www.bitsight.com Open in urlscan Pro
2606:4700:10::ac43:60f  Public Scan

21 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQIECNarbfWzCgAAAZOWGlBqTL0Q6yUQLn7TquFsuuAUniQ1M6PBqgzbGWr5d8FbmatUgbPL4d6HPVETZDg8uAHt9wR0

Request Chain 81

• https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Request Chain 83

• https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= HTTP 303
• https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67516f2f78b5920001232586%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= HTTP 302
• https://map.go.affec.tv/map/an/5000294810664769913?ch=67516f2f78b5920001232586&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= HTTP 303
• https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=

Request Chain 88

• https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

134 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request proxyam-powered-socks5systemz-botnet Show response www.bitsight.com/blog/	137 KB 23 KB	724ms 591ms	Document text/html	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f9d2e75886ce2284f54a6a897c64805058dc84d623fa8ba597883deb70029a1e Security Headers Name Value Content-Security-Policy report-uri /report-csp-violation Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers age 73182 cache-control max-age=31536000, public cf-cache-status DYNAMIC cf-ray 8ed2ee7c2ed3ebd9-ARN content-encoding br content-language en content-security-policy report-uri /report-csp-violation content-type text/html; charset=UTF-8 date Thu, 05 Dec 2024 09:15:26 GMT expires Sun, 19 Nov 1978 05:00:00 GMT last-modified Wed, 04 Dec 2024 12:55:43 GMT link <analytics.google.com>; rel="dns-prefetch", <js.driftt.com>; rel="dns-prefetch", <rackingapi.trendemon.com>; rel="dns-prefetch", <tags.srv.stackadapt.com>; rel="dns-prefetch", <cdn.optimizely.com>; rel="dns-prefetch", <js.hs-scripts.com>; rel="dns-prefetch", <logx.optimizely.com>; rel="dns-prefetch", <metrics.hotjar.io>; rel="dns-prefetch", <bootstrap.driftapi.com>; rel="dns-prefetch", <ka-p.fontawesome.com>; rel="dns-prefetch", <audioeye.com>; rel="dns-prefetch", <googletagmanager.com>; rel="dns-prefetch", <permutive.com>; rel="dns-prefetch", <hotjar.com>; rel="dns-prefetch", <analytics.google.com>; rel="preconnect", <js.driftt.com>; rel="preconnect", <rackingapi.trendemon.com>; rel="preconnect", <consent.trustarc.com>; rel="preconnect", <cdn.optimizely.com>; rel="preconnect", <js.hs-scripts.com>; rel="preconnect", <metrics.hotjar.io>; rel="preconnect", <logx.optimizely.com>; rel="preconnect", <bootstrap.driftapi.com>; rel="preconnect", <ka-p.fontawesome.com>; rel="preconnect", <tags.srv.stackadapt.com>; rel="preconnect", <audioeye.com>; rel="preconnect", <googletagmanager.com>; rel="preconnect", <permutive.com>; rel="preconnect", <hotjar.com>; rel="preconnect", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2>; rel="prefetch", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://kit.fontawesome.com/bc8e4d7021.js>; rel="prerender", <https://js-agent.newrelic.com/nr-rum-1.255.0.min.js>; rel="prerender" referrer-policy no-referrer-when-downgrade server cloudflare strict-transport-security max-age=2592000; includeSubDomains surrogate-key tilu alec 15nq bh81 qknc 135a t5be 1rv1 4iqj 2h09 k5im 7bmp epgs ffa2 tapm s1so lgqj d7d6 1971 6ehj gaf3 77td jufg knej sheu khoj 4n5i cj78 vja0 ka5u 78t5 6dsl ldc7 snk9 tib3 rjqv tjhs n16q keo3 rl04 p93v vcdf e79l u1q5 gsd9 lira nl66 jro7 in6f h29v iu4c 3kis e6ki 2pbm 3t5u snd9 1cn6 omo7 o1kn 4539 uqdm k6vi dfem 98ql 5694 s3lt gub4 qb8d td07 bicd b452 cjqp 51mg q0pd 516e gfvc vfo5 urm3 2e20 1ovt ihaf 93fh ogvc 8775 4f2v acf4 1edt ql68 bsc4 3ukk ut71 kvo9 bsid i1hh m4ma 704t l0o5 ebeg 601f kfqg eit7 ig0p 4fu4 vq51 oauf snab trke e1j3 vary Cookie,Accept-Encoding via varnish x-ah-environment prod x-cache HIT x-cache-hits 476 x-content-type-options nosniff x-dns-prefetch-control on x-drupal-cache MISS x-drupal-dynamic-cache MISS x-frame-options SAMEORIGIN x-generator Drupal 10 (https://www.drupal.org) x-request-id v-12355ac6-b23f-11ef-9ed4-c71f3ab355bf x-xss-protection 1; mode=block
GET H3	200	S6uyw4BMUTPHjx4wXiWtFCc.woff2 fonts.gstatic.com/s/lato/v22/	0 14 KB	115ms 54ms	Other font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers age 5471 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Fri, 05 Dec 2025 07:44:15 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 07:44:15 GMT last-modified Wed, 26 Jan 2022 19:14:07 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 13976 x-xss-protection 0 server sffe
GET H2	200	pro-fa-light-300-0.woff2 ka-p.fontawesome.com/releases/v6.5.2/webfonts/	0 15 KB	153ms 61ms	Other font/woff2	2606:4700:4400::6812:2844 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=31556926 cf-cache-status HIT etag "660c2974-3c34" age 2100064 cf-ray 8ed2ee8088ccf8a0-ARN accept-ranges bytes access-control-allow-origin * content-length 15412 date Thu, 05 Dec 2024 09:15:26 GMT content-type font/woff2 last-modified Tue, 02 Apr 2024 15:51:16 GMT vary Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method server cloudflare
GET H2	200	26349430206.js Show response cdn.optimizely.com/js/	341 KB 98 KB	197ms 104ms	Script text/javascript	2606:4700::6812:4139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.optimizely.com/js/26349430206.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6e0f30e660d7a31385f5965dfc0e2f0c0d13cecab111ea5007d6c1101354a60e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 86400 access-control-expose-headers x-amz-meta-revision content-encoding gzip cf-cache-status HIT etag "eee46996f3104e217506d7ec9355602d" x-amz-version-id waeRRqLXxD9Dq245ZbBIy_M4ALXIJOCN access-control-allow-methods GET, HEAD date Thu, 05 Dec 2024 09:15:26 GMT x-amz-meta-revision 9789 content-type text/javascript; charset=utf-8 last-modified Thu, 05 Dec 2024 08:43:18 GMT vary Accept-Encoding x-amz-id-2 dsYwdc98zry/aLyQpM1cchWe8eL0kLr/SLbrNIH6Zbie7+4+MzcuUUzW7Ul8D6Sfj6EY2G5VBvw= access-control-allow-headers * x-amz-replication-status PENDING cache-control max-age=120 timing-allow-origin * x-amz-meta-pci_enabled False access-control-allow-credentials false x-amz-request-id FMTW9EMWY8FC4AW2 cf-ray 8ed2ee80793782c1-ARN accept-ranges bytes access-control-allow-origin * content-length 99509 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css www.bitsight.com/sites/default/files/css/	4 KB 1 KB	544ms 543ms	Stylesheet text/css	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/css/css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css?delta=0&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-dd24958a-a1dc-11ef-b328-4b413951eb8b content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Thu, 13 Nov 2025 16:31:57 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type text/css last-modified Wed, 13 Nov 2024 16:31:56 GMT vary Accept-Encoding x-cache-hits 2282 strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee7fef06ebd9-ARN accept-ranges bytes content-length 1331 server cloudflare
GET H2	200	css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css www.bitsight.com/sites/default/files/css/	90 KB 14 KB	596ms 596ms	Stylesheet text/css	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-7ece593c-a75c-11ef-b80a-c3e908d67d9a content-encoding gzip cf-cache-status MISS x-content-type-options nosniff expires Thu, 20 Nov 2025 16:28:37 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type text/css vary Accept-encoding x-cache-hits 1971 last-modified Wed, 20 Nov 2024 16:28:36 GMT strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee7fef09ebd9-ARN accept-ranges bytes content-length 14030 server cloudflare
GET H2	200	Products_EnterpriseSecurity.svg www.bitsight.com/sites/default/files/2024/04/27/	994 B 640 B	477ms 476ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_EnterpriseSecurity.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-2b0579dc-7fa9-11ef-8f1a-1bf2f532319e content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:56:41 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:46:48 GMT x-cache-hits 105844 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee7fef0debd9-ARN server cloudflare
GET H2	200	Products_DigitalSupplyChainSecurity.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 501 B	480ms 479ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_DigitalSupplyChainSecurity.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a69fc274-7fa8-11ef-877b-fbeec39b1bd6 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:48:47 GMT x-cache-hits 103753 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee7fef10ebd9-ARN server cloudflare
GET H2	200	Products_RiskGovernanceReporting.svg www.bitsight.com/sites/default/files/2024/04/27/	712 B 491 B	501ms 495ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskGovernanceReporting.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-295206ac-06fd-11ef-9ba4-cfb97bc8adf7 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:50:46 GMT x-cache-hits 254 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8ed2ee81f824ebd9-ARN server cloudflare
GET H2	200	Products_RiskAnalysisData.svg www.bitsight.com/sites/default/files/2024/04/27/	630 B 372 B	525ms 519ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskAnalysisData.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6c0da36-7fa8-11ef-94a5-9b29320aef23 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:52:21 GMT x-cache-hits 105165 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f82aebd9-ARN server cloudflare
GET H2	200	Products_CyberUnderwritingRiskControl.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 779 B	515ms 509ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_CyberUnderwritingRiskControl.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-f34c8864-7fa8-11ef-8482-57e570e1542b content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:54:40 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:53:11 GMT x-cache-hits 103118 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f830ebd9-ARN server cloudflare
GET H2	200	Produ_ProfessionalServices.svg www.bitsight.com/sites/default/files/2024/04/27/	2 KB 1 KB	498ms 493ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Produ_ProfessionalServices.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-6166106e-500a-11ef-a8c9-8fbe6328bb40 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:56:44 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:53:52 GMT x-cache-hits 73479 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f83bebd9-ARN server cloudflare
GET H2	200	Sidebar_LightBulb.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 662 B	488ms 483ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-2cf162ec-7fa9-11ef-bca5-0f383d26b9a1 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:45:47 GMT x-cache-hits 102361 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f83febd9-ARN server cloudflare
GET H2	200	Solutions_UseCases.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 627 B	525ms 521ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_UseCases.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-f34b8d1a-7fa8-11ef-a39a-ab9d0c870871 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:54:40 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:56:37 GMT x-cache-hits 101723 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f845ebd9-ARN server cloudflare
GET H2	200	Solutions_Industries.svg www.bitsight.com/sites/default/files/2024/04/27/	864 B 544 B	507ms 503ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_Industries.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-74d30a66-7fa9-11ef-b271-0bd2091ed138 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:58:45 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:59:41 GMT x-cache-hits 104041 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f852ebd9-ARN server cloudflare
GET H2	200	DataInsights_OurData.svg www.bitsight.com/sites/default/files/2024/04/27/	725 B 574 B	512ms 507ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_OurData.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6cf3f54-7fa8-11ef-94e3-83b871583532 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:58 GMT x-cache-hits 92329 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee82392aebd9-ARN server cloudflare
GET H2	200	DataInsights_ThreatResearch.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 494 B	515ms 510ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_ThreatResearch.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-ee0422f2-07b9-11ef-b478-6b93ef1b10ae content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:18:18 GMT x-cache-hits 370 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8ed2ee823930ebd9-ARN server cloudflare
GET H2	200	Sidebar_Bell.svg www.bitsight.com/sites/default/files/2024/04/27/	766 B 507 B	545ms 541ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-4e1b367e-500a-11ef-aff7-ff692cc1d873 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:56:47 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:01 GMT x-cache-hits 73135 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee823934ebd9-ARN server cloudflare
GET H2	200	Company_AboutUs.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 607 B	591ms 587ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Company_AboutUs.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6cf0912-7fa8-11ef-b19b-d3a57650a051 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:07:02 GMT x-cache-hits 101590 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee823937ebd9-ARN server cloudflare
GET H2	200	Company_ConnectWithUs.svg www.bitsight.com/sites/default/files/2024/04/27/	745 B 399 B	566ms 562ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Company_ConnectWithUs.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6d0fa06-7fa8-11ef-b7ae-bfa105ebdffd content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:58:45 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:09:14 GMT x-cache-hits 103187 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee82393eebd9-ARN server cloudflare
GET H2	200	Resources_Resources.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 697 B	579ms 576ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Resources.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-f35ea0da-7fa8-11ef-9c30-63ac07ea3e03 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:12:47 GMT x-cache-hits 101663 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee823942ebd9-ARN server cloudflare
GET H2	200	Resources_Blog.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 578 B	566ms 563ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Blog.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-fe3e93f2-7fa8-11ef-ba97-23094562eabd content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:14:49 GMT x-cache-hits 100987 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee823945ebd9-ARN server cloudflare
GET H2	200	Sidebar_QuoteBubble.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 765 B	577ms 574ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_QuoteBubble.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-f352f456-7fa8-11ef-9580-4fbb6267f403 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:16:50 GMT x-cache-hits 101427 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee823948ebd9-ARN server cloudflare
GET H2	200	PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/	55 KB 55 KB	765ms 762ms	Image image/webp	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp?itok=hxzltWNB Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f6331a2668773c2c297dd182dc9a409a8a06ce9fc55c53bdf0bf2a11ac6609e Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-2ebf1d50-b1b1-11ef-a981-eb880181fbc6 cf-cache-status MISS x-content-type-options nosniff expires Wed, 03 Dec 2025 20:00:02 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:27 GMT content-type image/webp last-modified Mon, 25 Nov 2024 18:07:12 GMT x-cache-hits 271 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee82394aebd9-ARN accept-ranges bytes content-length 56146 server cloudflare
GET H2	200	Favorable_TermScout.svg www.bitsight.com/sites/default/files/2024/10/10/	16 KB 5 KB	543ms 540ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/10/10/Favorable_TermScout.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-56c54b70-874b-11ef-9c85-df1a7d2d3fb7 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Fri, 10 Oct 2025 21:05:11 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Thu, 10 Oct 2024 21:05:11 GMT x-cache-hits 88 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee82394febd9-ARN server cloudflare
GET H2	200	email-decode.min.js Show response www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/	1 KB 830 B	54ms 49ms	Script application/javascript	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=172800, public content-encoding gzip etag W/"6740aa56-4d7" x-content-type-options nosniff cf-ray 8ed2ee81f833ebd9-ARN expires Sat, 07 Dec 2024 09:15:26 GMT date Thu, 05 Dec 2024 09:15:26 GMT content-type application/javascript last-modified Fri, 22 Nov 2024 15:59:18 GMT vary Accept-Encoding server cloudflare x-frame-options DENY
GET H2	200	js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js Show response www.bitsight.com/sites/default/files/js/	92 KB 32 KB	509ms 503ms	Script text/javascript	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/js/js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js?scope=footer&delta=0&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-dd6e4568-a1dc-11ef-a7e0-276479788c1f content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Thu, 13 Nov 2025 16:31:57 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type text/javascript last-modified Wed, 13 Nov 2024 16:31:05 GMT vary Accept-Encoding x-cache-hits 6798 strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f834ebd9-ARN accept-ranges bytes content-length 32455 server cloudflare
GET H2	200	277648.js Show response js.hs-scripts.com/	1 KB 967 B	191ms 97ms	Script application/javascript	2606:4700::6810:8cd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/277648.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 594098e9d49ae500c449d697ef26e380b83b6470713dfee9abce171703a10f6c Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT x-content-type-options nosniff expires Thu, 05 Dec 2024 09:16:56 GMT date Thu, 05 Dec 2024 09:15:26 GMT x-hubspot-correlation-id 1239faa2-057a-4819-a3ea-e8351945c6a2 content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Thu, 05 Dec 2024 09:15:00 GMT cache-control public, max-age=90 access-control-allow-credentials true cf-ray 8ed2ee828d9f0a2c-ARN accept-ranges bytes access-control-allow-origin https://www.bitsight.com content-length 599 server cloudflare
GET H2	200	js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js Show response www.bitsight.com/sites/default/files/js/	55 KB 14 KB	487ms 482ms	Script text/javascript	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/js/js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js?scope=footer&delta=2&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-11b18bfa-a1dd-11ef-acbc-eb4a9e6e234d content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Thu, 13 Nov 2025 16:33:52 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type text/javascript last-modified Wed, 13 Nov 2024 16:31:57 GMT vary Accept-Encoding x-cache-hits 6863 strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f836ebd9-ARN accept-ranges bytes content-length 14340 server cloudflare
GET H2	200	geo4.js Show response cdn3.optimizely.com/js/	310 B 324 B	117ms 49ms	Script application/javascript	104.18.35.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn3.optimizely.com/js/geo4.js Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/26349430206.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.35.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8827e39cb3cd0e8e016d55858e0a05e879c4291821c507f9d8587c780e806ea1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cf-ray 8ed2ee826cc3ecd3-ARN content-encoding br date Thu, 05 Dec 2024 09:15:26 GMT content-type application/javascript vary Accept-Encoding server cloudflare
GET H2	200	gtm.js Show response www.googletagmanager.com/	449 KB 135 KB	210ms 95ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 001ba76315e87c1143f41787b7a98e146edf83052d469ccd502061d5e68a8e72 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],} expires Thu, 05 Dec 2024 09:15:26 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 05 Dec 2024 09:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 137942 x-xss-protection 0 server Google Tag Manager
GET H2	200	Sidebar_LightBulb.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 0	485ms 485ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-2cf162ec-7fa9-11ef-bca5-0f383d26b9a1 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:45:47 GMT x-cache-hits 102361 vary Accept-Encoding cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee81f83febd9-ARN server cloudflare
GET H2	200	Sidebar_Bell.svg www.bitsight.com/sites/default/files/2024/04/27/	766 B 0	543ms 543ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-4e1b367e-500a-11ef-aff7-ff692cc1d873 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:56:47 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:26 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:01 GMT x-cache-hits 73135 vary Accept-Encoding cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee823934ebd9-ARN server cloudflare
GET H2	200	a26349430206.html a26349430206.cdn.optimizely.com/client_storage/ Frame 3CE6	0 0	195ms 102ms	Document text/html	2606:4700::6812:4239 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/26349430206.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control max-age=120 cf-cache-status HIT cf-ray 8ed2ee82bdaa82b5-ARN content-encoding gzip content-length 775 content-type text/html; charset=utf-8 date Thu, 05 Dec 2024 09:15:26 GMT etag "a3598c338cd40df7862b7fd121a25166" last-modified Thu, 05 Dec 2024 08:43:13 GMT server cloudflare server-timing cfCacheStatus;desc="HIT" vary Accept-Encoding x-amz-id-2 PuowODAJjmtX7kYqFpJ5vfly1eSXg1cdHXwMkgSnvvTusHzqCP9SPcwfCy754vO8/wQHt+WixOI= x-amz-meta-pci_enabled False x-amz-replication-status COMPLETED x-amz-request-id RSJ19AR3W6YX7PFE x-amz-server-side-encryption AES256 x-amz-version-id R5b9U46mzplne.MXw6nbsC9Kqzy7Rcfs
GET H2	200	p.css p.typekit.net/	5 B 172 B	144ms 32ms	Stylesheet text/css	2a02:26f0:3500:8::c16c:9908 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=dws7syq&ht=tk&f=39488.39489.39490.39491.39492.39493.39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509&a=212160357&app=typekit&e=css Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Response headers cache-control public, max-age=604800 etag "674c5a4a-5" cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 5 date Thu, 05 Dec 2024 09:15:26 GMT content-type text/css last-modified Sun, 01 Dec 2024 12:44:58 GMT server nginx
GET H2	200	notice Show response consent.trustarc.com/	34 KB 11 KB	143ms 72ms	Script text/javascript	13.224.189.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-13.fra2.r.cloudfront.net Software / Resource Hash 6ae7a1f4bce1c645a275806f7f903c2059bcb681eda9063fb573dfd37829cb5e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control max-age=3600 content-encoding gzip via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-cache Miss from cloudfront x-amz-cf-id -dUTxPor0gMrhkYUi8OnX0ewnzy-FXsgmb5aPME8xCnAmN6e746GIQ== date Thu, 05 Dec 2024 09:15:26 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding, Origin x-amz-cf-pop FRA2-C1
POST H3	200	collect www.google.com/ccm/	0 0	168ms 61ms	Ping text/plain	2a00:1450:4001:827::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&scrsrc=www.googletagmanager.com&frm=0&rnd=697355625.1733390127&auid=1135648923.1733390127&npa=1&gtm=45He4c30v76025611za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&tft=1733390126771&tfd=1455&apve=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	115ms 27ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (amb/6BA7) / Resource Hash 240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control max-age=86400 content-encoding gzip etag "4797a1a44a3cdb1:0" age 43128 accept-ranges bytes x-cache HIT content-length 25393 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/x-javascript last-modified Thu, 21 Nov 2024 19:22:02 GMT server ECS (amb/6BA7) vary Accept-Encoding
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	2 KB 1006 B	118ms 32ms	Script application/javascript	2a02:26f0:480:15::213:7e63 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:15::213:7e63 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=50196 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 796 date Thu, 05 Dec 2024 09:15:26 GMT last-modified Mon, 02 Dec 2024 19:28:43 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	163ms 52ms	Script text/javascript	2a00:1450:4001:831::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip age 2041 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],} x-content-type-options nosniff expires Thu, 05 Dec 2024 10:41:25 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 08:41:25 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT content-type text/javascript vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=7200 cross-origin-resource-policy cross-origin content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0 cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 20994 server Golfe2
GET H2	200	destination Show response www.googletagmanager.com/gtag/	260 KB 92 KB	68ms 67ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 6b51fde93ed90b2307bfc2c8b18ae3968de7731ea89a1a11a0de72abca59f2a1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Thu, 05 Dec 2024 09:15:26 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 05 Dec 2024 09:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 94241 x-xss-protection 0 server Google Tag Manager
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	43 KB 13 KB	63ms 18ms	Script application/javascript	2a04:4e42:400::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control public, max-age=60 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip etag "1a001f3a066bff47a766099b87253911" report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 12220 date Thu, 05 Dec 2024 09:15:26 GMT last-modified Mon, 18 Nov 2024 21:16:35 GMT content-type application/javascript vary Accept-Encoding,Origin server snooserv x-amz-server-side-encryption AES256
GET H/1.1	200 OK	js Show response pixel.mathtag.com/event/	161 B 712 B	399ms 109ms	Script text/javascript	74.121.140.211 PAEDAE-INC
General Check archive.org Show headers Download Go to Full URL https://pixel.mathtag.com/event/js?mt_pp=1&mt_adid=222552 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.121.140.211 Reston, United States, ASN30419 (PAEDAE-INC, US), Reverse DNS Software MT3 1688 76e1918 master iad iad-pixel-x24 config_version:"3175" / Resource Hash 98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457 Security Headers Name Value Strict-Transport-Security 31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers Strict-Transport-Security 31536000 Cache-Control no-cache Content-Encoding gzip Connection close Cross-Origin-Resource-Policy cross-origin Referrer-Policy strict-origin X-Content-Type-Options nosniff X-Permitted-Cross-Domain-Policies all Access-Control-Allow-Origin * P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Date Thu, 05 Dec 2024 09:15:27 GMT X-XSS-Protection 0 Content-Type text/javascript Server MT3 1688 76e1918 master iad iad-pixel-x24 config_version:"3175"
GET H2	200	7127e84810857c8d.min.js Show response tag.demandbase.com/	76 KB 20 KB	115ms 36ms	Script application/javascript	18.245.60.121 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.demandbase.com/7127e84810857c8d.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.121 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-121.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip x-amz-version-id v05QvrvxRI0VOl7C8T2uZsSJ_x4PrkcB etag W/"dc57eab4525914a6ed3317a7f6046ff8" age 1211 x-cache Hit from cloudfront x-amz-cf-id ycIbRz48yrhWuriGjbvcqvPsKqRB-Nxvds2yckvT52lHw27nwNasCg== date Thu, 05 Dec 2024 08:56:28 GMT content-type application/javascript; charset=utf-8 vary accept-encoding last-modified Fri, 15 Nov 2024 20:20:16 GMT strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=3600 via 1.1 7dbea139a5c4f501bc4b0e9d19a50c9a.cloudfront.net (CloudFront) permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-pop FRA60-P5 server AmazonS3 x-amz-server-side-encryption AES256
GET H3	200	nB5wHQT3fvQHVI5gp4PL Show response ws.zoominfo.com/pixel/	3 KB 2 KB	347ms 298ms	Script text/javascript	2606:4700::6810:752b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/nB5wHQT3fvQHVI5gp4PL Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 146abab9f1d7fe1191d79ee55e77b4fdc0614bb990769d698f243cf32c02d25f Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-robots-tag noindex, nofollow content-encoding gzip cf-cache-status DYNAMIC access-control-allow-credentials true x-content-type-options nosniff via 1.1 google cf-ray 8ed2ee84ccb795fd-ARN access-control-allow-origin * alt-svc h3=":443"; ma=86400 date Thu, 05 Dec 2024 09:15:27 GMT content-type text/javascript vary Accept-Encoding x-powered-by Express server cloudflare access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	166ms 53ms	Script text/javascript	2a00:1450:4001:830::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip age 4663 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],} x-content-type-options nosniff expires Thu, 05 Dec 2024 09:57:43 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 07:57:43 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT content-type text/javascript vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=7200 cross-origin-resource-policy cross-origin content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0 cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 17168 server Golfe2
GET H2	200	events.js Show response tags.srv.stackadapt.com/	22 KB 7 KB	202ms 131ms	Script text/javascript	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/events.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash 0d57b9872903c5a89f2e488e134f0e6fa7200d551c3d0910df675714029ad8c5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-origin * cache-control max-age=5 content-encoding gzip date Thu, 05 Dec 2024 09:15:27 GMT content-type text/javascript
GET H2	200	sw_iframe.html www.googletagmanager.com/static/service_worker/4c30/ Frame FD39	0 0	159ms 52ms	Document text/html	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 141385 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 1476 content-type text/html cross-origin-opener-policy same-origin; report-to="analytics-container-tag-serving" cross-origin-resource-policy cross-origin date Tue, 03 Dec 2024 17:59:01 GMT expires Wed, 03 Dec 2025 17:59:01 GMT last-modified Tue, 03 Dec 2024 10:18:00 GMT report-to {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]} server sffe service-worker-allowed /static/service_worker vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	point-of-precision.svg www.bitsight.com/themes/custom/bitsight_theme/src/assets/	327 B 374 B	529ms 528ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/themes/custom/bitsight_theme/src/assets/point-of-precision.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Response headers x-request-id v-a74a537e-7fa8-11ef-b1d0-cbae4a573e9e content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:27 GMT content-type image/svg+xml last-modified Tue, 24 Sep 2024 14:17:53 GMT x-cache-hits 94745 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee84abddebd9-ARN server cloudflare
GET H2	200	l use.typekit.net/af/0230dd/00000000000000007735bb33/30/	26 KB 26 KB	207ms 105ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/0230dd/00000000000000007735bb33/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "5bb33ae2a954c4b3b528681f85ecbf7624532fad" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 26356 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/153042/00000000000000007735bb62/30/	24 KB 24 KB	131ms 30ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "b0d46bd3fb22c6c06785f44e1a131be6878e0485" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 24460 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/305037/00000000000000007735bb39/30/	27 KB 27 KB	142ms 41ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/305037/00000000000000007735bb39/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "4af6f044e86b0a30d1aa7c5babe16808274dd9a8" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 27780 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/	23 KB 23 KB	136ms 35ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "11d02edbb0e1552504cdb4512876b33f0c02dcaf" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 23256 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/384d9b/00000000000000007735bb6a/30/	25 KB 25 KB	161ms 61ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "23427917d6d72688888854d7151dc7962d8d8301" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 25828 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/aed66e/00000000000000007735bb35/30/	27 KB 27 KB	193ms 93ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/aed66e/00000000000000007735bb35/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "9e3369ea7ed88f1e4a8a12a637f7348f31af57ce" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 27892 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/160664/00000000000000007735bb32/30/	28 KB 28 KB	192ms 92ms	Font application/font-woff2	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/160664/00000000000000007735bb32/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "a0a5b94f1d2bb67123bf96637186b77b73341264" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 28612 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/font-woff2 server nginx
GET H2	200	Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png www.bitsight.com/sites/default/files/2024/11/25/	14 KB 14 KB	616ms 612ms	Image image/png	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/11/25/Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a9e1fde6240e3a5a6abc36edfe07c9e6204b687100edadd3d70fb77e9560ca96 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-8f32b2b0-b165-11ef-b9e2-17a04bc52b66 cf-cache-status MISS x-content-type-options nosniff expires Wed, 03 Dec 2025 10:58:42 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:27 GMT content-type image/png last-modified Mon, 25 Nov 2024 18:27:27 GMT x-cache-hits 212 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee84dcb0ebd9-ARN accept-ranges bytes content-length 14184 server cloudflare
GET H2	200	Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png www.bitsight.com/sites/default/files/2024/11/25/	39 KB 39 KB	620ms 617ms	Image image/png	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/11/25/Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 54b3e4c319fb99c631ffd50cf7308ed0d10e78eb2e7ae6190f960c27418399fe Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-90362246-b165-11ef-acb4-fbcf397e5e1f cf-cache-status MISS x-content-type-options nosniff expires Wed, 03 Dec 2025 10:58:44 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:27 GMT content-type image/png last-modified Mon, 25 Nov 2024 18:28:42 GMT x-cache-hits 211 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee84dcb3ebd9-ARN accept-ranges bytes content-length 39752 server cloudflare
GET H2	200	KEV-research-white-paper-ad.svg www.bitsight.com/sites/default/files/2024/09/20/	167 KB 112 KB	821ms 819ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/09/20/KEV-research-white-paper-ad.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-aa781222-7fab-11ef-95a5-43a595f8dfd4 content-encoding br cf-cache-status MISS x-content-type-options nosniff expires Wed, 01 Oct 2025 04:14:34 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:27 GMT content-type image/svg+xml last-modified Fri, 20 Sep 2024 19:03:54 GMT x-cache-hits 6434 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee84dcb9ebd9-ARN server cloudflare
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_dy92zhkbx/	3 B 124 B	66ms 18ms	XHR application/json	151.101.65.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_dy92zhkbx/config Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=14400 content-encoding gzip via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 27 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/json
GET H2	200	t2_dy92zhkbx_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	60ms 24ms	XHR application/json	2a04:4e42:400::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_dy92zhkbx_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=300 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 98 date Thu, 05 Dec 2024 09:15:26 GMT content-type application/json vary Accept-Encoding,Origin server snooserv
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	169ms 122ms	Image image/gif	151.101.65.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1733390126847&id=t2_dy92zhkbx&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=f054edb9-6e5b-4f7c-8d29-5f928b1ac94e&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc= Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} retry-after 0 cross-origin-resource-policy cross-origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes content-length 42 date Thu, 05 Dec 2024 09:15:27 GMT content-type image/gif server Varnish
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	32ms 31ms	Script application/javascript	2a02:26f0:480:15::213:7e63 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:15::213:7e63 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=34884 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 14628 date Thu, 05 Dec 2024 09:15:26 GMT last-modified Mon, 02 Dec 2024 10:13:56 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	277648.js Show response js.hs-scripts.com/	1 KB 0	0ms 0ms	Script application/javascript	2606:4700::6810:8cd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/277648.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 594098e9d49ae500c449d697ef26e380b83b6470713dfee9abce171703a10f6c Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT x-content-type-options nosniff expires Thu, 05 Dec 2024 09:16:56 GMT date Thu, 05 Dec 2024 09:15:26 GMT x-hubspot-correlation-id 1239faa2-057a-4819-a3ea-e8351945c6a2 content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Thu, 05 Dec 2024 09:15:00 GMT cache-control public, max-age=90 access-control-allow-credentials true cf-ray 8ed2ee828d9f0a2c-ARN accept-ranges bytes access-control-allow-origin https://www.bitsight.com content-length 599 server cloudflare
GET H2	200	ipv cdn.bizible.com/	43 B 305 B	30ms 29ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=89695231ab664d9885eaca99ee3e1c83&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733390126908&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&_biz_n=0&rnd=306379&cdn_o=a&_biz_z=1733390126923 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (amb/6B77) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 475195 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Thu, 05 Dec 2024 09:15:26 GMT content-type Image/GIF last-modified Fri, 29 Nov 2024 21:15:31 GMT server ECS (amb/6B77)
GET H2	200	u cdn.bizibly.com/	43 B 205 B	31ms 30ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=89695231ab664d9885eaca99ee3e1c83&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733390126925&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&rnd=62747&cdn_o=a&_biz_z=1733390126925 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (amb/6B7E) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 475159 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Thu, 05 Dec 2024 09:15:26 GMT content-type Image/GIF last-modified Fri, 29 Nov 2024 21:16:08 GMT server ECS (amb/6B7E)
GET H2	200	sync s.company-target.com/s/ Frame 7F6C	0 0	273ms 129ms	Document text/html	34.96.71.22 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://s.company-target.com/s/sync?exc=lr Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/7127e84810857c8d.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 22.71.96.34.bc.googleusercontent.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-methods GET,OPTIONS alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 634 content-type text/html; charset=UTF-8 date Thu, 05 Dec 2024 09:15:27 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	218ms 57ms	Image text/plain	35.244.174.68 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Thu, 05 Dec 2024 09:15:27 GMT
POST H2	200	ip.json Show response api.company-target.com/api/v3/	480 B 1 KB	242ms 81ms	XHR application/json	18.66.102.85 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&page_title=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.85 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-85.fra56.r.cloudfront.net Software nginx / Resource Hash f13baf8c6e813571ddeaab89bee18294cdfea2064d3c6d67abc3e684b25853f1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 7200 access-control-expose-headers x-amz-cf-id content-encoding gzip identification-source CENTRAL access-control-allow-methods GET, POST, OPTIONS request-id bd376190-106b-404a-a80d-35f9b5237a45 expires Wed, 04 Dec 2024 09:15:27 GMT x-cache Miss from cloudfront x-amz-cf-id OYHwL--YoBFoZeRJGsyhBPyWXjHl5fsqz-yd9a1KqfUyKdEYuolnOA== date Thu, 05 Dec 2024 09:15:27 GMT content-type application/json;charset=utf-8 vary Accept-Encoding, Origin access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache api-version v3 access-control-allow-credentials true via 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront) access-control-allow-origin https://www.bitsight.com x-amz-cf-pop FRA56-P2 server nginx
GET H2	200	v1.7-38 Show response consent.trustarc.com/asset/notice.js/v/	95 KB 28 KB	191ms 39ms	Script text/javascript	13.224.189.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/asset/notice.js/v/v1.7-38 Requested by Host: consent.trustarc.com URL: https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-13.fra2.r.cloudfront.net Software / Resource Hash bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers * content-encoding gzip age 2404 x-cache Hit from cloudfront x-amz-cf-id PzWGiIB4gQGmGNsw95-AxLIhE60YcIVADSEqfOesIU6D2-uqMsHBGQ== date Thu, 05 Dec 2024 08:35:23 GMT content-type text/javascript last-modified Thu, 5 Dec 2024 02:35:55 GMT vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains cache-control max-age=2592000 pragma public via 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront) access-control-allow-origin * content-length 28264 x-amz-cf-pop FRA2-C1
GET H2	200	log consent.trustarc.com/	43 B 427 B	61ms 61ms	Image image/gif	13.224.189.13 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/log?domain=bitsighttech.com&country=dk&state=&behavior=implied&session=9f56da9c-2311-4f13-ad02-a96842d7d959&userType=NEW&c=9cce&referer=https://www.bitsight.com&language=da Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-13.fra2.r.cloudfront.net Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) expires Mon, 26 Jul 1997 05:00:00 GMT x-cache Miss from cloudfront content-length 43 x-amz-cf-id vmi6jpsXpgmEVVb5yrV4c26GpXlrxemb7v0Tl8zb0Jlwot6XMBzpSw== date Thu, 05 Dec 2024 09:15:26 GMT content-type image/gif x-amz-cf-pop FRA2-C1 vary Origin
GET H2	200	64fa38cc287519aad2798b3c Show response go.affec.tv/j/	663 B 799 B	199ms 47ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/j/64fa38cc287519aad2798b3c? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 431 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	banner.js Show response js.hs-banner.com/v2/277648/	72 KB 26 KB	258ms 90ms	Script text/javascript	2606:4700:4400::ac40:9310 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/277648/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-evy-trace-virtual-host all access-control-max-age 604800 x-request-id f79627f9-fa47-4e49-b405-96b5334145d3 access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing content-encoding gzip cf-cache-status HIT etag W/"0d348277da23f2965a1392e91a7fa6aa" x-amz-version-id 9rYQwXAh7p3RpE9mplC_EqLSRKBCDaOM access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD expires Thu, 05 Dec 2024 09:20:00 GMT x-evy-trace-listener listener_https date Thu, 05 Dec 2024 09:15:27 GMT x-hubspot-correlation-id f79627f9-fa47-4e49-b405-96b5334145d3 content-type text/javascript; charset=UTF-8 last-modified Fri, 23 Aug 2024 14:30:47 GMT vary origin, Accept-Encoding x-amz-id-2 3gkRy8RTFq292mMLIt4HFwLV7om+nRzbR4mX587JMKgA3QbyghNaCYfSEN+F3P1jCOyK+vMwZG05jr4TCjx5BnlESUvMYMM2GuLCbAbOaL0= access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public timing-allow-origin * x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-27f6l x-envoy-upstream-service-time 191 access-control-allow-credentials true x-amz-request-id 58XBC7C1DHSGWSRQ cf-ray 8ed2ee86a9a01691-ARN access-control-allow-origin https://www.bitsight.com x-evy-trace-route-configuration listener_https/all server cloudflare x-amz-server-side-encryption AES256
GET H2	200	leadflows.js Show response js.hsleadflows.net/	550 KB 92 KB	217ms 81ms	Script application/javascript	2606:4700::6812:8911 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8911 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id 52d9e3e7-fb47-4458-8bd4-86c206478860 content-encoding gzip cf-cache-status HIT x-amz-version-id 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF etag W/"ce26171eff05376a1b746efbb809f7f6" cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod age 51552 x-content-type-options nosniff x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id 1j1sknS9MKw_M9lBnpPwU6F37cwuv9unBKUQz4nSA03YBbjFv_4ENw== x-hubspot-correlation-id 52d9e3e7-fb47-4458-8bd4-86c206478860 content-type application/javascript; charset=utf-8 last-modified Thu, 21 Nov 2024 16:54:39 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=86400, max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-5nls5 x-envoy-upstream-service-time 9 x-hs-target-asset lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET x-hs-cache-status MISS date Thu, 05 Dec 2024 09:15:27 GMT vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8e67d8cd0c99b4f1-FRA via 1.1 23bb75571f07e0a7a182023119364d7e.cloudfront.net (CloudFront) cf-ray 8ed2ee867a3109b0-ARN access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD55-P7
GET H2	200	277648.js Show response js.hs-analytics.net/analytics/1733390100000/	87 KB 28 KB	191ms 58ms	Script text/javascript	2606:4700::6810:a0a8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1733390100000/277648.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-amz-server-side-encryption AES256 x-request-id 1254dc5d-a077-45ec-a5dd-5beab86a564a content-encoding gzip cf-cache-status HIT etag W/"1a816f50c8ec3bdb09dc86b88930a279" x-amz-version-id null age 9 expires Thu, 05 Dec 2024 09:20:18 GMT x-evy-trace-listener listener_https date Thu, 05 Dec 2024 09:15:27 GMT x-hubspot-correlation-id 1254dc5d-a077-45ec-a5dd-5beab86a564a content-type text/javascript last-modified Tue, 22 Oct 2024 20:38:12 GMT vary origin, Accept-Encoding x-amz-id-2 phQOIyhDG9KL/xxEMAe3asNTvX7xn1y22wUh2xfjgddU9VXr8pzQIbr3onsMt/35CCODUlfT+f2Wi+CnaiJZWZjGCu7fqoimGsSRFZFaPCg= x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-2bzl2 x-envoy-upstream-service-time 31 access-control-allow-credentials false x-amz-request-id 8RX76B2H6MPB4YD9 cf-ray 8ed2ee867fbb09a9-ARN x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	xdc.js Show response cdn.bizible.com/	111 B 345 B	133ms 125ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=89695231ab664d9885eaca99ee3e1c83&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.11.21 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (amb/6BC3) / Resource Hash 442c613332f492e9448ef0e81827d6225934ec81525ab290d1d4f851e0a71b1e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control private, must-revalidate, max-age=21600 content-encoding gzip etag 77E7928B p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 215 date Thu, 05 Dec 2024 09:15:27 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding server ECS (amb/6BC3)
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 816 B	319ms 204ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-li-pop afd-prod-lor1-x content-encoding gzip x-fs-uuid 0006288256c9d05e6604cfe58e22b36a x-msedge-ref Ref A: E58E423485BE482994BA47F150B534E8 Ref B: CPH30EDGE0916 Ref C: 2024-12-05T09:15:27Z x-li-fabric prod-lor1 x-restli-protocol-version 1.0.0 access-control-allow-methods GET, OPTIONS x-li-uuid AAYoglbJ0F5mBM/ljiKzag== x-li-proto http/2 access-control-allow-origin * x-cache CONFIG_NOCACHE date Thu, 05 Dec 2024 09:15:26 GMT content-type application/json access-control-allow-headers *
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQIECNarbfWzCgAAAZOWGlBqTL0Q6yUQ...	0 267 B	259ms 197ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQIECNarbfWzCgAAAZOWGlBqTL0Q6yUQLn7TquFsuuAUniQ1M6PBqgzbGWr5d8FbmatUgbPL4d6HPVETZDg8uAHt9wR0 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers linkedin-action 1 x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: EB8CE39F9B514D98A51170D18D298E4E Ref B: CPH30EDGE0615 Ref C: 2024-12-05T09:15:27Z x-li-fabric prod-lor1 x-li-uuid AAYoglbOEZ4PVmmPLyMS6g== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript Redirect headers linkedin-action 1 x-li-pop afd-prod-lor1-x location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126979&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQIECNarbfWzCgAAAZOWGlBqTL0Q6yUQLn7TquFsuuAUniQ1M6PBqgzbGWr5d8FbmatUgbPL4d6HPVETZDg8uAHt9wR0 x-msedge-ref Ref A: F0E99123A6A7472AB20C8950747405C8 Ref B: CPH30EDGE0906 Ref C: 2024-12-05T09:15:27Z x-li-fabric prod-lor1 x-li-uuid AAYoglbJ3qe3yK4f+21YSA== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 05 Dec 2024 09:15:26 GMT
GET H2	200	__utm.gif ssl.google-analytics.com/r/	35 B 410 B	60ms 59ms	Image image/gif	2a00:1450:4001:830::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1179284298&utmhn=www.bitsight.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=da-dk&utmje=0&utmfl=-&utmdt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&utmhid=1981324079&utmr=-&utmp=%2Fblog%2Fproxyam-powered-socks5systemz-botnet&utmht=1733390127004&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D15825701.1852548811.1733390127.1733390127.1733390127.1%3B%2B__utmz%3D15825701.1733390127.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=359185419&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAAAAAAE~ Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],} x-content-type-options nosniff content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0 expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 35 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:27 GMT last-modified Sun, 17 May 1998 03:00:00 GMT content-type image/gif server Golfe2
POST H2	200	collect Show response www.google-analytics.com/j/	3 B 422 B	72ms 69ms	XHR text/plain	2a00:1450:4001:831::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1981324079&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&ul=da-dk&de=UTF-8&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=15825701.1852548811.1733390127.1733390127.1733390127.1&_utmz=15825701.1733390127.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1733390127048&_u=YQBCAEABAAAAACAAI~&jid=2113085634&gjid=724546328&cid=1852548811.1733390127&tid=UA-36272386-4&_gid=1416813482.1733390127&_r=1&_slc=1&gtm=45He4c30n81MZ2J8ZGv76025611za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&npa=1&z=73206997 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],} x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:27 GMT last-modified Sun, 17 May 1998 03:00:00 GMT content-type text/plain cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0 access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 3 server Golfe2
GET H2	200	sa.css tags.srv.stackadapt.com/	65 B 203 B	127ms 124ms	Stylesheet text/css	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.css Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash bf4c52675d7b6185a7b451dadff9f8ef2858bc9c8a2194e9586473d886f263aa Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-origin * cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 65 date Thu, 05 Dec 2024 09:15:27 GMT content-type text/css
GET H2	200	sa.jpeg Show response tags.srv.stackadapt.com/	0 2 KB	211ms 123ms	Fetch image/jpeg	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-origin * cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 651 date Thu, 05 Dec 2024 09:15:27 GMT content-type image/jpeg
