Report - 18.185.254.211/

Report Overview

Submitted URL
18.185.254.211/
IP
18.185.254.211
ASN
#16509 AMAZON-02
Submitted
2024-05-07 08:40:44
Access
public
Website Title
Jamf Cloud - 404 Page Not Found
Final URL
18.185.254.211/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
18.185.254.211	unknown	unknown	No data	No data	817 B	309 kB	18.185.254.211
www.jamf.com	195490	2005-01-24	2015-02-22	2024-03-27	847 B	20 kB	108.157.229.112

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	18.185.254.211	Sinkholed
2024-05-07	medium	18.185.254.211	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

18.185.254.211/

18.185.254.211

200 OK

134 B

URL User Request GET HTTP/2
18.185.254.211/
IP
18.185.254.211:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecteuc1-friendly-vaughan240130.alb.internal.jamfcloud.com
Fingerprint32:A0:56:41:CC:8B:3D:26:8C:E7:02:8F:78:C6:2D:EC:D6:AB:B1:C8
ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 27 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 18.185.254.211
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Tue, 07 May 2024 08:40:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://18.185.254.211:443/

18.185.254.211/static/jamf.css

18.185.254.211

200 OK

309 kB

URL GET HTTP/2
18.185.254.211/static/jamf.css
IP
18.185.254.211:443
ASN
#16509 AMAZON-02

Requested by
https://18.185.254.211/
Certificate
IssuerAmazon
Subjecteuc1-friendly-vaughan240130.alb.internal.jamfcloud.com
Fingerprint32:A0:56:41:CC:8B:3D:26:8C:E7:02:8F:78:C6:2D:EC:D6:AB:B1:C8
ValidityTue, 30 Jan 2024 00:00:00 GMT - Thu, 27 Feb 2025 23:59:59 GMT

File type
ASCII text, with very long lines (24973)
Size
309 kB (308652 bytes)
Hash
7e78ca167b565ce9d3b6a29eceb83405
716aec5b49475fc119be480584d228ba59d0789a
ebbccfba080100c5a67e185cf032fede2544f7e230221bb28a53d7c0d0851335

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/jamf.css HTTP/1.1
Host: 18.185.254.211
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18.185.254.211/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 08:40:21 GMT
content-type: text/css; charset=utf-8
content-length: 308652
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains;
X-Firefox-Spdy: h2

www.jamf.com/touch-icon-192x192.png

108.157.229.112

200 OK

1.6 kB

URL GET HTTP/2
www.jamf.com/touch-icon-192x192.png
IP
108.157.229.112:443
ASN
#16509 AMAZON-02

Requested by
https://18.185.254.211/
Certificate
IssuerAmazon
Subjectjamf.com
Fingerprint83:2E:9F:81:A5:60:EB:8C:BA:BF:7E:6F:08:50:4F:EB:D9:7F:37:CE
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGB, non-interlaced
Size
1.6 kB (1633 bytes)
Hash
3bcbd139bf8fbfa95080a01ac9437e7f
3d64797c3d7ed15f0863a27e6b723d8d91aab04f
3c67cf33cd06d2b14fd1a2ec5c7edeef14b30c51e2f167e67195c8ca8bb606fb

HTTP Headers

GET /touch-icon-192x192.png HTTP/1.1
Host: www.jamf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18.185.254.211/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 1633
date: Thu, 02 May 2024 15:07:11 GMT
set-cookie: AWSALB=PqJKP0qRpWUH4eGLfnzU0P7pYDSOVZG27EK/CjYXUG3dlQJJhMeWmpvth2GV/FK0Q2gR6tS8D9ONqN2oLcXK0gUvlbLOfUuDi8sbu27CX+QFZm1it083q/P86Anj; Expires=Thu, 09 May 2024 15:07:11 GMT; Path=/
AWSALBCORS=PqJKP0qRpWUH4eGLfnzU0P7pYDSOVZG27EK/CjYXUG3dlQJJhMeWmpvth2GV/FK0Q2gR6tS8D9ONqN2oLcXK0gUvlbLOfUuDi8sbu27CX+QFZm1it083q/P86Anj; Expires=Thu, 09 May 2024 15:07:11 GMT; Path=/; SameSite=None; Secure
WWWBALANCEID=aws.jamfweb-www-wa-2; path=/;
server: Apache/2.4.41 (Ubuntu)
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 01 May 2024 19:45:01 GMT
etag: "661-61769b8e0a940"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 80YZQlCZKbyHd7p5PPbyeESny3kIvFrT-mCwFkxSzHfbrk1fXb71ZQ==
age: 408790
X-Firefox-Spdy: h2

www.jamf.com/favicon.ico

108.157.229.112

200 OK

15 kB

URL GET HTTP/2
www.jamf.com/favicon.ico
IP
108.157.229.112:443
ASN
#16509 AMAZON-02

Requested by
https://18.185.254.211/
Certificate
IssuerAmazon
Subjectjamf.com
Fingerprint83:2E:9F:81:A5:60:EB:8C:BA:BF:7E:6F:08:50:4F:EB:D9:7F:37:CE
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
4c285b991224e06800e9ea4674eebc92
1e53afde7322fd33d1e30f658638c3df9686de0c
3144671e90bb177543efd5f3e643529a2c563a3ac454452d692879c013289155

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.jamf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18.185.254.211/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15086
date: Thu, 02 May 2024 15:03:39 GMT
set-cookie: AWSALB=2ehnOnmU+aVzTZmuZfW7uZsy8yTtFYZd9T5YpJcfjAQctbqnstEOVwHSph2owswB+zSCIhHRsNrsfBuvLAMOqu6s753xTqNcc9TCbv4WvXddAxtZVX4QDYt2I2ZI; Expires=Thu, 09 May 2024 15:03:39 GMT; Path=/
AWSALBCORS=2ehnOnmU+aVzTZmuZfW7uZsy8yTtFYZd9T5YpJcfjAQctbqnstEOVwHSph2owswB+zSCIhHRsNrsfBuvLAMOqu6s753xTqNcc9TCbv4WvXddAxtZVX4QDYt2I2ZI; Expires=Thu, 09 May 2024 15:03:39 GMT; Path=/; SameSite=None; Secure
WWWBALANCEID=aws.jamfweb-www-wa-2; path=/;
server: Apache/2.4.41 (Ubuntu)
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 24 Apr 2024 06:59:48 GMT
etag: "3aee-616d2375c4100"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 2acg8vPA6UBCnucT4FptowzwVaay169qCSPXkL1ei6k2JQlgfxG5qQ==
age: 409002
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers