www.jamf.com Open in urlscan Pro
13.33.187.5 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Submission: On November 13 via api (November 13th 2024, 9:15:17 am UTC) from IN — Scanned from DE

Summary HTTP 54 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 54 HTTP transactions. The main IP is 13.33.187.5, located in United States and belongs to AMAZON-02, US. The main domain is www.jamf.com. The Cisco Umbrella rank of the primary domain is 173614.
TLS certificate: Issued by Amazon RSA 2048 M03 on September 11th 2024. Valid for: a year.

This is the only time www.jamf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	13.33.187.5 13.33.187.5	16509 (AMAZON-02) (AMAZON-02)
5	18.66.122.102 18.66.122.102	16509 (AMAZON-02) (AMAZON-02)
11	2606:4700::68... 2606:4700::6812:572a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.245.46.104 18.245.46.104	16509 (AMAZON-02) (AMAZON-02)
8	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:235... 2600:9000:235a:4200:1b:ef38:3680:21	16509 (AMAZON-02) (AMAZON-02)
2	104.102.43.106 104.102.43.106	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	44.234.198.184 44.234.198.184	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
54	11

19 13.33.187.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-5.fra60.r.cloudfront.net

www.jamf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.66.122.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-102.fra60.r.cloudfront.net

resources.jamf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.46.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-104.fra56.r.cloudfront.net

media.jamf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:235a:4200:1b:ef38:3680:21 (United States)

ASN16509 (AMAZON-02, US)

d21y75miwcfqoq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.43.106 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-43-106.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.234.198.184 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-234-198-184.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

532-tcs-411.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	jamf.com www.jamf.com — Cisco Umbrella Rank: 173614 resources.jamf.com — Cisco Umbrella Rank: 490819 media.jamf.com — Cisco Umbrella Rank: 506072	2 MB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 390	172 KB
8	segment.com cdn.segment.com — Cisco Umbrella Rank: 2162	62 KB
2	segment.io api.segment.io — Cisco Umbrella Rank: 1523	343 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 4713	7 KB
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 610	548 B
1	mktoresp.com 532-tcs-411.mktoresp.com — Cisco Umbrella Rank: 949563	318 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 64	124 KB
1	cloudfront.net d21y75miwcfqoq.cloudfront.net	456 B
54	9

	Domain	Requested by
19	www.jamf.com	www.jamf.com
11	cdn.cookielaw.org	www.jamf.com cdn.cookielaw.org
8	cdn.segment.com	www.jamf.com cdn.segment.com
5	resources.jamf.com	www.jamf.com
2	api.segment.io	cdn.segment.com
2	munchkin.marketo.net	cdn.segment.com munchkin.marketo.net
2	geolocation.onetrust.com	cdn.cookielaw.org www.jamf.com
2	media.jamf.com	www.jamf.com
1	532-tcs-411.mktoresp.com	munchkin.marketo.net
1	www.googletagmanager.com	cdn.segment.com
1	d21y75miwcfqoq.cloudfront.net	www.jamf.com
54	11

This site contains links to these domains. Also see Links.

Domain
store.jamf.com
partners.jamf.com
flutter.dev
github.com
www.elastic.co
x.com
www.sentinelone.com
pypi.org
www.facebook.com
twitter.com
www.linkedin.com
marketplace.jamf.com
developer.jamf.com
ir.jamf.com
www.youtube.com
www.instagram.com
www.onetrust.com

Subject Issuer	Validity	Valid
jamf.com Amazon RSA 2048 M03	`2024-09-11` - `2025-10-11`	a year	crt.sh
*.jamf.com Amazon RSA 2048 M03	`2024-04-02` - `2025-04-30`	a year	crt.sh
cookielaw.org WE1	`2024-10-11` - `2025-01-09`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M02	`2024-10-15` - `2025-11-14`	a year	crt.sh
geolocation.onetrust.com WE1	`2024-10-11` - `2025-01-09`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2024-10-22` - `2025-10-24`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.segment.io Amazon RSA 2048 M03	`2024-11-13` - `2025-12-13`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Frame ID: A42B3E375CD5DB91AB9C3782596C82AF
Requests: 54 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Jamf Threat Labs discovers a new threat targeting macOS

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

54
Requests

100 %
HTTPS

36 %
IPv6

9
Domains

11
Subdomains

11
IPs

2
Countries

2088 kB
Transfer

5723 kB
Size

7
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://store.jamf.com/1594/purl-catalog
Title: Jamf Store Buy a plan or product today

Search URL Search Domain Scan URL

URL: https://partners.jamf.com/
Title: Register a deal

Search URL Search Domain Scan URL

URL: https://partners.jamf.com/English/
Title: Resources

Search URL Search Domain Scan URL

URL: https://partners.jamf.com/prm/auth/70d5b4b5-6690-4547-85ab-29a39707497d/oauth2/login
Title: Login to Jamf Partner Hub

Search URL Search Domain Scan URL

URL: https://flutter.dev/?gad_source=1&gbraid=0AAAAAC-INI-9fZwTG3w8VrPsNcn2fjDqV&gclid=Cj0KCQjw7Py4BhCbARIsAMMx-_KV3LTHbnxbfA_HezCzBA3xlEQzL1yYle79K0WKLLz4LqAgxwhSRjMaAp-WEALw_wcB&gclsrc=aw.ds
Title: Flutter

Search URL Search Domain Scan URL

URL: https://github.com/recepsenoglu/minesweeper
Title: open-source

Search URL Search Domain Scan URL

URL: https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn
Title: DPRK

Search URL Search Domain Scan URL

URL: https://x.com/malwarezoo/status/1780318011708019096
Title: AppleScript payloads

Search URL Search Domain Scan URL

URL: https://www.sentinelone.com/labs/bluenoroff-hidden-risk-threat-actor-targets-macs-with-fake-crypto-news-and-novel-persistence/
Title: a

Search URL Search Domain Scan URL

URL: https://pypi.org/project/py2app/
Title: Py2App

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://store.jamf.com/
Title: Store

Search URL Search Domain Scan URL

URL: https://marketplace.jamf.com/
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://developer.jamf.com/
Title: Developers

Search URL Search Domain Scan URL

URL: https://ir.jamf.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://twitter.com/jamfsoftware
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/jamf-software/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/JAMFMedia
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/jamfsoftware/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.facebook.com/jamfsoftware/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

54 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/ 178 KB
40 KB 156ms
29ms Document
text/html 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

b95ff3cc623d86a62fd075da7762debe3fcda734f46ffc71e321beb40e7035af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 34749
cache-control: max-age=0, s-maxage=2592000, must-revalidate
content-encoding: gzip
content-length: 39027
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
content-type: text/html; charset=UTF-8
date: Tue, 12 Nov 2024 23:35:53 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 12 Nov 2024 23:08:03 GMT
link: <https://hello.myfonts.net>; rel=dns-prefetch, <https://resources.jamf.com>; rel=dns-prefetch; preconnect, <https://media.jamf.com>; rel=dns-prefetch; preconnect, </css/main.css?v=20241106145205>; rel=preload; as=style, </js/jamf-critical.min.js?v=20241106145205>; rel=preload; as=script, <https://resources.jamf.com/type/inter-regular.woff2>; rel=preload; as=font; crossorigin; type="font/woff2", <https://resources.jamf.com/type/inter-bold.woff2>; rel=preload; as=font; crossorigin; type="font/woff2", <https://resources.jamf.com/type/jcon_6372353d58f40790101470a75b02ecf2.woff>; crossorigin; type="font/woff"
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
server: Apache/2.4.41 (Ubuntu)
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-id: lFHezR1Owti7R4IJQU3Cih-MhobBX8irRSuihLn4b8oP_dYli7AmNQ==
x-amz-cf-pop: FRA60-P9
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 main.css
www.jamf.com/css/ 533 KB
81 KB 31ms
30ms Stylesheet
text/css 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/css/main.css?v=20241106145205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

39b6d2a7b0301f3db8a158ba98904702608524494d3f80f569950a8eb09e74d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "855e3-62644c4398700-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: _tghHn9-uSrqjcyyE0uAtnZO9Ho2FBWtXViKXzs1X9UOkKF5riyInA==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:57:32 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jamf-critical.min.js Show response
www.jamf.com/js/ 58 KB
19 KB 99ms
98ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/jamf-critical.min.js?v=20241106145205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

d7095596626c9efa05f183d9b9916b4a28da8f2e368c5bce7efc6f1aabba0139

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "e918-62644c4e15fc0-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: aYvKSc6KHOWpa_l2QnSN_rgnErajQCeqXL5Kk1I_IFtjFL6v6weYzw==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:57:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 18446
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 inter-regular.woff2
resources.jamf.com/type/ 97 KB
97 KB 217ms
22ms Font
binary/octet-stream 18.66.122.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.jamf.com/type/inter-regular.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.jamf.com
Referer: https://www.jamf.com/

Response headers

x-amz-version-id: 1ksiNDA4ipkewgpNwjbRHarMQ_Elo44H
etag: "dc131113894217b5031000575d9de002"
age: 29235
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: nfoKNZjZbwijg3kWEec7p8GRIniQE6rImWptKhcFUYrkhKMWb0Gzbg==
date: Wed, 13 Nov 2024 01:18:58 GMT
content-type: binary/octet-stream
vary: Origin,accept-encoding
last-modified: Mon, 28 Oct 2024 11:56:30 GMT
access-control-allow-credentials: true
via: 1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: https://www.jamf.com
content-length: 98868
x-amz-cf-pop: FRA60-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 inter-bold.woff2
resources.jamf.com/type/ 104 KB
104 KB 216ms
22ms Font
binary/octet-stream 18.66.122.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.jamf.com/type/inter-bold.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.jamf.com
Referer: https://www.jamf.com/

Response headers

x-amz-version-id: t61gLmYWO1OMb710YJsh6qtbteWCMj7U
etag: "444a7284663a3bc886683eb81450b294"
age: 19388
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: NA7VsIJA4EHzR6JY-OuMvyQbfSFaRHjnal9GN2rCfe9ddRChywf79g==
date: Wed, 13 Nov 2024 03:51:55 GMT
content-type: binary/octet-stream
vary: Origin,accept-encoding
last-modified: Mon, 28 Oct 2024 11:56:31 GMT
access-control-allow-credentials: true
via: 1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: https://www.jamf.com
content-length: 106140
x-amz-cf-pop: FRA60-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 22 KB
8 KB 211ms
37ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DD02CCC182444E
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 14653
x-content-type-options: nosniff
expires: Thu, 14 Nov 2024 09:15:02 GMT
date: Wed, 13 Nov 2024 09:15:02 GMT
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 03:47:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 558e0cc4-901e-00a8-6ed6-34479f000000
cf-ray: 8e1da7ab5e28bbe3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7212
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 main.css
www.jamf.com/styles/ 477 KB
55 KB 96ms
93ms Stylesheet
text/css 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/styles/main.css?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

864ae688258a38da1c42caecfbceb4d5df90a563965f9381ea27718a686e7977

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "773ad-62644c2237840-gzip"
age: 34994
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: _jWjK4dT2-GoIgzcjmZy-W-KO189NCoQpZ_Pd0-r8MdIhTSN4sgsrQ==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:56:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 54999
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 typography-override.css
www.jamf.com/css/ 230 KB
17 KB 112ms
109ms Stylesheet
text/css 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/css/typography-override.css?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

