www.bitsight.com Open in urlscan Pro
2606:4700:10::ac43:60f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Submission: On December 05 via api (December 5th 2024, 9:15:34 am UTC) from IN — Scanned from US

Summary HTTP 142 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 57 IPs in 3 countries across 38 domains to perform 142 HTTP transactions. The main IP is 2606:4700:10::ac43:60f, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bitsight.com. The Cisco Umbrella rank of the primary domain is 797774.
TLS certificate: Issued by WE1 on November 26th 2024. Valid for: 3 months.

This is the only time www.bitsight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	2606:4700:10:... 2606:4700:10::ac43:60f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.163.94 142.251.163.94	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:4239	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.152.14 172.64.152.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4004:c1b::61	15169 (GOOGLE) (GOOGLE)
1	2600:1408:c40... 2600:1408:c400:29::17da:da44	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
7	2600:1408:c40... 2600:1408:c400:29::17da:da49	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8b11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	3.171.85.26 3.171.85.26	16509 (AMAZON-02) (AMAZON-02)
1	142.251.163.103 142.251.163.103	15169 (GOOGLE) (GOOGLE)
4	152.199.2.76 152.199.2.76	15133 (EDGECAST) (EDGECAST)
2	2600:1408:c40... 2600:1408:c400:5::17c7:3719	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2607:f8b0:400... 2607:f8b0:4004:c1b::65	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	216.200.232.253 216.200.232.253	30419 (PAEDAE-INC) (PAEDAE-INC)
1	18.160.10.76 18.160.10.76	16509 (AMAZON-02) (AMAZON-02)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c0b::61	15169 (GOOGLE) (GOOGLE)
4	34.196.12.18 34.196.12.18	14618 (AMAZON-AES) (AMAZON-AES)
3	18.160.18.106 18.160.18.106	16509 (AMAZON-02) (AMAZON-02)
2	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1b::9a	15169 (GOOGLE) (GOOGLE)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	99.84.188.65 99.84.188.65	16509 (AMAZON-02) (AMAZON-02)
2	13.249.39.46 13.249.39.46	16509 (AMAZON-02) (AMAZON-02)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 7	68.67.160.132 68.67.160.132	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	18.214.43.89 18.214.43.89	14618 (AMAZON-AES) (AMAZON-AES)
2 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	142.251.111.97 142.251.111.97	15169 (GOOGLE) (GOOGLE)
2	34.49.241.189 34.49.241.189	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6811:6d13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:200... 2600:9000:2009:c00:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
5	34.107.254.252 34.107.254.252	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.8.65.43 52.8.65.43	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c21::64	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c0b::9d	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1d9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700::68... 2606:4700::6812:1c9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:27d... 2600:9000:27d4:7e00:2:7dc7:8f00:93a1	16509 (AMAZON-02) (AMAZON-02)
8	23.21.139.132 23.21.139.132	14618 (AMAZON-AES) (AMAZON-AES)
1	34.215.81.112 34.215.81.112	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c09::5f	15169 (GOOGLE) (GOOGLE)
1	18.154.227.35 18.154.227.35	16509 (AMAZON-02) (AMAZON-02)
1	18.160.41.49 18.160.41.49	16509 (AMAZON-02) (AMAZON-02)
1	3.167.56.16 3.167.56.16	16509 (AMAZON-02) (AMAZON-02)
1	52.51.180.248 52.51.180.248	16509 (AMAZON-02) (AMAZON-02)
1	18.160.18.96 18.160.18.96	16509 (AMAZON-02) (AMAZON-02)
2	18.160.18.4 18.160.18.4	16509 (AMAZON-02) (AMAZON-02)
142	57

30 2606:4700:10::ac43:60f (United States)

ASN13335 (CLOUDFLARENET, US)

www.bitsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.163.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2844 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:4239 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a26349430206.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.152.14 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

cdn3.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1b::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:29::17da:da44 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1408:c400:29::17da:da49 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8b11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.171.85.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-171-85-26.iad89.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.163.103 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.199.2.76 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:5::17c7:3719 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1b::65 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.253 (Frederick, United States)

ASN30419 (PAEDAE-INC, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.10.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-76.iad12.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c0b::61 (Washington, United States)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.196.12.18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-12-18.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.160.18.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-106.iad12.r.cloudfront.net

go.affec.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1b::9a (Washington, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.188.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-188-65.iad89.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.249.39.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-46.iad89.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 68.67.160.132 (Colonia, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.214.43.89 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-43-89.compute-1.amazonaws.com

map.go.affec.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.111.97 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.49.241.189 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 189.241.49.34.bc.googleusercontent.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:6d13 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2009:c00:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.8.65.43 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-8-65-43.us-west-1.compute.amazonaws.com

tracking.intentsify.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c21::64 (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c0b::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d9b (United States)

ASN13335 (CLOUDFLARENET, US)

wsmcdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6812:1c9b (United States)

ASN13335 (CLOUDFLARENET, US)

wsv3cdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:27d4:7e00:2:7dc7:8f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.21.139.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-139-132.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.215.81.112 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-81-112.us-west-2.compute.amazonaws.com

analytics.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.154.227.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-227-35.iad55.r.cloudfront.net

pic.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-49.iad55.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.167.56.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-56-16.iad61.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.180.248 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-180-248.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.18.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-96.iad12.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.160.18.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-4.iad12.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	bitsight.com www.bitsight.com — Cisco Umbrella Rank: 797774	321 KB
12	audioeye.com wsmcdn.audioeye.com — Cisco Umbrella Rank: 5297 wsv3cdn.audioeye.com — Cisco Umbrella Rank: 4073 analytics.audioeye.com — Cisco Umbrella Rank: 4630	277 KB
11	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 116645 trackingapi.trendemon.com — Cisco Umbrella Rank: 88085 pic.trendemon.com — Cisco Umbrella Rank: 235815	72 KB
8	typekit.net p.typekit.net — Cisco Umbrella Rank: 571 use.typekit.net — Cisco Umbrella Rank: 460	181 KB
7	adnxs.com 4 redirects secure.adnxs.com — Cisco Umbrella Rank: 495 ib.adnxs.com — Cisco Umbrella Rank: 281	7 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	4 KB
6	permutive.com cdn.permutive.com — Cisco Umbrella Rank: 3767 api.permutive.com — Cisco Umbrella Rank: 2768	81 KB
6	affec.tv 2 redirects go.affec.tv — Cisco Umbrella Rank: 7524 map.go.affec.tv — Cisco Umbrella Rank: 7841	5 KB
5	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 1024 cdn3.optimizely.com — Cisco Umbrella Rank: 4684 a26349430206.cdn.optimizely.com logx.optimizely.com — Cisco Umbrella Rank: 1766	99 KB
4	company-target.com s.company-target.com — Cisco Umbrella Rank: 1549 segments.company-target.com — Cisco Umbrella Rank: 1655 api.company-target.com — Cisco Umbrella Rank: 4358	2 KB
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 stats.g.doubleclick.net — Cisco Umbrella Rank: 135	616 B
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2701	10 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36 ssl.google-analytics.com — Cisco Umbrella Rank: 972	39 KB
4	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 3570	40 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	357 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 7118	62 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 9821	26 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 142
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	61 KB
2	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	3 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 377	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 854	769 B
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 6210 tag-logger.demandbase.com — Cisco Umbrella Rank: 5387	20 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	15 KB
2	gstatic.com fonts.gstatic.com	59 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 5577	171 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	895 B
1	intentsify.io tracking.intentsify.io — Cisco Umbrella Rank: 59048	213 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 14108	305 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514	2 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 3693	712 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	28 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2580	971 B
1	fontawesome.com ka-p.fontawesome.com — Cisco Umbrella Rank: 3310	15 KB
142	38

	Domain	Requested by
30	www.bitsight.com	www.bitsight.com
10	wsv3cdn.audioeye.com	wsmcdn.audioeye.com wsv3cdn.audioeye.com
8	trackingapi.trendemon.com	assets.trendemon.com
7	use.typekit.net	www.bitsight.com
6	secure.adnxs.com	4 redirects www.bitsight.com
5	api.permutive.com	cdn.bizible.com
5	px.ads.linkedin.com	3 redirects cdn.bizible.com
4	tags.srv.stackadapt.com	www.bitsight.com tags.srv.stackadapt.com cdn.bizible.com
4	consent.trustarc.com	www.googletagmanager.com consent.trustarc.com www.bitsight.com
4	www.googletagmanager.com	www.bitsight.com www.googletagmanager.com
3	js.driftt.com	www.bitsight.com js.driftt.com
3	map.go.affec.tv	2 redirects www.bitsight.com
3	go.affec.tv	www.googletagmanager.com go.affec.tv
3	cdn.bizible.com	www.googletagmanager.com www.bitsight.com cdn.bizible.com
2	assets.trendemon.com	www.bitsight.com assets.trendemon.com
2	analytics.google.com	www.googletagmanager.com
2	logx.optimizely.com	cdn.bizible.com
2	match.adsrvr.org	2 redirects
2	api.company-target.com	cdn.bizible.com js.driftt.com
2	id.rlcdn.com	2 redirects
2	td.doubleclick.net	www.googletagmanager.com
2	ssl.google-analytics.com	www.bitsight.com
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	fonts.gstatic.com	fonts.googleapis.com
1	content.hotjar.io	cdn.bizible.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.googletagmanager.com
1	pic.trendemon.com
1	fonts.googleapis.com	wsv3cdn.audioeye.com
1	analytics.audioeye.com	wsv3cdn.audioeye.com
1	forms.hubspot.com	cdn.bizible.com
1	wsmcdn.audioeye.com	www.bitsight.com
1	track.hubspot.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	tracking.intentsify.io	www.bitsight.com
1	ib.adnxs.com	cdn.bizible.com
1	tag-logger.demandbase.com	cdn.bizible.com
1	cdn.permutive.com	go.affec.tv
1	px4.ads.linkedin.com	www.bitsight.com
1	www.linkedin.com	1 redirects
1	segments.company-target.com	www.bitsight.com
1	s.company-target.com	tag.demandbase.com
1	cdn.bizibly.com	www.bitsight.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	alb.reddit.com	www.bitsight.com
1	pixel-config.reddit.com	www.redditstatic.com
1	ws.zoominfo.com	www.bitsight.com
1	tag.demandbase.com	www.bitsight.com
1	pixel.mathtag.com	www.googletagmanager.com
1	www.google.com	www.googletagmanager.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	a26349430206.cdn.optimizely.com	cdn.optimizely.com
1	p.typekit.net	www.bitsight.com
1	cdn3.optimizely.com	cdn.optimizely.com
1	js.hs-scripts.com	www.bitsight.com
1	cdn.optimizely.com	www.bitsight.com
1	ka-p.fontawesome.com
142	61

This site contains links to these domains. Also see Links.

Domain
service.bitsighttech.com
bitsight.wd1.myworkdayjobs.com
www.facebook.com
twitter.com
www.linkedin.com
www.recordedfuture.com
www.europol.europa.eu
www.virustotal.com
malware.news
www.rolr.eu
blog.lumen.com
app.termscout.com
academy.bitsight.com
help.bitsighttech.com
submit-irm.trustarc.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
bitsight.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-01-27`	6 months	crt.sh
cdn.optimizely.com WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
cdn3.optimizely.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-17` - `2025-11-17`	a year	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2024-03-16` - `2025-04-14`	a year	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-07` - `2025-07-08`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-27` - `2025-09-28`	a year	crt.sh
zoominfo.com E6	`2024-11-12` - `2025-02-10`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2024-08-09` - `2025-09-06`	a year	crt.sh
affec.tv Amazon RSA 2048 M03	`2024-06-05` - `2025-07-03`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.company-target.com R10	`2024-10-14` - `2025-01-12`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
logx.optimizely.com WR3	`2024-11-13` - `2025-02-11`	3 months	crt.sh
permutive.com WE1	`2024-11-24` - `2025-02-23`	3 months	crt.sh
*.demandbase.com Amazon RSA 2048 M02	`2024-06-10` - `2025-07-08`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
api.permutive.com R11	`2024-10-19` - `2025-01-17`	3 months	crt.sh
*.intentsify.io Amazon RSA 2048 M03	`2024-05-07` - `2025-06-06`	a year	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
wsmcdn.audioeye.com WE1	`2024-10-08` - `2025-01-06`	3 months	crt.sh
wsv3cdn.audioeye.com WE1	`2024-11-10` - `2025-02-08`	3 months	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2024-06-18` - `2025-06-18`	a year	crt.sh
report-prod.audioeye.com Amazon RSA 2048 M03	`2024-08-18` - `2025-09-17`	a year	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
drift.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Frame ID: E5006C629D5E156CD312F451C405FF90
Requests: 133 HTTP requests in this frame

Frame: https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html
Frame ID: 41BD4D07D19E25403192E7062C741BD0
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com
Frame ID: A6DBD423DE21E5A3C0AEDCB0FCB53FD0
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/965095466?random=1733390126448&cv=11&fst=1733390126448&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c30z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&hn=www.googleadservices.com&frm=0&tiba=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=1645140621.1733390126&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse
Frame ID: 1670A85BC44FF8D671FE45A65EBCA9EE
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 7FD083B0DF3D8D8F1263B1C4F2DDAECF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-RJ4RWVVWH4&gacid=337250662.1733390127&gtm=45je4c30v882142918z876025611za200zb76025611&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=1578503068
Frame ID: 7E56EA470ADD7C3DA124D7B663849857
Requests: 1 HTTP requests in this frame

Frame: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/cookieStorage.html
Frame ID: E91D592F7646182A3A38126FFBB68CE8
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=fkvvvy3ev4dt&eId=fkvvvy3ev4dt&region=US&forceShow=false&skipCampaigns=false&sessionId=7b96fed0-41f3-45c0-a0e1-202c325826f1&sessionStarted=1733390132.931&campaignRefreshToken=b3e559fb-99dd-4daf-a5f1-296accf70457&hideController=false&pageLoadStartTime=1733390125521&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
Frame ID: 471285872EAECC173E856926C0894C87
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1733390125521
Frame ID: BBE17E550FB52B2C3D365C8FA9D8C5A1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PROXY.AM Powered by Socks5Systemz Botnet | Bitsight

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

Page Statistics

142
Requests

95 %
HTTPS

45 %
IPv6

38
Domains

61
Subdomains

57
IPs

3
Countries

1917 kB
Transfer

5596 kB
Size

94
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://service.bitsighttech.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://bitsight.wd1.myworkdayjobs.com/Bitsight
Title: Open Positions

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.recordedfuture.com/blog/ar3s-behind-andromeda
Title: arrested

Search URL Search Domain Scan URL

URL: https://www.europol.europa.eu/media-press/newsroom/news/andromeda-botnet-dismantled-in-international-cyber-operation
Title: Operation Avalanche.