GET H2	200	bounce Show response secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D	0 1 KB	34ms 33ms	Script application/javascript	185.89.210.20 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 185.236.203.99; 185.236.203.99; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin * an-x-request-uuid 00f39b56-c3ce-4604-9b5d-1db17f0d0c27 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:27 GMT x-xss-protection 0 content-type application/javascript; charset=utf-8 server nginx/1.23.4 Redirect headers cache-control no-store, no-cache, private location https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness x-proxy-origin 185.236.203.99; 185.236.203.99; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT an-x-request-uuid 19ef8191-c93c-4eeb-b405-e8a978611fb6 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:27 GMT x-xss-protection 0 content-type text/html; charset=utf-8 server nginx/1.23.4
GET H2	200	/ Show response go.affec.tv/per/	846 B 916 B	60ms 49ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8 Requested by Host: go.affec.tv URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c? Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 549 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	generic match.adsrvr.org/track/cmf/ Redirect Chain https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67516f2f78b5920001232586%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= https://map.go.affec.tv/map/an/5000294810664769913?ch=67516f2f78b5920001232586&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=	70 B 149 B	208ms 66ms	Image image/gif	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software Kestrel / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-length 70 date Thu, 05 Dec 2024 09:15:27 GMT content-type image/gif server Kestrel Redirect headers location https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= content-length 134 content-encoding gzip date Thu, 05 Dec 2024 09:15:27 GMT content-type text/html; charset=utf-8 vary Accept-Encoding
GET H2	200	64fa38cd287519aad2798b3d Show response go.affec.tv/j/	523 B 726 B	58ms 48ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/j/64fa38cd287519aad2798b3d? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 359 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	bannermsg consent.trustarc.com/	43 B 428 B	63ms 63ms	Image image/gif	13.224.189.13 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/bannermsg?action=views&domain=bitsighttech.com&behavior=implied&country=dk&language=da&rand=0.4380553951794417&session=9f56da9c-2311-4f13-ad02-a96842d7d959&userType=NEW&referer=https://www.bitsight.com Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-13.fra2.r.cloudfront.net Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) expires Mon, 26 Jul 1997 05:00:00 GMT x-cache Miss from cloudfront content-length 43 x-amz-cf-id 3wrQflY_Gv7D7OF3VQgwPAEcWoGpxlWg27rxNN67NYWg25xmp_06Mw== date Thu, 05 Dec 2024 09:15:27 GMT content-type image/gif x-amz-cf-pop FRA2-C1 vary Origin
GET H2	200	bg9s Show response tag-logger.demandbase.com/	0 418 B	214ms 134ms	XHR text/html	2600:9000:2724:b800:1d:8d6d:3b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=OYHwL--YoBFoZeRJGsyhBPyWXjHl5fsqz-yd9a1KqfUyKdEYuolnOA==&api-version=v3 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2724:b800:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-amz-version-id 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH etag "d41d8cd98f00b204e9800998ecf8427e" age 26091 x-cache Error from cloudfront x-amz-cf-id 9WyZcT34rTr5cuIFURsVFDNHooJKbo71gHZ8dTulGNngyiXrko_6og== date Thu, 05 Dec 2024 07:58:39 GMT content-type text/html vary accept-encoding last-modified Tue, 07 Mar 2023 20:47:02 GMT via 1.1 20ce720be9c31a6a95223700ba5f8724.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 0 x-amz-cf-pop FRA56-P12 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Show response cdn.permutive.com/	279 KB 80 KB	167ms 73ms	Script application/javascript	2606:4700::6811:6d13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.permutive.com/6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Requested by Host: go.affec.tv URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:6d13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-goog-metageneration 1 content-encoding gzip x-goog-hash crc32c=OD+e0A==, md5=Pmn62h2zlhYTKmf1Str1pA== x-goog-meta-oid 6a844cb1-30bc-4723-8446-2cd9d1f839b8 etag "3e69fada1db39616132a67f54adaf5a4" cf-cache-status HIT age 0 x-goog-stored-content-encoding gzip expires Thu, 05 Dec 2024 09:30:27 GMT x-goog-stored-content-length 81473 date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript last-modified Fri, 22 Sep 2023 17:01:24 GMT vary Accept-Encoding x-guploader-uploadid ABPtcPqzQ_tqp333yyqLZsEB7pwnftGWOV8ZE3g-BRvC3l0zoZZEj7iFltVWl_4SkP6Gmwso_AQ cache-control public, max-age=900 timing-allow-origin * x-goog-storage-class REGIONAL cf-ray 8ed2ee88094609af-ARN accept-ranges bytes x-goog-generation 1695402084169978 content-length 81473 server cloudflare
GET H2	200	bounce Show response secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D	0 1 KB	74ms 73ms	Script application/javascript	185.89.210.20 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 185.236.203.99; 185.236.203.99; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin * an-x-request-uuid 54040d96-67bf-4cc9-9916-804a01307501 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:27 GMT x-xss-protection 0 content-type application/javascript; charset=utf-8 server nginx/1.23.4 Redirect headers cache-control no-store, no-cache, private location https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness x-proxy-origin 185.236.203.99; 185.236.203.99; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT an-x-request-uuid a45e566b-3555-4b3e-af33-7354ea46f562 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:27 GMT x-xss-protection 0 content-type text/html; charset=utf-8 server nginx/1.23.4
GET H3	200	destination Show response www.googletagmanager.com/gtag/	398 KB 129 KB	75ms 75ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash fb2aa023555961501d13d1c1a74d67e7303e342e51095729f2eefdae4194c8ac Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Thu, 05 Dec 2024 09:15:27 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 131883 x-xss-protection 0 server Google Tag Manager
GET H2	200	saq_pxl Show response tags.srv.stackadapt.com/	116 B 311 B	123ms 123ms	XHR text/plain	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=oeyzgkQ7R8piwGBmS0lgBg&is_js=true&landing_url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&tip=jDDvw6UsSEEou64f6dy_hwB1FN-Cvf8-r59g60egHF0&host=https%3A%2F%2Fwww.bitsight.com&sa_conv_data_css_value=%270-a7595f7e-ce92-5f1f-5561-37fd4cd31714%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9a7595f7ece925f1f556137fd4cd31714b9eccb63&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIDOzHHIJtxEwZLai_0sz0AuQOc4eA1BpbniNzIFAL1xnENYBGAQgrt7FugYwAToExbdv9kIEQHvf6Q.TsLjldTBWITk%252BSc6dW3JaiYw8DTFEQYf9ho%252BhvStmSE&sa-user-id-v2=s%253Ap1lffs6SXx9VYTf9TNMXFLnsy2M.m4HG62WSMbWOR7mD99V3RmjF0xdCh5tcanq0zksdc%252FY&sa-user-id=s%253A0-a7595f7e-ce92-5f1f-5561-37fd4cd31714.oQ1QNpia6TatWShsgWp8KMKUiKcJde0eCWadsKoAMPo Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash 64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-methods GET access-control-allow-origin https://www.bitsight.com content-length 116 date Thu, 05 Dec 2024 09:15:27 GMT content-type text/plain; charset=utf-8 access-control-allow-credentials true access-control-allow-headers *
POST H2	204	events Show response logx.optimizely.com/v1/	0 387 B	208ms 136ms	XHR text/plain	34.49.241.189 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 189.241.49.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id 7d9ca20c-85f5-4dcd-b860-8f42c091bdf2 access-control-expose-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id timing-allow-origin * access-control-allow-credentials true access-control-allow-methods POST,OPTIONS via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:27 GMT content-type text/plain access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
GET		43a9b3e6-274d-480e-b830-5f89ee61e1bd https://www.bitsight.com/ Frame	0 0
GET		24057e4a-ad33-4d7d-b899-86fb0ef62f5a https://www.bitsight.com/ Frame	0 0
GET H2	200	getuidj Show response ib.adnxs.com/	29 B 1 KB	42ms 30ms	XHR application/json	185.89.210.20 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/getuidj Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash da4988d12333656939f723fe24ee992be8d25c48cfcc19a1f698bb0a245e40d6 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 185.236.203.99; 185.236.203.99; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin https://www.bitsight.com an-x-request-uuid c760c6df-7e44-47ee-a16e-da7729331abc content-length 29 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:27 GMT x-xss-protection 0 content-type application/json; charset=utf-8 server nginx/1.23.4
GET H2	200	geoip Show response api.permutive.com/v2.0/	248 B 355 B	124ms 56ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 25ede7827c7298e94c993de12f5557448b05bc218614e6f3f27026c323df99eb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 168 date Thu, 05 Dec 2024 09:15:27 GMT content-type application/json vary Origin server Permutive
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 197 B	210ms 207ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Content-Type text/plain;charset=UTF-8 Response headers linkedin-action 1 x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 80F4193610BA48A89CF29DC89C1CBE2F Ref B: CPH30EDGE0906 Ref C: 2024-12-05T09:15:27Z x-li-fabric prod-lor1 access-control-allow-credentials true x-li-uuid AAYoglbRc9zN81R7crKJYg== x-li-proto http/2 access-control-allow-origin https://www.bitsight.com x-cache CONFIG_NOCACHE date Thu, 05 Dec 2024 09:15:27 GMT vary Origin
POST H2	200	identify Show response api.permutive.com/v2.0/	50 B 256 B	113ms 56ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/identify?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 577563d5e31a45cdedb6d60988130b67b61c5eb0a1d1162e25c78d00d54c447d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 70 date Thu, 05 Dec 2024 09:15:27 GMT content-type application/json vary Origin server Permutive