8aad19047a1baccfde72afb9a6da90560930cad98ea057a3dbc4ed385385146b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "39757-62644c448c940-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: sKX3wnO7JLYpwl_2GAZCJi2RGuEATkcBY8vAQBWNJHt0lc2ECLzMeQ==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:57:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 15797
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jamf-button.js Show response
www.jamf.com/js/webcomponents/nebula/ 33 KB
10 KB 144ms
141ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/webcomponents/nebula/jamf-button.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

e2ee3847cb36f43851872639c0ef59358fe22ada8da9fccb2b4a79748d46cb12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "8460-62644bc79e280-gzip"
age: 34748
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: VIgaB_juSo5qFCBZx0IfW4UQD1b16HztMYyq4tVm4vsGbub0gQRaGA==
date: Tue, 12 Nov 2024 23:35:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:55:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 9563
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jamf-icon.js Show response
www.jamf.com/js/webcomponents/nebula/ 27 KB
10 KB 141ms
138ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/webcomponents/nebula/jamf-icon.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

92fa57c8cf4d7d618691b77843f29d486656309960eaeffe006ae3f4efdc9880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "6afa-62644bc79e280-gzip"
age: 34748
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: _6P8LjlN-O2GZ-M4GHeuQTP2xjHQq5RDsIX6pfXkeCVvagMsZQGibg==
date: Tue, 12 Nov 2024 23:35:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:55:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 9312
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 667.js Show response
www.jamf.com/js/webcomponents/nebula/dep/ 366 KB
115 KB 112ms
110ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/webcomponents/nebula/dep/667.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

6aced3f769540be1f364f060353f75f6af9a67c8bc623046886edc76693f5265

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "5b6a6-62644bc79e280-gzip"
age: 32664
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: mo8n3s6NFzdX6StWLbTwPMCZKNDw07JsT6BZA4nezdoO7nwvZzJuNw==
date: Wed, 13 Nov 2024 00:10:38 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:55:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jamf-script-editor-vendors.js Show response
www.jamf.com/js/webcomponents/nebula/dep/ 376 B
1 KB 144ms
142ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/webcomponents/nebula/dep/jamf-script-editor-vendors.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

bc3c0c1453510e0a7374655ab8db5037b8105bd1bc8e5729eba1ff0ecc405d8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "178-62644bc79e280-gzip"
age: 34748
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: YvX2ChR7fadV2f4BiIlwcof0e1yOGWVgaYaQ0eam7M9Yj5F97UuMgQ==
date: Tue, 12 Nov 2024 23:35:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:55:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 253
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jamf-script-editor.js Show response
www.jamf.com/js/webcomponents/nebula/ 55 KB
16 KB 144ms
142ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/webcomponents/nebula/jamf-script-editor.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

b35ca718fa41729e077ce5c0e5f1d3aab1efefa436ee7dc6ae2c6540c1916aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "dcbb-62644bc79e280-gzip"
age: 34748
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: n-utA-kMNbGu0qkrlhDj9Z2epDB54Kps4BXWHKLioNUn39qzW1MLaw==
date: Tue, 12 Nov 2024 23:35:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:55:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 14986
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 webcomponents.js Show response
www.jamf.com/scripts/ 612 KB
185 KB 136ms
134ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/scripts/webcomponents.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

2b4798c649a6d858bddffd1c21898b169e2a1b345ca9f120d8b4b8882242ea17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "99131-62644c2237840-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 8g9dvQitWK_GTBnTICO6fU4oHw6DWy4iY_w7GSmwRJRUBGa8AKIHLQ==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:56:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jquery.min.js Show response
www.jamf.com/js/ 84 KB
31 KB 146ms
144ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/jquery.min.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

8623781aee9a8ab6681ce164e41a840dbaaa0c0f21525f4c70d017f5a8c14089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "150f4-62644c51e68c0-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 0wMTcotndKmy11OqTYBSskYGS33dUQgBCv0fJ7Mh4_xdr0V0YraXvQ==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:57:47 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 30309
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 index.js Show response
www.jamf.com/js/webcomponents/jamf-account/ 233 KB
44 KB 26ms
24ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/webcomponents/jamf-account/index.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

df1539bcfb67c9da81ee9f5c029921a09e63fb309fa4baf83942eed451f902c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "3a5dd-625adbfb2cd00-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: fOZ5qqZzGR_HW8zvN_ioslY192DOwlrK2DbSfvDYImnIQiCFdyO--w==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 30 Oct 2024 08:47:16 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 44329
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 custom.js Show response
www.jamf.com/scripts/ 53 KB
11 KB 27ms
26ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/scripts/custom.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

1327d4a2dd0dd6a849dd458df6051d26642b7c332005cbe20ad5bc70b18433fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "d535-62644c2237840-gzip"
age: 34994
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: zfIE0m5XTeQJhnamdOhFgHAHySaSYbGzkUjwxy12HCVlVHl1ZKtrSQ==
date: Tue, 12 Nov 2024 23:31:48 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:56:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 9973
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 jamf-one-color-dark-for-print-css.svg
media.jamf.com/images/logos/ 1 KB
1 KB 212ms
21ms Image
image/svg+xml 18.245.46.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.jamf.com/images/logos/jamf-one-color-dark-for-print-css.svg
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-104.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 41ab5fe54178008304401cafcbd15e7028bc7bacd8d35bdc4426a825383f48db

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

x-amz-cf-pop: FRA56-P9
content-encoding: gzip
etag: W/"55abc948af2b541a5847f4fd0768e026"
x-amz-version-id: 8qDxh1nyFEiPATU0peuHO.PIFUumQ8Y0
age: 30852
via: 1.1 6373f5d706cb8d973f3ced2fc572f6a8.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: o489pi2-Ev6iE1i27lT_78sewmfjauV50D-vhi2B1fynPFgaYF4_hQ==
date: Wed, 13 Nov 2024 00:40:50 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: AmazonS3
last-modified: Fri, 05 Oct 2018 18:53:57 GMT

