URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Submission Tags: @nominet_threat_intel ip-small-n reference_article_link confidence_medium cluster_63877246 Search All
Submission: On December 04 via api from GB — Scanned from GB

Summary

This website contacted 51 IPs in 4 countries across 35 domains to perform 134 HTTP transactions. The main IP is 2606:4700:10::6816:4af2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bitsight.com. The Cisco Umbrella rank of the primary domain is 797774.
TLS certificate: Issued by WE1 on November 26th 2024. Valid for: 3 months.
This is the only time www.bitsight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
30 2606:4700:10:... 13335 (CLOUDFLAR...)
2 142.250.185.195 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 172.64.152.14 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:780... 20940 (AKAMAI-AS...)
4 13.225.78.57 16509 (AMAZON-02)
1 172.217.16.196 15169 (GOOGLE)
4 152.195.15.58 15133 (EDGECAST)
2 2a02:26f0:480... 20940 (AKAMAI-AS...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a04:4e42::396 54113 (FASTLY)
1 74.121.140.211 30419 (PAEDAE-INC)
1 18.245.60.121 16509 (AMAZON-02)
1 104.16.118.43 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
4 52.28.219.199 16509 (AMAZON-02)
7 2a02:26f0:350... 20940 (AKAMAI-AS...)
1 142.250.185.98 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.129.140 54113 (FASTLY)
1 151.101.65.140 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 52.208.71.230 16509 (AMAZON-02)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
3 5 185.89.210.46 29990 (ASN-APPNEX)
2 2 34.248.79.160 16509 (AMAZON-02)
1 3.33.220.150 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.96.71.22 396982 (GOOGLE-CL...)
1 35.244.174.68 396982 (GOOGLE-CL...)
1 18.66.102.98 16509 (AMAZON-02)
1 37.252.171.53 29990 (ASN-APPNEX)
5 34.107.254.252 396982 (GOOGLE-CL...)
2 34.49.241.189 396982 (GOOGLE-CL...)
1 2600:9000:272... 16509 (AMAZON-02)
1 172.217.18.104 15169 (GOOGLE)
1 52.9.213.1 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
11 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:262... 16509 (AMAZON-02)
1 54.148.32.82 16509 (AMAZON-02)
8 34.205.161.15 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.224.189.100 16509 (AMAZON-02)
134 51
Apex Domain
Subdomains
Transfer
30 bitsight.com
www.bitsight.com — Cisco Umbrella Rank: 797774
321 KB
12 audioeye.com
wsmcdn.audioeye.com — Cisco Umbrella Rank: 5297
wsv3cdn.audioeye.com — Cisco Umbrella Rank: 4073
analytics.audioeye.com — Cisco Umbrella Rank: 4630
277 KB
11 trendemon.com
assets.trendemon.com — Cisco Umbrella Rank: 116645
trackingapi.trendemon.com — Cisco Umbrella Rank: 88085
pic.trendemon.com — Cisco Umbrella Rank: 235815
72 KB
8 typekit.net
p.typekit.net — Cisco Umbrella Rank: 571
use.typekit.net — Cisco Umbrella Rank: 460
181 KB
6 permutive.com
cdn.permutive.com — Cisco Umbrella Rank: 3767
api.permutive.com — Cisco Umbrella Rank: 2768
81 KB
6 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 495
ib.adnxs.com — Cisco Umbrella Rank: 281
6 KB
5 affec.tv
go.affec.tv — Cisco Umbrella Rank: 7524
map.go.affec.tv — Cisco Umbrella Rank: 7841
4 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
ssl.google-analytics.com — Cisco Umbrella Rank: 972
region1.google-analytics.com — Cisco Umbrella Rank: 3353
39 KB
5 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1024
cdn3.optimizely.com — Cisco Umbrella Rank: 4684
a26349430206.cdn.optimizely.com
logx.optimizely.com — Cisco Umbrella Rank: 1766
97 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 333
px4.ads.linkedin.com — Cisco Umbrella Rank: 7032
2 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 2701
10 KB
4 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 3570
40 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
356 KB
3 bizible.com
cdn.bizible.com — Cisco Umbrella Rank: 9821
26 KB
2 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2477
forms.hubspot.com — Cisco Umbrella Rank: 6196
3 KB
2 company-target.com
s.company-target.com — Cisco Umbrella Rank: 1549
api.company-target.com — Cisco Umbrella Rank: 4358
1017 B
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2010
alb.reddit.com — Cisco Umbrella Rank: 1418
761 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
td.doubleclick.net — Cisco Umbrella Rank: 182
61 B
2 demandbase.com
tag.demandbase.com — Cisco Umbrella Rank: 6210
tag-logger.demandbase.com — Cisco Umbrella Rank: 5387
20 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1095
13 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 831
15 KB
2 gstatic.com
fonts.gstatic.com
59 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
895 B
1 intentsify.io
tracking.intentsify.io — Cisco Umbrella Rank: 59048
214 B
1 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 854
98 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 377
149 B
1 bizibly.com
cdn.bizibly.com — Cisco Umbrella Rank: 14108
204 B
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 5955
92 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2343
26 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2358
28 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4514
2 KB
1 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 3693
712 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2580
972 B
1 fontawesome.com
ka-p.fontawesome.com — Cisco Umbrella Rank: 3310
15 KB
134 35
Domain Requested by
30 www.bitsight.com www.bitsight.com
10 wsv3cdn.audioeye.com wsmcdn.audioeye.com
wsv3cdn.audioeye.com
8 trackingapi.trendemon.com assets.trendemon.com
7 use.typekit.net www.bitsight.com
5 api.permutive.com cdn.bizible.com
5 secure.adnxs.com 3 redirects www.bitsight.com
4 tags.srv.stackadapt.com www.bitsight.com
tags.srv.stackadapt.com
cdn.bizible.com
4 consent.trustarc.com www.googletagmanager.com
consent.trustarc.com
www.bitsight.com
4 www.googletagmanager.com www.bitsight.com
www.googletagmanager.com
3 px.ads.linkedin.com 1 redirects cdn.bizible.com
3 go.affec.tv www.googletagmanager.com
go.affec.tv
3 cdn.bizible.com www.googletagmanager.com
www.bitsight.com
cdn.bizible.com
2 assets.trendemon.com www.bitsight.com
assets.trendemon.com
2 logx.optimizely.com cdn.bizible.com
2 map.go.affec.tv 2 redirects
2 ssl.google-analytics.com www.bitsight.com
2 www.redditstatic.com www.googletagmanager.com
www.redditstatic.com
2 www.google-analytics.com www.googletagmanager.com
cdn.bizible.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 fonts.gstatic.com fonts.googleapis.com
1 pic.trendemon.com
1 fonts.googleapis.com wsv3cdn.audioeye.com
1 analytics.audioeye.com wsv3cdn.audioeye.com
1 forms.hubspot.com cdn.bizible.com
1 wsmcdn.audioeye.com www.bitsight.com
1 track.hubspot.com
1 region1.google-analytics.com www.googletagmanager.com
1 tracking.intentsify.io www.bitsight.com
1 tag-logger.demandbase.com cdn.bizible.com
1 ib.adnxs.com cdn.bizible.com
1 api.company-target.com cdn.bizible.com
1 id.rlcdn.com www.bitsight.com
1 s.company-target.com tag.demandbase.com
1 cdn.permutive.com go.affec.tv
1 match.adsrvr.org www.bitsight.com
1 px4.ads.linkedin.com www.bitsight.com
1 cdn.bizibly.com www.bitsight.com
1 js.hsleadflows.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 alb.reddit.com www.bitsight.com
1 pixel-config.reddit.com www.redditstatic.com
1 td.doubleclick.net www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 ws.zoominfo.com www.bitsight.com
1 tag.demandbase.com www.bitsight.com
1 pixel.mathtag.com www.googletagmanager.com
1 www.google.com www.googletagmanager.com
1 p.typekit.net www.bitsight.com
1 a26349430206.cdn.optimizely.com cdn.optimizely.com
1 cdn3.optimizely.com cdn.optimizely.com
1 js.hs-scripts.com www.bitsight.com
1 cdn.optimizely.com www.bitsight.com
1 ka-p.fontawesome.com
134 54
Subject Issuer Validity Valid
bitsight.com
WE1
2024-11-26 -
2025-02-24
3 months crt.sh
*.gstatic.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-01-27
6 months crt.sh
cdn.optimizely.com
WE1
2024-10-21 -
2025-01-19
3 months crt.sh
hs-scripts.com
WE1
2024-11-24 -
2025-02-22
3 months crt.sh
cdn3.optimizely.com
WE1
2024-10-10 -
2025-01-08
3 months crt.sh
*.google-analytics.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-17 -
2025-11-17
a year crt.sh
*.trustarc.com
Amazon RSA 2048 M02
2024-03-16 -
2025-04-14
a year crt.sh
*.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
io.bizible.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-07 -
2025-07-08
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2024-12-02 -
2025-12-01
a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-06 -
2025-04-03
6 months crt.sh
*.mathtag.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-23 -
2025-04-30
a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2
2024-08-27 -
2025-09-28
a year crt.sh
zoominfo.com
E6
2024-11-12 -
2025-02-10
3 months crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M02
2024-08-09 -
2025-09-07
a year crt.sh
*.g.doubleclick.net
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.doubleclick.net
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2024-10-13 -
2025-04-11
6 months crt.sh
hs-analytics.net
WE1
2024-10-07 -
2025-01-05
3 months crt.sh
hs-banner.com
WE1
2024-11-22 -
2025-02-20
3 months crt.sh
hsleadflows.net
WE1
2024-11-27 -
2025-02-25
3 months crt.sh
affec.tv
Amazon RSA 2048 M02
2024-06-10 -
2025-07-09
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-10-14 -
2025-04-14
6 months crt.sh
permutive.com
WE1
2024-11-24 -
2025-02-23
3 months crt.sh
*.company-target.com
R10
2024-10-14 -
2025-01-12
3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2024-02-06 -
2025-03-05
a year crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2
2024-08-13 -
2025-09-14
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
api.permutive.com
R11
2024-10-19 -
2025-01-17
3 months crt.sh
logx.optimizely.com
WR3
2024-11-13 -
2025-02-11
3 months crt.sh
*.demandbase.com
Amazon RSA 2048 M02
2024-06-10 -
2025-07-08
a year crt.sh
*.intentsify.io
Amazon RSA 2048 M03
2024-05-07 -
2025-06-06
a year crt.sh
hubspot.com
WE1
2024-12-01 -
2025-03-01
3 months crt.sh
wsmcdn.audioeye.com
WE1
2024-10-08 -
2025-01-06
3 months crt.sh
wsv3cdn.audioeye.com
WE1
2024-11-10 -
2025-02-08
3 months crt.sh
*.trendemon.com
SSL.com RSA SSL subCA
2024-06-18 -
2025-06-18
a year crt.sh
report-prod.audioeye.com
Amazon RSA 2048 M03
2024-08-18 -
2025-09-17
a year crt.sh
upload.video.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh

This page contains 6 frames:

Primary Page: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Frame ID: 28267B917189D8436F0C4EB56A8EC17C
Requests: 127 HTTP requests in this frame

Frame: https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html
Frame ID: F463D35F82F050192F7B2BD99FA3604A
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com
Frame ID: EF1245F5B8ABEA4A9367239F6A49DB1A
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/965095466?random=1733335572212&cv=11&fst=1733335572212&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&hn=www.googleadservices.com&frm=0&tiba=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=1358530936.1733335572&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse
Frame ID: EE7D522D53DA81BE464AF98ED4CC97FC
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: D03138F81A8C227BC7E09298D9BB81A5
Requests: 1 HTTP requests in this frame

Frame: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/cookieStorage.html
Frame ID: 2D7540D56D230FED4A90BF106DD46F57
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

PROXY.AM Powered by Socks5Systemz Botnet | Bitsight

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com

Page Statistics

134
Requests

94 %
HTTPS

45 %
IPv6

35
Domains

54
Subdomains

51
IPs

4
Countries

1788 kB
Transfer

5130 kB
Size

75
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQILLA_FvLqxEwAAAZOS2eASlQX-FCzo2PRjDJyThZiUAFMIbb1DVvHlBq-Dyb_s_vGj4yQ
Request Chain 78
  • https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D
Request Chain 80
  • https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= HTTP 303
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67509a147fc6970001fa863e%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= HTTP 302
  • https://map.go.affec.tv/map/an/2972026922929660261?ch=67509a147fc6970001fa863e&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= HTTP 303
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
Request Chain 82
  • https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