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/33ad13c11e87405e277f002e3c4d26d120fcad0ce03b7f1d4831ec0ee0c056c6
Title: proxy module for Trickbot

Search URL Search Domain Scan URL

URL: https://malware.news/t/lets-learn-trickbot-socks5-backconnect-module-in-detail/16491
Title: analysis of it

Search URL Search Domain Scan URL

URL: https://www.rolr.eu/
Title: Registrar of Last Resort

Search URL Search Domain Scan URL

URL: https://blog.lumen.com/one-sock-fits-all-the-use-and-abuse-of-the-nsocks-botnet/
Title: Ngioweb and NSOCKS

Search URL Search Domain Scan URL

URL: https://blog.lumen.com/author/black-lotus-labs/
Title: Black Lotus Labs

Search URL Search Domain Scan URL

URL: https://app.termscout.com/certify/bitsight-certified-contract

Search URL Search Domain Scan URL

URL: https://academy.bitsight.com/learn/dashboard
Title: BitSight Academy

Search URL Search Domain Scan URL

URL: https://help.bitsighttech.com/hc/en-us
Title: BitSight Knowledge Base

Search URL Search Domain Scan URL

URL: https://submit-irm.trustarc.com/services/validation/313077aa-ba94-46d5-8cdb-1eec02a3553a
Title: Do Not Sell or Share My Personal Information

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BitSight
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/bitsight/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bitsight/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/BitSight
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCQK4819a_k18f2GGC3Fkv8g
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://id.rlcdn.com/464526.gif HTTP 307
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCK7exboGEgUI6AcQAEIASgA HTTP 307
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297BKkWEevmr9zVvL_nbTqunEy6tlIv8e6lPIH3wdRrn_8

Request Chain 79

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26304%26time%3D1733390126638%26li_adsId%3D57b345f3-3cb7-4ee2-bf00-522835c00191%26url%3Dhttps%253A%252F%252Fwww.bitsight.com%252Fblog%252Fproxyam-powered-socks5systemz-botnet%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&cookiesTest=true&liSync=true&e_ipv6=AQLZyB0ek3akywAAAZOWGk_PsRhYxWkU4OT4TU46f44gQ-wJJ4t2tOU4GMxnYfhjsYtLGw

Request Chain 80

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Request Chain 82

https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67516f2e9b0227000198ac4b%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmap.go.affec.tv%252Fmap%252Fan%252F%2524UID%253Fch%253D67516f2e9b0227000198ac4b%2526chc%253Daf%2526redirect_url%253D%2526gdpr%253D%2526gdpr_consent%253D%26gdpr%3D%26gdpr_consent%3D HTTP 302
https://map.go.affec.tv/map/an/5074911671129964893?ch=67516f2e9b0227000198ac4b&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= HTTP 303
https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= HTTP 302
https://map.go.affec.tv/map/ttd/b4a47bfd-4505-41cd-80dd-801a5c10bcb7?ttd_puid=&gdpr=0&gdpr_consent=

Request Chain 89

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

142 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request proxyam-powered-socks5systemz-botnet Show response
www.bitsight.com/blog/ 137 KB
23 KB 264ms
194ms Document
text/html 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01be49b47924758c8be361cda908ee992c10cc1c41e29006e0cea8a795757390

Security Headers

Name	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 73155
cache-control: max-age=31536000, public
cf-cache-status: DYNAMIC
cf-ray: 8ed2ee7b5a692257-MIA
content-encoding: br
content-language: en
content-security-policy: report-uri /report-csp-violation
content-type: text/html; charset=UTF-8
date: Thu, 05 Dec 2024 09:15:25 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Wed, 04 Dec 2024 12:55:43 GMT
link: <analytics.google.com>; rel="dns-prefetch", <js.driftt.com>; rel="dns-prefetch", <rackingapi.trendemon.com>; rel="dns-prefetch", <tags.srv.stackadapt.com>; rel="dns-prefetch", <cdn.optimizely.com>; rel="dns-prefetch", <js.hs-scripts.com>; rel="dns-prefetch", <logx.optimizely.com>; rel="dns-prefetch", <metrics.hotjar.io>; rel="dns-prefetch", <bootstrap.driftapi.com>; rel="dns-prefetch", <ka-p.fontawesome.com>; rel="dns-prefetch", <audioeye.com>; rel="dns-prefetch", <googletagmanager.com>; rel="dns-prefetch", <permutive.com>; rel="dns-prefetch", <hotjar.com>; rel="dns-prefetch", <analytics.google.com>; rel="preconnect", <js.driftt.com>; rel="preconnect", <rackingapi.trendemon.com>; rel="preconnect", <consent.trustarc.com>; rel="preconnect", <cdn.optimizely.com>; rel="preconnect", <js.hs-scripts.com>; rel="preconnect", <metrics.hotjar.io>; rel="preconnect", <logx.optimizely.com>; rel="preconnect", <bootstrap.driftapi.com>; rel="preconnect", <ka-p.fontawesome.com>; rel="preconnect", <tags.srv.stackadapt.com>; rel="preconnect", <audioeye.com>; rel="preconnect", <googletagmanager.com>; rel="preconnect", <permutive.com>; rel="preconnect", <hotjar.com>; rel="preconnect", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2>; rel="prefetch", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://kit.fontawesome.com/bc8e4d7021.js>; rel="prerender", <https://js-agent.newrelic.com/nr-rum-1.255.0.min.js>; rel="prerender"
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains
surrogate-key: tilu alec 15nq bh81 qknc 135a t5be 1rv1 4iqj 2h09 k5im 7bmp epgs ffa2 tapm s1so lgqj d7d6 1971 6ehj gaf3 77td jufg knej sheu khoj 4n5i cj78 vja0 ka5u 78t5 6dsl ldc7 snk9 tib3 rjqv tjhs n16q keo3 rl04 p93v vcdf e79l u1q5 gsd9 lira nl66 jro7 in6f h29v iu4c 3kis e6ki 2pbm 3t5u snd9 1cn6 omo7 o1kn 4539 uqdm k6vi dfem 98ql 5694 s3lt gub4 qb8d td07 bicd b452 cjqp 51mg q0pd 516e gfvc vfo5 urm3 2e20 1ovt ihaf 93fh ogvc 8775 4f2v acf4 1edt ql68 bsc4 3ukk ut71 kvo9 bsid i1hh m4ma 704t l0o5 ebeg 601f kfqg eit7 ig0p 4fu4 vq51 oauf snab trke e1j3
vary: Cookie,Accept-Encoding
via: varnish
x-ah-environment: prod
x-cache: HIT
x-cache-hits: 526
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-request-id: v-2223e9ac-b23f-11ef-9242-4f3e994eb3ea
x-xss-protection: 1; mode=block

GET
H3 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v22/ 0
14 KB 116ms
54ms Other
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

age: 506319
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 12:36:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 12:36:46 GMT
last-modified: Wed, 26 Jan 2022 19:14:07 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13976
x-xss-protection: 0
server: sffe

GET
H2 200 pro-fa-light-300-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 0
15 KB 113ms
44ms Other
font/woff2 2606:4700:4400::6812:2844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=31556926
cf-cache-status: HIT
etag: "660c2974-3c34"
age: 2153052
cf-ray: 8ed2ee7d2fa5287e-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15412
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: font/woff2
last-modified: Tue, 02 Apr 2024 15:51:16 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server: cloudflare

GET
H2 200 26349430206.js Show response
cdn.optimizely.com/js/ 341 KB
98 KB 111ms
41ms Script
text/javascript 2606:4700::6812:4239
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.optimizely.com/js/26349430206.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e0f30e660d7a31385f5965dfc0e2f0c0d13cecab111ea5007d6c1101354a60e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
content-encoding: gzip
cf-cache-status: HIT
etag: "eee46996f3104e217506d7ec9355602d"
x-amz-version-id: waeRRqLXxD9Dq245ZbBIy_M4ALXIJOCN
age: 8
access-control-allow-methods: GET, HEAD
date: Thu, 05 Dec 2024 09:15:25 GMT
x-amz-meta-revision: 9789
content-type: text/javascript; charset=utf-8
last-modified: Thu, 05 Dec 2024 08:43:18 GMT
vary: Accept-Encoding
x-amz-id-2: dsYwdc98zry/aLyQpM1cchWe8eL0kLr/SLbrNIH6Zbie7+4+MzcuUUzW7Ul8D6Sfj6EY2G5VBvw=
access-control-allow-headers: *
x-amz-replication-status: PENDING
cache-control: max-age=120
timing-allow-origin: *
x-amz-meta-pci_enabled: False
access-control-allow-credentials: false
x-amz-request-id: FMTW9EMWY8FC4AW2
cf-ray: 8ed2ee7d1b2074ba-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 99509
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css
www.bitsight.com/sites/default/files/css/ 4 KB
1 KB 42ms
41ms Stylesheet
text/css 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/css/css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css?delta=0&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-dd24958a-a1dc-11ef-b328-4b413951eb8b
content-encoding: gzip
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Thu, 13 Nov 2025 16:31:57 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: text/css
last-modified: Wed, 13 Nov 2024 16:31:56 GMT
vary: Accept-Encoding
x-cache-hits: 1849
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7caac62257-MIA
accept-ranges: bytes
content-length: 1331
server: cloudflare

GET
H2 200 css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css
www.bitsight.com/sites/default/files/css/ 90 KB
14 KB 38ms
38ms Stylesheet
text/css 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-3e7b2ef4-a75d-11ef-b5b9-3b9319007506
content-encoding: gzip
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 16:33:59 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: text/css
vary: Accept-encoding
x-cache-hits: 962
last-modified: Wed, 20 Nov 2024 16:31:02 GMT
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7caac72257-MIA
accept-ranges: bytes
content-length: 14030
server: cloudflare

GET
H2 200 Products_EnterpriseSecurity.svg
www.bitsight.com/sites/default/files/2024/04/27/ 994 B
579 B 43ms
43ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_EnterpriseSecurity.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-4d9c5bf6-500a-11ef-ac98-3fccc093b49f
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:56:41 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:46:48 GMT
x-cache-hits: 20721
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7caac82257-MIA
server: cloudflare

GET
H2 200 Products_DigitalSupplyChainSecurity.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
510 B 42ms
42ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_DigitalSupplyChainSecurity.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-4d9e01c2-500a-11ef-8a2c-e30a1be3abdc
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:55:26 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:48:47 GMT
x-cache-hits: 20571
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7caac92257-MIA
server: cloudflare

GET
H2 200 Products_RiskGovernanceReporting.svg
www.bitsight.com/sites/default/files/2024/04/27/ 712 B
435 B 41ms
40ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskGovernanceReporting.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-f3471bd6-7fa8-11ef-a4ea-5f39717e670d
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:50:46 GMT
x-cache-hits: 96496
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7cfadb2257-MIA
server: cloudflare

GET
H2 200 Products_RiskAnalysisData.svg
www.bitsight.com/sites/default/files/2024/04/27/ 630 B
373 B 38ms
38ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskAnalysisData.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-5e33878c-500a-11ef-8a12-fbb499a55859
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:55:26 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:52:21 GMT
x-cache-hits: 20707
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7cfadc2257-MIA
server: cloudflare

GET
H2 200 Products_CyberUnderwritingRiskControl.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
756 B 39ms
38ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_CyberUnderwritingRiskControl.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-4e1ae25a-500a-11ef-846e-5310a9831d9d
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:55:26 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:53:11 GMT
x-cache-hits: 30769
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7d3afd2257-MIA
server: cloudflare

GET
H2 200 Produ_ProfessionalServices.svg
www.bitsight.com/sites/default/files/2024/04/27/ 2 KB
1 KB 41ms
40ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Produ_ProfessionalServices.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-2c86ad6c-7fa9-11ef-91e0-27d3f366b1a9
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:53:52 GMT
x-cache-hits: 70382
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e5b512257-MIA
server: cloudflare

GET
H2 200 Sidebar_LightBulb.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
694 B 40ms
39ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-5e6ac60c-500a-11ef-9718-13eb4be8d75b
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:56:45 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:45:47 GMT
x-cache-hits: 30902
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e5b542257-MIA
server: cloudflare

GET
H2 200 Solutions_UseCases.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
651 B 50ms
41ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_UseCases.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-e257d0ae-7fa8-11ef-8269-ff9c3df23ac0
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:55:26 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:56:37 GMT
x-cache-hits: 57929
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b562257-MIA
server: cloudflare

GET
H2 200 Solutions_Industries.svg
www.bitsight.com/sites/default/files/2024/04/27/ 864 B
547 B 47ms
38ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_Industries.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-74d30a66-7fa9-11ef-b271-0bd2091ed138
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:58:45 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:59:41 GMT
x-cache-hits: 82559
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b582257-MIA
server: cloudflare

GET
H2 200 DataInsights_OurData.svg
www.bitsight.com/sites/default/files/2024/04/27/ 725 B
515 B 50ms
41ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_OurData.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-5ef9a430-500a-11ef-853d-1b1cc4b0716c
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:03:58 GMT
x-cache-hits: 20388
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b592257-MIA
server: cloudflare

GET
H2 200 DataInsights_ThreatResearch.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
473 B 52ms
44ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_ThreatResearch.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-4e1a0b64-500a-11ef-aad0-dfa64725ab10
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:18:18 GMT
x-cache-hits: 20460
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b5a2257-MIA
server: cloudflare

GET
H2 200 Sidebar_Bell.svg
www.bitsight.com/sites/default/files/2024/04/27/ 766 B
497 B 48ms
40ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-4e1b367e-500a-11ef-aff7-ff692cc1d873
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:03:01 GMT
x-cache-hits: 20303
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b5b2257-MIA
server: cloudflare