GET
H2 200 jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications.webp
media.jamf.com/images/news/2024/ 786 KB
788 KB 23ms
22ms Image
application/octet-stream 18.245.46.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.jamf.com/images/news/2024/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications.webp?q=80&w=1600
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-104.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae4819b567bc6b581735d2673f60db23fbb07f2e9aaf189c681e2cf42460f519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

x-amz-version-id: prKFIvsurqtFlDpFpJX5VzrAX57tdBGr
etag: "cb76c4fcb53d719bdb3710a725f39952"
age: 71904
via: 1.1 6373f5d706cb8d973f3ced2fc572f6a8.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 805252
x-amz-cf-id: 2hbsbxIYGw7-zBEk5Qn1dCwB6jUq-aUMgdcyPthAE5A0kX6051D6Og==
date: Tue, 12 Nov 2024 13:16:39 GMT
content-type: application/octet-stream
last-modified: Fri, 08 Nov 2024 20:38:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P9
x-amz-server-side-encryption: AES256

GET
H2 200 04476c69-b922-4867-acbd-5a218f8ceb7e.json Show response
cdn.cookielaw.org/consent/04476c69-b922-4867-acbd-5a218f8ceb7e/ 7 KB
2 KB 90ms
46ms XHR
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/04476c69-b922-4867-acbd-5a218f8ceb7e/04476c69-b922-4867-acbd-5a218f8ceb7e.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4f795b7effc56efe74e77d28c7c0f6a14c4cb6d90218e87ccfba8059b42097

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: 4Lj6+AP1BV6P71wmiATYVw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DC8194616F7F93
age: 8300
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Thu, 14 Nov 2024 09:15:02 GMT
date: Wed, 13 Nov 2024 09:15:02 GMT
content-type: application/json
last-modified: Fri, 31 May 2024 17:09:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 8911fd19-f01e-0074-1640-2f15cc000000
cf-ray: 8e1da7abdf5f9744-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1937
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/ 103 KB
30 KB 477ms
25ms Script
text/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/js/jamf-critical.min.js?v=20241106145205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a1d9ff9f1d751ea1ed3a1110c991350451b3e007b46443b433951a9de1c1fd6c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: br
x-amz-version-id: 2m5ZrN_CQCL0IAjMQdJvbAZUlc93YLJv
etag: W/"2fd1f486249001059fe63bf8126439f1"
age: 36
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: qZFju-dWkoXHv5fDUga9hVUrtrysM4zUOyWbI1DMT47cRbGGfmr5Kg==
date: Wed, 13 Nov 2024 09:14:41 GMT
content-type: text/javascript; charset=utf-8
vary: accept-encoding
last-modified: Mon, 29 Jul 2024 18:58:16 GMT
x-amz-replication-status: COMPLETED
cache-control: public, max-age=120
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 vendors~jamf-dropdown-vendors.js Show response
www.jamf.com/scripts/dep/ 18 KB
7 KB 26ms
25ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/scripts/dep/vendors~jamf-dropdown-vendors.js

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/scripts/webcomponents.js?v=20241106145205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

6d444ef6c991190d067f7161f627b01004c785de1d21f500463c41448b7b112f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "4652-62644c2237840-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 4nLMMYeZao8PNSeJaqs6Nrb5hV7g-kMeY_sXwdDoMn6y8FMP9-rX-g==
date: Tue, 12 Nov 2024 23:31:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:56:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6326
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 inter-regular.woff2
resources.jamf.com/type/ 97 KB
0 0ms
0ms Font
binary/octet-stream 18.66.122.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.jamf.com/type/inter-regular.woff2
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/css/main.css?v=20241106145205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.jamf.com
Referer: https://www.jamf.com/

Response headers

x-amz-version-id: 1ksiNDA4ipkewgpNwjbRHarMQ_Elo44H
etag: "dc131113894217b5031000575d9de002"
age: 29235
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: nfoKNZjZbwijg3kWEec7p8GRIniQE6rImWptKhcFUYrkhKMWb0Gzbg==
date: Wed, 13 Nov 2024 01:18:58 GMT
content-type: binary/octet-stream
vary: Origin,accept-encoding
last-modified: Mon, 28 Oct 2024 11:56:30 GMT
access-control-allow-credentials: true
via: 1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: https://www.jamf.com
content-length: 98868
x-amz-cf-pop: FRA60-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 inter-bold.woff2
resources.jamf.com/type/ 104 KB
0 0ms
0ms Font
binary/octet-stream 18.66.122.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.jamf.com/type/inter-bold.woff2
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/css/main.css?v=20241106145205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.jamf.com
Referer: https://www.jamf.com/

Response headers

x-amz-version-id: t61gLmYWO1OMb710YJsh6qtbteWCMj7U
etag: "444a7284663a3bc886683eb81450b294"
age: 19388
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: NA7VsIJA4EHzR6JY-OuMvyQbfSFaRHjnal9GN2rCfe9ddRChywf79g==
date: Wed, 13 Nov 2024 03:51:55 GMT
content-type: binary/octet-stream
vary: Origin,accept-encoding
last-modified: Mon, 28 Oct 2024 11:56:31 GMT
access-control-allow-credentials: true
via: 1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: https://www.jamf.com
content-length: 106140
x-amz-cf-pop: FRA60-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 jcon_6372353d58f40790101470a75b02ecf2.woff2
resources.jamf.com/type/ 24 KB
25 KB 23ms
22ms Font
font/woff2 18.66.122.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.jamf.com/type/jcon_6372353d58f40790101470a75b02ecf2.woff2
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/css/main.css?v=20241106145205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 414be1cf7d1a22d082c3c58a8d5f1f32d1df213625f67e865d340f15eb7bf7f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.jamf.com
Referer: https://www.jamf.com/

