www.bitsight.com Open in urlscan Pro
2606:4700:10::6816:4bf2  Public Scan

21 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQL6eOnDizn1HgAAAZOWGiwNKY65Uv53QS9Gy9zY87QBjOGvr4Qmi-QKGrwAybgSuQ

Request Chain 80

• https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Request Chain 82

• https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= HTTP 303
• https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67516f2678b5920001232265%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= HTTP 302
• https://map.go.affec.tv/map/an/3838950950259009255?ch=67516f2678b5920001232265&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= HTTP 303
• https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=

Request Chain 87

• https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

131 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request proxyam-powered-socks5systemz-botnet Show response www.bitsight.com/blog/	137 KB 23 KB	491ms 458ms	Document text/html	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7ccf1ab4f15baed530075900121015d65f1c8176b440b7e0463cf6b2fa08025a Security Headers Name Value Content-Security-Policy report-uri /report-csp-violation Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers age 73173 cache-control max-age=31536000, public cf-cache-status DYNAMIC cf-ray 8ed2ee45ed46910d-FRA content-encoding br content-language en content-security-policy report-uri /report-csp-violation content-type text/html; charset=UTF-8 date Thu, 05 Dec 2024 09:15:17 GMT expires Sun, 19 Nov 1978 05:00:00 GMT last-modified Wed, 04 Dec 2024 12:55:43 GMT link <analytics.google.com>; rel="dns-prefetch", <js.driftt.com>; rel="dns-prefetch", <rackingapi.trendemon.com>; rel="dns-prefetch", <tags.srv.stackadapt.com>; rel="dns-prefetch", <cdn.optimizely.com>; rel="dns-prefetch", <js.hs-scripts.com>; rel="dns-prefetch", <logx.optimizely.com>; rel="dns-prefetch", <metrics.hotjar.io>; rel="dns-prefetch", <bootstrap.driftapi.com>; rel="dns-prefetch", <ka-p.fontawesome.com>; rel="dns-prefetch", <audioeye.com>; rel="dns-prefetch", <googletagmanager.com>; rel="dns-prefetch", <permutive.com>; rel="dns-prefetch", <hotjar.com>; rel="dns-prefetch", <analytics.google.com>; rel="preconnect", <js.driftt.com>; rel="preconnect", <rackingapi.trendemon.com>; rel="preconnect", <consent.trustarc.com>; rel="preconnect", <cdn.optimizely.com>; rel="preconnect", <js.hs-scripts.com>; rel="preconnect", <metrics.hotjar.io>; rel="preconnect", <logx.optimizely.com>; rel="preconnect", <bootstrap.driftapi.com>; rel="preconnect", <ka-p.fontawesome.com>; rel="preconnect", <tags.srv.stackadapt.com>; rel="preconnect", <audioeye.com>; rel="preconnect", <googletagmanager.com>; rel="preconnect", <permutive.com>; rel="preconnect", <hotjar.com>; rel="preconnect", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2>; rel="prefetch", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://kit.fontawesome.com/bc8e4d7021.js>; rel="prerender", <https://js-agent.newrelic.com/nr-rum-1.255.0.min.js>; rel="prerender" referrer-policy no-referrer-when-downgrade server cloudflare strict-transport-security max-age=2592000; includeSubDomains surrogate-key tilu alec 15nq bh81 qknc 135a t5be 1rv1 4iqj 2h09 k5im 7bmp epgs ffa2 tapm s1so lgqj d7d6 1971 6ehj gaf3 77td jufg knej sheu khoj 4n5i cj78 vja0 ka5u 78t5 6dsl ldc7 snk9 tib3 rjqv tjhs n16q keo3 rl04 p93v vcdf e79l u1q5 gsd9 lira nl66 jro7 in6f h29v iu4c 3kis e6ki 2pbm 3t5u snd9 1cn6 omo7 o1kn 4539 uqdm k6vi dfem 98ql 5694 s3lt gub4 qb8d td07 bicd b452 cjqp 51mg q0pd 516e gfvc vfo5 urm3 2e20 1ovt ihaf 93fh ogvc 8775 4f2v acf4 1edt ql68 bsc4 3ukk ut71 kvo9 bsid i1hh m4ma 704t l0o5 ebeg 601f kfqg eit7 ig0p 4fu4 vq51 oauf snab trke e1j3 vary Cookie,Accept-Encoding via varnish x-ah-environment prod x-cache HIT x-cache-hits 458 x-content-type-options nosniff x-dns-prefetch-control on x-drupal-cache MISS x-drupal-dynamic-cache MISS x-frame-options SAMEORIGIN x-generator Drupal 10 (https://www.drupal.org) x-request-id v-12355ac6-b23f-11ef-9ed4-c71f3ab355bf x-xss-protection 1; mode=block
GET H3	200	S6uyw4BMUTPHjx4wXiWtFCc.woff2 fonts.gstatic.com/s/lato/v22/	0 14 KB	25ms 7ms	Other font/woff2	142.250.185.163 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.163 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s51-in-f3.1e100.net Software sffe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers age 5462 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Fri, 05 Dec 2025 07:44:15 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 07:44:15 GMT last-modified Wed, 26 Jan 2022 19:14:07 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 13976 x-xss-protection 0 server sffe
GET H2	200	pro-fa-light-300-0.woff2 ka-p.fontawesome.com/releases/v6.5.2/webfonts/	0 15 KB	116ms 30ms	Other font/woff2	2606:4700:4400::ac40:93bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=31556926 cf-cache-status HIT etag "660c2974-3c34" age 25780 cf-ray 8ed2ee4a0b65db12-FRA accept-ranges bytes access-control-allow-origin * content-length 15412 date Thu, 05 Dec 2024 09:15:17 GMT content-type font/woff2 last-modified Tue, 02 Apr 2024 15:51:16 GMT vary Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method server cloudflare
GET H2	200	26349430206.js Show response cdn.optimizely.com/js/	341 KB 98 KB	53ms 27ms	Script text/javascript	2606:4700::6812:4239 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.optimizely.com/js/26349430206.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6e0f30e660d7a31385f5965dfc0e2f0c0d13cecab111ea5007d6c1101354a60e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 86400 access-control-expose-headers x-amz-meta-revision content-encoding gzip cf-cache-status HIT etag "eee46996f3104e217506d7ec9355602d" x-amz-version-id waeRRqLXxD9Dq245ZbBIy_M4ALXIJOCN age 228 access-control-allow-methods GET, HEAD date Thu, 05 Dec 2024 09:15:17 GMT x-amz-meta-revision 9789 content-type text/javascript; charset=utf-8 last-modified Thu, 05 Dec 2024 08:43:18 GMT vary Accept-Encoding x-amz-id-2 dsYwdc98zry/aLyQpM1cchWe8eL0kLr/SLbrNIH6Zbie7+4+MzcuUUzW7Ul8D6Sfj6EY2G5VBvw= access-control-allow-headers * x-amz-replication-status PENDING cache-control max-age=120 timing-allow-origin * x-amz-meta-pci_enabled False access-control-allow-credentials false x-amz-request-id FMTW9EMWY8FC4AW2 cf-ray 8ed2ee499d305c3e-FRA accept-ranges bytes access-control-allow-origin * content-length 99509 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css www.bitsight.com/sites/default/files/css/	4 KB 1 KB	377ms 376ms	Stylesheet text/css	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/css/css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css?delta=0&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-dd24958a-a1dc-11ef-b328-4b413951eb8b content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Thu, 13 Nov 2025 16:31:57 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type text/css last-modified Wed, 13 Nov 2024 16:31:56 GMT vary Accept-Encoding x-cache-hits 1 strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee497f8f910d-FRA accept-ranges bytes content-length 1331 server cloudflare
GET H2	200	css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css www.bitsight.com/sites/default/files/css/	90 KB 14 KB	382ms 381ms	Stylesheet text/css	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-3e7b2ef4-a75d-11ef-b5b9-3b9319007506 content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Thu, 20 Nov 2025 16:28:37 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type text/css vary Accept-encoding x-cache-hits 90 last-modified Wed, 20 Nov 2024 16:31:02 GMT strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee497f90910d-FRA accept-ranges bytes content-length 14030 server cloudflare
GET H2	200	Products_EnterpriseSecurity.svg www.bitsight.com/sites/default/files/2024/04/27/	994 B 626 B	17ms 17ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_EnterpriseSecurity.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-b786ecd4-7fa8-11ef-9481-1b5ec7b809cb content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:28 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:46:48 GMT x-cache-hits 100880 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee497f91910d-FRA server cloudflare
GET H2	200	Products_DigitalSupplyChainSecurity.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 524 B	19ms 19ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_DigitalSupplyChainSecurity.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a69fc274-7fa8-11ef-877b-fbeec39b1bd6 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:52:59 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:48:47 GMT x-cache-hits 23611 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee497f93910d-FRA server cloudflare
GET H2	200	Products_RiskGovernanceReporting.svg www.bitsight.com/sites/default/files/2024/04/27/	712 B 435 B	20ms 19ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskGovernanceReporting.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6c1697e-7fa8-11ef-9814-9f6d8173264b content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:50:46 GMT x-cache-hits 23615 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee499fa2910d-FRA server cloudflare
GET H2	200	Products_RiskAnalysisData.svg www.bitsight.com/sites/default/files/2024/04/27/	630 B 373 B	17ms 17ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskAnalysisData.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6c0da36-7fa8-11ef-94a5-9b29320aef23 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:52:21 GMT x-cache-hits 104175 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee499fa4910d-FRA server cloudflare
GET H2	200	Products_CyberUnderwritingRiskControl.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 780 B	23ms 23ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_CyberUnderwritingRiskControl.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-f34c8864-7fa8-11ef-8482-57e570e1542b content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:53:11 GMT x-cache-hits 25498 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee49bfbf910d-FRA server cloudflare
GET H2	200	Produ_ProfessionalServices.svg www.bitsight.com/sites/default/files/2024/04/27/	2 KB 1 KB	21ms 19ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Produ_ProfessionalServices.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6c92308-7fa8-11ef-872d-eb8599d7fd7a content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:53:52 GMT x-cache-hits 25683 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4817910d-FRA server cloudflare
GET H2	200	Sidebar_LightBulb.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 695 B	21ms 18ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6c8145e-7fa8-11ef-924b-9bfb53e6eac2 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:45:47 GMT x-cache-hits 25557 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4818910d-FRA server cloudflare
GET H2	200	Solutions_UseCases.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 716 B	21ms 19ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_UseCases.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-e257d0ae-7fa8-11ef-8269-ff9c3df23ac0 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:54:40 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:56:37 GMT x-cache-hits 25556 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4819910d-FRA server cloudflare
GET H2	200	Solutions_Industries.svg www.bitsight.com/sites/default/files/2024/04/27/	864 B 556 B	21ms 19ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_Industries.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-74d30a66-7fa9-11ef-b271-0bd2091ed138 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:58:45 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:59:41 GMT x-cache-hits 99420 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a481a910d-FRA server cloudflare
GET H2	200	DataInsights_OurData.svg www.bitsight.com/sites/default/files/2024/04/27/	725 B 514 B	36ms 33ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_OurData.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-f34c9ab6-7fa8-11ef-92e4-8fa4f11831e7 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:58 GMT x-cache-hits 23031 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a481c910d-FRA server cloudflare
GET H2	200	DataInsights_ThreatResearch.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 496 B	33ms 31ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_ThreatResearch.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6caccd0-7fa8-11ef-aa41-4b8b2ca970f6 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:18:18 GMT x-cache-hits 74831 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a481d910d-FRA server cloudflare
GET H2	200	Sidebar_Bell.svg www.bitsight.com/sites/default/files/2024/04/27/	766 B 508 B	35ms 33ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6ca8482-7fa8-11ef-a322-7fc9536fcc05 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:56:47 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:01 GMT x-cache-hits 23213 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a481f910d-FRA server cloudflare
GET H2	200	Company_AboutUs.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 608 B	35ms 33ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Company_AboutUs.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-2e06863a-7fa9-11ef-b5e1-5f78105553e7 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:07:02 GMT x-cache-hits 24979 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4820910d-FRA server cloudflare
GET H2	200	Company_ConnectWithUs.svg www.bitsight.com/sites/default/files/2024/04/27/	745 B 399 B	39ms 37ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Company_ConnectWithUs.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6d0fa06-7fa8-11ef-b7ae-bfa105ebdffd content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:58:45 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:09:14 GMT x-cache-hits 25022 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4821910d-FRA server cloudflare
GET H2	200	Resources_Resources.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 756 B	44ms 42ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Resources.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6cdb79c-7fa8-11ef-83ef-8b8478498df7 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:12:47 GMT x-cache-hits 24889 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4825910d-FRA server cloudflare
GET H2	200	Resources_Blog.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 601 B	43ms 42ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Blog.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-fe3e93f2-7fa8-11ef-ba97-23094562eabd content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:26 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:14:49 GMT x-cache-hits 22847 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4826910d-FRA server cloudflare
GET H2	200	Sidebar_QuoteBubble.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 695 B	36ms 34ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_QuoteBubble.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-a6caaa5c-7fa8-11ef-bbdb-f3bafa73eef0 content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:16:50 GMT x-cache-hits 99174 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4827910d-FRA server cloudflare
GET H2	200	PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/	55 KB 55 KB	36ms 35ms	Image image/webp	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/11/25/PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20hero.webp?itok=hxzltWNB Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f6331a2668773c2c297dd182dc9a409a8a06ce9fc55c53bdf0bf2a11ac6609e Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-04122de4-b1b2-11ef-afec-973ef4287f84 cf-cache-status HIT age 2 x-content-type-options nosniff expires Wed, 03 Dec 2025 20:06:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/webp last-modified Mon, 25 Nov 2024 18:07:12 GMT x-cache-hits 3 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a4829910d-FRA accept-ranges bytes content-length 56146 server cloudflare
GET H2	200	Favorable_TermScout.svg www.bitsight.com/sites/default/files/2024/10/10/	16 KB 5 KB	44ms 42ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/10/10/Favorable_TermScout.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-6a294578-8754-11ef-a229-9bd6dffacbad content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Fri, 10 Oct 2025 21:05:11 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Thu, 10 Oct 2024 21:05:11 GMT x-cache-hits 5638 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a482a910d-FRA server cloudflare
GET H2	200	email-decode.min.js Show response www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/	1 KB 818 B	21ms 20ms	Script application/javascript	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=172800, public content-encoding gzip etag W/"6740aa56-4d7" x-content-type-options nosniff cf-ray 8ed2ee49bfc1910d-FRA expires Sat, 07 Dec 2024 09:15:17 GMT date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript last-modified Fri, 22 Nov 2024 15:59:18 GMT vary Accept-Encoding server cloudflare x-frame-options DENY
GET H2	200	js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js Show response www.bitsight.com/sites/default/files/js/	92 KB 32 KB	16ms 16ms	Script text/javascript	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/js/js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js?scope=footer&delta=0&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-dd6e4568-a1dc-11ef-a7e0-276479788c1f content-encoding gzip cf-cache-status HIT age 17 x-content-type-options nosniff expires Thu, 13 Nov 2025 16:32:25 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type text/javascript last-modified Wed, 13 Nov 2024 16:31:05 GMT vary Accept-Encoding x-cache-hits 2 strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee49efde910d-FRA accept-ranges bytes content-length 32455 server cloudflare
GET H2	200	277648.js Show response js.hs-scripts.com/	1 KB 971 B	49ms 25ms	Script application/javascript	2606:4700::6810:8ad1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/277648.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 594098e9d49ae500c449d697ef26e380b83b6470713dfee9abce171703a10f6c Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT age 17 x-content-type-options nosniff expires Thu, 05 Dec 2024 09:16:47 GMT date Thu, 05 Dec 2024 09:15:17 GMT x-hubspot-correlation-id 1239faa2-057a-4819-a3ea-e8351945c6a2 content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Thu, 05 Dec 2024 09:15:00 GMT cache-control public, max-age=90 access-control-allow-credentials true cf-ray 8ed2ee4a6f35917c-FRA accept-ranges bytes access-control-allow-origin https://www.bitsight.com content-length 599 server cloudflare
GET H2	200	js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js Show response www.bitsight.com/sites/default/files/js/	55 KB 14 KB	23ms 23ms	Script text/javascript	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/js/js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js?scope=footer&delta=2&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-11b18bfa-a1dd-11ef-acbc-eb4a9e6e234d content-encoding gzip cf-cache-status HIT age 17 x-content-type-options nosniff expires Thu, 13 Nov 2025 16:33:52 GMT x-cache MISS date Thu, 05 Dec 2024 09:15:17 GMT content-type text/javascript last-modified Wed, 13 Nov 2024 16:31:57 GMT vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4a3811910d-FRA accept-ranges bytes content-length 14340 server cloudflare
GET H2	200	geo4.js Show response cdn3.optimizely.com/js/	294 B 314 B	76ms 31ms	Script application/javascript	172.64.152.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn3.optimizely.com/js/geo4.js Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/26349430206.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.152.14 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 778d35c51cacb056bac5a104840ea7d9b90b405ed3d3f86e757893f1f082bf1c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cf-ray 8ed2ee4a88509a1d-FRA content-encoding br date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript vary Accept-Encoding server cloudflare
GET H2	200	gtm.js Show response www.googletagmanager.com/	449 KB 135 KB	152ms 108ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 6750ffefd9cc2a24226c0d82322709d29e36e4b455b6e4dddb4123b570f2ba68 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],} expires Thu, 05 Dec 2024 09:15:17 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 05 Dec 2024 09:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 137941 x-xss-protection 0 server Google Tag Manager
GET H2	200	a26349430206.html a26349430206.cdn.optimizely.com/client_storage/ Frame 745A	0 0	60ms 26ms	Document text/html	2606:4700::6812:4239 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/26349430206.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 228 cache-control max-age=120 cf-cache-status HIT cf-ray 8ed2ee4aabf9d379-FRA content-encoding gzip content-length 775 content-type text/html; charset=utf-8 date Thu, 05 Dec 2024 09:15:17 GMT etag "a3598c338cd40df7862b7fd121a25166" last-modified Thu, 05 Dec 2024 08:43:13 GMT server cloudflare server-timing cfCacheStatus;desc="HIT" vary Accept-Encoding x-amz-id-2 PuowODAJjmtX7kYqFpJ5vfly1eSXg1cdHXwMkgSnvvTusHzqCP9SPcwfCy754vO8/wQHt+WixOI= x-amz-meta-pci_enabled False x-amz-replication-status COMPLETED x-amz-request-id RSJ19AR3W6YX7PFE x-amz-server-side-encryption AES256 x-amz-version-id R5b9U46mzplne.MXw6nbsC9Kqzy7Rcfs
GET H2	200	notice Show response consent.trustarc.com/	34 KB 11 KB	58ms 40ms	Script text/javascript	13.225.78.57 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.57 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-57.fra2.r.cloudfront.net Software / Resource Hash 7d2d32914f9a937d5ce9eab02a5dcf5927a08d0695c52382c29a980ba6d6c9d2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control max-age=3600 content-encoding gzip via 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront) x-cache Miss from cloudfront x-amz-cf-id xYsJ8NMwTWjZqU3B2QiGkcP_IKugsbryPhBBVxVCE-CIy6ABTDAdZQ== date Thu, 05 Dec 2024 09:15:17 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding, Origin x-amz-cf-pop FRA2-C2
POST H3	200	collect www.google.com/ccm/	0 0	33ms 17ms	Ping text/plain	142.250.185.68 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&scrsrc=www.googletagmanager.com&frm=0&rnd=497044561.1733390118&auid=1804342848.1733390118&npa=1&gtm=45He4c30v76025611za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&tft=1733390117682&tfd=934&apve=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.68 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f4.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	72ms 7ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67D4) / Resource Hash 240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control max-age=86400 content-encoding gzip etag "4797a1a44a3cdb1:0" age 43186 accept-ranges bytes x-cache HIT content-length 25393 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/x-javascript last-modified Thu, 21 Nov 2024 19:22:02 GMT server ECS (frb/67D4) vary Accept-Encoding
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	2 KB 1006 B	63ms 8ms	Script application/javascript	2a02:26f0:480:15::213:7e63 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:15::213:7e63 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=50205 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 796 date Thu, 05 Dec 2024 09:15:17 GMT last-modified Mon, 02 Dec 2024 19:28:43 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	32ms 7ms	Script text/javascript	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip age 2032 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],} x-content-type-options nosniff expires Thu, 05 Dec 2024 10:41:25 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 08:41:25 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT content-type text/javascript vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=7200 cross-origin-resource-policy cross-origin content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0 cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 20994 server Golfe2
GET H2	200	destination Show response www.googletagmanager.com/gtag/	260 KB 92 KB	25ms 25ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 98c3022c08f44014ebcc6778aa0522fb5947101d7d020b78dd0531f120c30182 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Thu, 05 Dec 2024 09:15:17 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 05 Dec 2024 09:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 94243 x-xss-protection 0 server Google Tag Manager
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	43 KB 13 KB	68ms 14ms	Script application/javascript	2a04:4e42:400::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control public, max-age=60 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip etag "1a001f3a066bff47a766099b87253911" report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 12220 date Thu, 05 Dec 2024 09:15:17 GMT last-modified Mon, 18 Nov 2024 21:16:35 GMT content-type application/javascript vary Accept-Encoding,Origin server snooserv x-amz-server-side-encryption AES256
GET H/1.1	200 OK	js Show response pixel.mathtag.com/event/	161 B 712 B	329ms 106ms	Script text/javascript	216.200.232.253 PAEDAE-INC
General Check archive.org Show headers Download Go to Full URL https://pixel.mathtag.com/event/js?mt_pp=1&mt_adid=222552 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.200.232.253 Frederick, United States, ASN30419 (PAEDAE-INC, US), Reverse DNS Software MT3 1688 76e1918 master ord ord-pixel-x51 config_version:"3175" / Resource Hash 98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457 Security Headers Name Value Strict-Transport-Security 31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers Strict-Transport-Security 31536000 Cache-Control no-cache Content-Encoding gzip Connection close Cross-Origin-Resource-Policy cross-origin Referrer-Policy strict-origin X-Content-Type-Options nosniff X-Permitted-Cross-Domain-Policies all Access-Control-Allow-Origin * P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Date Thu, 05 Dec 2024 09:15:17 GMT X-XSS-Protection 0 Content-Type text/javascript Server MT3 1688 76e1918 master ord ord-pixel-x51 config_version:"3175"
GET H2	200	7127e84810857c8d.min.js Show response tag.demandbase.com/	76 KB 20 KB	68ms 9ms	Script application/javascript	18.245.60.71 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.demandbase.com/7127e84810857c8d.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.71 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-71.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip x-amz-version-id v05QvrvxRI0VOl7C8T2uZsSJ_x4PrkcB etag W/"dc57eab4525914a6ed3317a7f6046ff8" age 1202 x-cache Hit from cloudfront x-amz-cf-id riohIShwp_Dg7Vw_2N7nkd9WuKnwAa4FWloMkcdoiLpSjePh-2vbgQ== date Thu, 05 Dec 2024 08:56:28 GMT content-type application/javascript; charset=utf-8 vary accept-encoding last-modified Fri, 15 Nov 2024 20:20:16 GMT strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=3600 via 1.1 2b92d172bc628dd9c34a8c262218ac02.cloudfront.net (CloudFront) permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-pop FRA60-P5 server AmazonS3 x-amz-server-side-encryption AES256
GET H3	200	nB5wHQT3fvQHVI5gp4PL Show response ws.zoominfo.com/pixel/	3 KB 2 KB	216ms 195ms	Script text/javascript	104.16.118.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/nB5wHQT3fvQHVI5gp4PL Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 76229b97b88c5e4e61c73e918f24365c0df4e355d96f4eba117967a77e87e255 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-robots-tag noindex, nofollow content-encoding gzip cf-cache-status DYNAMIC access-control-allow-credentials true x-content-type-options nosniff via 1.1 google cf-ray 8ed2ee4bbb26d35a-FRA access-control-allow-origin * alt-svc h3=":443"; ma=86400 date Thu, 05 Dec 2024 09:15:17 GMT content-type text/javascript vary Accept-Encoding x-powered-by Express server cloudflare access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	40ms 9ms	Script text/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip age 4226 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],} x-content-type-options nosniff expires Thu, 05 Dec 2024 10:04:51 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 08:04:51 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT content-type text/javascript vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=7200 cross-origin-resource-policy cross-origin content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0 cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 17168 server Golfe2
GET H2	200	events.js Show response tags.srv.stackadapt.com/	22 KB 8 KB	124ms 100ms	Script text/javascript	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/events.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash 13a6ada1803d3ef1978272bf66cd971121ee425107ff00fad4e7c96c63ed11d6 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-origin * cache-control max-age=5 content-encoding gzip date Thu, 05 Dec 2024 09:15:17 GMT content-type text/javascript
GET H2	200	sw_iframe.html www.googletagmanager.com/static/service_worker/4c30/ Frame 5E72	0 0	30ms 8ms	Document text/html	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 141376 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 1476 content-type text/html cross-origin-opener-policy same-origin; report-to="analytics-container-tag-serving" cross-origin-resource-policy cross-origin date Tue, 03 Dec 2024 17:59:01 GMT expires Wed, 03 Dec 2025 17:59:01 GMT last-modified Tue, 03 Dec 2024 10:18:00 GMT report-to {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]} server sffe service-worker-allowed /static/service_worker vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
POST H2	200	collect Show response www.google-analytics.com/j/	3 B 422 B	15ms 14ms	XHR text/plain	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1361803931&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&ul=de-de&de=UTF-8&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=581985432&gjid=1838693691&cid=788295503.1733390118&tid=UA-36272386-4&_gid=836713720.1733390118&_r=1&_slc=1&gtm=45He4c30n81MZ2J8ZGv76025611za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&npa=1&z=646253126 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],} x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:17 GMT last-modified Sun, 17 May 1998 03:00:00 GMT content-type text/plain cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0 access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 3 server Golfe2
GET H2	200	p.css p.typekit.net/	5 B 172 B	58ms 8ms	Stylesheet text/css	2a02:26f0:3500:8::c16c:9908 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=dws7syq&ht=tk&f=39488.39489.39490.39491.39492.39493.39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509&a=212160357&app=typekit&e=css Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Response headers cache-control public, max-age=604800 etag "674c5a4a-5" cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 5 date Thu, 05 Dec 2024 09:15:17 GMT content-type text/css last-modified Sun, 01 Dec 2024 12:44:58 GMT server nginx
