18.185.254.211 | 200 OK | 309 kB |
URL GET HTTP/218.185.254.211/static/jamf.css IP18.185.254.211:443
CertificateIssuerAmazon Subjecteuc1-friendly-vaughan240130.alb.internal.jamfcloud.com Fingerprint32:A0:56:41:CC:8B:3D:26:8C:E7:02:8F:78:C6:2D:EC:D6:AB:B1:C8 ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 27 Feb 2025 23:59:59 GMT
File typeASCII text, with very long lines (24973) Size309 kB (308652 bytes) Hash7e78ca167b565ce9d3b6a29eceb83405 716aec5b49475fc119be480584d228ba59d0789a ebbccfba080100c5a67e185cf032fede2544f7e230221bb28a53d7c0d0851335
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/jamf.css HTTP/1.1
Host: 18.185.254.211
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18.185.254.211/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:40:21 GMT
content-type: text/css; charset=utf-8
content-length: 308652
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains;
X-Firefox-Spdy: h2
|
| www.jamf.com/touch-icon-192x192.png | 108.157.229.112 | 200 OK | 1.6 kB |
URL GET HTTP/2www.jamf.com/touch-icon-192x192.png IP108.157.229.112:443
CertificateIssuerAmazon Subjectjamf.com Fingerprint83:2E:9F:81:A5:60:EB:8C:BA:BF:7E:6F:08:50:4F:EB:D9:7F:37:CE ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
File typePNG image data, 192 x 192, 8-bit/color RGB, non-interlaced Hash3bcbd139bf8fbfa95080a01ac9437e7f 3d64797c3d7ed15f0863a27e6b723d8d91aab04f 3c67cf33cd06d2b14fd1a2ec5c7edeef14b30c51e2f167e67195c8ca8bb606fb
GET /touch-icon-192x192.png HTTP/1.1
Host: www.jamf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18.185.254.211/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 1633
date: Thu, 02 May 2024 15:07:11 GMT
set-cookie: AWSALB=PqJKP0qRpWUH4eGLfnzU0P7pYDSOVZG27EK/CjYXUG3dlQJJhMeWmpvth2GV/FK0Q2gR6tS8D9ONqN2oLcXK0gUvlbLOfUuDi8sbu27CX+QFZm1it083q/P86Anj; Expires=Thu, 09 May 2024 15:07:11 GMT; Path=/
AWSALBCORS=PqJKP0qRpWUH4eGLfnzU0P7pYDSOVZG27EK/CjYXUG3dlQJJhMeWmpvth2GV/FK0Q2gR6tS8D9ONqN2oLcXK0gUvlbLOfUuDi8sbu27CX+QFZm1it083q/P86Anj; Expires=Thu, 09 May 2024 15:07:11 GMT; Path=/; SameSite=None; Secure
WWWBALANCEID=aws.jamfweb-www-wa-2; path=/;
server: Apache/2.4.41 (Ubuntu)
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 01 May 2024 19:45:01 GMT
etag: "661-61769b8e0a940"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 80YZQlCZKbyHd7p5PPbyeESny3kIvFrT-mCwFkxSzHfbrk1fXb71ZQ==
age: 408790
X-Firefox-Spdy: h2
|
IP108.157.229.112:443
CertificateIssuerAmazon Subjectjamf.com Fingerprint83:2E:9F:81:A5:60:EB:8C:BA:BF:7E:6F:08:50:4F:EB:D9:7F:37:CE ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
File typeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Hash4c285b991224e06800e9ea4674eebc92 1e53afde7322fd33d1e30f658638c3df9686de0c 3144671e90bb177543efd5f3e643529a2c563a3ac454452d692879c013289155
GET /favicon.ico HTTP/1.1
Host: www.jamf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18.185.254.211/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15086
date: Thu, 02 May 2024 15:03:39 GMT
set-cookie: AWSALB=2ehnOnmU+aVzTZmuZfW7uZsy8yTtFYZd9T5YpJcfjAQctbqnstEOVwHSph2owswB+zSCIhHRsNrsfBuvLAMOqu6s753xTqNcc9TCbv4WvXddAxtZVX4QDYt2I2ZI; Expires=Thu, 09 May 2024 15:03:39 GMT; Path=/
AWSALBCORS=2ehnOnmU+aVzTZmuZfW7uZsy8yTtFYZd9T5YpJcfjAQctbqnstEOVwHSph2owswB+zSCIhHRsNrsfBuvLAMOqu6s753xTqNcc9TCbv4WvXddAxtZVX4QDYt2I2ZI; Expires=Thu, 09 May 2024 15:03:39 GMT; Path=/; SameSite=None; Secure
WWWBALANCEID=aws.jamfweb-www-wa-2; path=/;
server: Apache/2.4.41 (Ubuntu)
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 24 Apr 2024 06:59:48 GMT
etag: "3aee-616d2375c4100"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 2acg8vPA6UBCnucT4FptowzwVaay169qCSPXkL1ei6k2JQlgfxG5qQ==
age: 409002
X-Firefox-Spdy: h2
|