Response headers

etag: "d69debcb451a5876e1d9faa48422717f"
x-amz-version-id: 0k2zna3QN9w7pnBlPP3QtYam9eaRghG0
age: 10168861
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: n96Vp_LbEl0Msi6Z6S26ELcrrg2liPjO3l9qip_1pSNb_ZtHECAlyQ==
date: Thu, 18 Jul 2024 16:34:02 GMT
content-type: font/woff2
last-modified: Tue, 02 Mar 2021 19:02:56 GMT
vary: Origin
cache-control: max-age=31536000
access-control-allow-credentials: true
via: 1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: https://www.jamf.com
content-length: 24836
x-amz-cf-pop: FRA60-P2
server: AmazonS3

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 384ms
37ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.jamf.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e1da7b05d2dd299-FRA
access-control-allow-origin: *
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 / Show response
www.jamf.com/auth0/user/ 2 B
1 KB 316ms
316ms Fetch
application/json 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/auth0/user/

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/js/webcomponents/jamf-account/index.js?v=20241106145205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

x-robots-tag: noindex
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: sRek3HXBbXBb6lHotyL5RIUzqpdEKArePwc4Fd2gUh8K5Hpmg6oSlQ==
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: application/json
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, no-cache
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
content-length: 2
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 a26e7c0f
d21y75miwcfqoq.cloudfront.net/ 68 B
456 B 865ms
622ms Image
image/png 2600:9000:235a:4200:1b:ef38:3680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d21y75miwcfqoq.cloudfront.net/a26e7c0f
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:4200:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

cache-control: no-cache, no-store
x-amz-version-id: null
etag: "91e42db1c66c0b276abf6234dc50b2eb"
via: 1.1 eb8dd67e239abea324e36244f60eec4c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Miss from cloudfront
content-length: 68
x-amz-cf-id: biL4mL1ATDI8vyrAGPuPcDSDf5v7_uFdKFxsN8pDri7bf5GxzHXJ2Q==
date: Wed, 13 Nov 2024 09:15:04 GMT
content-type: image/png
last-modified: Mon, 17 May 2021 18:46:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/ 1 KB
1 KB 79ms
35ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d20cfa80cae8b12c586377cd9f57cd48d2126b4730050ae6e87e7590d2c3138b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
x-amz-version-id: 2nQ0GCdIkxNjl1CUCrEPP6Ktw9IAuqvD
etag: W/"d875f26b729e316ada7d68ed068e32c8"
age: 8626
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: TtIA1jW1i9EcxY5i36lVhvhpNdLsrV3psK71XJKQXlMD39PUXImSXQ==
date: Wed, 13 Nov 2024 06:51:17 GMT
content-type: application/json; charset=utf-8
vary: accept-encoding
last-modified: Wed, 23 Oct 2024 18:34:29 GMT
x-amz-replication-status: COMPLETED
cache-control: public, max-age=10800
via: 1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 ajs-destination.bundle.ed53a26b6edc80c65d73.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 22ms
19ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
x-amz-version-id: 7HrcoEDii4CJjqNCahwryaG4L.vk9kns
age: 4789652
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: vmbLvxok6TQCsYzahPB_ayvuorL9XQv08voHjrVlDC6mBK1jBBT7Hw==
date: Wed, 18 Sep 2024 22:47:32 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Sep 2024 22:21:40 GMT
x-amz-replication-status: COMPLETED
cache-control: public,max-age=31536000,immutable
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/ 428 KB
104 KB 37ms
36ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df54c069da584ec929d42161c8fd19e74c7f408d70e6e7e0f8d27cc9c02a0ad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: omr+ywUvfLiKRTWN9kGq4A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D5D2845E0F
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 20271
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: application/javascript
last-modified: Tue, 16 Jul 2024 20:28:15 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: da1ed7f6-c01e-0038-5f9b-2fd2d3000000
cf-ray: 8e1da7b09b18bbe3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 106367
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 schemaFilter.bundle.5c2661f67b4b71a6d9bd.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 21ms
21ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
x-amz-version-id: u16VcQlfwBtHRZyWZ3J5lA.kF3ts0Fc8
age: 4953813
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: bGhmo_nrR7wS7lo5_Fx-q1hCGyHzeAPkMJ1T96g-gcCFoAJzBKYlUA==
date: Tue, 17 Sep 2024 01:11:31 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 16 Sep 2024 16:03:18 GMT
x-amz-replication-status: COMPLETED
cache-control: public,max-age=31536000,immutable
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/04476c69-b922-4867-acbd-5a218f8ceb7e/018e7697-1b6f-777c-8efb-53fbc2c93533/ 150 KB
28 KB 93ms
91ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/04476c69-b922-4867-acbd-5a218f8ceb7e/018e7697-1b6f-777c-8efb-53fbc2c93533/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cd4596aa2a1cb56200c901bbbd5d3eab8fd5de281019cfd779693d39d7541f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: 0/Au+UnaDXZJZdIT64CtFQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DC81946B65FB8D
age: 44491
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Thu, 14 Nov 2024 09:15:03 GMT
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: application/json
last-modified: Fri, 31 May 2024 17:09:23 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 7cfa8f38-a01e-0089-364c-262aae000000
cf-ray: 8e1da7b1bcac9744-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28186
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 marketo.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/marketo/2.0.2/ 3 KB
2 KB 23ms
21ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/marketo/2.0.2/marketo.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd186342f0ecf69108ae46236a02d305cef4a6b7d147de78a3c7d3e3ccc9036f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "544e6637e4681160b0599d78d90f9473"
x-amz-version-id: wf1itJBiTLPxHkV53UGqWx5wEkLCbDld
age: 4442579
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: 1_lF3_rZ8EPz0fXFDKfARUqPdSM25d99JP6KyuLIeA62iVKfhMd-uw==
date: Sun, 22 Sep 2024 23:12:04 GMT
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 06:57:15 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1600
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 google-tag-manager.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 3 KB
2 KB 23ms
21ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "a2b1aa1a0e402b1f891c929f94449d47"
x-amz-version-id: _Aep7zFPD.gvTJG_YlZ3OByAwEPpZuwB
age: 400928
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: 93P0v-0v3CAtyTNBEQspMiRuGqV7mQMGlMYOJWCz3D9VE_5df1cYOg==
date: Fri, 08 Nov 2024 17:52:56 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 11:20:16 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1343
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/ 9 KB
3 KB 32ms
32ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: LGA9RbysmTnHm69WIhZ6SQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D5CDF5EB98
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 85039
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 20:28:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 26a3040c-c01e-0099-6381-d81c48000000
cf-ray: 8e1da7b2dd949744-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2626
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/v2/ 62 KB
13 KB 33ms
32ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a811246367093979c01fc9ea67e8db8c1b1e5abbd10fd669d6de163702c942b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: KChx+n8xgg81I5yxMVql3g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D5CECDCCB6
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79308
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 20:28:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 2a7e6421-901e-006f-1e5d-d83b5e000000
cf-ray: 8e1da7b2dd969744-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12700
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/ 21 KB
4 KB 32ms
32ms Fetch
text/css 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29733ca80fad429eb7e4bb7f028cd176d9ee5a5427d09caec143e5030cb1005f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: c7xAZ9MSGAobGaTYg/Qtag==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
cf-bgj: minify
cf-cache-status: HIT
x-ms-version: 2009-09-19
age: 85039
content-encoding: gzip
x-content-type-options: nosniff
cf-polished: origSize=21778
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: text/css
last-modified: Tue, 16 Jul 2024 20:28:20 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 7da1d20c-d01e-002c-4f58-d811b7000000
cf-ray: 8e1da7b2dd9a9744-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 commons.a61d7bea37d2de5d4b69.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 70 KB
22 KB 23ms
23ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "c467a63b2e7c3a99be423ace649014d8"
x-amz-version-id: JPDEPREw8gYM0wgzX9n.pVdsRblNlmAD
age: 310878
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: S3mUyr67iUbQ6xHZcH6U5srJTDF3cxuyEgToblUO6RSqQeBONGqHTg==
date: Sat, 09 Nov 2024 18:53:46 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 11:20:15 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21911
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 42ms
40ms Image
image/svg+xml 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 6466
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Nov 2024 03:47:41 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 489124bf-f01e-0012-2fee-34a796000000
cf-ray: 8e1da7b49e74bbe3-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
495 B 41ms
41ms Fetch
image/svg+xml 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 3498
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: image/svg+xml
last-modified: Wed, 13 Nov 2024 03:09:52 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: e26389a2-601e-0094-4d87-35f344000000
cf-ray: 8e1da7b4bfaa9744-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 integrations Show response
cdn.segment.com/v1/projects/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/ 525 B
1 KB 46ms
29ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/integrations
Requested by: Host: www.jamf.com
URL: https://www.jamf.com/js/jamf-critical.min.js?v=20241106145205
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 69a42e6ee3289c1e8d0cb1499ea9942eff8c94605f453ed5ef212bfc2424e04c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

access-control-max-age: 3000
x-amz-version-id: KZlz_nJexfqlicpZvoGZBmn_RP230j7Y
etag: "569c80ba1996b9776cb971c11c2cb1ce"
age: 7216
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: _pIyUPtvmlOwo9UFqPU6pDQMXtMhrkiEj-EWc9Meq6KPafeFkR9AcA==
date: Wed, 13 Nov 2024 09:10:47 GMT
content-type: application/json; charset=utf-8
vary: accept-encoding
last-modified: Tue, 01 Oct 2024 15:16:53 GMT
x-amz-replication-status: COMPLETED
cache-control: public, max-age=10800
via: 1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 525
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Jamf-color.png
cdn.cookielaw.org/logos/d94b466b-3228-4486-adf9-a106deb779b6/4d7fea22-b3d5-4503-b734-84804e07ee40/9b805bf9-1d27-4fe3-b26b-6a4ca770be37/ 7 KB
8 KB 55ms
27ms Image
image/png 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/d94b466b-3228-4486-adf9-a106deb779b6/4d7fea22-b3d5-4503-b734-84804e07ee40/9b805bf9-1d27-4fe3-b26b-6a4ca770be37/Jamf-color.png

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aeed6ee102307e4a3fe882c0839daba0a18abf1c0358defcdd99b4c739349375

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: HrdFQcjx2FrQMbBzSpWAIQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
etag: 0x8D9BB1B416E28D2
age: 37906
cf-cache-status: HIT
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: image/png
last-modified: Thu, 09 Dec 2021 13:53:18 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 7ebe4310-101e-0090-4113-2006c6000000
cf-ray: 8e1da7b50ebdbbe3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7576
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 61ms
34ms Image
image/svg+xml 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-md5: Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 9773
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 13 Nov 2024 09:15:03 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Nov 2024 20:46:13 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: cffb501f-a01e-0089-7677-352aae000000
cf-ray: 8e1da7b50ebebbe3-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 434ms
53ms Script
application/x-javascript 104.102.43.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.43.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-43-106.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2091f1ff92cc073e178dca31707853e0cc6cd913a5344a8978f040fa373efa6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

Content-Encoding: gzip
ETag: "e75e5ba140b1c7e6ea79786633c1ba0d:1731465879.778595"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 741
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Wed, 13 Nov 2024 09:15:04 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 13 Nov 2024 02:44:39 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 438 KB
124 KB 572ms
91ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MS7Q67&l=dataLayer

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

820ad16bcaf764eeabbfe0dc78d71fe9f94a4b9e195c2d7b38cf94eac3d3d47c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Wed, 13 Nov 2024 09:15:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 13 Nov 2024 09:15:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 13 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 126665
x-xss-protection: 0
server: Google Tag Manager

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
171 B 794ms
195ms Fetch
application/json 44.234.198.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.234.198.184 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-234-198-184.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.jamf.com/

Response headers

strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.jamf.com
content-length: 21
date: Wed, 13 Nov 2024 09:15:04 GMT
content-type: application/json
vary: Origin

POST
H2 200 i Show response
api.segment.io/v1/ 21 B
172 B 778ms
201ms Fetch
application/json 44.234.198.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/i

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/t5I7xjAjlbs6x0yXQAOc7p1XbGBC00E5/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.234.198.184 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-234-198-184.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.jamf.com/

Response headers

strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.jamf.com
content-length: 21
date: Wed, 13 Nov 2024 09:15:04 GMT
content-type: application/json
vary: Origin

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/164/ 11 KB
5 KB 53ms
51ms Script
application/x-javascript 104.102.43.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/164/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.43.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-43-106.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "756f9116836f579d12be8fe786b69d98:1726632111.60799"
Connection: keep-alive
Expires: Fri, 21 Feb 2025 09:15:04 GMT
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 4843
Date: Wed, 13 Nov 2024 09:15:04 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Sep 2024 04:01:51 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

POST
H/1.1 200
OK visitWebPage
532-tcs-411.mktoresp.com/webevents/ 2 B
318 B 797ms
127ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://532-tcs-411.mktoresp.com/webevents/visitWebPage?_mchNc=1731489304442&_mchCn=&_mchId=532-TCS-411&_mchTk=_mch-jamf.com-8f1ad1389199040721d86ca81d7ae7e7&_mchHo=www.jamf.com&_mchPo=&_mchRu=%2Fblog%2Fjamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications%2F&_mchPc=https%3A&_mchVr=164&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/164/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: 602fbded-41bb-4d7e-adfc-022b949e1a09
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Wed, 13 Nov 2024 09:15:05 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H2 200 jamf-non-critical.min.js Show response
www.jamf.com/js/ 176 KB
55 KB 29ms
26ms Script
application/javascript 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/js/jamf-non-critical.min.js?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

43c6aecdaddcf3bd5526c645a3489579158405185c7150cafd06081d253d7a1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "2c15d-62644c4f0a200-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: prsUfCC6kg-5kJ_yIjlCk2yFCkbVyqxDNV6lSoyRdU3rcBD9joXAMA==
date: Tue, 12 Nov 2024 23:31:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:57:44 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 55422
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 geofeed Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 68 B
244 B 89ms
43ms Script
text/javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/geofeed

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/js/jamf-non-critical.min.js?v=20241106145205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ff8be4caae44452d25370811829bcf0de87a264bc6dab2b9c45ec89b57b7c8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 8e1da7bb7ac1d349-FRA
content-encoding: gzip
date: Wed, 13 Nov 2024 09:15:04 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 print.css
www.jamf.com/css/ 19 KB
6 KB 32ms
31ms Stylesheet
text/css 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/css/print.css?v=20241106145205

Requested by

Host: www.jamf.com
URL: https://www.jamf.com/js/jquery.min.js?v=20241106145205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

8fc754e0e3bd090905ae6446f00dbaa00f1cd1b76211f2a06e261445ab07c79d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

content-encoding: gzip
etag: "4d07-62644c4398700-gzip"
age: 34993
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: cqFCUOze6lqKVJDeIBFOU991Rsuy1g_TxmB7OUwFptiWYYdtAmnQgw==
date: Tue, 12 Nov 2024 23:31:51 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 20:57:32 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000, s-maxage=2592000, immutable
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
referrer-policy: strict-origin-when-cross-origin
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 4966
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

GET
H2 200 favicon-32x32.png
www.jamf.com/ 414 B
1 KB 51ms
48ms Other
image/png 13.33.187.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jamf.com/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-5.fra60.r.cloudfront.net

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

f9a6c944861c4f365cb901665b56fcba383b67cdf7c43e533b0ac4d258d1c61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

Response headers

etag: "19e-625adc7356880"
age: 22469
report-to: {'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: BgqtMAEchPlSH4ZMdUE6dkZTzkZwgE2gk-bTpXW1ZooXbkOgh8scjg==
date: Wed, 13 Nov 2024 03:00:35 GMT
content-type: image/png
last-modified: Wed, 30 Oct 2024 08:49:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy-report-only: default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
referrer-policy: strict-origin-when-cross-origin
accept-ranges: bytes
content-length: 414
x-amz-cf-pop: FRA60-P9
server: Apache/2.4.41 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.jamf.com/	1970-01-21 00:58:16	Name: exp_exp_csrf_token Value: 54fba4f070dade0bf60a4edd5af4c682d38d8ea6
www.jamf.com/	1969-12-31 23:59:59	Name: WWWBALANCEID Value: aws.jamfweb-www-wa-2
www.jamf.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 01c4040f9e170f4e678a675c2aa867be
.jamf.com/	1970-01-21 09:43:45	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Nov+13+2024+10%3A15%3A03+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=202312.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=fe904b86-caf7-4e04-989e-2da49d6b9f36&interactionCount=0&landingPath=https%3A%2F%2Fwww.jamf.com%2Fblog%2Fjamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0&hosts=H97%3A1%2CH7%3A1%2CH31%3A1%2CH32%3A1%2CH64%3A1%2CH65%3A1%2CH4%3A1%2CH39%3A1%2CH42%3A1%2CH23%3A0%2CH51%3A0%2CH63%3A0%2CH3%3A0%2CH84%3A0%2CH55%3A0%2CH15%3A0%2CH11%3A0%2CH20%3A0%2CH24%3A0%2CH30%3A0%2CH33%3A0%2CH36%3A0%2CH41%3A0%2CH17%3A0%2CH70%3A0%2CH58%3A0%2CH71%3A0%2CH59%3A0%2CH72%3A0%2CH2%3A0%2CH73%3A0%2CH93%3A0%2CH74%3A0%2CH77%3A0%2CH80%3A0%2CH102%3A0%2CH83%3A0%2CH66%3A0%2CH14%3A0%2CH103%3A0%2CH88%3A0%2CH85%3A0%2CH69%3A0&genVendors=
.jamf.com/	1970-01-21 00:59:35	Name: cookieconsent_country_code Value: DE
www.jamf.com/	1970-01-21 01:08:14	Name: AWSALB Value: 2g9zMPuBIetMxsaQyifYS+86zFrkAuUunPCo2/bE0DBG7EbjL3J4LH9YpgS7y3dTMdPmjZsKfKwSHgad4keVXq///v/3ekwZAS9y8rLJB9shgN/muqprVph5UQb2
www.jamf.com/	1970-01-21 01:08:14	Name: AWSALBCORS Value: 2g9zMPuBIetMxsaQyifYS+86zFrkAuUunPCo2/bE0DBG7EbjL3J4LH9YpgS7y3dTMdPmjZsKfKwSHgad4keVXq///v/3ekwZAS9y8rLJB9shgN/muqprVph5UQb2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

532-tcs-411.mktoresp.com
api.segment.io
cdn.cookielaw.org
cdn.segment.com
d21y75miwcfqoq.cloudfront.net
geolocation.onetrust.com
media.jamf.com
munchkin.marketo.net
resources.jamf.com
www.googletagmanager.com
www.jamf.com
104.102.43.106
13.33.187.5
18.245.46.104
18.66.122.102
192.28.144.124
2600:9000:235a:4200:1b:ef38:3680:21
2606:4700:4400::6812:2089
2606:4700::6812:572a
2a00:1450:4001:82b::2008
44.234.198.184
99.86.8.175
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
0b4f795b7effc56efe74e77d28c7c0f6a14c4cb6d90218e87ccfba8059b42097
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1327d4a2dd0dd6a849dd458df6051d26642b7c332005cbe20ad5bc70b18433fd
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
29733ca80fad429eb7e4bb7f028cd176d9ee5a5427d09caec143e5030cb1005f
2b4798c649a6d858bddffd1c21898b169e2a1b345ca9f120d8b4b8882242ea17
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
39b6d2a7b0301f3db8a158ba98904702608524494d3f80f569950a8eb09e74d8
414be1cf7d1a22d082c3c58a8d5f1f32d1df213625f67e865d340f15eb7bf7f8
41ab5fe54178008304401cafcbd15e7028bc7bacd8d35bdc4426a825383f48db
43c6aecdaddcf3bd5526c645a3489579158405185c7150cafd06081d253d7a1d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5cd4596aa2a1cb56200c901bbbd5d3eab8fd5de281019cfd779693d39d7541f5
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69a42e6ee3289c1e8d0cb1499ea9942eff8c94605f453ed5ef212bfc2424e04c
6aced3f769540be1f364f060353f75f6af9a67c8bc623046886edc76693f5265
6d444ef6c991190d067f7161f627b01004c785de1d21f500463c41448b7b112f
820ad16bcaf764eeabbfe0dc78d71fe9f94a4b9e195c2d7b38cf94eac3d3d47c
8623781aee9a8ab6681ce164e41a840dbaaa0c0f21525f4c70d017f5a8c14089
864ae688258a38da1c42caecfbceb4d5df90a563965f9381ea27718a686e7977
8aad19047a1baccfde72afb9a6da90560930cad98ea057a3dbc4ed385385146b
8fc754e0e3bd090905ae6446f00dbaa00f1cd1b76211f2a06e261445ab07c79d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
92fa57c8cf4d7d618691b77843f29d486656309960eaeffe006ae3f4efdc9880
9a811246367093979c01fc9ea67e8db8c1b1e5abbd10fd669d6de163702c942b
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c
9ff8be4caae44452d25370811829bcf0de87a264bc6dab2b9c45ec89b57b7c8c
a1d9ff9f1d751ea1ed3a1110c991350451b3e007b46443b433951a9de1c1fd6c
a2091f1ff92cc073e178dca31707853e0cc6cd913a5344a8978f040fa373efa6
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
ae4819b567bc6b581735d2673f60db23fbb07f2e9aaf189c681e2cf42460f519
aeed6ee102307e4a3fe882c0839daba0a18abf1c0358defcdd99b4c739349375
b35ca718fa41729e077ce5c0e5f1d3aab1efefa436ee7dc6ae2c6540c1916aa5
b95ff3cc623d86a62fd075da7762debe3fcda734f46ffc71e321beb40e7035af
bc3c0c1453510e0a7374655ab8db5037b8105bd1bc8e5729eba1ff0ecc405d8f
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
cd186342f0ecf69108ae46236a02d305cef4a6b7d147de78a3c7d3e3ccc9036f
d20cfa80cae8b12c586377cd9f57cd48d2126b4730050ae6e87e7590d2c3138b
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d7095596626c9efa05f183d9b9916b4a28da8f2e368c5bce7efc6f1aabba0139
dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6
df1539bcfb67c9da81ee9f5c029921a09e63fb309fa4baf83942eed451f902c1
df54c069da584ec929d42161c8fd19e74c7f408d70e6e7e0f8d27cc9c02a0ad9
e2ee3847cb36f43851872639c0ef59358fe22ada8da9fccb2b4a79748d46cb12
f9a6c944861c4f365cb901665b56fcba383b67cdf7c43e533b0ac4d258d1c61f

www.jamf.com Open in urlscan Pro 13.33.187.5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

54 Requests

100 %HTTPS

36 %IPv6

9 Domains

11 Subdomains

11 IPs

2 Countries

2088 kBTransfer

5723 kBSize

7 Cookies

23 Outgoing links

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.jamf.com Open in urlscan Pro
13.33.187.5 Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

100 %
HTTPS

36 %
IPv6

9
Domains

11
Subdomains

11
IPs

2
Countries

2088 kB
Transfer

5723 kB
Size

7
Cookies

54 HTTP transactions
0 data transactions