GET H2	200	__utm.gif ssl.google-analytics.com/r/	35 B 410 B	20ms 20ms	Image image/gif	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1654924619&utmhn=www.bitsight.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=de-de&utmje=0&utmfl=-&utmdt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&utmhid=1361803931&utmr=-&utmp=%2Fblog%2Fproxyam-powered-socks5systemz-botnet&utmht=1733390117767&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D15825701.788295503.1733390118.1733390118.1733390118.1%3B%2B__utmz%3D15825701.1733390118.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1172643439&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAABAAAE~ Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],} x-content-type-options nosniff content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0 expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 35 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:17 GMT last-modified Sun, 17 May 1998 03:00:00 GMT content-type image/gif server Golfe2
GET H2	200	v1.7-38 Show response consent.trustarc.com/asset/notice.js/v/	95 KB 28 KB	30ms 9ms	Script text/javascript	13.225.78.57 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/asset/notice.js/v/v1.7-38 Requested by Host: consent.trustarc.com URL: https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.57 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-57.fra2.r.cloudfront.net Software / Resource Hash bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers * content-encoding gzip age 2394 x-cache Hit from cloudfront x-amz-cf-id LAP2Ps7ydyWE8mKB6guPMIH17uBNknI_LnLDs69-bYlwTNT_LljnXQ== date Thu, 05 Dec 2024 08:35:23 GMT content-type text/javascript last-modified Thu, 5 Dec 2024 02:35:55 GMT vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains cache-control max-age=2592000 pragma public via 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront) access-control-allow-origin * content-length 28264 x-amz-cf-pop FRA2-C2
GET H2	200	log consent.trustarc.com/	43 B 428 B	41ms 41ms	Image image/gif	13.225.78.57 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/log?domain=bitsighttech.com&country=de&state=&behavior=implied&session=9d6bea3b-6c6e-4555-8700-47b65511e26b&userType=NEW&c=41f9&referer=https://www.bitsight.com&language=de Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.57 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-57.fra2.r.cloudfront.net Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache via 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront) expires Mon, 26 Jul 1997 05:00:00 GMT x-cache Miss from cloudfront content-length 43 x-amz-cf-id XJvIQgR72H7_eW5xfmT9tqQg_9fKnwnwiF92y4mrMu3z0gUgVX1XJQ== date Thu, 05 Dec 2024 09:15:17 GMT content-type image/gif x-amz-cf-pop FRA2-C2 vary Origin
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	17ms 17ms	Script application/javascript	2a02:26f0:480:15::213:7e63 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:15::213:7e63 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=34893 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 14628 date Thu, 05 Dec 2024 09:15:17 GMT last-modified Mon, 02 Dec 2024 10:13:56 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_dy92zhkbx/	3 B 124 B	57ms 18ms	XHR application/json	151.101.65.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_dy92zhkbx/config Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=14400 content-encoding gzip via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 27 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/json
GET H2	200	t2_dy92zhkbx_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	52ms 24ms	XHR application/json	2a04:4e42:400::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_dy92zhkbx_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=300 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 98 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/json vary Accept-Encoding,Origin server snooserv
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	139ms 101ms	Image image/gif	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1733390117774&id=t2_dy92zhkbx&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=b1bc5fa8-b005-4290-9581-a10327680358&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc= Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} retry-after 0 cross-origin-resource-policy cross-origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes content-length 42 date Thu, 05 Dec 2024 09:15:17 GMT content-type image/gif server Varnish
GET H2	200	sync s.company-target.com/s/ Frame 526A	0 0	145ms 98ms	Document text/html	34.96.71.22 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://s.company-target.com/s/sync?exc=lr Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/7127e84810857c8d.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 22.71.96.34.bc.googleusercontent.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-methods GET,OPTIONS alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 634 content-type text/html; charset=UTF-8 date Thu, 05 Dec 2024 09:15:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	49ms 16ms	Image text/plain	35.244.174.68 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Thu, 05 Dec 2024 09:15:17 GMT
POST H2	200	ip.json Show response api.company-target.com/api/v3/	475 B 1 KB	95ms 63ms	XHR application/json	18.66.102.75 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&page_title=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/7127e84810857c8d.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.75 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-75.fra56.r.cloudfront.net Software nginx / Resource Hash 4f5c99d184876f33a61ddbbacfaebf9e06351b4211c0fba688d907d6cbc8009f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 7200 access-control-expose-headers x-amz-cf-id content-encoding gzip identification-source CENTRAL access-control-allow-methods GET, POST, OPTIONS request-id 22c096cd-7d83-4872-8177-41c8031da42d expires Wed, 04 Dec 2024 09:15:17 GMT x-cache Miss from cloudfront x-amz-cf-id 8fXM-Q4OLMP33LOL_Gan1lyTNc5VGEBUkcyu7kHw1Pe4XegLBog3PA== date Thu, 05 Dec 2024 09:15:17 GMT content-type application/json;charset=utf-8 vary Accept-Encoding, Origin access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache api-version v3 access-control-allow-credentials true via 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront) access-control-allow-origin https://www.bitsight.com x-amz-cf-pop FRA56-P2 server nginx
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 815 B	163ms 128ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-li-pop afd-prod-lva1-x content-encoding gzip x-fs-uuid 00062882563bb3b0a30cbb494e92605a x-msedge-ref Ref A: 491E507EDB724A0196F1417247FDE351 Ref B: DUS30EDGE0909 Ref C: 2024-12-05T09:15:17Z x-li-fabric prod-lva1 x-restli-protocol-version 1.0.0 access-control-allow-methods GET, OPTIONS x-li-uuid AAYoglY7s7CjDLtJTpJgWg== x-li-proto http/2 access-control-allow-origin * x-cache CONFIG_NOCACHE date Thu, 05 Dec 2024 09:15:17 GMT content-type application/json access-control-allow-headers *
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQL6eOnDizn1HgAAAZOWGiwNKY65Uv53...	0 266 B	220ms 156ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQL6eOnDizn1HgAAAZOWGiwNKY65Uv53QS9Gy9zY87QBjOGvr4Qmi-QKGrwAybgSuQ Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers linkedin-action 1 x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 4DCC4250BE41438485BAC2CF3A48A406 Ref B: DUS30EDGE0712 Ref C: 2024-12-05T09:15:18Z x-li-fabric prod-ltx1 x-li-uuid AAYoglY/XfdUr2S8ZqQEMg== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript Redirect headers linkedin-action 1 x-li-pop afd-prod-ltx1-x location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1733390117793&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&e_ipv6=AQL6eOnDizn1HgAAAZOWGiwNKY65Uv53QS9Gy9zY87QBjOGvr4Qmi-QKGrwAybgSuQ x-msedge-ref Ref A: 749566F2A2314C15A702EABC32CB9EAC Ref B: FRAEDGE1822 Ref C: 2024-12-05T09:15:17Z x-li-fabric prod-ltx1 x-li-uuid AAYoglY7/A6BNo0Gty6xwg== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 05 Dec 2024 09:15:17 GMT
GET H2	200	l use.typekit.net/af/0230dd/00000000000000007735bb33/30/	26 KB 26 KB	62ms 16ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/0230dd/00000000000000007735bb33/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "5bb33ae2a954c4b3b528681f85ecbf7624532fad" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 26356 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	point-of-precision.svg www.bitsight.com/themes/custom/bitsight_theme/src/assets/	327 B 378 B	17ms 16ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/themes/custom/bitsight_theme/src/assets/point-of-precision.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Response headers x-request-id v-2d977cb8-7fa9-11ef-89da-9f2db6ff5586 content-encoding br cf-cache-status HIT age 16 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:17 GMT content-type image/svg+xml last-modified Tue, 24 Sep 2024 14:17:53 GMT x-cache-hits 21841 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4c6946910d-FRA server cloudflare
GET H2	200	l use.typekit.net/af/305037/00000000000000007735bb39/30/	27 KB 27 KB	55ms 9ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/305037/00000000000000007735bb39/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "4af6f044e86b0a30d1aa7c5babe16808274dd9a8" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 27780 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/160664/00000000000000007735bb32/30/	28 KB 28 KB	63ms 17ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/160664/00000000000000007735bb32/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "a0a5b94f1d2bb67123bf96637186b77b73341264" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 28612 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/384d9b/00000000000000007735bb6a/30/	25 KB 25 KB	70ms 24ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "23427917d6d72688888854d7151dc7962d8d8301" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 25828 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/aed66e/00000000000000007735bb35/30/	27 KB 27 KB	71ms 25ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/aed66e/00000000000000007735bb35/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "9e3369ea7ed88f1e4a8a12a637f7348f31af57ce" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 27892 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/153042/00000000000000007735bb62/30/	24 KB 24 KB	58ms 13ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "b0d46bd3fb22c6c06785f44e1a131be6878e0485" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 24460 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/	23 KB 23 KB	53ms 8ms	Font application/font-woff2	2a02:26f0:480:f::213:7ece AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "11d02edbb0e1552504cdb4512876b33f0c02dcaf" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 23256 date Thu, 05 Dec 2024 09:15:17 GMT content-type application/font-woff2 server nginx