GET
H2 200 Company_AboutUs.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
608 B 48ms
41ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Company_AboutUs.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-4e1b258a-500a-11ef-9fff-8b92455c3243
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:07:02 GMT
x-cache-hits: 20423
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b5c2257-MIA
server: cloudflare

GET
H2 200 Company_ConnectWithUs.svg
www.bitsight.com/sites/default/files/2024/04/27/ 745 B
422 B 48ms
40ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Company_ConnectWithUs.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-a6d0fa06-7fa8-11ef-b7ae-bfa105ebdffd
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:09:14 GMT
x-cache-hits: 71526
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b5d2257-MIA
server: cloudflare

GET
H2 200 Resources_Resources.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
708 B 49ms
42ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Resources.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-5f1cd2de-500a-11ef-a496-ff421805185a
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:12:47 GMT
x-cache-hits: 20348
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e7b5e2257-MIA
server: cloudflare

GET
H2 200 Resources_Blog.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
627 B 69ms
63ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Blog.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-5f9c5eb4-500a-11ef-9ff5-471e0db35a20
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:56:48 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:14:49 GMT
x-cache-hits: 20260
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e8b632257-MIA
server: cloudflare

GET
H2 200 Sidebar_QuoteBubble.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
741 B 60ms
54ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_QuoteBubble.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-a6caaa5c-7fa8-11ef-bbdb-f3bafa73eef0
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:16:50 GMT
x-cache-hits: 106112
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e8b642257-MIA
server: cloudflare

GET
H2 200 PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp
www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/ 55 KB
55 KB 66ms
59ms Image
image/webp 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp?itok=hxzltWNB

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f6331a2668773c2c297dd182dc9a409a8a06ce9fc55c53bdf0bf2a11ac6609e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-2ebf1d50-b1b1-11ef-a981-eb880181fbc6
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Wed, 03 Dec 2025 20:06:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/webp
last-modified: Mon, 25 Nov 2024 18:07:12 GMT
x-cache-hits: 6
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e8b652257-MIA
accept-ranges: bytes
content-length: 56146
server: cloudflare

GET
H2 200 Favorable_TermScout.svg
www.bitsight.com/sites/default/files/2024/10/10/ 16 KB
5 KB 61ms
55ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/10/10/Favorable_TermScout.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-6a294578-8754-11ef-a229-9bd6dffacbad
content-encoding: br
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Fri, 10 Oct 2025 21:05:11 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Oct 2024 21:05:11 GMT
x-cache-hits: 33
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7e8b662257-MIA
server: cloudflare

GET
H2 200 email-decode.min.js Show response
www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
848 B 34ms
33ms Script
application/javascript 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"6740aa56-4d7"
x-content-type-options: nosniff
cf-ray: 8ed2ee7d3afe2257-MIA
expires: Sat, 07 Dec 2024 09:15:25 GMT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: application/javascript
last-modified: Fri, 22 Nov 2024 15:59:18 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js Show response
www.bitsight.com/sites/default/files/js/ 92 KB
32 KB 42ms
41ms Script
text/javascript 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/js/js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js?scope=footer&delta=0&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-dd6e4568-a1dc-11ef-a7e0-276479788c1f
content-encoding: gzip
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Thu, 13 Nov 2025 16:31:57 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: text/javascript
last-modified: Wed, 13 Nov 2024 16:31:05 GMT
vary: Accept-Encoding
x-cache-hits: 12
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7d7b112257-MIA
accept-ranges: bytes
content-length: 32455
server: cloudflare

GET
H2 200 277648.js Show response
js.hs-scripts.com/ 1 KB
971 B 127ms
50ms Script
application/javascript 2606:4700::6810:8ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/277648.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10f98c4e25928dd7b7b3f8a5a821d8cb5fb2f3cb93437d64af70814f94f574b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 09:16:55 GMT
date: Thu, 05 Dec 2024 09:15:25 GMT
x-hubspot-correlation-id: c92d1878-3fe5-4fc5-9754-2f22fc70f0db
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:14:05 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8ed2ee7ee9e7744d-MIA
accept-ranges: bytes
access-control-allow-origin: https://www.bitsight.com
content-length: 599
server: cloudflare

GET
H2 200 js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js Show response
www.bitsight.com/sites/default/files/js/ 55 KB
14 KB 39ms
38ms Script
text/javascript 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/js/js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js?scope=footer&delta=2&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-11b18bfa-a1dd-11ef-acbc-eb4a9e6e234d
content-encoding: gzip
cf-cache-status: HIT
age: 7
x-content-type-options: nosniff
expires: Thu, 13 Nov 2025 16:33:52 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: text/javascript
last-modified: Wed, 13 Nov 2024 16:31:57 GMT
vary: Accept-Encoding
x-cache-hits: 11
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee7d7b122257-MIA
accept-ranges: bytes
content-length: 14340
server: cloudflare

GET
H2 200 geo4.js Show response
cdn3.optimizely.com/js/ 307 B
322 B 133ms
52ms Script
application/javascript 172.64.152.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.optimizely.com/js/geo4.js
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/26349430206.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.152.14 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a686742dba3ee6b42990138e7328d5317781c226469b21d1534959d293452e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cf-ray: 8ed2ee7ee9ea9aef-MIA
content-encoding: br
date: Thu, 05 Dec 2024 09:15:25 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 449 KB
135 KB 223ms
87ms Script
application/javascript 2607:f8b0:4004:c1b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ea8d301861a76b1dd121f73655d787b3a178d25cae06f649409f933e3cee1a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 05 Dec 2024 09:15:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 137868
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 233ms
56ms Stylesheet
text/css 2600:1408:c400:29::17da:da44
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=dws7syq&ht=tk&f=39488.39489.39490.39491.39492.39493.39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509&a=212160357&app=typekit&e=css
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da44 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Response headers

cache-control: public, max-age=604800
etag: "673b83c1-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/css
last-modified: Mon, 18 Nov 2024 18:13:21 GMT
server: nginx

GET
H2 200 a26349430206.html
a26349430206.cdn.optimizely.com/client_storage/ Frame 41BD 0
0 117ms
46ms Document
text/html 2606:4700::6812:4239
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/26349430206.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 8
cache-control: max-age=120
cf-cache-status: HIT
cf-ray: 8ed2ee7eeb8209a6-MIA
content-encoding: gzip
content-length: 775
content-type: text/html; charset=utf-8
date: Thu, 05 Dec 2024 09:15:25 GMT
etag: "a3598c338cd40df7862b7fd121a25166"
last-modified: Thu, 05 Dec 2024 08:43:13 GMT
server: cloudflare
server-timing: cfCacheStatus;desc="HIT"
vary: Accept-Encoding
x-amz-id-2: PuowODAJjmtX7kYqFpJ5vfly1eSXg1cdHXwMkgSnvvTusHzqCP9SPcwfCy754vO8/wQHt+WixOI=
x-amz-meta-pci_enabled: False
x-amz-replication-status: COMPLETED
x-amz-request-id: RSJ19AR3W6YX7PFE
x-amz-server-side-encryption: AES256
x-amz-version-id: R5b9U46mzplne.MXw6nbsC9Kqzy7Rcfs

GET
H2 200 point-of-precision.svg
www.bitsight.com/themes/custom/bitsight_theme/src/assets/ 327 B
424 B 69ms
67ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/themes/custom/bitsight_theme/src/assets/point-of-precision.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g

Response headers

x-request-id: v-2d977cb8-7fa9-11ef-89da-9f2db6ff5586
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:56:46 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Sep 2024 14:17:53 GMT
x-cache-hits: 67193
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee801bd92257-MIA
server: cloudflare

GET
H2 200 l
use.typekit.net/af/0230dd/00000000000000007735bb33/30/ 26 KB
26 KB 301ms
120ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0230dd/00000000000000007735bb33/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "5bb33ae2a954c4b3b528681f85ecbf7624532fad"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 26356
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/153042/00000000000000007735bb62/30/ 24 KB
24 KB 301ms
121ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "b0d46bd3fb22c6c06785f44e1a131be6878e0485"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24460
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/305037/00000000000000007735bb39/30/ 27 KB
27 KB 254ms
74ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/305037/00000000000000007735bb39/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "4af6f044e86b0a30d1aa7c5babe16808274dd9a8"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 27780
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/ 23 KB
23 KB 236ms
56ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "11d02edbb0e1552504cdb4512876b33f0c02dcaf"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23256
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/384d9b/00000000000000007735bb6a/30/ 25 KB
25 KB 244ms
64ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "23427917d6d72688888854d7151dc7962d8d8301"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 25828
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/aed66e/00000000000000007735bb35/30/ 27 KB
27 KB 299ms
119ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/aed66e/00000000000000007735bb35/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "9e3369ea7ed88f1e4a8a12a637f7348f31af57ce"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 27892
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/160664/00000000000000007735bb32/30/ 28 KB
28 KB 347ms
168ms Font
application/font-woff2 2600:1408:c400:29::17da:da49
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/160664/00000000000000007735bb32/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:29::17da:da49 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "a0a5b94f1d2bb67123bf96637186b77b73341264"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 28612
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png
www.bitsight.com/sites/default/files/2024/11/25/ 14 KB
14 KB 40ms
38ms Image
image/png 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/11/25/Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9e1fde6240e3a5a6abc36edfe07c9e6204b687100edadd3d70fb77e9560ca96

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-8f32b2b0-b165-11ef-b9e2-17a04bc52b66
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 03 Dec 2025 15:13:11 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/png
last-modified: Mon, 25 Nov 2024 18:27:27 GMT
x-cache-hits: 21
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee803bdd2257-MIA
accept-ranges: bytes
content-length: 14184
server: cloudflare

GET
H2 200 Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png
www.bitsight.com/sites/default/files/2024/11/25/ 39 KB
39 KB 41ms
38ms Image
image/png 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/11/25/Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54b3e4c319fb99c631ffd50cf7308ed0d10e78eb2e7ae6190f960c27418399fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-1f09ae2e-b176-11ef-a78c-779f9417ee17
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 03 Dec 2025 12:57:15 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/png
last-modified: Mon, 25 Nov 2024 18:28:42 GMT
x-cache-hits: 21
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee803bde2257-MIA
accept-ranges: bytes
content-length: 39752
server: cloudflare

GET
H2 200 KEV-research-white-paper-ad.svg
www.bitsight.com/sites/default/files/2024/09/20/ 167 KB
112 KB 43ms
41ms Image
image/svg+xml 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/09/20/KEV-research-white-paper-ad.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-aa781222-7fab-11ef-95a5-43a595f8dfd4
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:53:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Sep 2024 19:03:54 GMT
x-cache-hits: 4217
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee803bdf2257-MIA
server: cloudflare

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/277648/ 72 KB
26 KB 115ms
45ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/277648/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 54238e3b-1d81-4814-aa57-08683635202a
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"0d348277da23f2965a1392e91a7fa6aa"
x-amz-version-id: 9rYQwXAh7p3RpE9mplC_EqLSRKBCDaOM
age: 8
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Thu, 05 Dec 2024 09:19:07 GMT
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 09:15:26 GMT
x-hubspot-correlation-id: 54238e3b-1d81-4814-aa57-08683635202a
content-type: text/javascript; charset=UTF-8
last-modified: Fri, 23 Aug 2024 14:30:47 GMT
vary: origin, Accept-Encoding
x-amz-id-2: D2UnxGgq17mH4pZYcNluHEKwTQUsMUfI/k2LsAOsBwnmKRw4ntFP5Qm58Xv/Nt2iiD+3J9527wQ=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-g9d49
x-envoy-upstream-service-time: 57
access-control-allow-credentials: true
x-amz-request-id: YCKVY1DDDT1AJ6J1
cf-ray: 8ed2ee80bd0531f8-MIA
access-control-allow-origin: https://www.bitsight.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 110ms
39ms Script
application/javascript 2606:4700::6812:8b11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: 1f9af8a2-6f56-4435-a6ac-6d1b55beb65e
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
etag: W/"ce26171eff05376a1b746efbb809f7f6"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 55079
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Be0CAfx82aJ2SvMFAUm0dPkmxjY9iOmr6yiJPi7BhtvWdLMMsLDZZA==
x-hubspot-correlation-id: 1f9af8a2-6f56-4435-a6ac-6d1b55beb65e
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:54:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-gvkv8
x-envoy-upstream-service-time: 7
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 05 Dec 2024 09:15:26 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8e67d2ec8f58eafd-IAD
via: 1.1 6028cf6b68ccf308226eae7dc6c6af42.cloudfront.net (CloudFront)
cf-ray: 8ed2ee80ce4a31e4-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H2 200 277648.js Show response
js.hs-analytics.net/analytics/1733389800000/ 87 KB
28 KB 110ms
41ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1733389800000/277648.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 8c4a918f-0b90-4327-bf0e-7ffe092182df
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1a816f50c8ec3bdb09dc86b88930a279"
x-amz-version-id: null
age: 8
expires: Thu, 05 Dec 2024 09:19:07 GMT
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 09:15:26 GMT
x-hubspot-correlation-id: 8c4a918f-0b90-4327-bf0e-7ffe092182df
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:38:12 GMT
vary: origin, Accept-Encoding
x-amz-id-2: j36SFW7T1i/37L+YIKYQl7QMyBHajaXapZdNNwsVCYBcxRpk7DYaLsimqRhVzw9N1/wverqOuMQ=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-l4dxl
x-envoy-upstream-service-time: 41
access-control-allow-credentials: false
x-amz-request-id: MXAYBMW0JYKDR3BR
cf-ray: 8ed2ee80cb83e9f1-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 notice Show response
consent.trustarc.com/ 34 KB
11 KB 188ms
63ms Script
text/javascript 3.171.85.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.85.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-85-26.iad89.r.cloudfront.net

Software

Resource Hash

80c6a481ee869ad9d91596cef1fc2cc8e99a7e29b2fa8c97db1bb1d1ffc09f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3600
content-encoding: gzip
age: 8
via: 1.1 798436e3040e2ba4f1a3ccb2e7b3f806.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: nfJGz-BEepXFVaMMTAVJbEMPbn3BPJOZDGrGW1GtDIDW7v24EYVikg==
date: Thu, 05 Dec 2024 09:15:18 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
x-amz-cf-pop: IAD89-P3

POST
H3 200 collect
www.google.com/ccm/ 0
0 189ms
67ms Ping
text/plain 142.251.163.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&scrsrc=www.googletagmanager.com&frm=0&rnd=1471234997.1733390126&auid=1645140621.1733390126&npa=0&gtm=45He4c30v76025611za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&tft=1733390126270&tfd=1021&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.163.103 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f103.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 136ms
30ms Script
application/x-javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mid/877C) /

Resource Hash

240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: max-age=86400
content-encoding: gzip
etag: "4797a1a44a3cdb1:0"
age: 67871
accept-ranges: bytes
x-cache: HIT
content-length: 25393
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/x-javascript
last-modified: Thu, 21 Nov 2024 19:22:02 GMT
server: ECS (mid/877C)
vary: Accept-Encoding

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 2 KB
1006 B 192ms
58ms Script
application/javascript 2600:1408:c400:5::17c7:3719
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3719 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=19854
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 796
date: Thu, 05 Dec 2024 09:15:26 GMT
last-modified: Mon, 02 Dec 2024 19:27:08 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 182ms
55ms Script
text/javascript 2607:f8b0:4004:c1b::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: gzip
age: 836
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 11:01:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:01:30 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 260 KB
92 KB 78ms
73ms Script
application/javascript 2607:f8b0:4004:c1b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4c30v76025611za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d32796a4bad4ba11ccd613acbfb34d437914dd9a411c39ab232d903f40f947a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 05 Dec 2024 09:15:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94191
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 103ms
31ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Thu, 05 Dec 2024 09:15:26 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
712 B 206ms
67ms Script
text/javascript 216.200.232.253
PAEDAE-INC

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_pp=1&mt_adid=222552

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.200.232.253 Frederick, United States, ASN30419 (PAEDAE-INC, US),

Reverse DNS

Software

MT3 1688 76e1918 master ord ord-pixel-x48 config_version:"3175" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

Strict-Transport-Security: 31536000
Cache-Control: no-cache
Content-Encoding: gzip
Connection: close
Cross-Origin-Resource-Policy: cross-origin
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: all
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 05 Dec 2024 09:15:26 GMT
X-XSS-Protection: 0
Content-Type: text/javascript
Server: MT3 1688 76e1918 master ord ord-pixel-x48 config_version:"3175"

GET
H2 200 7127e84810857c8d.min.js Show response
tag.demandbase.com/ 76 KB
20 KB 188ms
64ms Script
application/javascript 18.160.10.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/7127e84810857c8d.min.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.10.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-10-76.iad12.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age: 3000
content-encoding: gzip
x-amz-version-id: v05QvrvxRI0VOl7C8T2uZsSJ_x4PrkcB
etag: W/"dc57eab4525914a6ed3317a7f6046ff8"
age: 3022
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: zNQhcmVhXS13aOCB1m3gSUM2CrKTBn3PsUlBfEt6_saLbHAw1FAVmQ==
date: Thu, 05 Dec 2024 08:25:05 GMT
content-type: application/javascript; charset=utf-8
vary: accept-encoding
last-modified: Fri, 15 Nov 2024 20:20:16 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=3600
via: 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
access-control-allow-origin: *
x-amz-cf-pop: IAD12-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 nB5wHQT3fvQHVI5gp4PL Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 173ms
128ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/nB5wHQT3fvQHVI5gp4PL

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d031610a8da54c71f8c69b599d41b0103088d39dd5647e6a416c302f3a1daa48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8ed2ee81b8f28dae-MIA
access-control-allow-origin: *
x-powered-by: Express
server: cloudflare

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 177ms
55ms Script
text/javascript 2607:f8b0:4004:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: gzip
age: 4773
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 09:55:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 07:55:53 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 17168
server: Golfe2

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 22 KB
7 KB 174ms
59ms Script
text/javascript 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: 98c260d51c49c7d2d3ca854a42f93544821d60ce96da71e849ae624d2efd755d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-origin: *
cache-control: max-age=5
content-encoding: gzip
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/javascript

GET
H2 200 64fa38cc287519aad2798b3c Show response
go.affec.tv/j/ 663 B
955 B 255ms
131ms Script
application/javascript 18.160.18.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c?
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.18.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-18-106.iad12.r.cloudfront.net
Software: /
Resource Hash: 7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-cf-id: RRGueKgQOj_WMP_iGroRVDXVFx_EAUGe3xVhPXCSpq5oNl-NGEmC2Q==
cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding: gzip
via: 1.1 2741f1723d261cac06de387e29ba4cbc.cloudfront.net (CloudFront)
expires: Wed, 04 Apr 1990 00:00:00 GMT
x-cache: Miss from cloudfront
content-length: 431
p3p: CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript
vary: Accept-Encoding
x-amz-cf-pop: IAD12-P4

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame A6DB 0
0 164ms
56ms Document
text/html 2607:f8b0:4004:c1b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 41614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Dec 2024 21:41:52 GMT
expires: Thu, 04 Dec 2025 21:41:52 GMT
last-modified: Tue, 03 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_dy92zhkbx/ 3 B
124 B 102ms
32ms XHR
application/json 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_dy92zhkbx/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/json

GET
H2 200 t2_dy92zhkbx_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 100ms
38ms XHR
application/json 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_dy92zhkbx_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 125ms
58ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1733390126421&id=t2_dy92zhkbx&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=add2a50f-0e8b-40be-8030-9e3b88d2500a&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/gif
server: Varnish

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/965095466/ 43 B
61 B 176ms
68ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965095466/?random=1733390126448&cv=11&fst=1733390126448&bg=ffffff&guid=ON&async=1&gtm=45be4c30z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&hn=www.googleadservices.com&frm=0&tiba=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=1645140621.1733390126&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4c30v76025611za200

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 37
date: Thu, 05 Dec 2024 09:15:26 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 965095466
td.doubleclick.net/td/rul/ Frame 1670 0
0 185ms
70ms Document
text/html 2607:f8b0:4004:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/965095466?random=1733390126448&cv=11&fst=1733390126448&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c30z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&hn=www.googleadservices.com&frm=0&tiba=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=1645140621.1733390126&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4c30v76025611za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Dec 2024 09:15:26 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ipv
cdn.bizible.com/ 43 B
204 B 34ms
33ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=46a177b33474401e938ad0c329d394b9&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733390126530&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&_biz_n=0&rnd=65068&cdn_o=a&_biz_z=1733390126532

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mid/877D) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 240671
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: Image/GIF
last-modified: Mon, 02 Dec 2024 14:24:15 GMT
server: ECS (mid/877D)

GET
H2 200 u
cdn.bizibly.com/ 43 B
305 B 33ms
32ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=46a177b33474401e938ad0c329d394b9&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733390126536&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&rnd=564180&cdn_o=a&_biz_z=1733390126536

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mid/877B) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 240670
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: Image/GIF
last-modified: Mon, 02 Dec 2024 14:24:16 GMT
server: ECS (mid/877B)

GET
H2 200 v1.7-38 Show response
consent.trustarc.com/asset/notice.js/v/ 95 KB
28 KB 177ms
63ms Script
text/javascript 3.171.85.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-38

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.85.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-85-26.iad89.r.cloudfront.net

Software

Resource Hash

bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: *
content-encoding: gzip
age: 2870
x-cache: Hit from cloudfront
x-amz-cf-id: B7w2hYoImSOf8s5qcgPtELhBH6Rwus8Lqdphuc_AgqJNWoto7JHhDQ==
date: Thu, 05 Dec 2024 08:27:36 GMT
content-type: text/javascript
last-modified: Thu, 5 Dec 2024 02:35:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
pragma: public
via: 1.1 a1938691500ff6480332c6c0e3fe73ba.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 28264
x-amz-cf-pop: IAD89-P3

GET
H2 200 log
consent.trustarc.com/ 43 B
429 B 133ms
133ms Image
image/gif 3.171.85.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=bitsighttech.com&country=us&state=&behavior=implied&session=2eed1538-476a-44be-bb06-110850c3cc4e&userType=NEW&c=164f&referer=https://www.bitsight.com&language=en

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.85.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-85-26.iad89.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
via: 1.1 798436e3040e2ba4f1a3ccb2e7b3f806.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: lp_HL--ID9p5AmzvYyHcVkru--AdraiOsBQApLkZLPxHRvMy_eBp4w==
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/gif
x-amz-cf-pop: IAD89-P3
vary: Origin

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 57ms
57ms Script
application/javascript 2600:1408:c400:5::17c7:3719
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3719 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=19854
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Thu, 05 Dec 2024 09:15:26 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 sync
s.company-target.com/s/ Frame 7FD0 0
0 153ms
84ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.company-target.com/s/sync?exc=lr

Requested by

Host: tag.demandbase.com
URL: https://tag.demandbase.com/7127e84810857c8d.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

22.71.96.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Thu, 05 Dec 2024 09:15:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google

GET
H/1.1

200
OK

log
segments.company-target.com/
Redirect Chain

https://id.rlcdn.com/464526.gif
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCK7exboGEgUI6AcQAEIASgA
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297BKkWEevmr9zVvL_nbTqunEy6tlIv8e6lPIH3wdRrn_8

26 B
348 B

180ms
59ms

Image
image/gif

99.84.188.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297BKkWEevmr9zVvL_nbTqunEy6tlIv8e6lPIH3wdRrn_8
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: HTTP/1.1
Server: 99.84.188.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-188-65.iad89.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

Connection: keep-alive
Via: 1.1 6c2e384f59feb64a0c739aee7f890066.cloudfront.net (CloudFront)
X-Cache: Miss from cloudfront
Content-Length: 26
X-Amz-Cf-Id: 7DpDfZIJrxKDfOJBSNpdznJotH0_KyVnr0zJZ0llUCFYWsScp2Z2Fg==
Date: Thu, 05 Dec 2024 09:15:26 GMT
Content-Type: image/gif
X-Amz-Cf-Pop: IAD89-C2

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297BKkWEevmr9zVvL_nbTqunEy6tlIv8e6lPIH3wdRrn_8
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Thu, 05 Dec 2024 09:15:26 GMT

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 458 B
1 KB 247ms
122ms XHR
application/json 13.249.39.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&page_title=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.249.39.46 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-249-39-46.iad89.r.cloudfront.net

Software

nginx /

Resource Hash

0e34bdd06d72971f987a3c2d4bfe225316929cc2c051cb25ebc4094e89594fc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CENTRAL
access-control-allow-methods: GET, POST, OPTIONS
request-id: b4d9e6fd-7f40-46e1-aa71-a74c469c2790
expires: Wed, 04 Dec 2024 09:15:26 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: Qspkcj5sq3-4VQL9E5sAXrCxXl_cFUXYF16qFWkwEkqEZ5Hnlfvg9Q==
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitsight.com
x-amz-cf-pop: IAD89-C1
server: nginx

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
410 B 67ms
65ms Image
image/gif 2607:f8b0:4004:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=663958720&utmhn=www.bitsight.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&utmhid=1023638767&utmr=-&utmp=%2Fblog%2Fproxyam-powered-socks5systemz-botnet&utmht=1733390126583&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D15825701.337250662.1733390127.1733390127.1733390127.1%3B%2B__utmz%3D15825701.1733390127.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2055444409&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],}
x-content-type-options: nosniff
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:26 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
422 B 66ms
63ms XHR
text/plain 2607:f8b0:4004:c1b::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1023638767&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&ul=en-us&de=UTF-8&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=15825701.337250662.1733390127.1733390127.1733390127.1&_utmz=15825701.1733390127.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1733390126599&_u=YQBCAEABAAAAACAAI~&jid=1273790573&gjid=2018619345&cid=337250662.1733390127&tid=UA-36272386-4&_gid=1415175093.1733390127&_r=1&_slc=1&gtm=45He4c30n81MZ2J8ZGv76025611za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&z=465613034

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:26 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 111 B
309 B 67ms
65ms Script
text/javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=46a177b33474401e938ad0c329d394b9&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.11.21

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mid/877D) /

Resource Hash

3aed8faf65c941e7321f9d2e33be33926f2826887c8aef610d24b901c54ba3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: private, must-revalidate, max-age=21600
content-encoding: gzip
etag: 87460D5E
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 215
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: ECS (mid/877D)

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 60ms
58ms Stylesheet
text/css 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: c5b0620d2a8ec46590365d3e1ee74db052aa559b3d5e49a0b22320f580ffcd37

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 167ms
56ms Fetch
image/jpeg 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/jpeg

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
761 B 147ms
74ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=26304&time=1733390126638&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 0006288256c2fbdd198e06cf5b36360c
x-msedge-ref: Ref A: 75CDD92262684F079505B00010A9A113 Ref B: MIAEDGE2811 Ref C: 2024-12-05T09:15:26Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYoglbC+90ZjgbPWzY2DA==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-b...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-b...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26304%26time%3D1733390126638%26li_adsId%3D57b345f3-3cb7-4ee2-bf00-522835c00191%26...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-b...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-...

0
487 B

206ms
138ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&cookiesTest=true&liSync=true&e_ipv6=AQLZyB0ek3akywAAAZOWGk_PsRhYxWkU4OT4TU46f44gQ-wJJ4t2tOU4GMxnYfhjsYtLGw
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8D32F3A866464FB09D754A041C29023B Ref B: MIA301000105037 Ref C: 2024-12-05T09:15:27Z
x-li-fabric: prod-lva1
x-li-uuid: AAYoglbJzj72NGRS51J5kA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390126638&li_adsId=57b345f3-3cb7-4ee2-bf00-522835c00191&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&cookiesTest=true&liSync=true&e_ipv6=AQLZyB0ek3akywAAAZOWGk_PsRhYxWkU4OT4TU46f44gQ-wJJ4t2tOU4GMxnYfhjsYtLGw
x-msedge-ref: Ref A: 3EAD4A72118042F5A70A622B1CD324CD Ref B: MIA301000105029 Ref C: 2024-12-05T09:15:27Z
x-li-fabric: prod-lva1
x-li-uuid: AAYoglbHolaazDw+kaYBZw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 05 Dec 2024 09:15:26 GMT

GET
H2

200

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

0
1 KB

70ms
68ms

Script
application/javascript

68.67.160.132
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Server

68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.74; 38.132.118.74; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: c326add8-e0c2-4119-ab5e-fe9a1766833d
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 05 Dec 2024 09:15:26 GMT
x-xss-protection: 0
content-type: application/javascript; charset=utf-8
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 38.132.118.74; 38.132.118.74; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 5855142f-a124-44c2-b2bf-8d7678256f74
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 05 Dec 2024 09:15:26 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
go.affec.tv/per/ 846 B
1 KB 130ms
126ms Script
application/javascript 18.160.18.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8
Requested by: Host: go.affec.tv
URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.18.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-18-106.iad12.r.cloudfront.net
Software: /
Resource Hash: 788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-cf-id: t8a9fQ76pjvlYLnxhnDLZsvrrU-jBKQ_tnSMlNKVDoK79QOmK3c3HQ==
cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding: gzip
via: 1.1 2741f1723d261cac06de387e29ba4cbc.cloudfront.net (CloudFront)
expires: Wed, 04 Apr 1990 00:00:00 GMT
x-cache: Miss from cloudfront
content-length: 549
p3p: CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript
vary: Accept-Encoding
x-amz-cf-pop: IAD12-P4

GET
H2

204

b4a47bfd-4505-41cd-80dd-801a5c10bcb7
map.go.affec.tv/map/ttd/
Redirect Chain

https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67516f2e9b0227000198ac4b%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent=
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmap.go.affec.tv%252Fmap%252Fan%252F%2524UID%253Fch%253D67516f2e9b0227000198ac4b%2526chc%253Daf%2526redirect_url%253D%2526gdpr%253D%25...
https://map.go.affec.tv/map/an/5074911671129964893?ch=67516f2e9b0227000198ac4b&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
https://map.go.affec.tv/map/ttd/b4a47bfd-4505-41cd-80dd-801a5c10bcb7?ttd_puid=&gdpr=0&gdpr_consent=

0
483 B

56ms
56ms

Image
text/plain

18.214.43.89
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://map.go.affec.tv/map/ttd/b4a47bfd-4505-41cd-80dd-801a5c10bcb7?ttd_puid=&gdpr=0&gdpr_consent=
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Server: 18.214.43.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-43-89.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

date: Thu, 05 Dec 2024 09:15:27 GMT
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

location: https://map.go.affec.tv/map/ttd/b4a47bfd-4505-41cd-80dd-801a5c10bcb7?ttd_puid=&gdpr=0&gdpr_consent=
content-length: 229
date: Thu, 05 Dec 2024 09:15:27 GMT
server: Kestrel

GET
H2 200 64fa38cd287519aad2798b3d Show response
go.affec.tv/j/ 523 B
882 B 131ms
128ms Script
application/javascript 18.160.18.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/j/64fa38cd287519aad2798b3d?
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.18.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-18-106.iad12.r.cloudfront.net
Software: /
Resource Hash: 5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-cf-id: rVKsfsXfYsmZldXR9NBeMARjHKTX0zq0NGEVOtB1Y_G10NfX7XYmSw==
cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding: gzip
via: 1.1 2741f1723d261cac06de387e29ba4cbc.cloudfront.net (CloudFront)
expires: Wed, 04 Apr 1990 00:00:00 GMT
x-cache: Miss from cloudfront
content-length: 359
p3p: CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript
vary: Accept-Encoding
x-amz-cf-pop: IAD12-P4

GET
H2 200 bannermsg
consent.trustarc.com/ 43 B
428 B 130ms
129ms Image
image/gif 3.171.85.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/bannermsg?action=views&domain=bitsighttech.com&behavior=implied&country=us&language=en&rand=0.27171695923420547&session=2eed1538-476a-44be-bb06-110850c3cc4e&userType=NEW&referer=https://www.bitsight.com

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.85.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-85-26.iad89.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
via: 1.1 798436e3040e2ba4f1a3ccb2e7b3f806.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: DhmkVd1cYHDdFkcrPFV-9j-LfKQ2ipb9oT3W94ZgfW3mbzLncrsIIA==
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: image/gif
x-amz-cf-pop: IAD89-P3
vary: Origin

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 398 KB
129 KB 77ms
76ms Script
application/javascript 142.251.111.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

ac81aabb62adb62f98deccb9c38d5f12b0d74aa466d8760bf0bbdb2266b8d259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 05 Dec 2024 09:15:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 132037
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 events Show response
logx.optimizely.com/v1/ 0
387 B 112ms
44ms XHR
text/plain 34.49.241.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.241.49.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: 7c8c6c28-0d8e-4767-8092-adfa58d7fd01
access-control-expose-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/plain
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
311 B 58ms
56ms XHR
text/plain 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=oeyzgkQ7R8piwGBmS0lgBg&is_js=true&landing_url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&tip=dqJQ3kp2j_ySLsU8-DNfVJR5ldMe9XpqUEfJDtBBUvI&host=https%3A%2F%2Fwww.bitsight.com&sa_conv_data_css_value=%270-777ccbd5-6535-521b-65ee-1c83767a4057%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9777ccbd56535521b65ee1c83767a40572684764a&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIBLFZSEcuVvcYKPRA2LvKzVHZqLmtKLx9YrejUtnrt_9ENYBGAQgrt7FugYwAToExbdv9kIEo7B_-Q.qVqK%252BPmeHjElcm8Arp3CC%252FkCEUdmzTdI9skLpjTOicY&sa-user-id-v2=s%253Ad3zL1WU1Uhtl7hyDdnpAVyaEdko.WmAuvOjBECpVVx%252Fluh6BvyiNCkN6mhDa3uz70CDXN2k&sa-user-id=s%253A0-777ccbd5-6535-521b-65ee-1c83767a4057.Hm2a0dfH43KRyixQsBa1wNd3dvLE1pWXkivLgltcKPQ
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: 64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://www.bitsight.com
content-length: 116
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: *

GET
H2 200 6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Show response
cdn.permutive.com/ 279 KB
80 KB 118ms
47ms Script
application/javascript 2606:4700::6811:6d13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js
Requested by: Host: go.affec.tv
URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6d13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=OD+e0A==, md5=Pmn62h2zlhYTKmf1Str1pA==
x-goog-meta-oid: 6a844cb1-30bc-4723-8446-2cd9d1f839b8
etag: "3e69fada1db39616132a67f54adaf5a4"
cf-cache-status: HIT
age: 0
x-goog-stored-content-encoding: gzip
expires: Thu, 05 Dec 2024 09:30:26 GMT
x-goog-stored-content-length: 81473
date: Thu, 05 Dec 2024 09:15:26 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 17:01:24 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5kRMaax_clJpIE7i-FgJZaXizZFNxlGQls_qqOHnDf3tGWhvwo4Pv95rPpoT0ieDHXMoZxJ_Uc0Q
cache-control: public, max-age=900
timing-allow-origin: *
x-goog-storage-class: REGIONAL
cf-ray: 8ed2ee851a6674a0-MIA
accept-ranges: bytes
x-goog-generation: 1695402084169978
content-length: 81473
server: cloudflare

GET
H2

200

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

0
1 KB

66ms
66ms

Script
application/javascript

68.67.160.132
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Server

68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.74; 38.132.118.74; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 006d9c55-95b2-4403-a58a-eb10d237163a
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 05 Dec 2024 09:15:26 GMT
x-xss-protection: 0
content-type: application/javascript; charset=utf-8
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 38.132.118.74; 38.132.118.74; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 79b332bf-4d5c-4f65-a2f8-fde064157781
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 05 Dec 2024 09:15:26 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
420 B 196ms
74ms XHR
text/html 2600:9000:2009:c00:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=Qspkcj5sq3-4VQL9E5sAXrCxXl_cFUXYF16qFWkwEkqEZ5Hnlfvg9Q==&api-version=v3
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2009:c00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
etag: "d41d8cd98f00b204e9800998ecf8427e"
age: 60915
x-cache: Error from cloudfront
x-amz-cf-id: ui7K6WjaTWkcdRzgOzZWY3BmFfPSXAW2JXtV-K-CojoRwDr_XNFrXg==
date: Wed, 04 Dec 2024 16:20:11 GMT
content-type: text/html
vary: accept-encoding
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
via: 1.1 28f481302befff8459645b5750f67a86.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-amz-cf-pop: IAD66-C2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET 8757ee42-973c-44a4-928d-fc5ec6c7cfb8
https://www.bitsight.com/ Frame 0
0

GET e161a03d-89da-49a9-81ad-158a33a944d8
https://www.bitsight.com/ Frame 0
0

GET
H2 200 getuidj Show response
ib.adnxs.com/ 29 B
1 KB 67ms
64ms XHR
application/json 68.67.160.132
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

3c36553c2c122bb9fcd5d10e6e2cb7ecae3ed843fc4316b5040b2e0c9f4b1220

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.74; 38.132.118.74; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
an-x-request-uuid: 2d750e20-d849-4412-9d98-8e5b0a768aeb
content-length: 29
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 05 Dec 2024 09:15:27 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 281 B
387 B 202ms
135ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 3775aaf637f98b3458e5c6693e618184d99dbbf17d21013593b3cf2868aaacd4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 201
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: application/json
vary: Origin
server: Permutive

POST
H2 200 identify Show response
api.permutive.com/v2.0/ 50 B
256 B 202ms
138ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 47d7b4c0c89be3f4592a5a9aa49e00010149cf943d4d3c3e8e6651927767e23a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: application/json
vary: Origin
server: Permutive

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
199 B 71ms
70ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: DE3597C61E88400E96FDBD0983F236F9 Ref B: MIA301000105029 Ref C: 2024-12-05T09:15:27Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYoglbL+mzln+Zc5XVz4w==
x-li-proto: http/2
access-control-allow-origin: https://www.bitsight.com
x-cache: CONFIG_NOCACHE
date: Thu, 05 Dec 2024 09:15:26 GMT
vary: Origin

GET
H2 204 https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Show response
tracking.intentsify.io/page-tracking/intentsify-bitsight/ 0
213 B 303ms
101ms Script
text/plain 52.8.65.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.intentsify.io/page-tracking/intentsify-bitsight/https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.8.65.43 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-8-65-43.us-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

expires: -1
cache-control: private, no-cache, no-store, must-revalidate
date: Thu, 05 Dec 2024 09:15:27 GMT
pragma: no-cache
x-powered-by: Express

POST
H2 200 audiences Show response
api.permutive.com/audience-matching/v1/id/96e3e559-1a9a-43d8-8487-01790ce83b52/ 12 B
66 B 205ms
202ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/audience-matching/v1/id/96e3e559-1a9a-43d8-8487-01790ce83b52/audiences?k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: application/json

POST
H2 204 collect
analytics.google.com/g/ 0
0 186ms
68ms Fetch
text/plain 2607:f8b0:4004:c21::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4c30v882142918z876025611za200zb76025611&_p=1733390125807&_gaz=1&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&gdid=dNTIxZG&cid=337250662.1733390127&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1733390127&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&en=page_view&_fv=1&_ss=1&ep.content_group=Other%20Group&tfd=2258
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c21::64 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
555 B 179ms
64ms Ping
text/plain 2607:f8b0:4004:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RJ4RWVVWH4&cid=337250662.1733390127&gtm=45je4c30v882142918z876025611za200zb76025611&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c0b::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 7E56 0
0 70ms
70ms Document
text/html 2607:f8b0:4004:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-RJ4RWVVWH4&gacid=337250662.1733390127&gtm=45je4c30v882142918z876025611za200zb76025611&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=1578503068

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Dec 2024 09:15:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 156ms
88ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=277648&rcu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&pu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM+Powered+by+Socks5Systemz+Botnet+%7C+Bitsight&cts=1733390127616&vi=585fced4001d6195507351073738f39f&nc=true&u=208292109.585fced4001d6195507351073738f39f.1733390127611.1733390127611.1733390127611.1&b=208292109.1.1733390127612&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag: none
x-request-id: ee898449-f6bd-49d0-824d-10d5e18235f4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FuMhplJoMYjKNiszbr0tGiQftywYw%2BTJuUplDYEnnDgfy%2BvVWUXEp2BNZocC%2BrmAG%2BRQS4GL%2BPcyWXChRYeZy3ZUtDcIH8veUJy0TIBjIlzxGUIy7c1o%2Fo%2B4ACzUVe%2BIc%2FYuROmh%2FCl6QtT7Xbm"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 05 Dec 2024 09:15:27 GMT
x-hubspot-correlation-id: ee898449-f6bd-49d0-824d-10d5e18235f4
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-5tthw
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8ed2ee8a2c5ba516-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 aem.js Show response
wsmcdn.audioeye.com/ 1 KB
686 B 112ms
43ms Script
application/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsmcdn.audioeye.com/aem.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6276740979e4a4e4528cd977b22b03a402d4f102fed8aca5140c4ad93690a51

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=120
content-encoding: br
cf-cache-status: HIT
etag: W/"c6520e7b06aafcc1a7543036b4e0fc7a"
age: 43
cf-ray: 8ed2ee8a38a021b5-MIA
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: application/javascript
vary: Accept-Encoding
surrogate-keys
server: cloudflare

GET
H2 200 favicon.ico
www.bitsight.com/sites/default/files/ 4 KB
697 B 39ms
38ms Other
image/vnd.microsoft.icon 2606:4700:10::ac43:60f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: v-b8ac0f2c-7fa8-11ef-bdab-4bb5989bc8d9
content-encoding: br
cf-cache-status: HIT
age: 8
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 03:55:29 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 20 Apr 2023 01:16:14 GMT
x-cache-hits: 61316
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8ed2ee89ce612257-MIA
server: cloudflare

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 200ms
133ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=277648&utk=585fced4001d6195507351073738f39f&__hstc=208292109.585fced4001d6195507351073738f39f.1733390127611.1733390127611.1733390127611.1&__hssc=208292109.1.1733390127612&currentUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d8f0ae2dfede07947ad50ad652b7f8c106b2c26bc5f30c245246c2235e3a63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: ad6ef19c-f148-404a-ba54-06c6eabae4a9
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJ28WPn6tarNvHVhjJd4gKM6STIgw36c5bfXXqQdvB64%2FHiNqI0AmMVV9uBKyc4ih8%2F6UPYiNPOvFnoWvGNQB5ZDHuOpqj0txAc%2BESdOiZMTZbVQgJT7wCWQvp3XEmAlQwJG4rdZTtAPlClt3%2F6o"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 09:15:27 GMT
x-hubspot-correlation-id: ad6ef19c-f148-404a-ba54-06c6eabae4a9
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 28
access-control-allow-credentials: false
cf-ray: 8ed2ee8a5a9a370e-MIA
access-control-allow-origin: https://www.bitsight.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 bootstrap.js Show response
wsv3cdn.audioeye.com/ 61 KB
21 KB 115ms
43ms Script
application/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481
Requested by: Host: wsmcdn.audioeye.com
URL: https://wsmcdn.audioeye.com/aem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 646a6a25c9f56be3efb0c5c4ba0e10cfaaf2bb2c8b2a3511d375df2c7691058a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=3600, s-maxage=21600
content-encoding: br
cf-cache-status: HIT
etag: W/"9a1b23dc7824cdb671fd951533f1e596"
age: 8
cf-ray: 8ed2ee8aff9c498e-MIA
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: application/javascript
vary: Accept-Encoding
surrogate-keys: 95c39350d8f4b765016b0e58199c2f8b
server: cloudflare

POST
H2 204 events Show response
logx.optimizely.com/v1/ 0
73 B 47ms
45ms XHR
text/plain 34.49.241.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.241.49.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-request-id: 46bd7838-4dfa-462e-8e79-098e95585228
access-control-expose-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: text/plain
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
129 B 136ms
135ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: c744ac2a6402fc1dab7ce5f4c90333507a74d3fde63f342cbc23f862e5c8d246

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: application/json
vary: Origin
server: Permutive

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 301 KB
60 KB 192ms
70ms Script
application/javascript 2600:9000:27d4:7e00:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:27d4:7e00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

vary: accept-encoding
content-encoding: gzip
etag: "b7e260e47980a9ada3906def2be7dcda"
age: 33
via: 1.1 9025a2600c1372eafde9f9afee0d1020.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 61292
x-amz-cf-id: CS-kA2R-AvygG6qiVgKBJIExx9Bhxhkt3R51C1ROVeAY8eFndFjqzA==
date: Thu, 05 Dec 2024 09:14:55 GMT
content-type: application/javascript
last-modified: Mon, 18 Nov 2024 12:10:10 GMT
server: AmazonS3
x-amz-cf-pop: ORD51-P1
x-amz-server-side-encryption: AES256

GET
H2 200 loader.js Show response
wsv3cdn.audioeye.com/v2/scripts/ 31 KB
10 KB 110ms
46ms Script
text/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0d191e37e74e83b242c180f6b17881dd5a6ae40522257f461eae3bcf66d7a22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
surrogate-key: prod 95c39350d8f4b765016b0e58199c2f8b 6986df481
cf-cache-status: HIT
age: 1532
content-encoding: br
cf-ray: 8ed2ee8bbcd8a4f4-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:27 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
server: cloudflare
last-modified: Thu, 05 Dec 2024 06:59:56 GMT

GET
H2 200 startup.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ 382 KB
116 KB 52ms
51ms Script
text/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 160b6b9690833ef42cd5f35046a391ec3efc97f2a30f7effc8f7e39ef72dabe2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"4ccf68a13367eb17a574037dda7d3dfa"
age: 6353
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8c080a498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/javascript
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 2423 Show response
trackingapi.trendemon.com/api/settings/ 614 B
805 B 181ms
60ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/settings/2423?callback=jsonp222027&vid=

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

1df6857ef57274cadd68cf84cf98e2045a6f86061823ca822a7d663312d0ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 614
date: Thu, 05 Dec 2024 09:15:28 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 tangoEngine.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ 45 KB
17 KB 44ms
44ms Script
text/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f1edcf201dd193a9c8a75c631d8883e5cc2c1b279ad41f41bb8e36e15879b67

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"9c0fc63cbdfdd60c49c80974d7e2bd29"
age: 2875
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8cc852498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/javascript
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 cookieStorage.html
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ Frame E91D 0
0 98ms
39ms Document
text/html 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/cookieStorage.html
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
age: 4915
cf-cache-status: HIT
cf-ray: 8ed2ee8d5bc3daad-MIA
content-encoding: br
content-type: text/html
date: Thu, 05 Dec 2024 09:15:28 GMT
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
server: cloudflare
vary: Accept-Encoding

POST
H2 200 send
analytics.audioeye.com/air/v0/ 0
61 B 336ms
111ms Ping
text/plain 34.215.81.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.audioeye.com/air/v0/send
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

date: Thu, 05 Dec 2024 09:15:28 GMT
access-control-allow-origin: *
content-length: 0

GET
H2 200 launcher.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ 11 KB
4 KB 43ms
42ms Script
text/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e4c3de3ec3ec95c33bdf635ae9cace7af833c5dd8ddcc694dcc278d6b300ebb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"7275d253e9c2f9131bd0ab68d1392233"
age: 7020
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8d0894498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/javascript
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 compliance.css
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ 2 KB
694 B 45ms
44ms Stylesheet
text/css 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.css
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"21190dc484113930ea0a8022dabce414"
age: 4403
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8d0895498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/css
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 compliance.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ 50 KB
18 KB 44ms
43ms Script
text/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6db76366fdb316e92890d326c4d10141034c01e7cd0d999e953cb79661f5a82

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"bf2c5ca3b229479a3970eb16c96a0d39"
age: 3340
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8d0897498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/javascript
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 fullCSS.bundle.css
wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ 57 KB
12 KB 42ms
42ms Stylesheet
text/css 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d74bdb691409ac89ce4d994b39173d7b8913394158e01bf6856dc84004bfa800

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"365ee6fb1581d1ba9d3ece214a6242c7"
age: 2888
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8d58b2498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/css
last-modified: Tue, 26 Nov 2024 19:14:12 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 audioeye-scanner.js Show response
wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.4/ 334 KB
78 KB 45ms
45ms Script
text/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.4/audioeye-scanner.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 822aed47a697175f28eae0d3802ebe10d6bf53d1aea47aa3084a24ec30714cc1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"90395cc0ad8b71812f5eed8fb140c824"
age: 1344
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8ed2ee8d68b5498e-MIA
access-control-allow-origin: *
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/javascript
last-modified: Wed, 04 Dec 2024 22:49:25 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 63ms
62ms Script
application/javascript 2600:9000:27d4:7e00:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:27d4:7e00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-amz-cf-pop: ORD51-P1
content-encoding: gzip
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
age: 75807
via: 1.1 9025a2600c1372eafde9f9afee0d1020.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: _TELWLy1fo982H3XF8p0c8xfKuZqmKyQZLpnhLUZ8iqOMqGujojeOw==
date: Wed, 04 Dec 2024 21:25:36 GMT
content-type: application/javascript
vary: accept-encoding
server: AmazonS3
last-modified: Mon, 18 Nov 2024 12:10:15 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
895 B 186ms
70ms Stylesheet
text/css 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap

Requested by

Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 09:15:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 05 Dec 2024 08:58:00 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
34 B 296ms
294ms XHR
text/plain 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
date: Thu, 05 Dec 2024 09:15:28 GMT
server: Permutive

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 94 B
560 B 64ms
64ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/Identity/me?accountId=2423&DomainCookie=17333901282548544&fingerPrint=df097b5abe89818fff5454f647d1f5d9&callback=jsonp612518&vid=

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

226de29c28689989af7579b776443da2c8229442b035bfe2d8f19a8593899b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 94
date: Thu, 05 Dec 2024 09:15:28 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 marketingautomation Show response
trackingapi.trendemon.com/api/ 94 B
283 B 66ms
65ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2423&ClientUrl=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&CookieId=17333901282548544&MaCookie=NTg1ZmNlZDQwMDFkNjE5NTUwNzM1MTA3MzczOGYzOWY%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp712070&vid=2423:17333901282548544

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

a0af388c99cbfc8767f427c138ce0b4933a1e0253c173dd5ac933ecdd0857d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 94
date: Thu, 05 Dec 2024 09:15:28 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 ace-campaign Show response
trackingapi.trendemon.com/api/experience/ 16 B
167 B 64ms
64ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/ace-campaign?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&Referral=&callback=jsonp90656&vid=2423:17333901282548544

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

35c964e11eb3aeb98e52a8235c4b4a522537990b32f94c6ce13570744a88e499

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 16
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
286 B 222ms
221ms Image
image/gif 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trackingapi.trendemon.com/api/events/pageview?accountId=2423&url=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&cookie=17333901282548544&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2423:17333901282548544&r=1733390128606

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
age: 1691358
expires: Mon, 01 Jan 1990 00:00:00 GMT
content-length: 43
date: Thu, 05 Dec 2024 09:15:28 GMT
content-type: image/gif
server: Kestrel

GET
H2 200 personal-stream Show response
trackingapi.trendemon.com/api/experience/ 17 B
168 B 58ms
58ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/personal-stream?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=585fced4001d6195507351073738f39f&ExcludedStreamsJson=%5B%5D&callback=jsonp748851&vid=2423:17333901282548544

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

3e08c6884eb820f329f8e71fb9b3231933021788c6fba2afc158d094ad25b10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17
date: Thu, 05 Dec 2024 09:15:29 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 personal Show response
trackingapi.trendemon.com/api/experience/ 15 B
166 B 63ms
62ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/personal?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=585fced4001d6195507351073738f39f&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp951481&vid=2423:17333901282548544

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

77dee039c7aa7168c7212a2bfbb30a837eb6e5e8f50265037934a8b54f66f0ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 15
date: Thu, 05 Dec 2024 09:15:29 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 personal-embedded Show response
trackingapi.trendemon.com/api/experience/ 2 KB
3 KB 66ms
66ms Script
application/x-javascript 23.21.139.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=585fced4001d6195507351073738f39f&Ids=%5B%5D&Groups=%5B%5D&StreamId=&callback=jsonp755708&vid=2423:17333901282548544

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-139-132.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

5ab38b2ff812346896e7ede0b19021015f08cc21c2899b4460ddd5e8a1739a9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2490
date: Thu, 05 Dec 2024 09:15:29 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H/1.1 200
OK closex.png
pic.trendemon.com/images/ 386 B
848 B 180ms
58ms Image
image/png 18.154.227.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/images/closex.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.227.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-227-35.iad55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

ETag: "7da2ae17c3b671047838f7b78687a56f"
Age: 12812
Connection: keep-alive
Via: 1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 386
X-Amz-Cf-Id: a4gl4IxdWLkyJQYi5YpXmdPRvPN4jEF9oH8j_RoeD8WiXtkMYx93kw==
Date: Thu, 05 Dec 2024 05:41:58 GMT
Content-Type: image/png
Last-Modified: Tue, 16 Apr 2019 23:23:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: IAD55-P5

GET
H2 200 hotjar-2033728.js Show response
static.hotjar.com/c/ 13 KB
6 KB 182ms
61ms Script
application/javascript 18.160.41.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2033728.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-41-49.iad55.r.cloudfront.net

Software

Resource Hash

4be5befed9a7fa22155cebd61ea16b7aee4ac4861cd749793f39d33e11becd35

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: br
etag: W/23f034f6bdf51a95b1e92480675606e0
age: 9
x-content-type-options: nosniff
x-cache-hit: 1
x-cache: Hit from cloudfront
x-amz-cf-id: WYMBZzt8QZ_6Xh8NQTyvjyF2zj3tlRyrY4p3uZ8H7-2ZVWDuwAynjg==
date: Thu, 05 Dec 2024 09:15:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
via: 1.1 6e44ac4753bea102fe3aae286f68acfe.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: IAD55-P1

GET
H2 200 modules.a80e23f65c59cd611c5f.js Show response
script.hotjar.com/ 222 KB
55 KB 188ms
66ms Script
application/javascript 3.167.56.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.a80e23f65c59cd611c5f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2033728.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.167.56.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-167-56-16.iad61.r.cloudfront.net

Software

Resource Hash

6bb463ac36ef12be8174c2e51d47888cc8f8439f48676a2bf7698e9dd15e9384

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

x-robots-tag: none
content-encoding: br
etag: "3a9d3e3801de9559c802549d74fad588"
age: 65482
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: ZsiRRI460XHauGJRNJBHEwkO228ZkTlmcKYiWINUOSt1MQlQsfHtTw==
date: Wed, 04 Dec 2024 15:04:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Dec 2024 15:03:16 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 8ae5bf017822b4dd886de38de05d26a8.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56221
x-amz-cf-pop: IAD61-P5

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 710ms
414ms XHR
application/json 52.51.180.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=2033728&gzip=1
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.51.180.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-180-248.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 96388b6eb917417de3b1bd8d1032b9e4a9ac154e6fef11f73370747010301e45

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age: 86400
access-control-allow-origin: *
content-length: 56
date: Thu, 05 Dec 2024 09:15:30 GMT
content-type: application/json

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer

Response headers

Content-Type: font/truetype

GET
H3 200 Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2
fonts.gstatic.com/s/schibstedgrotesk/v3/ 46 KB
46 KB 57ms
56ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://fonts.googleapis.com/

Response headers

age: 521306
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 08:27:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 08:27:04 GMT
last-modified: Tue, 02 May 2023 14:49:56 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46764
x-xss-protection: 0
server: sffe

POST
H2 204 collect
analytics.google.com/g/ 0
0 68ms
67ms Fetch
text/plain 2607:f8b0:4004:c21::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4c30v882142918za200zb76025611&_p=1733390125807&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&gdid=dNTIxZG&cid=337250662.1733390127&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sid=1733390127&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&_s=2&tfd=7268
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c21::64 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 09:15:32 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 fkvvvy3ev4dt.js Show response
js.driftt.com/include/1733390400000/ 221 KB
62 KB 218ms
98ms Script
application/javascript 18.160.18.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1733390400000/fkvvvy3ev4dt.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.18.96 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-18-96.iad12.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a2db06993a81eb3ebd33897015d64c8ab5c9fcad5c3f8c4ad9329bce36440c4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

content-encoding: gzip
x-amz-version-id: yminFcCyQz19.9XIAb.JMjcjgNFzNrOJ
etag: W/"82011e1dd9ff7667aafa4871fd8b5ffe"
access-control-allow-methods: GET, POST, OPTIONS
x-cache: RefreshHit from cloudfront
x-amz-cf-id: ei-O6p8u2Ut4viNxCyb7E2ybJV-yo1Zfgc00gfjmxnJ2nSOOQNGS0A==
date: Thu, 05 Dec 2024 09:15:32 GMT
content-type: application/javascript; charset=utf-8
vary: accept-encoding
last-modified: Mon, 25 Nov 2024 19:25:25 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache
x-envoy-upstream-service-time: 36
access-control-allow-credentials: true
via: 1.1 51164155275c508076425faa0467bff0.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: IAD12-P4
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H2 200 core
js.driftt.com/ Frame 4712 0
0 187ms
78ms Document
text/html 18.160.18.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=fkvvvy3ev4dt&eId=fkvvvy3ev4dt&region=US&forceShow=false&skipCampaigns=false&sessionId=7b96fed0-41f3-45c0-a0e1-202c325826f1&sessionStarted=1733390132.931&campaignRefreshToken=b3e559fb-99dd-4daf-a5f1-296accf70457&hideController=false&pageLoadStartTime=1733390125521&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1733390400000/fkvvvy3ev4dt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.18.4 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-18-4.iad12.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Dec 2024 09:15:33 GMT
etag: W/"8d171c1ab68fa656ee61a7ae17d07acb"
last-modified: Mon, 25 Nov 2024 19:25:31 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
via: 1.1 a7a07e0b0db92670f70b5d65da05ed76.cloudfront.net (CloudFront)
x-amz-cf-id: 3fOTCZf0Pk_rfvdj1IpBD8xSoL6yNagpt6Qt_pGsXuvwaWdgEhl2_g==
x-amz-cf-pop: IAD12-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: Qmdl6cY2R6dFEY3eRuZp_X3AREd2Qa5p
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 33

GET
H2 200 chat
js.driftt.com/core/ Frame BBE1 0
0 175ms
71ms Document
text/html 18.160.18.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1733390125521

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1733390400000/fkvvvy3ev4dt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.18.4 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-18-4.iad12.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Dec 2024 09:15:33 GMT
etag: W/"8d171c1ab68fa656ee61a7ae17d07acb"
last-modified: Mon, 25 Nov 2024 19:25:31 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
via: 1.1 a7a07e0b0db92670f70b5d65da05ed76.cloudfront.net (CloudFront)
x-amz-cf-id: pykYgntUuYo9ZeJbOI1rzoyXbmII5wjsiOdHoYENo39G8gBVnYHUAw==
x-amz-cf-pop: IAD12-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: Qmdl6cY2R6dFEY3eRuZp_X3AREd2Qa5p
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 27

GET
H2 200 ip.json Show response
api.company-target.com/api/v3/ 458 B
1 KB 190ms
77ms Fetch
application/json 13.249.39.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?auth=w8dNJsGy5rpvYbJbYRgveTax2EUj67vseyp2yF0T&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&page_title=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&referrer=

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1733390400000/fkvvvy3ev4dt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.249.39.46 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-249-39-46.iad89.r.cloudfront.net

Software

nginx /

Resource Hash

0e34bdd06d72971f987a3c2d4bfe225316929cc2c051cb25ebc4094e89594fc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CENTRAL
access-control-allow-methods: GET, POST, OPTIONS
request-id: 0a5a626d-5d98-4a38-8813-aee6f2761308
expires: Wed, 04 Dec 2024 09:15:34 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: I16s9TmENt8P8AVCCrj-YAi4MDt9NHjxqDHqzqvOFTilT1xZVfgEDQ==
date: Thu, 05 Dec 2024 09:15:34 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitsight.com
x-amz-cf-pop: IAD89-C1
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.bitsight.com
URL: blob:https://www.bitsight.com/8757ee42-973c-44a4-928d-fc5ec6c7cfb8

Domain: www.bitsight.com
URL: blob:https://www.bitsight.com/e161a03d-89da-49a9-81ad-158a33a944d8

Verdicts & Comments Add Verdict or Comment

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

94 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tracking.intentsify.io/page-tracking/intentsify-bitsight	1970-01-21 11:05:50	Name: userId Value: f6a2a926-d11a-4b6d-80d1-a6b1e318a5e9
map.go.affec.tv/map/ttd	1969-12-31 23:59:59	Name: oo Value: 1
map.go.affec.tv/map/an	1969-12-31 23:59:59	Name: oo Value: 1
.bitsight.com/	1970-01-21 05:49:02	Name: optimizelyEndUserId Value: oeu1733390125761r0.286415761659786
.bitsight.com/	1970-01-21 03:39:26	Name: _gcl_au Value: 1.1.1645140621.1733390126
.bitsight.com/	1970-01-21 03:39:26	Name: _rdt_uuid Value: 1733390126416.add2a50f-0e8b-40be-8030-9e3b88d2500a
.ws.zoominfo.com/	1970-01-21 10:15:26	Name: visitorId Value: a1b9aca816ebbb14398c88f0e50206349edbb1fc2a9dea19051911f942eb10c4
.zoominfo.com/	1970-01-21 01:29:51	Name: __cf_bm Value: _ZQqDz2lC5DwxZZC0cMdZH4hMNZJ9thL3_K_82sKfjQ-1733390126-1.0.1.1-25tYLymdN57dcd_asHTATkQQ8NaHTKt2vplatS96JNd5ZFONaPPmSD3quJ2aqnQmjNcih43DTPHFANIghe9ZHg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: QGFerp24tgeEXibTBYKH7VcxCRfAhFao1SgK2RwgOtM-1733390126451-0.0.1.1-604800000
.bitsight.com/	1970-01-21 10:15:26	Name: _biz_uid Value: 46a177b33474401e938ad0c329d394b9
.bitsight.com/	1970-01-21 10:15:26	Name: _biz_nA Value: 1
.bitsight.com/	1970-01-21 01:29:51	Name: TAsessionID Value: 2eed1538-476a-44be-bb06-110850c3cc4e\|NEW
.bitsight.com/	1969-12-31 23:59:59	Name: notice_behavior Value: implied,us
tags.srv.stackadapt.com/	1970-01-21 10:15:26	Name: sa-user-id Value: s%3A0-777ccbd5-6535-521b-65ee-1c83767a4057.Hm2a0dfH43KRyixQsBa1wNd3dvLE1pWXkivLgltcKPQ
.srv.stackadapt.com/	1970-01-21 10:15:26	Name: sa-user-id Value: s%3A0-777ccbd5-6535-521b-65ee-1c83767a4057.Hm2a0dfH43KRyixQsBa1wNd3dvLE1pWXkivLgltcKPQ
tags.srv.stackadapt.com/	1970-01-21 10:15:26	Name: sa-user-id-v2 Value: s%3Ad3zL1WU1Uhtl7hyDdnpAVyaEdko.WmAuvOjBECpVVx%2Fluh6BvyiNCkN6mhDa3uz70CDXN2k
.srv.stackadapt.com/	1970-01-21 10:15:26	Name: sa-user-id-v2 Value: s%3Ad3zL1WU1Uhtl7hyDdnpAVyaEdko.WmAuvOjBECpVVx%2Fluh6BvyiNCkN6mhDa3uz70CDXN2k
tags.srv.stackadapt.com/	1970-01-21 10:15:26	Name: sa-user-id-v3 Value: s%3AAQAKIBLFZSEcuVvcYKPRA2LvKzVHZqLmtKLx9YrejUtnrt_9ENYBGAQgrt7FugYwAToExbdv9kIEo7B_-Q.qVqK%2BPmeHjElcm8Arp3CC%2FkCEUdmzTdI9skLpjTOicY
.srv.stackadapt.com/	1970-01-21 10:15:26	Name: sa-user-id-v3 Value: s%3AAQAKIBLFZSEcuVvcYKPRA2LvKzVHZqLmtKLx9YrejUtnrt_9ENYBGAQgrt7FugYwAToExbdv9kIEo7B_-Q.qVqK%2BPmeHjElcm8Arp3CC%2FkCEUdmzTdI9skLpjTOicY
.bizibly.com/	1970-01-21 10:15:26	Name: _BUID Value: abf433ec6ed6415a6fab8cb1c8793419
.bizible.com/	1970-01-21 10:15:26	Name: _BUID Value: 46a177b33474401e938ad0c329d394b9
.bitsight.com/	1970-01-21 11:05:50	Name: __utma Value: 15825701.337250662.1733390127.1733390127.1733390127.1
.bitsight.com/	1969-12-31 23:59:59	Name: __utmc Value: 15825701
.bitsight.com/	1970-01-21 05:52:38	Name: __utmz Value: 15825701.1733390127.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.bitsight.com/	1970-01-21 01:29:50	Name: __utmt_sfga Value: 1
.bitsight.com/	1970-01-21 01:29:51	Name: __utmb Value: 15825701.1.10.1733390127
.bitsight.com/	1970-01-21 01:31:16	Name: _gid Value: GA1.2.1415175093.1733390127
.bitsight.com/	1970-01-21 01:29:50	Name: _gat_UA-36272386-4 Value: 1
.bitsight.com/	1970-01-21 10:15:26	Name: _biz_pendingA Value: %5B%5D
www.bitsight.com/	1970-01-21 10:15:26	Name: sa-user-id Value: s%253A0-777ccbd5-6535-521b-65ee-1c83767a4057.Hm2a0dfH43KRyixQsBa1wNd3dvLE1pWXkivLgltcKPQ
www.bitsight.com/	1970-01-21 10:15:26	Name: sa-user-id-v2 Value: s%253Ad3zL1WU1Uhtl7hyDdnpAVyaEdko.WmAuvOjBECpVVx%252Fluh6BvyiNCkN6mhDa3uz70CDXN2k
www.bitsight.com/	1970-01-21 10:15:26	Name: sa-user-id-v3 Value: s%253AAQAKIBLFZSEcuVvcYKPRA2LvKzVHZqLmtKLx9YrejUtnrt_9ENYBGAQgrt7FugYwAToExbdv9kIEo7B_-Q.qVqK%252BPmeHjElcm8Arp3CC%252FkCEUdmzTdI9skLpjTOicY
.go.affec.tv/	1970-01-21 10:15:26	Name: ck Value: 67516f2eded4a20001c8a6aa
.bitsight.com/	1970-01-21 10:15:26	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.rlcdn.com/	1970-01-21 10:15:26	Name: rlas3 Value: d71gHhcjaSUQFJgAsHsFtPW+3ZkulUuC5ee51x/VQJ4=
.company-target.com/	1970-01-21 11:05:50	Name: tuuid Value: 0b3ff0d9-73e8-40cf-853f-f612f3c2d559
.company-target.com/	1970-01-21 11:05:50	Name: tuuid_lu Value: 1733390126\|ix:0\|mctv:0\|rp:0
.rlcdn.com/	1970-01-21 02:56:14	Name: pxrc Value: CK7exboGEgUI6AcQABIGCMrdKhAA
.bitsight.com/	1970-01-21 05:49:02	Name: optimizelySession Value: 1733390126804
.linkedin.com/	1970-01-21 03:39:26	Name: li_sugr Value: f722d5fc-5ea4-47f0-8a37-a91b07b55b29
.linkedin.com/	1970-01-21 10:15:26	Name: bcookie Value: "v=2&750e2001-e5a8-4f91-8e85-9229c9dfedf1"
.linkedin.com/	1970-01-21 01:31:16	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=3405:u=1:x=1:i=1733390126:t=1733476526:v=2:sig=AQGyfzrJJa_zIa1Elp27f0jNYScrKxLr"
.casalemedia.com/	1970-01-21 10:15:26	Name: CMID Value: Z1FvLtHM7yEAABaTBAYH2wAA
.casalemedia.com/	1970-01-21 03:39:26	Name: CMPS Value: 049
.casalemedia.com/	1970-01-21 03:39:26	Name: CMPRO Value: 049
.go.affec.tv/	1970-01-21 10:15:26	Name: oo Value: 1
.adnxs.com/	1970-01-21 11:05:50	Name: receive-cookie-deprecation Value: 1
.rubiconproject.com/	1970-01-21 10:15:26	Name: audit_p Value: 1\|SqnlGjIRZja5NqXL7UC3JRPICLM5z30YHpPRveGj27ebz16xSA9sXa7ojM+eChNEMSF7HDaan/CM1KxoLazIt5mwZQnb46mpoMyVypDzKOzAWDNkH16VsC4XAO5eKObtwHXJtzXgt3sPn1GAtdZGGkf1sw3aDkWucmESKmf2cwrTmoFL5pKQsaZr5ZVxLWDe
.rubiconproject.com/	1970-01-21 10:15:26	Name: khaos Value: M4B3Q5UL-24-5X61
.rubiconproject.com/	1970-01-21 10:15:26	Name: khaos_p Value: M4B3Q5UL-24-5X61
.rubiconproject.com/	1970-01-21 10:15:26	Name: audit Value: 1\|SqnlGjIRZja5NqXL7UC3JRPICLM5z30YHpPRveGj27ebz16xSA9sXa7ojM+eChNEMSF7HDaan/CM1KxoLazIt5mwZQnb46mpoMyVypDzKOzAWDNkH16VsC4XAO5eKObtwHXJtzXgt3sPn1GAtdZGGkf1sw3aDkWucmESKmf2cwrTmoFL5pKQsaZr5ZVxLWDe
.rubiconproject.com/	1970-01-21 03:39:26	Name: receive-cookie-deprecation Value: 1
.tremorhub.com/	1970-01-21 10:15:47	Name: tvid Value: 87392a3d4feb40ddaf84812d0487eaff
.tremorhub.com/	1970-01-21 11:05:50	Name: tv_UIDM Value: 0b3ff0d9-73e8-40cf-853f-f612f3c2d559
.linkedin.com/	1970-01-21 02:13:02	Name: UserMatchHistory Value: AQKmN-yiJT7PYgAAAZOWGk8kMfHFerSPzOoJ3sjPc_D7-tS7xe0Gzt28yiMFP7deFIjAoGgmjjql9w
.linkedin.com/	1970-01-21 02:13:02	Name: AnalyticsSyncHistory Value: AQIULpLGWljJRwAAAZOWGk8lJM_6l7T2dkYTb4ttSQmVhUQP7D9YKesKoMVoU-RVx9VTAzn2HqSlwcnWqfyliQ
.adnxs.com/	1970-01-21 03:39:26	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>7>aVu6!@wnf-Te9(>wL5L!!'`($q#F#
.adnxs.com/	1970-01-21 03:39:26	Name: XANDR_PANID Value: wVrpXV29QLZs0EHpPrKVwZMDHC0luoC1w77rNnm8EeKGiN0Ec57sD7EzkIIX2V5NWj_GlQ-jCj4qnOk_Lt11GDuHwqjW3MNRXMaQJjRWFFk.
.adnxs.com/	1970-01-21 03:39:26	Name: uuid2 Value: 5074911671129964893
.www.linkedin.com/	1970-01-21 10:15:26	Name: bscookie Value: "v=1&20241205091526218eecce-2bea-41cc-8079-13bc971c5966AQEtR0q0k6XFz2SWc6FCYr58t0y_3jni"
.bitsight.com/	1970-01-21 05:51:54	Name: permutive-id Value: 96e3e559-1a9a-43d8-8487-01790ce83b52
.adsrvr.org/	1970-01-21 10:15:26	Name: TDID Value: b4a47bfd-4505-41cd-80dd-801a5c10bcb7
.adsrvr.org/	1970-01-21 10:15:26	Name: TDCPM Value: CAEYBSABKAIyCwj4_r7rgsbKPRAFOAE.
.go.affec.tv/	1970-01-21 10:15:26	Name: pt Value: eyJhbiI6eyJkdCI6MTczMzM5MDEyNywiaWQiOiI1MDc0OTExNjcxMTI5OTY0ODkzIiwibHMiOjE3MzMzOTAxMjd9LCJ0ZCI6eyJkdCI6MTczMzM5MDEyNywiaWQiOiJiNGE0N2JmZC00NTA1LTQxY2QtODBkZC04MDFhNWMxMGJjYjciLCJscyI6MTczMzM5MDEyN30sInYiOjB9\|1733390127\|4d91b1aab168aec8d572716c7e17e0ebe85f1913
.bitsight.com/	1970-01-21 11:05:50	Name: _ga Value: GA1.1.337250662.1733390127
.bitsight.com/	1970-01-21 11:05:50	Name: _ga_RJ4RWVVWH4 Value: GS1.1.1733390127.1.0.1733390127.60.0.0
.doubleclick.net/	1970-01-21 11:05:50	Name: IDE Value: AHWqTUnpN2CGiDlPJptz7bvRIQR0wJm0JJOu4oFHRbt-KVxIdTmOW_HVcRpgaTfY
.bitsight.com/	1970-01-21 05:49:02	Name: __hstc Value: 208292109.585fced4001d6195507351073738f39f.1733390127611.1733390127611.1733390127611.1
.bitsight.com/	1970-01-21 05:49:02	Name: hubspotutk Value: 585fced4001d6195507351073738f39f
.bitsight.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.bitsight.com/	1970-01-21 01:29:51	Name: __hssc Value: 208292109.1.1733390127612
.hubspot.com/	1970-01-21 01:29:51	Name: __cf_bm Value: cZw5de2VOsxvVHbwtR.nARer1qiJyKHdMZnz1BU8bug-1733390127-1.0.1.1-wnp2VegHwPBQx7L07SL42zg30bvJ5VeOwsbDXFFY0U.Qbw7pGMsZdCNd82QYb_4uxKmRgTpAL6N1wyQJrOfr6w
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: zeRv5I2OKHF_YVYp93US7RGoDVa6JBWrldPo2KGyWLs-1733390127761-0.0.1.1-604800000
www.bitsight.com/	1970-01-21 10:15:26	Name: _aeaid Value: b433aeff-f31a-4dbb-9905-e068c2c54898
www.bitsight.com/	1970-01-21 11:05:50	Name: aelastsite Value: TtjLDjDwfaF1TTjoIhP9A0VMHHviwGrxnfPhNkhmzFrJiiv3l6ZPAzyzm6X3TIin
www.bitsight.com/	1970-01-21 11:05:50	Name: aelreadersettings Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
.bitsight.com/	1970-01-21 10:15:26	Name: trd_cid Value: 17333901282548544
.bitsight.com/	1970-01-21 01:31:16	Name: source Value: (direct)
.bitsight.com/	1970-01-21 01:31:16	Name: medium Value: (none)
.bitsight.com/	1970-01-21 01:31:16	Name: content Value: undefined
.bitsight.com/	1970-01-21 01:31:16	Name: keyword Value: undefined
.bitsight.com/	1970-01-21 01:31:16	Name: campaign Value:
.bitsight.com/	1970-01-21 01:31:16	Name: landing_page Value: /blog/proxyam-powered-socks5systemz-botnet
.bitsight.com/	1970-01-21 01:31:16	Name: conversion_page Value: /blog/proxyam-powered-socks5systemz-botnet
trackingapi.trendemon.com/	1970-01-21 11:05:50	Name: trd_gavid_2423 Value: 17333901282548544
trackingapi.trendemon.com/	1970-01-21 11:05:50	Name: trd_gvid Value: 17333901282548544
trackingapi.trendemon.com/	1970-01-21 11:05:50	Name: trd_vid_2423 Value: 2423%3A17333901282548544
.bitsight.com/	1970-01-21 10:15:26	Name: trd_vid_l Value: 2423%3A17333901282548544
.bitsight.com/	1970-01-21 10:15:26	Name: trd_vuid_l Value: 7060891041207293916
.bitsight.com/	1970-01-21 01:30:33	Name: trd_ma_cookie Value: NTg1ZmNlZDQwMDFkNjE5NTUwNzM1MTA3MzczOGYzOWY%3D
.bitsight.com/	1970-01-21 10:15:26	Name: _hjSessionUser_2033728 Value: eyJpZCI6ImVhNTM2OGUwLTNkYzctNWY1OS1hMWJiLTg1OWM3NzFkMmI5OSIsImNyZWF0ZWQiOjE3MzMzOTAxMjk4MDYsImV4aXN0aW5nIjp0cnVlfQ==
.bitsight.com/	1970-01-21 01:29:51	Name: _hjSession_2033728 Value: eyJpZCI6Ijg1NWRkN2E5LWUzNmMtNGVmZS1iNTNkLTIzOTUyN2I4ODAyMiIsImMiOjE3MzMzOTAxMjk4MDcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
www.bitsight.com/	1969-12-31 23:59:59	Name: aeatstartmessage Value: true
www.bitsight.com/	1970-01-21 01:29:51	Name: drift_campaign_refresh Value: b3e559fb-99dd-4daf-a5f1-296accf70457