134 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request proxyam-powered-socks5systemz-botnet
www.bitsight.com/blog/
137 KB
23 KB
Document
General
Full URL
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
306b1b64e818028ad936b4527fbbc958827fcd8863464d9ecfd1c88934440e08
Security Headers
Name Value
Content-Security-Policy report-uri /report-csp-violation
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
18601
cache-control
max-age=31536000, public
cf-cache-status
DYNAMIC
cf-ray
8ecdba96fdb7bd9f-LHR
content-encoding
br
content-language
en
content-security-policy
report-uri /report-csp-violation
content-type
text/html; charset=UTF-8
date
Wed, 04 Dec 2024 18:06:11 GMT
expires
Sun, 19 Nov 1978 05:00:00 GMT
last-modified
Wed, 04 Dec 2024 12:55:43 GMT
link
<analytics.google.com>; rel="dns-prefetch", <js.driftt.com>; rel="dns-prefetch", <rackingapi.trendemon.com>; rel="dns-prefetch", <tags.srv.stackadapt.com>; rel="dns-prefetch", <cdn.optimizely.com>; rel="dns-prefetch", <js.hs-scripts.com>; rel="dns-prefetch", <logx.optimizely.com>; rel="dns-prefetch", <metrics.hotjar.io>; rel="dns-prefetch", <bootstrap.driftapi.com>; rel="dns-prefetch", <ka-p.fontawesome.com>; rel="dns-prefetch", <audioeye.com>; rel="dns-prefetch", <googletagmanager.com>; rel="dns-prefetch", <permutive.com>; rel="dns-prefetch", <hotjar.com>; rel="dns-prefetch", <analytics.google.com>; rel="preconnect", <js.driftt.com>; rel="preconnect", <rackingapi.trendemon.com>; rel="preconnect", <consent.trustarc.com>; rel="preconnect", <cdn.optimizely.com>; rel="preconnect", <js.hs-scripts.com>; rel="preconnect", <metrics.hotjar.io>; rel="preconnect", <logx.optimizely.com>; rel="preconnect", <bootstrap.driftapi.com>; rel="preconnect", <ka-p.fontawesome.com>; rel="preconnect", <tags.srv.stackadapt.com>; rel="preconnect", <audioeye.com>; rel="preconnect", <googletagmanager.com>; rel="preconnect", <permutive.com>; rel="preconnect", <hotjar.com>; rel="preconnect", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2>; rel="prefetch", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://kit.fontawesome.com/bc8e4d7021.js>; rel="prerender", <https://js-agent.newrelic.com/nr-rum-1.255.0.min.js>; rel="prerender"
referrer-policy
no-referrer-when-downgrade
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
surrogate-key
tilu alec 15nq bh81 qknc 135a t5be 1rv1 4iqj 2h09 k5im 7bmp epgs ffa2 tapm s1so lgqj d7d6 1971 6ehj gaf3 77td jufg knej sheu khoj 4n5i cj78 vja0 ka5u 78t5 6dsl ldc7 snk9 tib3 rjqv tjhs n16q keo3 rl04 p93v vcdf e79l u1q5 gsd9 lira nl66 jro7 in6f h29v iu4c 3kis e6ki 2pbm 3t5u snd9 1cn6 omo7 o1kn 4539 uqdm k6vi dfem 98ql 5694 s3lt gub4 qb8d td07 bicd b452 cjqp 51mg q0pd 516e gfvc vfo5 urm3 2e20 1ovt ihaf 93fh ogvc 8775 4f2v acf4 1edt ql68 bsc4 3ukk ut71 kvo9 bsid i1hh m4ma 704t l0o5 ebeg 601f kfqg eit7 ig0p 4fu4 vq51 oauf snab trke e1j3
vary
Cookie,Accept-Encoding
via
varnish
x-ah-environment
prod
x-cache
HIT
x-cache-hits
221
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-drupal-cache
HIT
x-drupal-dynamic-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 10 (https://www.drupal.org)
x-request-id
v-2223e9ac-b23f-11ef-9242-4f3e994eb3ea
x-xss-protection
1; mode=block
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v22/
0
14 KB
Other
General
Full URL
https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

age
555741
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 28 Nov 2025 07:43:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 28 Nov 2024 07:43:50 GMT
last-modified
Wed, 26 Jan 2022 19:14:07 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
13976
x-xss-protection
0
server
sffe
pro-fa-light-300-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/
0
15 KB
Other
General
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=31556926
cf-cache-status
HIT
etag
"660c2974-3c34"
age
1796233
cf-ray
8ecdba9ab910386b-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
15412
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
font/woff2
last-modified
Tue, 02 Apr 2024 15:51:16 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
26349430206.js
cdn.optimizely.com/js/
336 KB
96 KB
Script
General
Full URL
https://cdn.optimizely.com/js/26349430206.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48b3223045e89bc08cab63141deb460590b7638fbe14fcee1de49394aff4a5e3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age
86400
access-control-expose-headers
x-amz-meta-revision
content-encoding
gzip
cf-cache-status
HIT
etag
"0db3b0fca47201d9ea010a17226f207a"
x-amz-version-id
D5z1I8e2SZQ9WuTMblcpDikI4PHdijaI
access-control-allow-methods
GET, HEAD
date
Wed, 04 Dec 2024 18:06:11 GMT
x-amz-meta-revision
9737
content-type
text/javascript; charset=utf-8
last-modified
Wed, 04 Dec 2024 17:49:16 GMT
vary
Accept-Encoding
x-amz-id-2
gAJOC82m+jqfrhklTwLEhg01YGlNXhkogCTRACNYQqz5mPZrJWHc41+EnygqXHK6PJhP8+IXZNw=
access-control-allow-headers
*
x-amz-replication-status
PENDING
cache-control
max-age=120
timing-allow-origin
*
x-amz-meta-pci_enabled
False
access-control-allow-credentials
false
x-amz-request-id
FKW47PDE0Y6GH3C5
cf-ray
8ecdba9abda3ef56-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
97712
server
cloudflare
x-amz-server-side-encryption
AES256
css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css
www.bitsight.com/sites/default/files/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.bitsight.com/sites/default/files/css/css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css?delta=0&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-dd24958a-a1dc-11ef-b328-4b413951eb8b
content-encoding
gzip
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Thu, 13 Nov 2025 16:31:57 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
text/css
last-modified
Wed, 13 Nov 2024 16:31:56 GMT
vary
Accept-Encoding
x-cache-hits
27
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9a59ddbd9f-LHR
accept-ranges
bytes
content-length
1331
server
cloudflare
css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css
www.bitsight.com/sites/default/files/css/
90 KB
14 KB
Stylesheet
General
Full URL
https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-3e7b2ef4-a75d-11ef-b5b9-3b9319007506
content-encoding
gzip
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Thu, 20 Nov 2025 16:28:37 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
text/css
vary
Accept-encoding
x-cache-hits
1074
last-modified
Wed, 20 Nov 2024 16:31:02 GMT
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9a59dfbd9f-LHR
accept-ranges
bytes
content-length
14030
server
cloudflare
Products_EnterpriseSecurity.svg
www.bitsight.com/sites/default/files/2024/04/27/
994 B
579 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Products_EnterpriseSecurity.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-2b0579dc-7fa9-11ef-8f1a-1bf2f532319e
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:56:41 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:46:48 GMT
x-cache-hits
98512
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9a59e0bd9f-LHR
server
cloudflare
Products_DigitalSupplyChainSecurity.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
512 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Products_DigitalSupplyChainSecurity.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-a69fc274-7fa8-11ef-877b-fbeec39b1bd6
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:55:26 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:48:47 GMT
x-cache-hits
88192
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9a59e2bd9f-LHR
server
cloudflare
Products_RiskGovernanceReporting.svg
www.bitsight.com/sites/default/files/2024/04/27/
712 B
476 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskGovernanceReporting.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-8c303d32-06fa-11ef-b42b-5fe8171e2b39
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:50:46 GMT
x-cache-hits
3
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=1209600
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c0c29bd9f-LHR
server
cloudflare
Products_RiskAnalysisData.svg
www.bitsight.com/sites/default/files/2024/04/27/
630 B
439 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskAnalysisData.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-f345b368-7fa8-11ef-a4ad-ef0b67ed8a2b
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:52:21 GMT
x-cache-hits
100095
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c0c2cbd9f-LHR
server
cloudflare
Products_CyberUnderwritingRiskControl.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
787 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Products_CyberUnderwritingRiskControl.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-8cd85e0e-06fa-11ef-9a40-c7211ac61ad7
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:54:40 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:53:11 GMT
x-cache-hits
1
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=1209600
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c1c2fbd9f-LHR
server
cloudflare
Produ_ProfessionalServices.svg
www.bitsight.com/sites/default/files/2024/04/27/
2 KB
1 KB
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Produ_ProfessionalServices.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-2c86ad6c-7fa9-11ef-91e0-27d3f366b1a9
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:56:44 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:53:52 GMT
x-cache-hits
97265
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c1c3fbd9f-LHR
server
cloudflare
Sidebar_LightBulb.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
648 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-9e9cbe8c-06fa-11ef-a662-17b03e11abdd
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:45:47 GMT
x-cache-hits
1
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=1209600
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c1c40bd9f-LHR
server
cloudflare
Solutions_UseCases.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
673 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_UseCases.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-f34b8d1a-7fa8-11ef-a39a-ab9d0c870871
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:55:26 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:56:37 GMT
x-cache-hits
100680
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c1c42bd9f-LHR
server
cloudflare
Solutions_Industries.svg
www.bitsight.com/sites/default/files/2024/04/27/
864 B
503 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_Industries.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-8e9ca90c-06fa-11ef-b9e5-772998f816ed
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 17:59:41 GMT
x-cache-hits
1
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=1209600
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c67bd9f-LHR
server
cloudflare
DataInsights_OurData.svg
www.bitsight.com/sites/default/files/2024/04/27/
725 B
529 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_OurData.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-a6cf3f54-7fa8-11ef-94e3-83b871583532
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:55:26 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:03:58 GMT
x-cache-hits
79568
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c69bd9f-LHR
server
cloudflare
DataInsights_ThreatResearch.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
473 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_ThreatResearch.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-f354b958-7fa8-11ef-8c5e-67301c689dca
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:18:18 GMT
x-cache-hits
71940
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c6bbd9f-LHR
server
cloudflare
Sidebar_Bell.svg
www.bitsight.com/sites/default/files/2024/04/27/
766 B
499 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-2e6c63e2-7fa9-11ef-908f-0b147fff18b1
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:03:01 GMT
x-cache-hits
98190
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c6ebd9f-LHR
server
cloudflare
Company_AboutUs.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
630 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Company_AboutUs.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-2e06863a-7fa9-11ef-b5e1-5f78105553e7
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:56:47 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:07:02 GMT
x-cache-hits
97044
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c6fbd9f-LHR
server
cloudflare
Company_ConnectWithUs.svg
www.bitsight.com/sites/default/files/2024/04/27/
745 B
399 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Company_ConnectWithUs.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-74d36e98-7fa9-11ef-9c4a-cf3fcb713adf
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:09:14 GMT
x-cache-hits
98847
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c72bd9f-LHR
server
cloudflare
Resources_Resources.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
708 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Resources.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-a6cdb79c-7fa8-11ef-83ef-8b8478498df7
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:55:26 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:12:47 GMT
x-cache-hits
100068
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c73bd9f-LHR
server
cloudflare
Resources_Blog.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
600 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Blog.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-2f15ac90-7fa9-11ef-a7a7-43b2cace716c
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:56:48 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:14:49 GMT
x-cache-hits
50489
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c75bd9f-LHR
server
cloudflare
Sidebar_QuoteBubble.svg
www.bitsight.com/sites/default/files/2024/04/27/
1 KB
692 B
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_QuoteBubble.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-570f12fe-1eba-11ef-b716-c79cf80b08f4
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:55:26 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Sat, 27 Apr 2024 18:16:50 GMT
x-cache-hits
3759
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=1209600
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c78bd9f-LHR
server
cloudflare
PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp
www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/
55 KB
55 KB
Image
General
Full URL
https://www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp?itok=hxzltWNB
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f6331a2668773c2c297dd182dc9a409a8a06ce9fc55c53bdf0bf2a11ac6609e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-2ebf1d50-b1b1-11ef-a981-eb880181fbc6
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 20:06:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/webp
last-modified
Mon, 25 Nov 2024 18:07:12 GMT
x-cache-hits
20
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c7abd9f-LHR
accept-ranges
bytes
content-length
56146
server
cloudflare
Favorable_TermScout.svg
www.bitsight.com/sites/default/files/2024/10/10/
16 KB
5 KB
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/10/10/Favorable_TermScout.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-56c54b70-874b-11ef-9c85-df1a7d2d3fb7
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Fri, 10 Oct 2025 22:10:09 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Thu, 10 Oct 2024 21:05:11 GMT
x-cache-hits
9
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c3c7cbd9f-LHR
server
cloudflare
email-decode.min.js
www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
830 B
Script
General
Full URL
https://www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"6740aa56-4d7"
x-content-type-options
nosniff
cf-ray
8ecdba9c1c37bd9f-LHR
expires
Fri, 06 Dec 2024 18:06:11 GMT
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
application/javascript
last-modified
Fri, 22 Nov 2024 15:59:18 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js
www.bitsight.com/sites/default/files/js/
92 KB
32 KB
Script
General
Full URL
https://www.bitsight.com/sites/default/files/js/js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js?scope=footer&delta=0&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-dd6e4568-a1dc-11ef-a7e0-276479788c1f
content-encoding
gzip
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Thu, 13 Nov 2025 16:31:57 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/javascript
last-modified
Wed, 13 Nov 2024 16:31:05 GMT
vary
Accept-Encoding
x-cache-hits
1
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c1c3bbd9f-LHR
accept-ranges
bytes
content-length
32455
server
cloudflare
277648.js
js.hs-scripts.com/
1 KB
972 B
Script
General
Full URL
https://js.hs-scripts.com/277648.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf7efd0300bad653e91b0b17d85fcd1ffeb89f504ca2b8740784f1070b1be700
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age
3600
content-encoding
gzip
cf-cache-status
EXPIRED
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 18:07:42 GMT
date
Wed, 04 Dec 2024 18:06:12 GMT
x-hubspot-correlation-id
ff59087a-eb16-4aa0-8c49-9828bb35871c
content-type
application/javascript;charset=utf-8
vary
origin, Accept-Encoding
last-modified
Wed, 04 Dec 2024 18:06:12 GMT
cache-control
public, max-age=90
access-control-allow-credentials
true
cf-ray
8ecdba9c786063e5-LHR
accept-ranges
bytes
access-control-allow-origin
https://www.bitsight.com
content-length
600
server
cloudflare
js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js
www.bitsight.com/sites/default/files/js/
55 KB
14 KB
Script
General
Full URL
https://www.bitsight.com/sites/default/files/js/js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js?scope=footer&delta=2&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-de046818-a1dc-11ef-87b8-237a3e035d65
content-encoding
gzip
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Thu, 13 Nov 2025 16:33:52 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/javascript
last-modified
Wed, 13 Nov 2024 16:31:57 GMT
vary
Accept-Encoding
x-cache-hits
1
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9c1c3cbd9f-LHR
accept-ranges
bytes
content-length
14340
server
cloudflare
geo4.js
cdn3.optimizely.com/js/
296 B
306 B
Script
General
Full URL
https://cdn3.optimizely.com/js/geo4.js
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/26349430206.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.152.14 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69e9f48058d6bd3c12639a4a967637a337955dca5b30596244539746f0c06aac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cf-ray
8ecdba9c8fc303bb-LHR
content-encoding
br
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
gtm.js
www.googletagmanager.com/
448 KB
135 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8d627a9a91f75bd7bdef1b7eeb3dec1696a10b030fa50407df4d8a2c44e0c709
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 04 Dec 2024 18:06:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
137756
x-xss-protection
0
server
Google Tag Manager
a26349430206.html
a26349430206.cdn.optimizely.com/client_storage/ Frame F463
0
0
Document
General
Full URL
https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/26349430206.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=120
cf-cache-status
HIT
cf-ray
8ecdba9cce029478-LHR
content-encoding
gzip
content-length
775
content-type
text/html; charset=utf-8
date
Wed, 04 Dec 2024 18:06:12 GMT
etag
"e63c4e45003776c23a825a459af9de3c"
last-modified
Wed, 04 Dec 2024 17:49:11 GMT
server
cloudflare
server-timing
cfCacheStatus;desc="HIT"
vary
Accept-Encoding
x-amz-id-2
EAHR0Ycp/T5jF7bVEC1lQLmF1Is9S4ISbzo6L82RMgmJWTO+R1fboF24MqRUu0YBURB9UCoGSDrQMJhZ6h81/XnzAp9aQ5GM
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
GBYXAE8Z2CN8V31Q
x-amz-server-side-encryption
AES256
x-amz-version-id
zp7ksKVtXlYLgzsy6Q8noAPpntEzLvgx
p.css
p.typekit.net/
5 B
173 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=dws7syq&ht=tk&f=39488.39489.39490.39491.39492.39493.39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509&a=212160357&app=typekit&e=css
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a419 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Response headers

cache-control
public, max-age=604800
etag
"6649f74c-5"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
5
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/css
last-modified
Sun, 19 May 2024 12:57:48 GMT
server
nginx
notice
consent.trustarc.com/
34 KB
11 KB
Script
General
Full URL
https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-57.fra2.r.cloudfront.net
Software
/
Resource Hash
f7090859db03201d473099bdd8efc7ec5ac3016b74fa405003818b7cacbb258e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=3600
content-encoding
gzip
via
1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
uyQTB8eUc3Do4yMCEa87akobg8QhDCfZeJJLcFvUCSPCfTsSf_eOvA==
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA2-C2
collect
www.google.com/ccm/
0
0
Ping
General
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&scrsrc=www.googletagmanager.com&frm=0&rnd=542549336.1733335572&auid=1358530936.1733335572&npa=0&gtm=45He4bk0v76025611za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&tft=1733335572123&tfd=1168&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f196.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

bizible.js
cdn.bizible.com/scripts/
67 KB
25 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lhd/359D) /
Resource Hash
240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSub

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSub
cache-control
max-age=86400
content-encoding
gzip
etag
"4797a1a44a3cdb1:0"
age
75035
accept-ranges
bytes
x-cache
HIT
content-length
25393
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/x-javascript
last-modified
Thu, 21 Nov 2024 19:22:02 GMT
server
ECS (lhd/359D)
vary
Accept-Encoding
insight.min.js
snap.licdn.com/li.lms-analytics/
2 KB
1006 B
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:33::212:40dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=17262
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
796
date
Wed, 04 Dec 2024 18:06:12 GMT
last-modified
Mon, 02 Dec 2024 19:28:43 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
gzip
age
1353
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 19:43:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 17:43:39 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
destination
www.googletagmanager.com/gtag/
259 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4bk0v76025611za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
21976b513b4ff299b91152af25e0ff8c70efab51db482bdfcf67cfabfef293db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Wed, 04 Dec 2024 18:06:12 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
94038
x-xss-protection
0
server
Google Tag Manager
pixel.js
www.redditstatic.com/ads/
43 KB
13 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"1a001f3a066bff47a766099b87253911"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12220
date
Wed, 04 Dec 2024 18:06:12 GMT
last-modified
Mon, 18 Nov 2024 21:16:35 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
js
pixel.mathtag.com/event/
161 B
712 B
Script
General
Full URL
https://pixel.mathtag.com/event/js?mt_pp=1&mt_adid=222552
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.140.211 Reston, United States, ASN30419 (PAEDAE-INC, US),
Reverse DNS
Software
MT3 1688 76e1918 master iad iad-pixel-x23 config_version:"3175" /
Resource Hash
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
Security Headers
Name Value
Strict-Transport-Security 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

Strict-Transport-Security
31536000
Cache-Control
no-cache
Content-Encoding
gzip
Connection
close
Cross-Origin-Resource-Policy
cross-origin
Referrer-Policy
strict-origin
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
all
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date
Wed, 04 Dec 2024 18:06:12 GMT
X-XSS-Protection
0
Content-Type
text/javascript
Server
MT3 1688 76e1918 master iad iad-pixel-x23 config_version:"3175"
7127e84810857c8d.min.js
tag.demandbase.com/
76 KB
20 KB
Script
General
Full URL
https://tag.demandbase.com/7127e84810857c8d.min.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-121.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
gzip
x-amz-version-id
v05QvrvxRI0VOl7C8T2uZsSJ_x4PrkcB
etag
W/"dc57eab4525914a6ed3317a7f6046ff8"
x-cache
RefreshHit from cloudfront
x-amz-cf-id
oDwwxjgGb6zsjB2mz1Ieej6wWMQGQY3bd4E2iDfKPnZiE0wW_RjiEw==
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
last-modified
Fri, 15 Nov 2024 20:20:16 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=3600
via
1.1 934815569b3b6127560be81f148ef706.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop
FRA60-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
nB5wHQT3fvQHVI5gp4PL
ws.zoominfo.com/pixel/
3 KB
2 KB
Script
General
Full URL
https://ws.zoominfo.com/pixel/nB5wHQT3fvQHVI5gp4PL
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
66ec97d7281b60c831342be081bb27f610f46d8b73f9b4bfd3d1b589096a0869
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag
noindex, nofollow
content-encoding
gzip
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
cf-ray
8ecdba9e2f6f9469-LHR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/javascript
vary
Accept-Encoding
x-powered-by
Express
server
cloudflare
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
gzip
age
81
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 20:04:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:04:51 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
17168
server
Golfe2
events.js
tags.srv.stackadapt.com/
22 KB
8 KB
Script
General
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.219.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-219-199.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4343f53d3d0ec258a8325865825b6c0a0d09b3088a9708ee55a443646297ebef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-origin
*
cache-control
max-age=5
content-encoding
gzip
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/javascript
point-of-precision.svg
www.bitsight.com/themes/custom/bitsight_theme/src/assets/
327 B
393 B
Image
General
Full URL
https://www.bitsight.com/themes/custom/bitsight_theme/src/assets/point-of-precision.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Response headers

x-request-id
v-a74a537e-7fa8-11ef-b1d0-cbae4a573e9e
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:56:46 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Tue, 24 Sep 2024 14:17:53 GMT
x-cache-hits
38
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9deec6bd9f-LHR
server
cloudflare
l
use.typekit.net/af/0230dd/00000000000000007735bb33/30/
26 KB
26 KB
Font
General
Full URL
https://use.typekit.net/af/0230dd/00000000000000007735bb33/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"5bb33ae2a954c4b3b528681f85ecbf7624532fad"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
26356
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
l
use.typekit.net/af/153042/00000000000000007735bb62/30/
24 KB
24 KB
Font
General
Full URL
https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"b0d46bd3fb22c6c06785f44e1a131be6878e0485"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
24460
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
l
use.typekit.net/af/305037/00000000000000007735bb39/30/
27 KB
27 KB
Font
General
Full URL
https://use.typekit.net/af/305037/00000000000000007735bb39/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"4af6f044e86b0a30d1aa7c5babe16808274dd9a8"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
27780
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
l
use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/
23 KB
23 KB
Font
General
Full URL
https://use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"11d02edbb0e1552504cdb4512876b33f0c02dcaf"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23256
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
l
use.typekit.net/af/384d9b/00000000000000007735bb6a/30/
25 KB
25 KB
Font
General
Full URL
https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"23427917d6d72688888854d7151dc7962d8d8301"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
25828
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
l
use.typekit.net/af/aed66e/00000000000000007735bb35/30/
27 KB
27 KB
Font
General
Full URL
https://use.typekit.net/af/aed66e/00000000000000007735bb35/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"9e3369ea7ed88f1e4a8a12a637f7348f31af57ce"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
27892
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
l
use.typekit.net/af/160664/00000000000000007735bb32/30/
28 KB
28 KB
Font
General
Full URL
https://use.typekit.net/af/160664/00000000000000007735bb32/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/

Response headers

cache-control
public, max-age=31536000
timing-allow-origin
*
etag
"a0a5b94f1d2bb67123bf96637186b77b73341264"
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
28612
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/font-woff2
server
nginx
Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png
www.bitsight.com/sites/default/files/2024/11/25/
14 KB
14 KB
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/11/25/Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9e1fde6240e3a5a6abc36edfe07c9e6204b687100edadd3d70fb77e9560ca96
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-8f32b2b0-b165-11ef-b9e2-17a04bc52b66
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 15:13:11 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/png
last-modified
Mon, 25 Nov 2024 18:27:27 GMT
x-cache-hits
53
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9e0ee3bd9f-LHR
accept-ranges
bytes
content-length
14184
server
cloudflare
Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png
www.bitsight.com/sites/default/files/2024/11/25/
39 KB
39 KB
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/11/25/Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54b3e4c319fb99c631ffd50cf7308ed0d10e78eb2e7ae6190f960c27418399fe
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-90362246-b165-11ef-acb4-fbcf397e5e1f
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 10:58:44 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/png
last-modified
Mon, 25 Nov 2024 18:28:42 GMT
x-cache-hits
61
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9e0ee7bd9f-LHR
accept-ranges
bytes
content-length
39752
server
cloudflare
KEV-research-white-paper-ad.svg
www.bitsight.com/sites/default/files/2024/09/20/
167 KB
112 KB
Image
General
Full URL
https://www.bitsight.com/sites/default/files/2024/09/20/KEV-research-white-paper-ad.svg
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-a740f4be-7fa8-11ef-a143-d797c4a25426
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:00 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/svg+xml
last-modified
Fri, 20 Sep 2024 19:03:54 GMT
x-cache-hits
6118
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdba9e0ee9bd9f-LHR
server
cloudflare
sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame EF12
0
0
Document
General
Full URL
https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
89167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Tue, 03 Dec 2024 17:20:05 GMT
expires
Wed, 03 Dec 2025 17:20:05 GMT
last-modified
Tue, 03 Dec 2024 10:18:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/965095466/
43 B
61 B
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965095466/?random=1733335572212&cv=11&fst=1733335572212&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&hn=www.googleadservices.com&frm=0&tiba=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=1358530936.1733335572&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4bk0v76025611za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Wed, 04 Dec 2024 18:06:12 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
965095466
td.doubleclick.net/td/rul/ Frame EE7D
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/965095466?random=1733335572212&cv=11&fst=1733335572212&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&hn=www.googleadservices.com&frm=0&tiba=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=1358530936.1733335572&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4bk0v76025611za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 18:06:12 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
config
pixel-config.reddit.com/pixels/t2_dy92zhkbx/
3 B
124 B
XHR
General
Full URL
https://pixel-config.reddit.com/pixels/t2_dy92zhkbx/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
27
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/json
t2_dy92zhkbx_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/
86 B
700 B
XHR
General
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_dy92zhkbx_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1733335572236&id=t2_dy92zhkbx&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=4abc79ea-906b-40bc-b396-958bea068452&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/gif
server
Varnish
insight.old.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:33::212:40dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=11645
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Wed, 04 Dec 2024 18:06:12 GMT
last-modified
Mon, 02 Dec 2024 10:13:56 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
__utm.gif
ssl.google-analytics.com/r/
35 B
410 B
Image
General
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=646213329&utmhn=www.bitsight.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-gb&utmje=0&utmfl=-&utmdt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&utmhid=242936505&utmr=-&utmp=%2Fblog%2Fproxyam-powered-socks5systemz-botnet&utmht=1733335572291&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D15825701.1912227383.1733335572.1733335572.1733335572.1%3B%2B__utmz%3D15825701.1733335572.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1077318010&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],}
x-content-type-options
nosniff
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:12 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
server
Golfe2
277648.js
js.hs-analytics.net/analytics/1733335500000/
87 KB
28 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1733335500000/277648.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-server-side-encryption
AES256
x-request-id
d4bf702e-6c56-4857-9051-a0a04f251045
content-encoding
gzip
cf-cache-status
MISS
etag
W/"1a816f50c8ec3bdb09dc86b88930a279"
x-amz-version-id
null
expires
Wed, 04 Dec 2024 18:11:12 GMT
x-evy-trace-listener
listener_https
date
Wed, 04 Dec 2024 18:06:12 GMT
x-hubspot-correlation-id
d4bf702e-6c56-4857-9051-a0a04f251045
content-type
text/javascript
last-modified
Tue, 22 Oct 2024 20:38:12 GMT
vary
origin, Accept-Encoding
x-amz-id-2
7IZL63B0zQEx1NrIkYrgfH7kF8QgaeikyidkJOh4qzo09Sw7pyEHyGehIAO1q+ObSS2PtSeeQ/PRGZP3tUjJ/mZBflQuMmaG
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-xw2ts
x-envoy-upstream-service-time
32
access-control-allow-credentials
false
x-amz-request-id
4QNYGYBVEHNK1RPN
cf-ray
8ecdba9f4e039557-LHR
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
banner.js
js.hs-banner.com/v2/277648/
72 KB
26 KB
Script
General
Full URL
https://js.hs-banner.com/v2/277648/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-evy-trace-virtual-host
all
access-control-max-age
604800
x-request-id
3a19b3f7-d48b-488f-9825-cf42f213b70a
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding
gzip
cf-cache-status
HIT
etag
W/"0d348277da23f2965a1392e91a7fa6aa"
x-amz-version-id
9rYQwXAh7p3RpE9mplC_EqLSRKBCDaOM
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires
Wed, 04 Dec 2024 18:07:44 GMT
x-evy-trace-listener
listener_https
date
Wed, 04 Dec 2024 18:06:12 GMT
x-hubspot-correlation-id
3a19b3f7-d48b-488f-9825-cf42f213b70a
content-type
text/javascript; charset=UTF-8
last-modified
Fri, 23 Aug 2024 14:30:47 GMT
vary
origin, Accept-Encoding
x-amz-id-2
qS2rU+0pFmhL5kGHFWyD9Awg8GJXUgNhoIZG/zehEw6uGH1j4jbcUkIr6Kp1A6gmEZvK8wca5CA=
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
timing-allow-origin
*
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-wgwsj
x-envoy-upstream-service-time
23
access-control-allow-credentials
true
x-amz-request-id
ZAJPJESK9NEG2HW3
cf-ray
8ecdba9f493494ba-LHR
access-control-allow-origin
https://www.bitsight.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-amz-server-side-encryption
AES256
leadflows.js
js.hsleadflows.net/
550 KB
92 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
8a49ddcc-216b-4e8d-92b8-9c12422f291d
content-encoding
gzip
cf-cache-status
HIT
etag
W/"ce26171eff05376a1b746efbb809f7f6"
x-amz-version-id
1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age
25191
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
fI_A2XEB9UyqkR8F2DMLRc4CKBi6nBtnpQa0VUwA_8uw2zzYEMVuCA==
x-hubspot-correlation-id
8a49ddcc-216b-4e8d-92b8-9c12422f291d
content-type
application/javascript; charset=utf-8
last-modified
Thu, 21 Nov 2024 16:54:39 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=86400, max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-856d8787d5-bhsbb
x-envoy-upstream-service-time
1
x-hs-target-asset
lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
x-hs-cache-status
HIT
date
Wed, 04 Dec 2024 18:06:12 GMT
vary
accept-encoding
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8e67d355afdc9258-AMS
via
1.1 38fc47c0600e1aa74a99467e3cebbdee.cloudfront.net (CloudFront)
cf-ray
8ecdba9f6aaf60fc-LHR
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD55-P7
ipv
cdn.bizible.com/
43 B
305 B
Image
General
Full URL
https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=3e2c0803c5704623b8145b2c139f78e0&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733335572281&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&_biz_n=0&rnd=542177&cdn_o=a&_biz_z=1733335572305
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lhd/370A) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSub

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSub
cache-control
no-cache, no-store
pragma
no-cache
age
420650
expires
-1
accept-ranges
bytes
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length
43
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
Image/GIF
last-modified
Fri, 29 Nov 2024 21:15:22 GMT
server
ECS (lhd/370A)
u
cdn.bizibly.com/
43 B
204 B
Image
General
Full URL
https://cdn.bizibly.com/u?_biz_u=3e2c0803c5704623b8145b2c139f78e0&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733335572307&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&rnd=721694&cdn_o=a&_biz_z=1733335572307
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lhd/35B4) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSub

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSub
cache-control
no-cache, no-store
pragma
no-cache
age
420642
expires
-1
accept-ranges
bytes
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length
43
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
Image/GIF
last-modified
Fri, 29 Nov 2024 21:15:30 GMT
server
ECS (lhd/35B4)
64fa38cc287519aad2798b3c
go.affec.tv/j/
663 B
799 B
Script
General
Full URL
https://go.affec.tv/j/64fa38cc287519aad2798b3c?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.71.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-71-230.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding
gzip
expires
Wed, 04 Apr 1990 00:00:00 GMT
content-length
431
p3p
CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/javascript
vary
Accept-Encoding
collect
www.google-analytics.com/j/
3 B
422 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=242936505&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&ul=en-gb&de=UTF-8&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=15825701.1912227383.1733335572.1733335572.1733335572.1&_utmz=15825701.1733335572.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1733335572320&_u=YQBCAEABAAAAACAAI~&jid=566421204&gjid=2088254611&cid=1912227383.1733335572&tid=UA-36272386-4&_gid=392031582.1733335572&_r=1&_slc=1&gtm=45He4bk0n81MZ2J8ZGv76025611za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&z=25368574
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:12 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.bitsight.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
3
server
Golfe2
v1.7-6252
consent.trustarc.com/asset/notice.js/v/
95 KB
28 KB
Script
General
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-6252
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-57.fra2.r.cloudfront.net
Software
/
Resource Hash
0c47080feb6fe854cb361dc2471f19799e8773617f10e33cf78aea069d41a4e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
*
content-encoding
gzip
age
3561
x-cache
Hit from cloudfront
x-amz-cf-id
u_WP5JFJ81bKYndKgKzGg3t_t2ZIg6ZR-DqjGEY2ILgLMdjJYZ6JHA==
date
Wed, 04 Dec 2024 17:06:51 GMT
content-type
text/javascript
last-modified
Wed, 13 Nov 2024 02:26:13 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=2592000
pragma
public
via
1.1 debe291145dc27044f50d04bac101cd8.cloudfront.net (CloudFront)
access-control-allow-origin
*
content-length
28136
x-amz-cf-pop
FRA2-C2
log
consent.trustarc.com/
43 B
426 B
Image
General
Full URL
https://consent.trustarc.com/log?domain=bitsighttech.com&country=gb&state=&behavior=implied&session=85741956-5654-4a21-915b-b3e30f0856e0&userType=NEW&c=8906&referer=https://www.bitsight.com&language=en
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-57.fra2.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
via
1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
expires
Mon, 26 Jul 1997 05:00:00 GMT
x-cache
Miss from cloudfront
content-length
43
x-amz-cf-id
-8PQxMto4yDR7fx6UdwdNtei72_kq2y9zVJ9p1oDKeXoOifvKVs8yQ==
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/gif
x-amz-cf-pop
FRA2-C2
vary
Origin
attribution_trigger
px.ads.linkedin.com/
2 B
813 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
*
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-li-pop
afd-prod-lva1-x
content-encoding
gzip
x-fs-uuid
00062875a312ac7d73fa72e0ef1ef497
x-msedge-ref
Ref A: 721EBBA327084181A10D7EFACB5959E2 Ref B: LTSEDGE1911 Ref C: 2024-12-04T18:06:12Z
x-li-fabric
prod-lva1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYodaMSrH1z+nLg7x70lw==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQILLA_FvLqxEwAAAZOS2eASlQX-FCzo...
0
266 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQILLA_FvLqxEwAAAZOS2eASlQX-FCzo2PRjDJyThZiUAFMIbb1DVvHlBq-Dyb_s_vGj4yQ
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 001D23C86DF942DCA91B99826C5F66E7 Ref B: LTSEDGE1813 Ref C: 2024-12-04T18:06:12Z
x-li-fabric
prod-lva1
x-li-uuid
AAYodaMWIkZudIy+PSYNWQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 04 Dec 2024 18:06:11 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733335572325&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQILLA_FvLqxEwAAAZOS2eASlQX-FCzo2PRjDJyThZiUAFMIbb1DVvHlBq-Dyb_s_vGj4yQ
x-msedge-ref
Ref A: 86ED8232F362495B9AF6492EFCD5CF55 Ref B: LTSEDGE1621 Ref C: 2024-12-04T18:06:12Z
x-li-fabric
prod-lva1
x-li-uuid
AAYodaMTJd+IxZ5Ilmp85g==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 04 Dec 2024 18:06:11 GMT
xdc.js
cdn.bizible.com/
111 B
322 B
Script
General
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=3e2c0803c5704623b8145b2c139f78e0&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.11.21
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lhd/3718) /
Resource Hash
ea4d8183e5312676ab1a197a262966766507a25929b068e895fd4f51d416be01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSub

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSub
cache-control
private, must-revalidate, max-age=21600
content-encoding
gzip
etag
CF1CF7CE
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length
215
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
ECS (lhd/3718)
bannermsg
consent.trustarc.com/
43 B
427 B
Image
General
Full URL
https://consent.trustarc.com/bannermsg?action=views&domain=bitsighttech.com&behavior=implied&country=gb&language=en&rand=0.293598748797959&session=85741956-5654-4a21-915b-b3e30f0856e0&userType=NEW&referer=https://www.bitsight.com
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-57.fra2.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
via
1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
expires
Mon, 26 Jul 1997 05:00:00 GMT
x-cache
Miss from cloudfront
content-length
43
x-amz-cf-id
E5MhnRGGNJSLRw0z_snArn53w5tPzWG4z94IWoBN52W77Z1buXMaAQ==
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/gif
x-amz-cf-pop
FRA2-C2
vary
Origin
sa.css
tags.srv.stackadapt.com/
65 B
203 B
Stylesheet
General
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.219.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-219-199.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
9be880a2aca36c57ee646fcfdd9bc40b8c45be7afad90b8a212c839c573a8282

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/
0
2 KB
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.219.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-219-199.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/jpeg
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D
  • https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D
0
1 KB
Script
General
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Server
185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.187.21.110; 5.187.21.110; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
8169f225-7515-4f56-af61-14d3760c1164
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 18:06:12 GMT
x-xss-protection
0
content-type
application/javascript; charset=utf-8
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
5.187.21.110; 5.187.21.110; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
8c19797c-408d-44bb-8db6-b835aeaab148
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 18:06:12 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
/
go.affec.tv/per/
846 B
916 B
Script
General
Full URL
https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8
Requested by
Host: go.affec.tv
URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.71.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-71-230.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding
gzip
expires
Wed, 04 Apr 1990 00:00:00 GMT
content-length
549
p3p
CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/javascript
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/
Redirect Chain
  • https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67509a147fc6970001fa863e%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent=
  • https://map.go.affec.tv/map/an/2972026922929660261?ch=67509a147fc6970001fa863e&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
70 B
149 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-length
70
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
image/gif
server
Kestrel

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
content-length
134
content-encoding
gzip
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
64fa38cd287519aad2798b3d
go.affec.tv/j/
523 B
726 B
Script
General
Full URL
https://go.affec.tv/j/64fa38cd287519aad2798b3d?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.71.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-71-230.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding
gzip
expires
Wed, 04 Apr 1990 00:00:00 GMT
content-length
359
p3p
CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/javascript
vary
Accept-Encoding
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D
  • https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D
0
1 KB
Script
General
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Server
185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.187.21.110; 5.187.21.110; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
7050ce87-f647-42b0-bc42-39fa655a7696
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 18:06:12 GMT
x-xss-protection
0
content-type
application/javascript; charset=utf-8
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
5.187.21.110; 5.187.21.110; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
3317320f-8b43-411c-8cc9-b05b2df55576
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 18:06:12 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js
cdn.permutive.com/
279 KB
80 KB
Script
General
Full URL
https://cdn.permutive.com/6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js
Requested by
Host: go.affec.tv
URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:6d13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=OD+e0A==, md5=Pmn62h2zlhYTKmf1Str1pA==
x-goog-meta-oid
6a844cb1-30bc-4723-8446-2cd9d1f839b8
etag
"3e69fada1db39616132a67f54adaf5a4"
cf-cache-status
HIT
age
0
x-goog-stored-content-encoding
gzip
expires
Wed, 04 Dec 2024 18:21:12 GMT
x-goog-stored-content-length
81473
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/javascript
last-modified
Fri, 22 Sep 2023 17:01:24 GMT
vary
Accept-Encoding
x-guploader-uploadid
ABPtcPqeSA8Hpcb-PrgvEpdLsObBqpGSNgYufd6BzeNnrooFlXJsV9IRwnJ6XYwSnduey3kSC35uG8lvIw
cache-control
public, max-age=900
timing-allow-origin
*
x-goog-storage-class
REGIONAL
cf-ray
8ecdbaa0e93963da-LHR
accept-ranges
bytes
x-goog-generation
1695402084169978
content-length
81473
server
cloudflare
sync
s.company-target.com/s/ Frame D031
0
0
Document
General
Full URL
https://s.company-target.com/s/sync?exc=lr
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/7127e84810857c8d.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
22.71.96.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods
GET,OPTIONS
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
634
content-type
text/html; charset=UTF-8
date
Wed, 04 Dec 2024 18:06:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
464526.gif
id.rlcdn.com/
0
98 B
Image
General
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 04 Dec 2024 18:06:12 GMT
ip.json
api.company-target.com/api/v3/
460 B
1017 B
XHR
General
Full URL
https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&page_title=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
ed18f2600dba553139a6e5f0db9e91fb28637a6af8dbfec605bf000c40799e1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age
7200
access-control-expose-headers
x-amz-cf-id
content-encoding
gzip
identification-source
CENTRAL
access-control-allow-methods
GET, POST, OPTIONS
request-id
346f871e-bd8b-4e41-a39b-c59fb4c969e1
expires
Tue, 03 Dec 2024 18:06:12 GMT
x-cache
Miss from cloudfront
x-amz-cf-id
qK3BxYsMUEDlDwEWVuFzfyGHqLvFh64-n29953ks4Zw4h59-LYlugw==
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/json;charset=utf-8
vary
Accept-Encoding, Origin
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
api-version
v3
access-control-allow-credentials
true
via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
access-control-allow-origin
https://www.bitsight.com
x-amz-cf-pop
FRA56-P2
server
nginx
saq_pxl
tags.srv.stackadapt.com/
116 B
311 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=oeyzgkQ7R8piwGBmS0lgBg&is_js=true&landing_url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&tip=z8MVyC6t5H8dvDiSBk-Iu48_bs8APeATtZXRdZTzNGw&host=https%3A%2F%2Fwww.bitsight.com&sa_conv_data_css_value=%270-4a676f4e-f510-548e-5203-8aee90533e5a%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd94a676f4ef510548e52038aee90533e5a05bb156e&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIOPSveNvakMjuLqndF24pm35gbcZcBOZtLvrKGxoArpGENYBGAQglLTCugYwAToExbdv9kIEVqFS4A.xqkr49ZgLBPVyruRg3auZcdkyb2hUVS7VZSROg04n0c&sa-user-id-v2=s%253ASmdvTvUQVI5SA4rukFM-WgW7FW4.CNf%252F%252Bu6kPrVJviGBM94Yk1aPAZEzYCIvRZkHHCCLbIc&sa-user-id=s%253A0-4a676f4e-f510-548e-5203-8aee90533e5a.%252BkcDYCFLigQNVyMxypEJ2osIGcti%252BQbzDqJNfXHMw%252Fk
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.219.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-219-199.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-methods
GET
access-control-allow-origin
https://www.bitsight.com
content-length
116
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/plain; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
*
ba14c91c-d17c-494a-b6b2-8d99e1bfb18d
https://www.bitsight.com/ Frame
0
0

b3889a2d-808b-448d-87b5-bd78d594678a
https://www.bitsight.com/ Frame
0
0

getuidj
ib.adnxs.com/
29 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
2e578c5380d8fa3c1b16ce05f15037ddc73fe2ca4361294e983674acb7455aa8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.187.21.110; 5.187.21.110; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://www.bitsight.com
an-x-request-uuid
c9322fa5-c6d3-461c-8711-9178e6f7dc1b
content-length
29
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 18:06:12 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
/
px.ads.linkedin.com/wa/
0
195 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 315171B6941A470B8E7B7594AC47DA0E Ref B: LTSEDGE1621 Ref C: 2024-12-04T18:06:12Z
x-li-fabric
prod-lva1
access-control-allow-credentials
true
x-li-uuid
AAYodaMYP4lEufHNsak19Q==
x-li-proto
http/2
access-control-allow-origin
https://www.bitsight.com
x-cache
CONFIG_NOCACHE
date
Wed, 04 Dec 2024 18:06:11 GMT
vary
Origin
geoip
api.permutive.com/v2.0/
242 B
346 B
XHR
General
Full URL
https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
14634539dcfd49aa7372e4ebf0630942251dd57aa012becf193596f10a20864a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.bitsight.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
159
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/json
vary
Origin
server
Permutive
events
logx.optimizely.com/v1/
0
387 B
XHR
General
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
189.241.49.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
838a71d4-0531-4a5e-b1e7-1db665b04e9e
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
via
1.1 google
access-control-allow-origin
https://www.bitsight.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
text/plain
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
bg9s
tag-logger.demandbase.com/
0
419 B
XHR
General
Full URL
https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=qK3BxYsMUEDlDwEWVuFzfyGHqLvFh64-n29953ks4Zw4h59-LYlugw==&api-version=v3
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2724:c00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-version-id
8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
36455
x-cache
Error from cloudfront
x-amz-cf-id
CJ2fdVSGh0QWyIDnktC_H2rs6rzNsq80iXPDcb62YWmXGUfqayhArg==
date
Wed, 04 Dec 2024 07:58:38 GMT
content-type
text/html
vary
accept-encoding
last-modified
Tue, 07 Mar 2023 20:47:02 GMT
via
1.1 f41688bac877227b82b3347b2428d266.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
destination
www.googletagmanager.com/gtag/
397 KB
129 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4bk0v76025611za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
4656a7aa47e776fa68e752e6d5e4ab7acf342123519b76ffbb2f083ecbf47529
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Wed, 04 Dec 2024 18:06:12 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
131596
x-xss-protection
0
server
Google Tag Manager
identify
api.permutive.com/v2.0/
50 B
88 B
XHR
General
Full URL
https://api.permutive.com/v2.0/identify?k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
9d9c93c8d5d4509923621f8cc6bcc2cc71aa1a42617513ca76abf9a21b55c804

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.bitsight.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
date
Wed, 04 Dec 2024 18:06:12 GMT
content-type
application/json
vary
Origin
server
Permutive
audiences
api.permutive.com/audience-matching/v1/id/f3b107f1-2921-4637-9233-b841b6dbe01f/
12 B
66 B
XHR
General
Full URL
https://api.permutive.com/audience-matching/v1/id/f3b107f1-2921-4637-9233-b841b6dbe01f/audiences?k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
/
Resource Hash
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
application/json
https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
tracking.intentsify.io/page-tracking/intentsify-bitsight/
0
214 B
Script
General
Full URL
https://tracking.intentsify.io/page-tracking/intentsify-bitsight/https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.213.1 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-9-213-1.us-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

expires
-1
cache-control
private, no-cache, no-store, must-revalidate
date
Wed, 04 Dec 2024 18:06:13 GMT
pragma
no-cache
x-powered-by
Express
events
api.permutive.com/v2.0/batch/
101 B
130 B
XHR
General
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
6000525be96e0b82ce7eada0adcb538f08ea3d7e235af64f1cad27bac9191b12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.bitsight.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
application/json
vary
Origin
server
Permutive
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4bk0v882142918za200zb76025611&_p=1733335571835&gcs=G100&gcd=13p3p3p3p5l1&npa=1&dma_cps=-&dma=0&tag_exp=101925629~102067555~102067808~102081485&gdid=dNTIxZG&cid=1047990460.1733335574&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1733335573&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&en=Demandbase_Event&_fv=1&_nsi=1&_ss=1&_ee=1&ep.demandbase_company_name=(Non-Company%20Visitor)&ep.demandbase_audience=Bot&ep.demandbase_audience_segment=(Non-Company%20Visitor)&ep.demandbase_city=(Non-Company%20Visitor)&ep.demandbase_country_name=(Non-Company%20Visitor)&ep.demandbase_company_id=(Non-Company%20Visitor)&ep.demandbase_employee_range=(Non-Company%20Visitor)&ep.demandbase_industry=(Non-Company%20Visitor)&ep.demandbase_web_site=(Non-Company%20Visitor)&ep.demandbase_revenue_range=(Non-Company%20Visitor)&ep.demandbase_state=(Non-Company%20Visitor)&ep.demandbase_sub_industry=(Non-Company%20Visitor)&tfd=2578
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4bk0v76025611za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.bitsight.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
text/plain
server
Golfe2
__ptq.gif
track.hubspot.com/
45 B
1 KB
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3511443875&v=1.1&a=277648&rcu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&pu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM+Powered+by+Socks5Systemz+Botnet+%7C+Bitsight&cts=1733335573655&vi=0fb242625dfe5b43b727b1b952c38392&nc=true&u=208292109.0fb242625dfe5b43b727b1b952c38392.1733335573654.1733335573654.1733335573654.1&b=208292109.1.1733335573654&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag
none
x-request-id
8d685ec4-6c38-4ed9-8c7a-0631f7c9fc08
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZakjCth8sXgVBwNQgxTiF3aj6x%2FCvFi78t8nNUN72dWoAPy7p4McxQeamxcV%2BrLT3ownPaXEFuuA0WqCEWJxjsCW%2ByyQIV8vhKT3s4%2FYpo7WsdGd1l7%2Bdoo9KI5hz4QXfYZBEfyoRL2nWzILCLxV"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 04 Dec 2024 18:06:13 GMT
x-hubspot-correlation-id
8d685ec4-6c38-4ed9-8c7a-0631f7c9fc08
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-rkp6r
x-envoy-upstream-service-time
7
access-control-allow-credentials
false
cf-ray
8ecdbaa7db12ef11-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
aem.js
wsmcdn.audioeye.com/
1 KB
686 B
Script
General
Full URL
https://wsmcdn.audioeye.com/aem.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6276740979e4a4e4528cd977b22b03a402d4f102fed8aca5140c4ad93690a51

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=120
content-encoding
br
cf-cache-status
HIT
etag
W/"c6520e7b06aafcc1a7543036b4e0fc7a"
age
41
cf-ray
8ecdbaa83b3ccd40-LHR
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
application/javascript
vary
Accept-Encoding
surrogate-keys
server
cloudflare
favicon.ico
www.bitsight.com/sites/default/files/
4 KB
696 B
Other
General
Full URL
https://www.bitsight.com/sites/default/files/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4af2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
v-63bd8a40-500a-11ef-8fe5-4bafd4e77667
content-encoding
br
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 03:53:30 GMT
x-cache
HIT
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 20 Apr 2023 01:16:14 GMT
x-cache-hits
20093
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
x-ah-environment
prod
via
varnish
cf-ray
8ecdbaa76c2cbd9f-LHR
server
cloudflare
json
forms.hubspot.com/lead-flows-config/v1/config/
178 B
1 KB
XHR
General
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=277648&utk=0fb242625dfe5b43b727b1b952c38392&__hstc=208292109.0fb242625dfe5b43b727b1b952c38392.1733335573654.1733335573654.1733335573654.1&__hssc=208292109.1.1733335573654&currentUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c8f4bf36a0676bded8b88917b88a5e91461256633a0b6dc1e59ef476424d74f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
04ff6cb6-465f-4e9e-96a5-792596c0b8d9
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sg2%2FJjxVKA3SdaLNI81Z37077Aeg7XAisfnzQbShmEVoHMQCpuWdbN%2B6Iosb%2B7ArvuWtbeIWFBm9fz990nURNUxSIrNUguwjdQb4BtkJGN7JXBvSrAXvYaLaX8aGeyaTELGCeBjQzChRRJWu3Z0F"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener
listener_https
date
Wed, 04 Dec 2024 18:06:13 GMT
x-hubspot-correlation-id
04ff6cb6-465f-4e9e-96a5-792596c0b8d9
content-type
application/json;charset=utf-8
vary
origin
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-b967ccf5d-pb78j
x-envoy-upstream-service-time
31
access-control-allow-credentials
false
cf-ray
8ecdbaa7fc1b385a-LHR
access-control-allow-origin
https://www.bitsight.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
events
logx.optimizely.com/v1/
0
73 B
XHR
General
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
189.241.49.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id
a31ad1fe-8834-4067-9998-e96235784e1d
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
via
1.1 google
access-control-allow-origin
https://www.bitsight.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
text/plain
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
bootstrap.js
wsv3cdn.audioeye.com/
61 KB
21 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481
Requested by
Host: wsmcdn.audioeye.com
URL: https://wsmcdn.audioeye.com/aem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ddf294744bc4a89e81278c38b50e46ded7f62f2d80e1ff4deeca647d82b1766

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=3600, s-maxage=21600
content-encoding
br
cf-cache-status
HIT
etag
W/"aed0acda0185f9edf6184b59a3fcc971"
age
14123
cf-ray
8ecdbaa929799532-LHR
date
Wed, 04 Dec 2024 18:06:13 GMT
content-type
application/javascript
vary
Accept-Encoding
surrogate-keys
95c39350d8f4b765016b0e58199c2f8b
server
cloudflare
state
api.permutive.com/v1.0/
0
34 B
XHR
General
Full URL
https://api.permutive.com/v1.0/state?fetch_unseen=true&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
date
Wed, 04 Dec 2024 18:06:13 GMT
server
Permutive
loader.js
wsv3cdn.audioeye.com/v2/scripts/
31 KB
10 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0d191e37e74e83b242c180f6b17881dd5a6ae40522257f461eae3bcf66d7a22

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control
max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
surrogate-key
prod 95c39350d8f4b765016b0e58199c2f8b 6986df481
cf-cache-status
HIT
age
3372
content-encoding
br
cf-ray
8ecdbaa9dbc87791-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
last-modified
Wed, 04 Dec 2024 16:51:35 GMT
startup.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/
382 KB
116 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160b6b9690833ef42cd5f35046a391ec3efc97f2a30f7effc8f7e39ef72dabe2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"4ccf68a13367eb17a574037dda7d3dfa"
age
6226
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaaa3b119532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/javascript
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
trends.min.js
assets.trendemon.com/tag/
301 KB
60 KB
Script
General
Full URL
https://assets.trendemon.com/tag/trends.min.js
Requested by
Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:262a:3600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

vary
accept-encoding
content-encoding
gzip
etag
"b7e260e47980a9ada3906def2be7dcda"
age
64632
via
1.1 0f03de5c911def3510d9e3ffa72c0a70.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
61292
x-amz-cf-id
2I8P5mJMhh6Axa1RerI0TB_xL-iduvQHlEbCEi25ui4sAF4uAGbw1A==
date
Wed, 04 Dec 2024 00:09:17 GMT
content-type
application/javascript
last-modified
Mon, 18 Nov 2024 12:10:10 GMT
server
AmazonS3
x-amz-cf-pop
CDG52-P6
x-amz-server-side-encryption
AES256
tangoEngine.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/
45 KB
17 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f1edcf201dd193a9c8a75c631d8883e5cc2c1b279ad41f41bb8e36e15879b67

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"9c0fc63cbdfdd60c49c80974d7e2bd29"
age
312
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaaadbf49532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/javascript
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cookieStorage.html
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ Frame 2D75
0
0
Document
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/cookieStorage.html
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
age
6186
cf-cache-status
HIT
cf-ray
8ecdbaab3ce7769e-LHR
content-encoding
br
content-type
text/html
date
Wed, 04 Dec 2024 18:06:14 GMT
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
server
cloudflare
vary
Accept-Encoding
send
analytics.audioeye.com/air/v0/
0
61 B
Ping
General
Full URL
https://analytics.audioeye.com/air/v0/send
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.148.32.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-32-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

date
Wed, 04 Dec 2024 18:06:14 GMT
access-control-allow-origin
*
content-length
0
launcher.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/
11 KB
4 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e4c3de3ec3ec95c33bdf635ae9cace7af833c5dd8ddcc694dcc278d6b300ebb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"7275d253e9c2f9131bd0ab68d1392233"
age
6186
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaaaec109532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/javascript
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
compliance.css
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/
2 KB
694 B
Stylesheet
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.css
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"21190dc484113930ea0a8022dabce414"
age
6188
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaaaec139532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/css
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
compliance.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/
50 KB
18 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6db76366fdb316e92890d326c4d10141034c01e7cd0d999e953cb79661f5a82

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"bf2c5ca3b229479a3970eb16c96a0d39"
age
3034
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaaaec149532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/javascript
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
fullCSS.bundle.css
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/
57 KB
12 KB
Stylesheet
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d74bdb691409ac89ce4d994b39173d7b8913394158e01bf6856dc84004bfa800

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"365ee6fb1581d1ba9d3ece214a6242c7"
age
6181
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaab3c7c9532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/css
last-modified
Tue, 26 Nov 2024 19:14:12 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
audioeye-scanner.js
wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.3/
334 KB
78 KB
Script
General
Full URL
https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.3/audioeye-scanner.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a3acc1a4f3c4135ca1ad428906097a5bfbe4b06141000ec877e7e3e561fa71b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"9831e57600cee17e1d465f45573e7f74"
age
5322
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8ecdbaab5c9e9532-LHR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/javascript
last-modified
Fri, 01 Nov 2024 21:39:51 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
2423
trackingapi.trendemon.com/api/settings/
614 B
805 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/settings/2423?callback=jsonp907643&vid=
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
9870114efcbabd80097267ef2b95824c28452ddc1b623402d578697e6c319407
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store,no-cache
content-length
614
date
Wed, 04 Dec 2024 18:06:14 GMT
pragma
no-cache
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
css2
fonts.googleapis.com/
2 KB
895 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 18:06:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 17:25:35 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
identity.min.js
assets.trendemon.com/global/
18 KB
6 KB
Script
General
Full URL
https://assets.trendemon.com/global/identity.min.js
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:262a:3600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-cf-pop
CDG52-P6
content-encoding
gzip
etag
W/"3f44b799c727cbac65d90f0779b8eb4e"
age
61138
via
1.1 0f03de5c911def3510d9e3ffa72c0a70.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
Igkad7fI6g_9GgTWAaQfOWiD4qI-BKkDqV3tsbirYtCVWXD0qn5Clw==
date
Wed, 04 Dec 2024 01:07:25 GMT
content-type
application/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 18 Nov 2024 12:10:15 GMT
x-amz-server-side-encryption
AES256
me
trackingapi.trendemon.com/api/Identity/
95 B
562 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/Identity/me?accountId=2423&DomainCookie=17333355746833172&fingerPrint=e8c2eaa4f5ff191d7f0c353a0c69d4c1&callback=jsonp507221&vid=
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
9587394f23c57c26e598a78cdc7ab23d190f2bb37cb63ff759640335a9cacf87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store,no-cache
content-length
95
date
Wed, 04 Dec 2024 18:06:14 GMT
pragma
no-cache
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
marketingautomation
trackingapi.trendemon.com/api/
95 B
284 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2423&ClientUrl=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&CookieId=17333355746833172&MaCookie=MGZiMjQyNjI1ZGZlNWI0M2I3MjdiMWI5NTJjMzgzOTI%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp880367&vid=2423:17333355746833172
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
86a49f01ca8d20fe2293719b308b62b73b1203107d67980ceb8254564509ce06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store,no-cache
content-length
95
date
Wed, 04 Dec 2024 18:06:14 GMT
pragma
no-cache
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
ace-campaign
trackingapi.trendemon.com/api/experience/
17 B
168 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/experience/ace-campaign?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&Referral=&callback=jsonp403650&vid=2423:17333355746833172
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
65f5bdd4901778f59b7be65aa0ff748c7ff932d7c94adeb00dbb297c8ad13f73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
17
date
Wed, 04 Dec 2024 18:06:14 GMT
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
pageview
trackingapi.trendemon.com/api/events/
43 B
286 B
Image
General
Full URL
https://trackingapi.trendemon.com/api/events/pageview?accountId=2423&url=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&cookie=17333355746833172&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2423:17333355746833172&r=1733335575027
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
age
1691358
expires
Mon, 01 Jan 1990 00:00:00 GMT
content-length
43
date
Wed, 04 Dec 2024 18:06:15 GMT
content-type
image/gif
server
Kestrel
personal-stream
trackingapi.trendemon.com/api/experience/
17 B
168 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/experience/personal-stream?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=0fb242625dfe5b43b727b1b952c38392&ExcludedStreamsJson=%5B%5D&callback=jsonp685617&vid=2423:17333355746833172
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
5bbf9ec5af46aff00e74c33717c982fc87453d3be7d93aff20cf1001f88ab840
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
17
date
Wed, 04 Dec 2024 18:06:15 GMT
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
personal
trackingapi.trendemon.com/api/experience/
15 B
166 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/experience/personal?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=0fb242625dfe5b43b727b1b952c38392&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp483634&vid=2423:17333355746833172
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
25baf7f18d586a04b70e94d021e465251346cc7c1eff715ff2281ac1d740a9a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
15
date
Wed, 04 Dec 2024 18:06:15 GMT
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
personal-embedded
trackingapi.trendemon.com/api/experience/
2 KB
3 KB
Script
General
Full URL
https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=0fb242625dfe5b43b727b1b952c38392&Ids=%5B%5D&Groups=%5B%5D&StreamId=&callback=jsonp791509&vid=2423:17333355746833172
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.205.161.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-161-15.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
376ece734d6d2035b74688721cebcde1c63af31e2dbfc8c89e03b68203cc2e85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2490
date
Wed, 04 Dec 2024 18:06:15 GMT
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
closex.png
pic.trendemon.com/images/
386 B
847 B
Image
General
Full URL
https://pic.trendemon.com/images/closex.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-100.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

ETag
"7da2ae17c3b671047838f7b78687a56f"
Age
49626
Connection
keep-alive
Via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
Accept-Ranges
bytes
X-Cache
Hit from cloudfront
Content-Length
386
X-Amz-Cf-Id
vzJ7xMxtzn6oe949g06c5Vi4nkm1e1MctIJxZmCGbOiWys4BCXeqyA==
Date
Wed, 04 Dec 2024 04:20:18 GMT
Content-Type
image/png
Last-Modified
Tue, 16 Apr 2019 23:23:30 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA2-C1
report
analytics.audioeye.com/v2/ Frame
0
0

report
analytics.audioeye.com/v2/
0
0

truncated
/
2 KB
2 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer

Response headers

Content-Type
font/truetype
Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2
fonts.gstatic.com/s/schibstedgrotesk/v3/
46 KB
46 KB
Font
General
Full URL
https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bitsight.com
Referer
https://fonts.googleapis.com/

Response headers

age
158593
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 02 Dec 2025 22:03:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 22:03:03 GMT
last-modified
Tue, 02 May 2023 14:49:56 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
46764
x-xss-protection
0
server
sffe

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.bitsight.com
URL
blob:https://www.bitsight.com/ba14c91c-d17c-494a-b6b2-8d99e1bfb18d
Domain
www.bitsight.com
URL
blob:https://www.bitsight.com/b3889a2d-808b-448d-87b5-bd78d594678a
Domain
analytics.audioeye.com
URL
https://analytics.audioeye.com/v2/report
Domain
analytics.audioeye.com
URL
https://analytics.audioeye.com/v2/report

Verdicts & Comments Add Verdict or Comment

198 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| optimizely object| dataLayer object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| consentListeners function| onConsentChange object| __dispatched__ function| addConsentListenerTA function| handleConsentDecision string| _linkedin_data_partner_id string| GoogleAnalyticsObject function| ga function| rdt object| MathTag object| domains string| source string| medium string| term string| content string| campaign string| session_count string| pageview_count string| hostname object| _gaq string| doname number| j function| get_campaign_info function| get_utm_value function| get_session_count function| get_pageview_count number| TRD_ACC_ID function| appendScriptTag string| currentWebsiteUrl string| serverUrl string| link function| saq function| _saq object| GooglebQhCsO function| redditNormalizeEmail function| once function| jQuery object| drupalSettings object| Drupal function| _typeof object| Bizible object| BizTrackingA object| BizA object| _gat object| gaGlobal string| gclid object| _hsp object| _vis_opt_queue object| LC_API object| gaplugins object| gaData object| truste function| shouldRepop function| shouldResolveConsent string| userType function| lintrk boolean| _already_called_lintrk object| ZILogs object| ziws object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| globalRoot function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive object| _hsq boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN function| loadPiggybacks object| piggybacks object| permutive object| VWO function| sanitizeKey boolean| _hstc_loaded object| Demandbase object| res object| saCookies string| current_window_url_param object| ORIBILI function| dbGtag function| onYouTubeIframeAPIReady boolean| _hstc_ran object| hsCallsToActionsReady string| __hsUserToken number| expireDateTime string| __AudioEyeSiteHash boolean| __audioEyeInitialized function| readyCallback boolean| LEAD_FLOW_DOCUMENT_READY_RAN object| __audioEyeContext boolean| __audioEyeRunnerComplete number| __AudioEyeInitialLoadTime object| __AudioEyePerformance string| aecb function| ae_choose function| loadStaticScript function| loaderFunction number| __AudioEyeLoaderStartTime object| AudioEye object| AudioEyeWebpackJsonp function| $ae function| ae_jQuery function| $Trd_Base64 function| $Trd_i18n function| __awaiter function| __generator function| $Trd_Utils function| $Trd_Tools function| RecordsService function| __extends function| $Trd_UserPageHistory_Cook object| enRenderModes object| $Trd_InternalEventsTypes object| $Trd_TriggersEventsTypes function| mapBackendTriggers function| $Trd_Context function| $Trd_EnvironmentSettings function| $Trd_ClientCookie function| $Trd_CtaClientCookie function| $Trd_ButtonSelector object| Frequency object| UnitVisibiltyType object| UnitTypeId object| AceVariantType object| AceElementAction object| AceElementAddPosition object| AceElementAddType object| ElementReplaceType object| AceImageReplaceMode object| AceImageObjectFit object| CssSizeUnits object| AceTextAlign object| AcePosition object| AceElementDisplay object| AceBackgroundImageFit object| StreamContentType object| StreamContentDesktopPosition object| StreamContentThumbnailType object| StreamLayoutAutoLoadTrigger function| $Trd_Logger object| COOKIE_NAMES function| $Trd_Visitor string| LOCAL_STORAGE_ITEM_NAME function| $Trd_FormListener function| $Trd_UrlGrabber function| $Trd_Events function| $Trd_Pageview string| $TRD_MA_COOKIE_NAME object| $TRD_MA_COOKIE_NAME_MAP function| $Trd_MarketingAutomation function| $TRD_CtaComponent function| $TRD_CtaContentComponent function| $TRD_GenericLayoutComponent function| $TRD_FormLayoutComponent function| $TRD_RecommendationLayoutComponent function| $TRD_RecommendCarouselLayoutComponent function| $TRD_GenericScriptComponent function| $TRD_FastTextLayoutComponent function| __assign function| __spreadArray function| $Trd_StreamManager function| $TRD_SurveyLayoutComponent number| COOLOFF_DAYS_AFTER_CLOSE number| COOLOFF_MS_AFTER_CLOSE function| $Trd_ExperienceManager function| $TRD_ClientAppFactory function| $TRD_ClientApp function| $TRD_ClientAppDrift function| $TRD_ClientAppSixSense object| trdContext function| $Trd_AceManager string| TRD_HIDER_STYLE_ID function| $Trd_NApi object| TrendemonContext object| $trd_Context object| trd_api object| IdentityConfig function| $Trd_Identity

