casperread, if memory serves me, is used if you have an AFP or SMB share configured for packages. The read account is able to mount the share to copy packages down to the device during policies, but has no ability to make modifications to the share, or at least that's how it's supposed to work. Do you know if this lines up with how your Jamf server is set up? Do you have a local sharepoint configured in Settings > File share distribution points? If so, do you see a "casperread" account listed as configured under the "Read-Only Account" option?
I can't offhand say why this account would have been flagged for trying to access a website. I didn't think they were used for anything around web access. Then again, a lot of times these accounts are actual service accounts in your directory service, so it's possible it's not even anything Jamf is doing here. The account might have been accessed from another system.
Lastly, my memory on how that account was used may not be complete, since it's been a while since I've had an actual non HTTP/HTTPS share configured with Jamf Pro. So take all that I'm saying here with a grain of salt.
Also, what version of Jamf Pro is your setup running?