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a26349430206.cdn.optimizely.com
alb.reddit.com
analytics.audioeye.com
analytics.google.com
api.company-target.com
api.permutive.com
assets.trendemon.com
cdn.bizible.com
cdn.bizibly.com
cdn.optimizely.com
cdn.permutive.com
cdn3.optimizely.com
consent.trustarc.com
content.hotjar.io
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
go.affec.tv
googleads.g.doubleclick.net
ib.adnxs.com
id.rlcdn.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
ka-p.fontawesome.com
logx.optimizely.com
map.go.affec.tv
match.adsrvr.org
p.typekit.net
pic.trendemon.com
pixel-config.reddit.com
pixel.mathtag.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.company-target.com
script.hotjar.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
ssl.google-analytics.com
static.hotjar.com
stats.g.doubleclick.net
tag-logger.demandbase.com
tag.demandbase.com
tags.srv.stackadapt.com
td.doubleclick.net
track.hubspot.com
tracking.intentsify.io
trackingapi.trendemon.com
use.typekit.net
ws.zoominfo.com
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
www.bitsight.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.bitsight.com
104.16.117.43
13.107.42.14
13.249.39.46
142.251.111.97
142.251.163.103
142.251.163.94
15.197.193.217
151.101.1.140
152.199.2.76
172.253.63.155
172.64.152.14
18.154.227.35
18.160.10.76
18.160.18.106
18.160.18.4
18.160.18.96
18.160.41.49
18.214.43.89
216.200.232.253
23.21.139.132
2600:1408:c400:29::17da:da44
2600:1408:c400:29::17da:da49
2600:1408:c400:5::17c7:3719
2600:9000:2009:c00:1d:8d6d:3b40:93a1
2600:9000:27d4:7e00:2:7dc7:8f00:93a1
2606:4700:10::ac43:60f
2606:4700:4400::6812:2844
2606:4700:4400::6812:28f0
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8ad1
2606:4700::6810:a0a8
2606:4700::6811:6d13
2606:4700::6812:1c9b
2606:4700::6812:1d9b
2606:4700::6812:4239
2606:4700::6812:8b11
2607:f8b0:4004:c09::5f
2607:f8b0:4004:c0b::61
2607:f8b0:4004:c0b::9d
2607:f8b0:4004:c1b::61
2607:f8b0:4004:c1b::65
2607:f8b0:4004:c1b::9a
2607:f8b0:4004:c21::64
2620:1ec:21::14
2a04:4e42:400::396
3.167.56.16
3.171.85.26
34.107.254.252
34.196.12.18
34.215.81.112
34.49.241.189
34.96.71.22
35.244.154.8
52.51.180.248
52.8.65.43
68.67.160.132
99.84.188.65
01be49b47924758c8be361cda908ee992c10cc1c41e29006e0cea8a795757390
05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568
0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3
0e34bdd06d72971f987a3c2d4bfe225316929cc2c051cb25ebc4094e89594fc7
0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741
10f98c4e25928dd7b7b3f8a5a821d8cb5fb2f3cb93437d64af70814f94f574b6
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
160b6b9690833ef42cd5f35046a391ec3efc97f2a30f7effc8f7e39ef72dabe2
177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1df6857ef57274cadd68cf84cf98e2045a6f86061823ca822a7d663312d0ab9b
1e4c3de3ec3ec95c33bdf635ae9cace7af833c5dd8ddcc694dcc278d6b300ebb
1ea8d301861a76b1dd121f73655d787b3a178d25cae06f649409f933e3cee1a7
1f1edcf201dd193a9c8a75c631d8883e5cc2c1b279ad41f41bb8e36e15879b67
226de29c28689989af7579b776443da2c8229442b035bfe2d8f19a8593899b7a
240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78
2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822
2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc
2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494
357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8
35c964e11eb3aeb98e52a8235c4b4a522537990b32f94c6ce13570744a88e499
36a686742dba3ee6b42990138e7328d5317781c226469b21d1534959d293452e
3775aaf637f98b3458e5c6693e618184d99dbbf17d21013593b3cf2868aaacd4
39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c
3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8
3aed8faf65c941e7321f9d2e33be33926f2826887c8aef610d24b901c54ba3f8
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c36553c2c122bb9fcd5d10e6e2cb7ecae3ed843fc4316b5040b2e0c9f4b1220
3e08c6884eb820f329f8e71fb9b3231933021788c6fba2afc158d094ad25b10c
401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c
419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd
47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820
47d7b4c0c89be3f4592a5a9aa49e00010149cf943d4d3c3e8e6651927767e23a
48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4
4be5befed9a7fa22155cebd61ea16b7aee4ac4861cd749793f39d33e11becd35
53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017
54b3e4c319fb99c631ffd50cf7308ed0d10e78eb2e7ae6190f960c27418399fe
597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259
5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee
5ab38b2ff812346896e7ede0b19021015f08cc21c2899b4460ddd5e8a1739a9b
5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7
62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8
646a6a25c9f56be3efb0c5c4ba0e10cfaaf2bb2c8b2a3511d375df2c7691058a
64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1
6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0
6bb463ac36ef12be8174c2e51d47888cc8f8439f48676a2bf7698e9dd15e9384
6e0f30e660d7a31385f5965dfc0e2f0c0d13cecab111ea5007d6c1101354a60e
77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
77dee039c7aa7168c7212a2bfbb30a837eb6e5e8f50265037934a8b54f66f0ad
788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70
78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47
7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3
7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851
80c6a481ee869ad9d91596cef1fc2cc8e99a7e29b2fa8c97db1bb1d1ffc09f95
81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0
822aed47a697175f28eae0d3802ebe10d6bf53d1aea47aa3084a24ec30714cc1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a
96388b6eb917417de3b1bd8d1032b9e4a9ac154e6fef11f73370747010301e45
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98c260d51c49c7d2d3ca854a42f93544821d60ce96da71e849ae624d2efd755d
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5
9f6331a2668773c2c297dd182dc9a409a8a06ce9fc55c53bdf0bf2a11ac6609e
a0af388c99cbfc8767f427c138ce0b4933a1e0253c173dd5ac933ecdd0857d5c
a2db06993a81eb3ebd33897015d64c8ab5c9fcad5c3f8c4ad9329bce36440c4c
a9e1fde6240e3a5a6abc36edfe07c9e6204b687100edadd3d70fb77e9560ca96
ac81aabb62adb62f98deccb9c38d5f12b0d74aa466d8760bf0bbdb2266b8d259
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0d191e37e74e83b242c180f6b17881dd5a6ae40522257f461eae3bcf66d7a22
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a
b6db76366fdb316e92890d326c4d10141034c01e7cd0d999e953cb79661f5a82
bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04
c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5
c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc
c5b0620d2a8ec46590365d3e1ee74db052aa559b3d5e49a0b22320f580ffcd37
c744ac2a6402fc1dab7ce5f4c90333507a74d3fde63f342cbc23f862e5c8d246
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d031610a8da54c71f8c69b599d41b0103088d39dd5647e6a416c302f3a1daa48
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35
d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c
d32796a4bad4ba11ccd613acbfb34d437914dd9a411c39ab232d903f40f947a8
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3
d74bdb691409ac89ce4d994b39173d7b8913394158e01bf6856dc84004bfa800
dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1d8f0ae2dfede07947ad50ad652b7f8c106b2c26bc5f30c245246c2235e3a63
f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42
f6276740979e4a4e4528cd977b22b03a402d4f102fed8aca5140c4ad93690a51
f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182
faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c
fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc
fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a

www.bitsight.com Open in urlscan Pro 2606:4700:10::ac43:60f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

142 Requests

95 %HTTPS

45 %IPv6

38 Domains

61 Subdomains

57 IPs

3 Countries

1917 kBTransfer

5596 kBSize

94 Cookies

21 Outgoing links

Redirected requests

142 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bitsight.com Open in urlscan Pro
2606:4700:10::ac43:60f Public Scan

Screenshot
Live screenshot

Full Image

142
Requests

95 %
HTTPS

45 %
IPv6

38
Domains

61
Subdomains

57
IPs

3
Countries

1917 kB
Transfer

5596 kB
Size

94
Cookies

142 HTTP transactions
1 data transactions