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	256ms 173ms	Image image/gif	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=da-dk&bfp=147292737&v=1.1&a=277648&rcu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&pu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM+Powered+by+Socks5Systemz+Botnet+%7C+Bitsight&cts=1733390127662&vi=81252de0c2dfe8606a5ad9903d6ff5c4&nc=true&u=208292109.81252de0c2dfe8606a5ad9903d6ff5c4.1733390127658.1733390127658.1733390127658.1&b=208292109.1.1733390127659&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-robots-tag none x-request-id 43795429-801a-49e9-9fc4-5a12016954bd cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HnF9HQP0PcIBBaxhJf%2FVl%2FLtz%2B7a%2B6z0D%2BfQf70crlzKVzjElnZrkywC895Wl91fI4YKcyJcegra0ijBVrAstg78SbsHyXZqmvnRMuN4i0Svq9hXcxmpPsTgoltub6GkMyje3Z0XVtljUCc2w3QJ"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Thu, 05 Dec 2024 09:15:27 GMT x-hubspot-correlation-id 43795429-801a-49e9-9fc4-5a12016954bd content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-4fj5f x-envoy-upstream-service-time 5 access-control-allow-credentials false cf-ray 8ed2ee8a8fe7f89e-ARN x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H2	200	aem.js Show response wsmcdn.audioeye.com/	1 KB 686 B	156ms 56ms	Script application/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsmcdn.audioeye.com/aem.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f6276740979e4a4e4528cd977b22b03a402d4f102fed8aca5140c4ad93690a51 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=120 content-encoding br cf-cache-status HIT etag W/"c6520e7b06aafcc1a7543036b4e0fc7a" age 20 cf-ray 8ed2ee8aabd30a37-ARN date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript vary Accept-Encoding surrogate-keys server cloudflare
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	178 B 1 KB	289ms 203ms	XHR application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=277648&utk=81252de0c2dfe8606a5ad9903d6ff5c4&__hstc=208292109.81252de0c2dfe8606a5ad9903d6ff5c4.1733390127658.1733390127658.1733390127658.1&__hssc=208292109.1.1733390127659&currentUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5113d5f1e67fc2a200130e22901e1d4fe5daf828b40895ca1942f52afff29718 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-robots-tag none access-control-max-age 180 x-request-id 9b978d4c-b582-43b9-be1f-1344671052d7 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtNypkhKCNzEGYdiS%2FutEbjPVguLdey7ku7Q2KliKpWAFjOqpZeCuAWiX%2BuJNi7QrVmYHss1t4Beto1PrEabepWpe%2FsZBkp1QC1RKXTqXx3IES89IaoD0%2BZ3iFg3st1kWTgyHhj%2FqxXiyb%2B2nTra"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-evy-trace-listener listener_https date Thu, 05 Dec 2024 09:15:27 GMT x-hubspot-correlation-id 9b978d4c-b582-43b9-be1f-1344671052d7 content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-q5dzg x-envoy-upstream-service-time 39 access-control-allow-credentials false cf-ray 8ed2ee8a985f82bf-ARN access-control-allow-origin https://www.bitsight.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	favicon.ico www.bitsight.com/sites/default/files/	4 KB 696 B	512ms 511ms	Other image/vnd.microsoft.icon	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-fff368b2-7fa8-11ef-8bf1-0fbe230c489a content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:29 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:28 GMT content-type image/vnd.microsoft.icon last-modified Thu, 20 Apr 2023 01:16:14 GMT x-cache-hits 79365 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee8a0bf1ebd9-ARN server cloudflare
POST H2	200	audiences Show response api.permutive.com/audience-matching/v1/id/718f8750-02c0-424a-99af-8c98dc43453d/	12 B 66 B	110ms 108ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/audience-matching/v1/id/718f8750-02c0-424a-99af-8c98dc43453d/audiences?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software / Resource Hash 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12 date Thu, 05 Dec 2024 09:15:27 GMT content-type application/json
GET H2	200	trends.min.js Show response assets.trendemon.com/tag/	301 KB 60 KB	140ms 38ms	Script application/javascript	2600:9000:223c:5800:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/tag/trends.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:5800:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers vary accept-encoding content-encoding gzip etag "b7e260e47980a9ada3906def2be7dcda" age 71620 via 1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront) accept-ranges bytes x-cache Hit from cloudfront content-length 61292 x-amz-cf-id wV8oI6qj7Y3ryWtz1zR7vBVkafQyw-HvQ1coJYVtko4EFJLenCZ1Ww== date Wed, 04 Dec 2024 13:21:49 GMT content-type application/javascript last-modified Mon, 18 Nov 2024 12:10:10 GMT server AmazonS3 x-amz-cf-pop FRA56-P2 x-amz-server-side-encryption AES256
GET H2	204	https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Show response tracking.intentsify.io/page-tracking/intentsify-bitsight/	0 214 B	516ms 165ms	Script text/plain	52.9.213.1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.intentsify.io/page-tracking/intentsify-bitsight/https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.9.213.1 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-9-213-1.us-west-1.compute.amazonaws.com Software / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers expires -1 cache-control private, no-cache, no-store, must-revalidate date Thu, 05 Dec 2024 09:15:28 GMT pragma no-cache x-powered-by Express
GET H2	200	bootstrap.js Show response wsv3cdn.audioeye.com/	61 KB 21 KB	154ms 58ms	Script application/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481 Requested by Host: wsmcdn.audioeye.com URL: https://wsmcdn.audioeye.com/aem.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 646a6a25c9f56be3efb0c5c4ba0e10cfaaf2bb2c8b2a3511d375df2c7691058a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=3600, s-maxage=21600 content-encoding br cf-cache-status HIT etag W/"9a1b23dc7824cdb671fd951533f1e596" age 12285 cf-ray 8ed2ee8b99a815dc-ARN date Thu, 05 Dec 2024 09:15:27 GMT content-type application/javascript vary Accept-Encoding surrogate-keys 95c39350d8f4b765016b0e58199c2f8b server cloudflare
GET H2	200	2423 Show response trackingapi.trendemon.com/api/settings/	614 B 805 B	354ms 109ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/settings/2423?callback=jsonp990555&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash b90a9774902dd1e122045c6fdba583f40cb3952cca00e2c5e6ad4e2cd9976479 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 614 date Thu, 05 Dec 2024 09:15:28 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	loader.js Show response wsv3cdn.audioeye.com/v2/scripts/	31 KB 10 KB	324ms 240ms	Script text/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481 Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 990c17683eb0a1279587a7a13823b283950eb8589350fd8c38224074f98d69a4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public surrogate-key prod 95c39350d8f4b765016b0e58199c2f8b 6986df481 cf-cache-status HIT content-encoding br cf-ray 8ed2ee8c9b009902-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/javascript;charset=UTF-8 vary Accept-Encoding server cloudflare last-modified Thu, 05 Dec 2024 09:04:39 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 0	111ms 37ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4c30v882142918za200zb76025611&_p=1733390126376&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485&gdid=dNTIxZG&cid=1793678290.1733390128&ul=da-dk&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1733390127&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&en=Demandbase_Event&_fv=1&_nsi=1&_ss=1&_ee=1&ep.demandbase_company_name=(Non-Company%20Visitor)&ep.demandbase_audience=Bot&ep.demandbase_audience_segment=(Non-Company%20Visitor)&ep.demandbase_city=(Non-Company%20Visitor)&ep.demandbase_country_name=(Non-Company%20Visitor)&ep.demandbase_company_id=(Non-Company%20Visitor)&ep.demandbase_employee_range=(Non-Company%20Visitor)&ep.demandbase_industry=(Non-Company%20Visitor)&ep.demandbase_web_site=(Non-Company%20Visitor)&ep.demandbase_revenue_range=(Non-Company%20Visitor)&ep.demandbase_state=(Non-Company%20Visitor)&ep.demandbase_sub_industry=(Non-Company%20Visitor)&tfd=2744 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:28 GMT content-type text/plain server Golfe2
POST H3	200	events Show response api.permutive.com/v2.0/batch/	101 B 130 B	59ms 57ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 50d38c28c61aa392e392dd3e9761baa4aa04c527de2a1c488ecfb916a078ae97 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 112 date Thu, 05 Dec 2024 09:15:28 GMT content-type application/json vary Origin server Permutive
GET H2	200	identity.min.js Show response assets.trendemon.com/global/	18 KB 6 KB	34ms 33ms	Script application/javascript	2600:9000:223c:5800:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/global/identity.min.js Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:5800:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-amz-cf-pop FRA56-P2 content-encoding gzip etag W/"3f44b799c727cbac65d90f0779b8eb4e" age 71619 via 1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id 9qJtnnHJ64VveLQHvJZlKcur_c_B2uhKQtBfYeFV_yV6Ru-bs1tM2Q== date Thu, 05 Dec 2024 06:26:11 GMT content-type application/javascript vary accept-encoding server AmazonS3 last-modified Mon, 18 Nov 2024 12:10:15 GMT x-amz-server-side-encryption AES256
GET H2	200	startup.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	382 KB 116 KB	73ms 73ms	Script text/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 160b6b9690833ef42cd5f35046a391ec3efc97f2a30f7effc8f7e39ef72dabe2 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"4ccf68a13367eb17a574037dda7d3dfa" age 2938 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee8e2ca815dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	me Show response trackingapi.trendemon.com/api/Identity/	94 B 559 B	115ms 115ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/Identity/me?accountId=2423&DomainCookie=17333901283260240&fingerPrint=999a0fc297a695ff31598abb824ed41f&callback=jsonp557298&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 2446656ee9648caf0e86c1b084732d4bf4f27b45707dedce3f5803568b33795c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 94 date Thu, 05 Dec 2024 09:15:28 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
POST H2	204	events Show response logx.optimizely.com/v1/	0 73 B	137ms 136ms	XHR text/plain	34.49.241.189 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 189.241.49.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id 76c6cd63-30b3-41de-be71-17edd5f9b8ce access-control-expose-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id timing-allow-origin * access-control-allow-credentials true access-control-allow-methods POST,OPTIONS via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:28 GMT content-type text/plain access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