GET H2	200	Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png www.bitsight.com/sites/default/files/2024/11/25/	14 KB 14 KB	395ms 393ms	Image image/png	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/11/25/Image%201-%20The%20login%20page%20of%20the%20Socks5systemz%20backend%2C%20or%20C2%2C%20panel_.png Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a9e1fde6240e3a5a6abc36edfe07c9e6204b687100edadd3d70fb77e9560ca96 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-1c77d1b4-b189-11ef-aad4-630df52333fd cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 03 Dec 2025 15:13:11 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:18 GMT content-type image/png last-modified Mon, 25 Nov 2024 18:27:27 GMT x-cache-hits 3 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4c7956910d-FRA accept-ranges bytes content-length 14184 server cloudflare
GET H2	200	Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png www.bitsight.com/sites/default/files/2024/11/25/	39 KB 39 KB	429ms 427ms	Image image/png	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/11/25/Image%202-%20Archived%20post%20from%202013%20%20on%20forum%20XSS%2C%20where%20actor%20BaTHNK%20sells%20a%20SOCKS5%20backconnect%20system_.png Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 54b3e4c319fb99c631ffd50cf7308ed0d10e78eb2e7ae6190f960c27418399fe Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-1f09ae2e-b176-11ef-a78c-779f9417ee17 cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 03 Dec 2025 12:57:15 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:18 GMT content-type image/png last-modified Mon, 25 Nov 2024 18:28:42 GMT x-cache-hits 3 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4c7958910d-FRA accept-ranges bytes content-length 39752 server cloudflare
GET H2	200	KEV-research-white-paper-ad.svg www.bitsight.com/sites/default/files/2024/09/20/	167 KB 111 KB	422ms 420ms	Image image/svg+xml	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/09/20/KEV-research-white-paper-ad.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-aa781222-7fab-11ef-95a5-43a595f8dfd4 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 01 Oct 2025 03:53:00 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:18 GMT content-type image/svg+xml last-modified Fri, 20 Sep 2024 19:03:54 GMT x-cache-hits 1825 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4c7959910d-FRA server cloudflare
GET H2	200	banner.js Show response js.hs-banner.com/v2/277648/	72 KB 23 KB	40ms 18ms	Script application/javascript	2606:4700:4400::ac40:9310 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/277648/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 969ae0c7e79765987eeb54acb544057c9e0497df6e1de6366c8954aade2011ea Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-max-age 604800 x-request-id 027e734d-9304-40ad-87b4-42dc4801c3d3 access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing content-encoding gzip cf-cache-status HIT age 16 x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD expires Thu, 05 Dec 2024 09:20:00 GMT x-evy-trace-listener listener_http, listener_https date Thu, 05 Dec 2024 09:15:17 GMT x-hubspot-correlation-id 027e734d-9304-40ad-87b4-42dc4801c3d3 content-type application/javascript; charset=utf-8 vary origin, Accept-Encoding last-modified Fri, 20 Sep 2024 08:18:07 GMT access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator, envoyset-translator x-evy-trace-served-by-pod iad02/private-hubapi-td/envoy-proxy-7f45f7f95b-l4w9f, iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-m7fc4 timing-allow-origin * cache-control max-age=300,public x-envoy-upstream-service-time 111 access-control-allow-credentials true cf-ray 8ed2ee4cbb4cd285-FRA access-control-allow-origin https://www.bitsight.com x-evy-trace-route-configuration listener_http/all, listener_https/all server cloudflare x-evy-trace-virtual-host all, all
GET H2	200	leadflows.js Show response js.hsleadflows.net/	550 KB 92 KB	59ms 25ms	Script application/javascript	2606:4700::6812:8c11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8c11 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id db8a3a9b-97b1-4bd4-a0a2-5fbd7c2addeb content-encoding gzip cf-cache-status HIT x-amz-version-id 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF etag W/"ce26171eff05376a1b746efbb809f7f6" age 78764 cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-content-type-options nosniff x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id p1DVJmIjKMpo8RZNMWfKmXv8c95fbNbnXNjeSghLg-Kp4U1U6NCDAA== x-hubspot-correlation-id db8a3a9b-97b1-4bd4-a0a2-5fbd7c2addeb content-type application/javascript; charset=utf-8 last-modified Thu, 21 Nov 2024 16:54:39 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=86400, max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-fndvb x-envoy-upstream-service-time 6 x-hs-target-asset lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET x-hs-cache-status MISS date Thu, 05 Dec 2024 09:15:17 GMT vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8ecb6b54dab29a2a-FRA via 1.1 36b04143ac1626bb30bb225fb2cccb1e.cloudfront.net (CloudFront) cf-ray 8ed2ee4ccd023a70-FRA access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	277648.js Show response js.hs-analytics.net/analytics/1733390100000/	87 KB 28 KB	390ms 370ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1733390100000/277648.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-amz-server-side-encryption AES256 x-request-id 1254dc5d-a077-45ec-a5dd-5beab86a564a content-encoding gzip cf-cache-status MISS etag W/"1a816f50c8ec3bdb09dc86b88930a279" x-amz-version-id null expires Thu, 05 Dec 2024 09:20:18 GMT x-evy-trace-listener listener_https date Thu, 05 Dec 2024 09:15:18 GMT x-hubspot-correlation-id 1254dc5d-a077-45ec-a5dd-5beab86a564a content-type text/javascript last-modified Tue, 22 Oct 2024 20:38:12 GMT vary origin, Accept-Encoding x-amz-id-2 phQOIyhDG9KL/xxEMAe3asNTvX7xn1y22wUh2xfjgddU9VXr8pzQIbr3onsMt/35CCODUlfT+f2Wi+CnaiJZWZjGCu7fqoimGsSRFZFaPCg= x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-2bzl2 x-envoy-upstream-service-time 31 access-control-allow-credentials false x-amz-request-id 8RX76B2H6MPB4YD9 cf-ray 8ed2ee4ca9ca9be0-FRA x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	ipv cdn.bizible.com/	43 B 305 B	9ms 9ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=08737f74e0d04cfe8690e613469cc4bb&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733390117776&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&_biz_n=0&rnd=278044&cdn_o=a&_biz_z=1733390117845 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67BA) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 475192 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Thu, 05 Dec 2024 09:15:17 GMT content-type Image/GIF last-modified Fri, 29 Nov 2024 21:15:25 GMT server ECS (frb/67BA)
GET H2	200	u cdn.bizibly.com/	43 B 204 B	35ms 8ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=08737f74e0d04cfe8690e613469cc4bb&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&_biz_t=1733390117847&_biz_i=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&rnd=380391&cdn_o=a&_biz_z=1733390117847 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67C2) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 374972 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Thu, 05 Dec 2024 09:15:17 GMT content-type Image/GIF last-modified Sun, 01 Dec 2024 01:05:45 GMT server ECS (frb/67C2)
GET H2	200	bannermsg consent.trustarc.com/	43 B 428 B	43ms 42ms	Image image/gif	13.225.78.57 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/bannermsg?action=views&domain=bitsighttech.com&behavior=implied&country=de&language=de&rand=0.8274866054226051&session=9d6bea3b-6c6e-4555-8700-47b65511e26b&userType=NEW&referer=https://www.bitsight.com Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.57 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-57.fra2.r.cloudfront.net Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache via 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront) expires Mon, 26 Jul 1997 05:00:00 GMT x-cache Miss from cloudfront content-length 43 x-amz-cf-id rOOv5YcuCdvtTRTfEFq5a-oFmdxN4dDmgj1DOcFqbmvgRIM8NHXRfg== date Thu, 05 Dec 2024 09:15:17 GMT content-type image/gif x-amz-cf-pop FRA2-C2 vary Origin
GET H2	200	64fa38cc287519aad2798b3c Show response go.affec.tv/j/	663 B 800 B	107ms 33ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/j/64fa38cc287519aad2798b3c? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 431 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	xdc.js Show response cdn.bizible.com/	111 B 321 B	124ms 123ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=08737f74e0d04cfe8690e613469cc4bb&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.11.21 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6711) / Resource Hash 284dcbdaefab8f37a5074b2c3c491795a707af95a5355dd227a485d596f9440e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSub cache-control private, must-revalidate, max-age=21600 content-encoding gzip etag C3975314 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 215 date Thu, 05 Dec 2024 09:15:17 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding server ECS (frb/6711)
GET H2	200	sa.css tags.srv.stackadapt.com/	65 B 203 B	100ms 99ms	Stylesheet text/css	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.css Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash 3a7395c92bd0392e1923d00241e1db80d9216d8702d6a1b11df7ff4459f5f3fa Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-origin * cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 65 date Thu, 05 Dec 2024 09:15:17 GMT content-type text/css
GET H2	200	sa.jpeg Show response tags.srv.stackadapt.com/	0 2 KB	116ms 99ms	Fetch image/jpeg	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-origin * cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 651 date Thu, 05 Dec 2024 09:15:17 GMT content-type image/jpeg
GET H2	200	bg9s Show response tag-logger.demandbase.com/	0 419 B	148ms 108ms	XHR text/html	2600:9000:2724:b800:1d:8d6d:3b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=8fXM-Q4OLMP33LOL_Gan1lyTNc5VGEBUkcyu7kHw1Pe4XegLBog3PA==&api-version=v3 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2724:b800:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-amz-version-id 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH etag "d41d8cd98f00b204e9800998ecf8427e" age 26082 x-cache Error from cloudfront x-amz-cf-id O6yEiJd7UJy_gfn4bSQxHfyQ6ooLcyo9oVPW-MaZFCOsQ1GamEibTw== date Thu, 05 Dec 2024 07:58:42 GMT content-type text/html vary accept-encoding last-modified Tue, 07 Mar 2023 20:47:02 GMT via 1.1 24df21f8156a0df29febdf6c3e09e32c.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 0 x-amz-cf-pop FRA56-P12 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	bounce Show response secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D	0 1 KB	10ms 9ms	Script application/javascript	37.252.171.21 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 81.95.5.44; 81.95.5.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin * an-x-request-uuid 50b66489-c02e-450c-8b00-a47c1607d8ea content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:18 GMT x-xss-protection 0 content-type application/javascript; charset=utf-8 server nginx/1.23.4 Redirect headers cache-control no-store, no-cache, private location https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness x-proxy-origin 81.95.5.44; 81.95.5.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT an-x-request-uuid e72bc1a3-4692-4fd0-8940-1224bedb10d2 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:18 GMT x-xss-protection 0 content-type text/html; charset=utf-8 server nginx/1.23.4
GET H2	200	/ Show response go.affec.tv/per/	846 B 917 B	33ms 31ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8 Requested by Host: go.affec.tv URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c? Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 549 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	generic match.adsrvr.org/track/cmf/ Redirect Chain https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D67516f2678b5920001232265%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= https://map.go.affec.tv/map/an/3838950950259009255?ch=67516f2678b5920001232265&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=	70 B 149 B	121ms 36ms	Image image/gif	15.197.193.217 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS a12b7a488abeaa9e4.awsglobalaccelerator.com Software Kestrel / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-length 70 date Thu, 05 Dec 2024 09:15:18 GMT content-type image/gif server Kestrel Redirect headers location https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= content-length 134 content-encoding gzip date Thu, 05 Dec 2024 09:15:18 GMT content-type text/html; charset=utf-8 vary Accept-Encoding
GET H2	200	64fa38cd287519aad2798b3d Show response go.affec.tv/j/	523 B 727 B	34ms 34ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/j/64fa38cd287519aad2798b3d? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 359 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Thu, 05 Dec 2024 09:15:17 GMT content-type application/javascript vary Accept-Encoding
GET H3	200	destination Show response www.googletagmanager.com/gtag/	398 KB 129 KB	36ms 36ms	Script application/javascript	142.250.185.104 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.104 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f8.1e100.net Software Google Tag Manager / Resource Hash 75f05de574557e60ec80e6168ae7367d5205dba5b3e874e76d2950e980e4f694 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Thu, 05 Dec 2024 09:15:18 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:18 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 131879 x-xss-protection 0 server Google Tag Manager
GET H2	200	saq_pxl Show response tags.srv.stackadapt.com/	116 B 311 B	107ms 106ms	XHR text/plain	18.194.190.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=oeyzgkQ7R8piwGBmS0lgBg&is_js=true&landing_url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&tip=r4yBB43Gak-nJ6WLcJTuyzxt2KDkJ-D3ja5jZezv7jc&host=https%3A%2F%2Fwww.bitsight.com&sa_conv_data_css_value=%270-35b94ce8-e0f2-5899-7080-75650d7ae26d%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd935b94ce8e0f25899708075650d7ae26d515f052c&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIMBecG831K1a1czR2gcGMfoBAH3X-fMqC5vyuF14_ZgyENYBGAQgpd7FugYwAToExbdv9kIEq7-Nog.H0pO4S4LdO%252FsNdkTSOh8LQxQNhHKqj8hK9FN5am01EQ&sa-user-id-v2=s%253ANblM6ODyWJlwgHVlDXribVFfBSw.WsHv4QiOFurP2B9Su5as5261XGZL%252Fp8xpeGGv%252FObExc&sa-user-id=s%253A0-35b94ce8-e0f2-5899-7080-75650d7ae26d.kbipMlRrL62D9f%252BHYh1CApr7%252FJsXHaOi%252FSn%252FmxFuW2w Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.194.190.86 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-194-190-86.eu-central-1.compute.amazonaws.com Software / Resource Hash 64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-allow-methods GET access-control-allow-origin https://www.bitsight.com content-length 116 date Thu, 05 Dec 2024 09:15:18 GMT content-type text/plain; charset=utf-8 access-control-allow-credentials true access-control-allow-headers *
GET H2	200	6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Show response cdn.permutive.com/	279 KB 80 KB	57ms 26ms	Script application/javascript	2606:4700::6811:6d13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.permutive.com/6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Requested by Host: go.affec.tv URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:6d13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-goog-metageneration 1 content-encoding gzip x-goog-hash crc32c=OD+e0A==, md5=Pmn62h2zlhYTKmf1Str1pA== x-goog-meta-oid 6a844cb1-30bc-4723-8446-2cd9d1f839b8 etag "3e69fada1db39616132a67f54adaf5a4" cf-cache-status HIT age 0 x-goog-stored-content-encoding gzip expires Thu, 05 Dec 2024 09:30:18 GMT x-goog-stored-content-length 81473 date Thu, 05 Dec 2024 09:15:18 GMT content-type application/javascript last-modified Fri, 22 Sep 2023 17:01:24 GMT vary Accept-Encoding x-guploader-uploadid AHmUCY10Phyx-PQ7DrOkjHrffg0ecIHR33DbrkbR2IqglnzxWVCQkMcac3rVAWTNfYzttx2vkKA cache-control public, max-age=900 timing-allow-origin * x-goog-storage-class REGIONAL cf-ray 8ed2ee4dc86118ff-FRA accept-ranges bytes x-goog-generation 1695402084169978 content-length 81473 server cloudflare
GET H2	200	bounce Show response secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D	0 1 KB	8ms 8ms	Script application/javascript	37.252.171.21 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Server 37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 81.95.5.44; 81.95.5.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin * an-x-request-uuid aace60d7-6795-4860-a1db-3df0b1208aa7 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:18 GMT x-xss-protection 0 content-type application/javascript; charset=utf-8 server nginx/1.23.4 Redirect headers cache-control no-store, no-cache, private location https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness x-proxy-origin 81.95.5.44; 81.95.5.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT an-x-request-uuid 0648eae1-8a62-4c14-a670-339c252b84ca content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:18 GMT x-xss-protection 0 content-type text/html; charset=utf-8 server nginx/1.23.4
GET		f1028aad-dda5-4d2d-bd3d-05abd26831d4 https://www.bitsight.com/ Frame	0 0
GET		95108338-9d3c-4691-b05d-d7c0bc5f7e57 https://www.bitsight.com/ Frame	0 0
GET H2	200	getuidj Show response ib.adnxs.com/	29 B 1 KB	24ms 8ms	XHR application/json	37.252.171.21 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/getuidj Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash 3cfe6f8b2b1ba37653bdf9eab7c65641818cdc275b638b705eb0a0b8b9e7cc43 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 81.95.5.44; 81.95.5.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin https://www.bitsight.com an-x-request-uuid 537aa7ed-f31e-4d4f-be15-a2af7fe327b2 content-length 29 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Thu, 05 Dec 2024 09:15:18 GMT x-xss-protection 0 content-type application/json; charset=utf-8 server nginx/1.23.4
GET H2	200	geoip Show response api.permutive.com/v2.0/	209 B 331 B	42ms 17ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 9d799961163bc310e9b528b76ced3dd459085488c92a0713ce48f2ee67c4a06b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 144 date Thu, 05 Dec 2024 09:15:18 GMT content-type application/json vary Origin server Permutive
POST H2	200	identify Show response api.permutive.com/v2.0/	50 B 256 B	34ms 17ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/identify?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 851f20a62072e3a5f2f186a20f18a86ab8c4851bb72c5f9de76a96852ce023e0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 70 date Thu, 05 Dec 2024 09:15:18 GMT content-type application/json vary Origin server Permutive
POST H2	200	audiences Show response api.permutive.com/audience-matching/v1/id/8ecb089a-c076-4597-879f-6369ef8c4955/	12 B 66 B	78ms 76ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/audience-matching/v1/id/8ecb089a-c076-4597-879f-6369ef8c4955/audiences?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software / Resource Hash 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12 date Thu, 05 Dec 2024 09:15:18 GMT content-type application/json
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 196 B	159ms 157ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Content-Type text/plain;charset=UTF-8 Response headers linkedin-action 1 x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 92645466D9AE4AD188D784B032BAD50A Ref B: FRAEDGE1822 Ref C: 2024-12-05T09:15:18Z x-li-fabric prod-ltx1 access-control-allow-credentials true x-li-uuid AAYoglZBxAS1RnlHpvOZdw== x-li-proto http/2 access-control-allow-origin https://www.bitsight.com x-cache CONFIG_NOCACHE date Thu, 05 Dec 2024 09:15:18 GMT vary Origin
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	160ms 131ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=277648&rcu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&pu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&t=PROXY.AM+Powered+by+Socks5Systemz+Botnet+%7C+Bitsight&cts=1733390118258&vi=2c1b6529a410577007399b7e41619d7f&nc=true&u=208292109.2c1b6529a410577007399b7e41619d7f.1733390118256.1733390118256.1733390118256.1&b=208292109.1.1733390118256&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-robots-tag none x-request-id 4f928ee7-4202-4c65-900e-13662a6c1b42 cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ERyvRniUlT2ThhxBXVt1aUfBYOd%2ByPtWd6xSaZ3cenj84ROXytWFmN5ln0wSxRhY2gl3iF849GXq1zDu%2BogTcD5evi0hwlrLPpvrlTaN5kpZI4SR9cDK%2B1zOZWIgtLSKXTa%2FwuaITIXCbQNFr9x1"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Thu, 05 Dec 2024 09:15:18 GMT x-hubspot-correlation-id 4f928ee7-4202-4c65-900e-13662a6c1b42 content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-mmrgr x-envoy-upstream-service-time 7 access-control-allow-credentials false cf-ray 8ed2ee4f58601e56-FRA x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H2	200	aem.js Show response wsmcdn.audioeye.com/	1 KB 686 B	59ms 16ms	Script application/javascript	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsmcdn.audioeye.com/aem.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f6276740979e4a4e4528cd977b22b03a402d4f102fed8aca5140c4ad93690a51 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=120 content-encoding br cf-cache-status HIT etag W/"c6520e7b06aafcc1a7543036b4e0fc7a" age 78 cf-ray 8ed2ee4f6e3adcbc-FRA date Thu, 05 Dec 2024 09:15:18 GMT content-type application/javascript vary Accept-Encoding surrogate-keys server cloudflare
GET H2	200	favicon.ico www.bitsight.com/sites/default/files/	4 KB 673 B	17ms 17ms	Other image/vnd.microsoft.icon	2606:4700:10::6816:4bf2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id v-fff368b2-7fa8-11ef-8bf1-0fbe230c489a content-encoding br cf-cache-status HIT age 17 x-content-type-options nosniff expires Wed, 01 Oct 2025 03:55:29 GMT x-cache HIT date Thu, 05 Dec 2024 09:15:18 GMT content-type image/vnd.microsoft.icon last-modified Thu, 20 Apr 2023 01:16:14 GMT x-cache-hits 47649 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8ed2ee4f2acc910d-FRA server cloudflare
GET H2	200	bootstrap.js Show response wsv3cdn.audioeye.com/	61 KB 21 KB	77ms 35ms	Script application/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481 Requested by Host: wsmcdn.audioeye.com URL: https://wsmcdn.audioeye.com/aem.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 646a6a25c9f56be3efb0c5c4ba0e10cfaaf2bb2c8b2a3511d375df2c7691058a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=3600, s-maxage=21600 content-encoding br cf-cache-status HIT etag W/"9a1b23dc7824cdb671fd951533f1e596" age 7269 cf-ray 8ed2ee4fc92dd3ae-FRA date Thu, 05 Dec 2024 09:15:18 GMT content-type application/javascript vary Accept-Encoding surrogate-keys 95c39350d8f4b765016b0e58199c2f8b server cloudflare
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	178 B 1 KB	176ms 156ms	XHR application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=277648&utk=2c1b6529a410577007399b7e41619d7f&__hstc=208292109.2c1b6529a410577007399b7e41619d7f.1733390118256.1733390118256.1733390118256.1&__hssc=208292109.1.1733390118256&currentUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8560db5b73ab8820d6f30ad28706884b51662e73a56ac6c870d96abb710ca3d0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-robots-tag none access-control-max-age 180 x-request-id 8fcae77c-d53f-4cd1-b412-043672fb8231 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NhXPpRcyPmL0pc3fcxCB0gcihNkgR8Drxug1TCEKSFqcYhLiQlBEejEu0ipsq4UtFB0oy6tKNAGDZxkLT9trDd7FIQ9eXYAP8rmLm%2BJqFkuZpewj8RlAxH8cYQYOU%2FE95PWLZMXxg3yYkBwrDX42"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-evy-trace-listener listener_https date Thu, 05 Dec 2024 09:15:18 GMT x-hubspot-correlation-id 8fcae77c-d53f-4cd1-b412-043672fb8231 content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-zpgzg x-envoy-upstream-service-time 37 access-control-allow-credentials false cf-ray 8ed2ee4fbcac0493-FRA access-control-allow-origin https://www.bitsight.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	loader.js Show response wsv3cdn.audioeye.com/v2/scripts/	31 KB 10 KB	39ms 21ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481 Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=6986df481 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 990c17683eb0a1279587a7a13823b283950eb8589350fd8c38224074f98d69a4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public surrogate-key prod 95c39350d8f4b765016b0e58199c2f8b 6986df481 cf-cache-status HIT age 17 content-encoding br cf-ray 8ed2ee502d0e972c-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/javascript;charset=UTF-8 vary Accept-Encoding server cloudflare last-modified Thu, 05 Dec 2024 09:04:39 GMT
GET H2	200	startup.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	382 KB 116 KB	24ms 24ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=6986df481 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 160b6b9690833ef42cd5f35046a391ec3efc97f2a30f7effc8f7e39ef72dabe2 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"4ccf68a13367eb17a574037dda7d3dfa" age 826 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee505ac4d3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
POST H2	204	events Show response logx.optimizely.com/v1/	0 387 B	135ms 108ms	XHR text/plain	34.49.241.189 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 189.241.49.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id 6a04c7d2-5da0-415f-87c0-dfb0835558c4 access-control-expose-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id timing-allow-origin * access-control-allow-credentials true access-control-allow-methods POST,OPTIONS via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:18 GMT content-type text/plain access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
GET H2	200	tangoEngine.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	45 KB 17 KB	17ms 17ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1f1edcf201dd193a9c8a75c631d8883e5cc2c1b279ad41f41bb8e36e15879b67 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"9c0fc63cbdfdd60c49c80974d7e2bd29" age 5343 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee50ab73d3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	cookieStorage.html wsv3cdn.audioeye.com/static-scripts/v2/6986df481/ Frame 74DA	0 0	44ms 27ms	Document text/html	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/cookieStorage.html Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Length,Content-Range age 2808 cf-cache-status HIT cf-ray 8ed2ee511ab43680-FRA content-encoding br content-type text/html date Thu, 05 Dec 2024 09:15:18 GMT last-modified Tue, 26 Nov 2024 19:14:12 GMT server cloudflare vary Accept-Encoding
POST H2	200	send analytics.audioeye.com/air/v0/	0 61 B	557ms 181ms	Ping text/plain	34.215.81.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://analytics.audioeye.com/air/v0/send Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-215-81-112.us-west-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers date Thu, 05 Dec 2024 09:15:19 GMT access-control-allow-origin * content-length 0
GET H2	200	launcher.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	11 KB 4 KB	17ms 16ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1e4c3de3ec3ec95c33bdf635ae9cace7af833c5dd8ddcc694dcc278d6b300ebb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"7275d253e9c2f9131bd0ab68d1392233" age 666 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee510c28d3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	compliance.css wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	2 KB 693 B	19ms 18ms	Stylesheet text/css	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.css Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"21190dc484113930ea0a8022dabce414" age 4128 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee510c30d3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/css last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	compliance.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	50 KB 18 KB	19ms 18ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/compliance.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b6db76366fdb316e92890d326c4d10141034c01e7cd0d999e953cb79661f5a82 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"bf2c5ca3b229479a3970eb16c96a0d39" age 2547 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee510c31d3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/javascript last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
POST H2	204	collect region1.google-analytics.com/g/	0 0	45ms 17ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4c30v882142918za200zb76025611&_p=1733390117474&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485&gdid=dNTIxZG&cid=2145770130.1733390119&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1733390118&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&dt=PROXY.AM%20Powered%20by%20Socks5Systemz%20Botnet%20%7C%20Bitsight&en=Demandbase_Event&_fv=1&_nsi=1&_ss=1&_ee=1&ep.demandbase_company_name=(Non-Company%20Visitor)&ep.demandbase_audience=Residential&ep.demandbase_audience_segment=(Non-Company%20Visitor)&ep.demandbase_city=(Non-Company%20Visitor)&ep.demandbase_country_name=(Non-Company%20Visitor)&ep.demandbase_company_id=(Non-Company%20Visitor)&ep.demandbase_employee_range=(Non-Company%20Visitor)&ep.demandbase_industry=(Non-Company%20Visitor)&ep.demandbase_web_site=(Non-Company%20Visitor)&ep.demandbase_revenue_range=(Non-Company%20Visitor)&ep.demandbase_state=(Non-Company%20Visitor)&ep.demandbase_sub_industry=(Non-Company%20Visitor)&tfd=1820 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4c30v76025611za200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:18 GMT content-type text/plain server Golfe2
GET H2	200	fullCSS.bundle.css wsv3cdn.audioeye.com/static-scripts/v2/6986df481/	57 KB 12 KB	16ms 16ms	Stylesheet text/css	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/launcher.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d74bdb691409ac89ce4d994b39173d7b8913394158e01bf6856dc84004bfa800 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"365ee6fb1581d1ba9d3ece214a6242c7" age 4459 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee512c7ed3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/css last-modified Tue, 26 Nov 2024 19:14:12 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	audioeye-scanner.js Show response wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.4/	334 KB 78 KB	22ms 22ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.4/audioeye-scanner.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/tangoEngine.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 822aed47a697175f28eae0d3802ebe10d6bf53d1aea47aa3084a24ec30714cc1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"90395cc0ad8b71812f5eed8fb140c824" age 988 access-control-allow-methods GET, POST, OPTIONS cf-ray 8ed2ee513c85d3ae-FRA access-control-allow-origin * date Thu, 05 Dec 2024 09:15:18 GMT content-type text/javascript last-modified Wed, 04 Dec 2024 22:49:25 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	css2 fonts.googleapis.com/	2 KB 895 B	42ms 16ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://wsv3cdn.audioeye.com/static-scripts/v2/6986df481/fullCSS.bundle.css Response headers content-encoding gzip x-content-type-options nosniff expires Thu, 05 Dec 2024 09:15:18 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:18 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Thu, 05 Dec 2024 07:17:09 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
POST H3	200	events Show response api.permutive.com/v2.0/batch/	101 B 130 B	20ms 18ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash aca77df721d7dda59b94332cad4bcabc0bbbb583fd172084af1fa64ab17cbca8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 112 date Thu, 05 Dec 2024 09:15:18 GMT content-type application/json vary Origin server Permutive
GET H2	200	trends.min.js Show response assets.trendemon.com/tag/	301 KB 60 KB	61ms 7ms	Script application/javascript	2600:9000:275b:b200:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/tag/trends.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:275b:b200:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers vary accept-encoding content-encoding gzip etag "b7e260e47980a9ada3906def2be7dcda" age 71611 via 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront) accept-ranges bytes x-cache Hit from cloudfront content-length 61292 x-amz-cf-id CoDQTfgiz7d-A5i-snMbom9Ic9-_UViracJ_TQwASRqNoFW2Dmbf3A== date Wed, 04 Dec 2024 13:21:49 GMT content-type application/javascript last-modified Mon, 18 Nov 2024 12:10:10 GMT server AmazonS3 x-amz-cf-pop FRA60-P7 x-amz-server-side-encryption AES256
GET H2	204	https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Show response tracking.intentsify.io/page-tracking/intentsify-bitsight/	0 214 B	545ms 173ms	Script text/plain	52.8.65.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.intentsify.io/page-tracking/intentsify-bitsight/https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.8.65.43 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-8-65-43.us-west-1.compute.amazonaws.com Software / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers expires -1 cache-control private, no-cache, no-store, must-revalidate date Thu, 05 Dec 2024 09:15:19 GMT pragma no-cache x-powered-by Express
GET H2	200	2423 Show response trackingapi.trendemon.com/api/settings/	614 B 805 B	318ms 93ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/settings/2423?callback=jsonp303739&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 2c2f0b21b266515721f4bc5a8bfb5d968d06f33e7b2a9f707b3780896aa6da31 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 614 date Thu, 05 Dec 2024 09:15:19 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
GET DATA	200 OK	truncated /	2 KB 2 KB		Font font/truetype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer Response headers Content-Type font/truetype
GET H3	200	Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2 fonts.gstatic.com/s/schibstedgrotesk/v3/	46 KB 46 KB	17ms 16ms	Font font/woff2	142.250.185.163 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.163 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s51-in-f3.1e100.net Software sffe / Resource Hash 6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://fonts.googleapis.com/ Response headers age 213136 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Tue, 02 Dec 2025 22:03:03 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 02 Dec 2024 22:03:03 GMT last-modified Tue, 02 May 2023 14:49:56 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 46764 x-xss-protection 0 server sffe
GET H2	200	identity.min.js Show response assets.trendemon.com/global/	18 KB 6 KB	9ms 9ms	Script application/javascript	2600:9000:275b:b200:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/global/identity.min.js Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:275b:b200:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-amz-cf-pop FRA60-P7 content-encoding br etag W/"3f44b799c727cbac65d90f0779b8eb4e" age 71610 via 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id QgxW3hAOyMC7SJjPtw9D1TCGchSZPQ_J0okhzAJgSQVaeeeUYULhbQ== date Wed, 04 Dec 2024 13:21:54 GMT content-type application/javascript vary accept-encoding server AmazonS3 last-modified Mon, 18 Nov 2024 12:10:15 GMT x-amz-server-side-encryption AES256
GET H2	200	me Show response trackingapi.trendemon.com/api/Identity/	95 B 561 B	106ms 106ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/Identity/me?accountId=2423&DomainCookie=17333901190957646&fingerPrint=151781e006a5d3992fc196cee49aa63e&callback=jsonp721227&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash e42994f4ab209728c96f2a7b8692cfeaa38c44c6086f5d401d2ae137305dd36c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 95 date Thu, 05 Dec 2024 09:15:19 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
POST H3	200	state Show response api.permutive.com/v1.0/	0 34 B	50ms 50ms	XHR text/plain	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v1.0/state?fetch_unseen=true&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-encoding gzip content-length 20 date Thu, 05 Dec 2024 09:15:19 GMT server Permutive
GET H2	200	marketingautomation Show response trackingapi.trendemon.com/api/	95 B 284 B	269ms 268ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2423&ClientUrl=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&CookieId=17333901190957646&MaCookie=MmMxYjY1MjlhNDEwNTc3MDA3Mzk5YjdlNDE2MTlkN2Y%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp131640&vid=2423:17333901190957646 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash de3bfdf9d895da6dcff78da1c7739b5050b1259cb79d4adbd4b6f0437eaa0304 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 95 date Thu, 05 Dec 2024 09:15:19 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	ace-campaign Show response trackingapi.trendemon.com/api/experience/	17 B 168 B	282ms 282ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/ace-campaign?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&Referral=&callback=jsonp926346&vid=2423:17333901190957646 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 988c13ba9aa042664b503a2ced020ee96c35e715d3b1f4d29359bf6ddab6bb5c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 17 date Thu, 05 Dec 2024 09:15:19 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
POST H2	204	events Show response logx.optimizely.com/v1/	0 73 B	108ms 106ms	XHR text/plain	34.49.241.189 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 189.241.49.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers x-request-id 66e78b12-f4fb-490d-9152-cc9081dfdb55 access-control-expose-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id timing-allow-origin * access-control-allow-credentials true access-control-allow-methods POST,OPTIONS via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 05 Dec 2024 09:15:19 GMT content-type text/plain access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
GET H2	200	pageview trackingapi.trendemon.com/api/events/	43 B 286 B	464ms 463ms	Image image/gif	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://trackingapi.trendemon.com/api/events/pageview?accountId=2423&url=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvcHJveHlhbS1wb3dlcmVkLXNvY2tzNXN5c3RlbXotYm90bmV0&cookie=17333901190957646&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2423:17333901190957646&r=1733390119554 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, must-revalidate pragma no-cache age 1691358 expires Mon, 01 Jan 1990 00:00:00 GMT content-length 43 date Thu, 05 Dec 2024 09:15:19 GMT content-type image/gif server Kestrel
GET H2	200	personal-stream Show response trackingapi.trendemon.com/api/experience/	17 B 168 B	95ms 94ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-stream?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=2c1b6529a410577007399b7e41619d7f&ExcludedStreamsJson=%5B%5D&callback=jsonp362979&vid=2423:17333901190957646 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 30e1e8865f3cefc929c3e43ce92777071901b217e59724011bf997dfdebe5d6a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 17 date Thu, 05 Dec 2024 09:15:19 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	personal Show response trackingapi.trendemon.com/api/experience/	15 B 166 B	99ms 99ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=2c1b6529a410577007399b7e41619d7f&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp290630&vid=2423:17333901190957646 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash 82b5f91276aa0c7090382df27bb020a5425d761818051f273319ee3be80104d7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 15 date Thu, 05 Dec 2024 09:15:19 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	personal-embedded Show response trackingapi.trendemon.com/api/experience/	2 KB 3 KB	106ms 105ms	Script application/x-javascript	23.21.139.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fproxyam-powered-socks5systemz-botnet&MarketingAutomationCookie=2c1b6529a410577007399b7e41619d7f&Ids=%5B%5D&Groups=%5B%5D&StreamId=&callback=jsonp589757&vid=2423:17333901190957646 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.139.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-139-132.compute-1.amazonaws.com Software Kestrel / Resource Hash ab4386601902e143c39e8da0fecf49067b7155f313aea07f5efadfd6e3f5186d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 2490 date Thu, 05 Dec 2024 09:15:20 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H/1.1	200 OK	closex.png pic.trendemon.com/images/	386 B 847 B	55ms 8ms	Image image/png	13.224.189.66 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pic.trendemon.com/images/closex.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.224.189.66 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-66.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers ETag "7da2ae17c3b671047838f7b78687a56f" Age 17735 Connection keep-alive Via 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront) Accept-Ranges bytes X-Cache Hit from cloudfront Content-Length 386 X-Amz-Cf-Id XO1AWWnlnrbGWOlMDejv6Pj0Ksf0B6hACaxG_zEtDZecPKSVhunD1g== Date Thu, 05 Dec 2024 04:19:46 GMT Content-Type image/png Last-Modified Tue, 16 Apr 2019 23:23:30 GMT Server AmazonS3 X-Amz-Cf-Pop FRA2-C1
POST H3	200	metrics Show response api.permutive.com/v2.0/internal/	2 B 37 B	18ms 16ms	XHR text/plain	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/internal/metrics?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet Response headers content-encoding gzip via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 22 date Thu, 05 Dec 2024 09:15:23 GMT content-type text/plain;charset=utf-8 server Permutive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.bitsight.com

URL

blob:https://www.bitsight.com/f1028aad-dda5-4d2d-bd3d-05abd26831d4

Domain

www.bitsight.com

URL

blob:https://www.bitsight.com/95108338-9d3c-4691-b05d-d7c0bc5f7e57