75 Cookies

Domain/Path Name / Value
tracking.intentsify.io/page-tracking/intentsify-bitsight Name: userId
Value: f47c8765-d586-4f85-977e-917f95b5d26f
map.go.affec.tv/map/an Name: oo
Value: 1
.bitsight.com/ Name: optimizelyEndUserId
Value: oeu1733335571821r0.07210774645827289
.bitsight.com/ Name: _gcl_au
Value: 1.1.1358530936.1733335572
.bitsight.com/ Name: _rdt_uuid
Value: 1733335572235.4abc79ea-906b-40bc-b396-958bea068452
.bitsight.com/ Name: _biz_uid
Value: 3e2c0803c5704623b8145b2c139f78e0
.bitsight.com/ Name: _biz_nA
Value: 1
.bitsight.com/ Name: __utma
Value: 15825701.1912227383.1733335572.1733335572.1733335572.1
.bitsight.com/ Name: __utmc
Value: 15825701
.bitsight.com/ Name: __utmz
Value: 15825701.1733335572.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.bitsight.com/ Name: __utmt_sfga
Value: 1
.bitsight.com/ Name: __utmb
Value: 15825701.1.10.1733335572
.bitsight.com/ Name: _ga
Value: GA1.2.1912227383.1733335572
.bitsight.com/ Name: _gid
Value: GA1.2.392031582.1733335572
.bitsight.com/ Name: _gat_UA-36272386-4
Value: 1
.bitsight.com/ Name: TAsessionID
Value: 85741956-5654-4a21-915b-b3e30f0856e0|NEW
.bitsight.com/ Name: notice_behavior
Value: implied,eu
.bizible.com/ Name: _BUID
Value: 3e2c0803c5704623b8145b2c139f78e0
.bitsight.com/ Name: _biz_pendingA
Value: %5B%5D
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.bizibly.com/ Name: _BUID
Value: 947d01b5146c24718ac0b4bed6a85a91
.ws.zoominfo.com/ Name: visitorId
Value: 0ac6eb69ce1371f70d02eda7bee955ceb0045c2a483ef279b32bbb4ac51e22a7
.zoominfo.com/ Name: __cf_bm
Value: sDWxsUlbo5Foi7WcY9bvahTt3dKiksKalVAk36rD.pk-1733335572-1.0.1.1-ZDvFrvehi4VCYa6tSRGKpcNTrqYZoMMfdVRQcel1uMcW0.kwtG0KzLlrt8EWZ.OW2imLRTYt6Lv3G_O7Tb5TLw
.zoominfo.com/ Name: _cfuvid
Value: eCmXS1m954aFrUXvAqsxzcEj6c1ppNw4UDuR1yjZJRo-1733335572373-0.0.1.1-604800000
.bitsight.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-4a676f4e-f510-548e-5203-8aee90533e5a.%2BkcDYCFLigQNVyMxypEJ2osIGcti%2BQbzDqJNfXHMw%2Fk
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-4a676f4e-f510-548e-5203-8aee90533e5a.%2BkcDYCFLigQNVyMxypEJ2osIGcti%2BQbzDqJNfXHMw%2Fk
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3ASmdvTvUQVI5SA4rukFM-WgW7FW4.CNf%2F%2Bu6kPrVJviGBM94Yk1aPAZEzYCIvRZkHHCCLbIc
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3ASmdvTvUQVI5SA4rukFM-WgW7FW4.CNf%2F%2Bu6kPrVJviGBM94Yk1aPAZEzYCIvRZkHHCCLbIc
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIOPSveNvakMjuLqndF24pm35gbcZcBOZtLvrKGxoArpGENYBGAQglLTCugYwAToExbdv9kIEVqFS4A.xqkr49ZgLBPVyruRg3auZcdkyb2hUVS7VZSROg04n0c
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIOPSveNvakMjuLqndF24pm35gbcZcBOZtLvrKGxoArpGENYBGAQglLTCugYwAToExbdv9kIEVqFS4A.xqkr49ZgLBPVyruRg3auZcdkyb2hUVS7VZSROg04n0c
www.bitsight.com/ Name: sa-user-id
Value: s%253A0-4a676f4e-f510-548e-5203-8aee90533e5a.%252BkcDYCFLigQNVyMxypEJ2osIGcti%252BQbzDqJNfXHMw%252Fk
www.bitsight.com/ Name: sa-user-id-v2
Value: s%253ASmdvTvUQVI5SA4rukFM-WgW7FW4.CNf%252F%252Bu6kPrVJviGBM94Yk1aPAZEzYCIvRZkHHCCLbIc
www.bitsight.com/ Name: sa-user-id-v3
Value: s%253AAQAKIOPSveNvakMjuLqndF24pm35gbcZcBOZtLvrKGxoArpGENYBGAQglLTCugYwAToExbdv9kIEVqFS4A.xqkr49ZgLBPVyruRg3auZcdkyb2hUVS7VZSROg04n0c
.go.affec.tv/ Name: ck
Value: 67509a14ded4a20001223c96
.linkedin.com/ Name: bcookie
Value: "v=2&b6005f7b-4f10-4f25-8b79-5ca5049a6f6f"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MzMzMzU1NzI7MjswMjGaaid/Xeqiz2FlqYDEDxpkCFeps3feE7lZhItGfALG1w==
.linkedin.com/ Name: lidc
Value: "b=VGST02:s=V:r=V:a=V:p=V:g=3389:u=1:x=1:i=1733335572:t=1733421972:v=2:sig=AQE7YD_dWTIVyFvf_Wk0AjdeEJOIitNP"
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.go.affec.tv/ Name: oo
Value: 1
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2GVI:IafV!@wnf-Te9(>wL5L!!'XC$mk:^
.adnxs.com/ Name: XANDR_PANID
Value: aGTxMvI9DhE5cuHFC4ltAxvPPLN8dMjfO8aEPecFwtaOR9o08sNpagPq5rUxzIh-wnhW6gWY3neQPJOUD7gIzCqs6tfobVYFVZ4jk1_CiY4.
.adnxs.com/ Name: uuid2
Value: 2819958782355151076
.go.affec.tv/ Name: pt
Value: eyJhbiI6eyJkdCI6MTczMzMzNTU3MiwiaWQiOiIyOTcyMDI2OTIyOTI5NjYwMjYxIiwibHMiOjE3MzMzMzU1NzJ9LCJ2IjowfQ==|1733335572|63e8dd1de146b9b2e0b77fd1305a0bae54de30c6
.bitsight.com/ Name: permutive-id
Value: f3b107f1-2921-4637-9233-b841b6dbe01f
.company-target.com/ Name: tuuid
Value: 8eee0e91-28ca-4d68-b49b-5bf2cc496ef8
.company-target.com/ Name: tuuid_lu
Value: 1733335572|ix:0|mctv:0|rp:0
.casalemedia.com/ Name: CMID
Value: Z1CaFLlQJTUAAG10A2Q8FQAA
.casalemedia.com/ Name: CMPS
Value: 651
.casalemedia.com/ Name: CMPRO
Value: 651
.tremorhub.com/ Name: tvid
Value: d020036cdb814d9b9f483d4805cfbb8d
.tremorhub.com/ Name: tv_UIDM
Value: 8eee0e91-28ca-4d68-b49b-5bf2cc496ef8
.bitsight.com/ Name: __hstc
Value: 208292109.0fb242625dfe5b43b727b1b952c38392.1733335573654.1733335573654.1733335573654.1
.bitsight.com/ Name: hubspotutk
Value: 0fb242625dfe5b43b727b1b952c38392
.bitsight.com/ Name: __hssrc
Value: 1
.bitsight.com/ Name: __hssc
Value: 208292109.1.1733335573654
.hubspot.com/ Name: __cf_bm
Value: _rGMiwj5wC6EXJCn7hgVnp7lr1IZMdlUqFCOYYaoIJc-1733335573-1.0.1.1-iEcDOTCSB1Hce.NHCOW0UtQ_CcKNp3BZGf08dYzLnZpxnKo7vyS2HFy8PRsUvMRaW_RSIUFXxG75zpqA4sFKjw
.hubspot.com/ Name: _cfuvid
Value: LQk9wfwCMsYXsyqIt8kOX5WIsjFQ.waV1E2CYnQofVg-1733335573834-0.0.1.1-604800000
.bitsight.com/ Name: source
Value: (direct)
.bitsight.com/ Name: medium
Value: (none)
.bitsight.com/ Name: content
Value: undefined
.bitsight.com/ Name: keyword
Value: undefined
.bitsight.com/ Name: campaign
Value:
.bitsight.com/ Name: landing_page
Value: /blog/proxyam-powered-socks5systemz-botnet
.bitsight.com/ Name: conversion_page
Value: /blog/proxyam-powered-socks5systemz-botnet
www.bitsight.com/ Name: _aeaid
Value: 2e0d6abc-cc95-4234-a801-28afe374836f
www.bitsight.com/ Name: aelastsite
Value: TtjLDjDwfaF1TTjoIhP9A0VMHHviwGrxnfPhNkhmzFrJiiv3l6ZPAzyzm6X3TIin
www.bitsight.com/ Name: aelreadersettings
Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
.bitsight.com/ Name: trd_cid
Value: 17333355746833172
trackingapi.trendemon.com/ Name: trd_gavid_2423
Value: 17333355746833172
trackingapi.trendemon.com/ Name: trd_gvid
Value: 17333355746833172
trackingapi.trendemon.com/ Name: trd_vid_2423
Value: 2423%3A17333355746833172
.bitsight.com/ Name: trd_vid_l
Value: 2423%3A17333355746833172
.bitsight.com/ Name: trd_vuid_l
Value: -3544963389721976102
.bitsight.com/ Name: trd_ma_cookie
Value: MGZiMjQyNjI1ZGZlNWI0M2I3MjdiMWI5NTJjMzgzOTI%3D

1 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri /report-csp-violation
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a26349430206.cdn.optimizely.com
alb.reddit.com
analytics.audioeye.com
api.company-target.com
api.permutive.com
assets.trendemon.com
cdn.bizible.com
cdn.bizibly.com
cdn.optimizely.com
cdn.permutive.com
cdn3.optimizely.com
consent.trustarc.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
go.affec.tv
googleads.g.doubleclick.net
ib.adnxs.com
id.rlcdn.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
ka-p.fontawesome.com
logx.optimizely.com
map.go.affec.tv
match.adsrvr.org
p.typekit.net
pic.trendemon.com
pixel-config.reddit.com
pixel.mathtag.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.company-target.com
secure.adnxs.com
snap.licdn.com
ssl.google-analytics.com
tag-logger.demandbase.com
tag.demandbase.com
tags.srv.stackadapt.com
td.doubleclick.net
track.hubspot.com
tracking.intentsify.io
trackingapi.trendemon.com
use.typekit.net
ws.zoominfo.com
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
www.bitsight.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.redditstatic.com
analytics.audioeye.com
www.bitsight.com
104.16.118.43
13.107.42.14
13.224.189.100
13.225.78.57
142.250.185.195
142.250.185.98
151.101.129.140
151.101.65.140
152.195.15.58
172.217.16.196
172.217.18.104
172.64.152.14
18.245.60.121
18.66.102.98
185.89.210.46
2001:4860:4802:34::36
2600:9000:262a:3600:2:7dc7:8f00:93a1
2600:9000:2724:c00:1d:8d6d:3b40:93a1
2606:4700:10::6816:4af2
2606:4700:4400::6812:2844
2606:4700:4400::6812:28f0
2606:4700::6810:7674
2606:4700::6810:8ad1
2606:4700::6811:6d13
2606:4700::6811:afc9
2606:4700::6812:1d9b
2606:4700::6812:4239
2606:4700::6812:8a11
2620:1ec:21::14
2a00:1450:4001:806::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:812::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:827::2008
2a02:26f0:3500:8::c16c:9908
2a02:26f0:480:33::212:40dc
2a02:26f0:780::210:a419
2a04:4e42::396
3.33.220.150
34.107.254.252
34.205.161.15
34.248.79.160
34.49.241.189
34.96.71.22
35.244.174.68
37.252.171.53
52.208.71.230
52.28.219.199
52.9.213.1
54.148.32.82
74.121.140.211
05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568
0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3
0a3acc1a4f3c4135ca1ad428906097a5bfbe4b06141000ec877e7e3e561fa71b
0c47080feb6fe854cb361dc2471f19799e8773617f10e33cf78aea069d41a4e6
0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
14634539dcfd49aa7372e4ebf0630942251dd57aa012becf193596f10a20864a
160b6b9690833ef42cd5f35046a391ec3efc97f2a30f7effc8f7e39ef72dabe2
177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e4c3de3ec3ec95c33bdf635ae9cace7af833c5dd8ddcc694dcc278d6b300ebb
1f1edcf201dd193a9c8a75c631d8883e5cc2c1b279ad41f41bb8e36e15879b67
21976b513b4ff299b91152af25e0ff8c70efab51db482bdfcf67cfabfef293db
240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25baf7f18d586a04b70e94d021e465251346cc7c1eff715ff2281ac1d740a9a3
2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78
2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822
2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc
2ddf294744bc4a89e81278c38b50e46ded7f62f2d80e1ff4deeca647d82b1766
2e578c5380d8fa3c1b16ce05f15037ddc73fe2ca4361294e983674acb7455aa8
2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494
306b1b64e818028ad936b4527fbbc958827fcd8863464d9ecfd1c88934440e08
357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8
376ece734d6d2035b74688721cebcde1c63af31e2dbfc8c89e03b68203cc2e85
39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c
3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8
401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c
419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474
4343f53d3d0ec258a8325865825b6c0a0d09b3088a9708ee55a443646297ebef
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd
4656a7aa47e776fa68e752e6d5e4ab7acf342123519b76ffbb2f083ecbf47529
47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820
48b3223045e89bc08cab63141deb460590b7638fbe14fcee1de49394aff4a5e3
48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4
53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017
54b3e4c319fb99c631ffd50cf7308ed0d10e78eb2e7ae6190f960c27418399fe
597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259
5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee
5bbf9ec5af46aff00e74c33717c982fc87453d3be7d93aff20cf1001f88ab840
5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7
6000525be96e0b82ce7eada0adcb538f08ea3d7e235af64f1cad27bac9191b12
62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8
64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1
65f5bdd4901778f59b7be65aa0ff748c7ff932d7c94adeb00dbb297c8ad13f73
66ec97d7281b60c831342be081bb27f610f46d8b73f9b4bfd3d1b589096a0869
69e9f48058d6bd3c12639a4a967637a337955dca5b30596244539746f0c06aac
6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0
77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70
78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47
7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3
7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851
81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86a49f01ca8d20fe2293719b308b62b73b1203107d67980ceb8254564509ce06
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8d627a9a91f75bd7bdef1b7eeb3dec1696a10b030fa50407df4d8a2c44e0c709
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a
9587394f23c57c26e598a78cdc7ab23d190f2bb37cb63ff759640335a9cacf87
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
9870114efcbabd80097267ef2b95824c28452ddc1b623402d578697e6c319407
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5
9be880a2aca36c57ee646fcfdd9bc40b8c45be7afad90b8a212c839c573a8282
9c8f4bf36a0676bded8b88917b88a5e91461256633a0b6dc1e59ef476424d74f
9d9c93c8d5d4509923621f8cc6bcc2cc71aa1a42617513ca76abf9a21b55c804
9f6331a2668773c2c297dd182dc9a409a8a06ce9fc55c53bdf0bf2a11ac6609e
a9e1fde6240e3a5a6abc36edfe07c9e6204b687100edadd3d70fb77e9560ca96
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0d191e37e74e83b242c180f6b17881dd5a6ae40522257f461eae3bcf66d7a22
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a
b6db76366fdb316e92890d326c4d10141034c01e7cd0d999e953cb79661f5a82
bf7efd0300bad653e91b0b17d85fcd1ffeb89f504ca2b8740784f1070b1be700
c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5
c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35
d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3
d74bdb691409ac89ce4d994b39173d7b8913394158e01bf6856dc84004bfa800
dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91
ea4d8183e5312676ab1a197a262966766507a25929b068e895fd4f51d416be01
ed18f2600dba553139a6e5f0db9e91fb28637a6af8dbfec605bf000c40799e1e
ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42
f6276740979e4a4e4528cd977b22b03a402d4f102fed8aca5140c4ad93690a51
f7090859db03201d473099bdd8efc7ec5ac3016b74fa405003818b7cacbb258e
f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182
faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c
fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc
fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a