GET H2	200	tangoEngine.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	45 KB 17 KB	72ms 72ms	Script text/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1f1edcf201dd193a9c8a75c631d8883e5cc2c1b279ad41f41bb8e36e15879b67 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"9c0fc63cbdfdd60c49c80974d7e2bd29" age 6343 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee8eed8015dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	cookieStorage.html wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ Frame BC0E	0 0	126ms 53ms	Document text/html	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/cookieStorage.html Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Length,Content-Range age 2953 cf-cache-status HIT cf-ray 8ed2ee8fffaeecd7-ARN content-encoding br content-type text/html date Thu, 05 Dec 2024 09:15:28 GMT last-modified Tue, 26 Nov 2024 19:14:12 GMT server cloudflare vary Accept-Encoding
POST H2	200	send analytics.audioeye.com/air/v0/	0 61 B	566ms 183ms	Ping text/plain	34.215.81.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://analytics.audioeye.com/air/v0/send Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-215-81-112.us-west-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers date Thu, 05 Dec 2024 09:15:29 GMT access-control-allow-origin * content-length 0
GET H2	200	launcher.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	11 KB 4 KB	53ms 51ms	Script text/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1e4c3de3ec3ec95c33bdf635ae9cace7af833c5dd8ddcc694dcc278d6b300ebb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"7275d253e9c2f9131bd0ab68d1392233" age 5764 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee8f9e3315dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	compliance.css wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	2 KB 694 B	60ms 59ms	Stylesheet text/css	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.css Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"21190dc484113930ea0a8022dabce414" age 943 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee8f9e3915dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/css last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	compliance.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	50 KB 18 KB	57ms 57ms	Script text/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b6db76366fdb316e92890d326c4d10141034c01e7cd0d999e953cb79661f5a82 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"bf2c5ca3b229479a3970eb16c96a0d39" age 4356 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee8f9e3f15dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	marketingautomation Show response trackingapi.trendemon.com/api/	94 B 283 B	121ms 120ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2423&ClientUrl=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&CookieId=17333901283260240&MaCookie=ODEyNTJkZTBjMmRmZTg2MDZhNWFkOTkwM2Q2ZmY1YzQ%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp776361&vid=2423:17333901283260240 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 56f019fdafd29585f9268d177b379d06373666c83eb8d91f8b5be32e8d9cd5bc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 94 date Thu, 05 Dec 2024 09:15:28 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	ace-campaign Show response trackingapi.trendemon.com/api/experience/	16 B 167 B	117ms 117ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/ace-campaign?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&Referral=&callback=jsonp54386&vid=2423:17333901283260240 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 04413f6562c0b82a728a80254f0e19f450f4a564ee689300d9f0cd708d4f0db2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 16 date Thu, 05 Dec 2024 09:15:28 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	fullCSS.bundle.css wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	57 KB 12 KB	60ms 59ms	Stylesheet text/css	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d74bdb691409ac89ce4d994b39173d7b8913394158e01bf6856dc84004bfa800 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"365ee6fb1581d1ba9d3ece214a6242c7" age 3557 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee8ffe9015dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/css last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	audioeye-scanner.js Show response wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.4/	334 KB 78 KB	64ms 63ms	Script text/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.4/audioeye-scanner.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 822aed47a697175f28eae0d3802ebe10d6bf53d1aea47aa3084a24ec30714cc1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"90395cc0ad8b71812f5eed8fb140c824" age 1116 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee900e9915dc-ARN access-control-allow-origin * date Thu, 05 Dec 2024 09:15:28 GMT content-type text/javascript last-modified Wed, 04 Dec 2024 22:49:25 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	pageview trackingapi.trendemon.com/api/events/	43 B 286 B	243ms 240ms	Image image/gif	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://trackingapi.trendemon.com/api/events/pageview?accountId=2423&url=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&cookie=17333901283260240&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2423:17333901283260240&r=1733390128708 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, must-revalidate pragma no-cache age 1691358 expires Mon, 01 Jan 1990 00:00:00 GMT content-length 43 date Thu, 05 Dec 2024 09:15:28 GMT content-type image/gif server Kestrel
GET H2	200	css2 fonts.googleapis.com/	2 KB 895 B	175ms 60ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css Response headers content-encoding gzip x-content-type-options nosniff expires Thu, 05 Dec 2024 09:15:28 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:28 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Thu, 05 Dec 2024 09:07:50 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
POST H3	200	state Show response api.permutive.com/v1.0/	0 34 B	87ms 85ms	XHR text/plain	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v1.0/state?fetch_unseen=true&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-encoding gzip content-length 20 date Thu, 05 Dec 2024 09:15:28 GMT server Permutive
GET H2	200	personal-stream Show response trackingapi.trendemon.com/api/experience/	17 B 168 B	111ms 111ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-stream?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=81252de0c2dfe8606a5ad9903d6ff5c4&ExcludedStreamsJson=%5B%5D&callback=jsonp259472&vid=2423:17333901283260240 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 8ec781a015cbaaa12dacfdbda83dcd342050a7bab30087dbf43ae5e427e18cc6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 17 date Thu, 05 Dec 2024 09:15:29 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	personal Show response trackingapi.trendemon.com/api/experience/	14 B 165 B	119ms 119ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=81252de0c2dfe8606a5ad9903d6ff5c4&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp62198&vid=2423:17333901283260240 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 714e897e0be73908178fd5b9b5ef50db14ecd1be356252d41d6e22feacd34f5b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 14 date Thu, 05 Dec 2024 09:15:29 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	personal-embedded Show response trackingapi.trendemon.com/api/experience/	2 KB 3 KB	119ms 119ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=81252de0c2dfe8606a5ad9903d6ff5c4&Ids=%5B%5D&Groups=%5B%5D&StreamId=&callback=jsonp111221&vid=2423:17333901283260240 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 7e71d044ce723ea00e4ed604439a90d0f4bbafe4721a3b7220d5b2d053dcfd48 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 2490 date Thu, 05 Dec 2024 09:15:29 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H/1.1	200 OK	closex.png pic.trendemon.com/images/	386 B 848 B	147ms 38ms	Image image/png	54.230.228.35 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pic.trendemon.com/images/closex.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.230.228.35 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-228-35.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers ETag "7da2ae17c3b671047838f7b78687a56f" Age 17744 Connection keep-alive Via 1.1 f6bc6f6279f11021614bfd42e1f4410e.cloudfront.net (CloudFront) Accept-Ranges bytes X-Cache Hit from cloudfront Content-Length 386 X-Amz-Cf-Id mogCIv0mA_UKt3Y_iaMHC4LKNYjFISa-8_68uCTbO_ZxQhWzoSij_Q== Date Thu, 05 Dec 2024 04:21:00 GMT Content-Type image/png Last-Modified Tue, 16 Apr 2019 23:23:30 GMT Server AmazonS3 X-Amz-Cf-Pop MUC50-P5
GET DATA	200 OK	truncated /	2 KB 2 KB		Font font/truetype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer Response headers Content-Type font/truetype
GET H3	200	Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2 fonts.gstatic.com/s/schibstedgrotesk/v3/	46 KB 46 KB	61ms 59ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://fonts.googleapis.com/ Response headers age 213146 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Tue, 02 Dec 2025 22:03:03 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 02 Dec 2024 22:03:03 GMT last-modified Tue, 02 May 2023 14:49:56 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 46764 x-xss-protection 0 server sffe
POST H2	204	collect region1.google-analytics.com/g/	0 0	42ms 41ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4c30v882142918za200zb76025611&_p=1733390126376&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485&gdid=dNTIxZG&cid=1793678290.1733390128&ul=da-dk&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=2&sid=1733390127&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&en=Demandbase_Event&_ee=1&ep.1=(Non-Company%20Visitor)&ep.2=(Non-Company%20Visitor)&ep.3=(Non-Company%20Visitor)&ep.4=(Non-Company%20Visitor)&ep.5=(Non-Company%20Visitor)&ep.6=(Non-Company%20Visitor)&ep.7=Bot&ep.8=(Non-Company%20Visitor)&ep.9=(Non-Company%20Visitor)&ep.10=Ballerup&ep.11=84&ep.12=Denmark&_et=4&tfd=7749 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:33 GMT content-type text/plain server Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.bitsight.com

URL

blob:https://www.bitsight.com/43a9b3e6-274d-480e-b830-5f89ee61e1bd

Domain

www.bitsight.com

URL

blob:https://www.bitsight.com/24057e4a-ad33-4d7d-b899-86fb0ef62f5a