www.bitdefender.com
Open in
urlscan Pro
2606:4700::6812:a8de
Public Scan
URL:
https://www.bitdefender.com/blog/businessinsights/deep-dive-into-supply-chain-compromise-hospitalitys-hidden-risks/
Submission: On September 08 via api from TR — Scanned from DE
Submission: On September 08 via api from TR — Scanned from DE
Form analysis 7 forms found in the DOM
<form>
<fieldset>
<legend class="visuallyhidden">Consent Selection</legend>
<div id="CybotCookiebotDialogBodyFieldsetInnerContainer">
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonNecessary"><span
class="CybotCookiebotDialogBodyLevelButtonDescription">Necessary</span></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper CybotCookiebotDialogBodyLevelButtonSliderWrapperDisabled"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessary"
class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonPreferences"><span
class="CybotCookiebotDialogBodyLevelButtonDescription">Preferences</span></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferences" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonPreferencesInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonStatistics"><span
class="CybotCookiebotDialogBodyLevelButtonDescription">Statistics</span></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatistics" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonStatisticsInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonMarketing"><span
class="CybotCookiebotDialogBodyLevelButtonDescription">Marketing</span></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketing" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonMarketingInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
</div>
</fieldset>
</form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessaryInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferencesInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonPreferences"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatisticsInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonStatistics"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketingInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonMarketing" checked="checked"
tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyContentCheckboxPersonalInformation" class="CybotCookiebotDialogBodyLevelButton"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/341979/6296aa14-482c-4e42-9095-8e693b5f4caa
<form id="hsForm_6296aa14-482c-4e42-9095-8e693b5f4caa" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/341979/6296aa14-482c-4e42-9095-8e693b5f4caa"
class="hs-form-private hsForm_6296aa14-482c-4e42-9095-8e693b5f4caa hs-form-6296aa14-482c-4e42-9095-8e693b5f4caa hs-form-6296aa14-482c-4e42-9095-8e693b5f4caa_29604e00-bfc5-4abc-9ea3-487f723bcbec hs-form stacked"
target="target_iframe_6296aa14-482c-4e42-9095-8e693b5f4caa" data-instance-id="29604e00-bfc5-4abc-9ea3-487f723bcbec" data-form-id="6296aa14-482c-4e42-9095-8e693b5f4caa" data-portal-id="341979">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-6296aa14-482c-4e42-9095-8e693b5f4caa" class="" placeholder="Enter your " for="email-6296aa14-482c-4e42-9095-8e693b5f4caa"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-6296aa14-482c-4e42-9095-8e693b5f4caa" name="email" required="" placeholder="Email*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_insights_innovations_in_virtualization_cloud_security_subscription hs-blog_insights_innovations_in_virtualization_cloud_security_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_insights_innovations_in_virtualization_cloud_security_subscription-6296aa14-482c-4e42-9095-8e693b5f4caa" class="" placeholder="Enter your Notification Frequency"
for="blog_insights_innovations_in_virtualization_cloud_security_subscription-6296aa14-482c-4e42-9095-8e693b5f4caa"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: block;">How often should we send you e-mail notifications?</legend>
<div class="input"><input name="blog_insights_innovations_in_virtualization_cloud_security_subscription" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_lifecyclestage hs-lifecyclestage hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-lifecyclestage-6296aa14-482c-4e42-9095-8e693b5f4caa" class="" placeholder="Enter your Lifecycle Stage"
for="lifecyclestage-6296aa14-482c-4e42-9095-8e693b5f4caa"><span>Lifecycle Stage</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="lifecyclestage" class="hs-input" type="hidden" value="subscriber"></div>
</div>
<div class="hs_recaptcha hs-recaptcha field hs-form-field">
<div class="input">
<div class="grecaptcha-badge" data-style="inline" style="width: 256px; height: 60px; box-shadow: gray 0px 0px 5px;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuYml0ZGVmZW5kZXIuY29tOjQ0Mw..&hl=en&v=0hCdE87LyjzAkFO5Ff-v7Hj1&size=invisible&badge=inline&cb=hhb9wyogom7"
width="256" height="60" role="presentation" name="a-j9aswerzqtp" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe>
</div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div><input type="hidden" name="g-recaptcha-response" id="hs-recaptcha-response" value="">
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="SUBSCRIBE TO BUSINESS INSIGHTS"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1694139366407","formDefinitionUpdatedAt":"1662477268518","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36","pageTitle":"Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks","pageUrl":"https://www.bitdefender.com/blog/businessinsights/deep-dive-into-supply-chain-compromise-hospitalitys-hidden-risks/","isHubSpotCmsGeneratedPage":false,"formTarget":"#hubspotForm","locale":"en","timestamp":1694139366811,"originalEmbedContext":{"portalId":"341979","formId":"6296aa14-482c-4e42-9095-8e693b5f4caa","region":"na1","target":"#hubspotForm","isBuilder":false,"isTestPage":false,"isPreview":false,"css":"","isMobileResponsive":true},"correlationId":"29604e00-bfc5-4abc-9ea3-487f723bcbec","renderedFieldsIds":["email","blog_insights_innovations_in_virtualization_cloud_security_subscription","lifecyclestage"],"captchaStatus":"LOADED","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3699","sourceName":"forms-embed","sourceVersion":"1.3699","sourceVersionMajor":"1","sourceVersionMinor":"3699","_debug_allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1694139366504,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks\",\"pageUrl\":\"https://www.bitdefender.com/blog/businessinsights/deep-dive-into-supply-chain-compromise-hospitalitys-hidden-risks/\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1694139366513,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""}]}"><iframe
name="target_iframe_6296aa14-482c-4e42-9095-8e693b5f4caa" style="display: none;"></iframe>
</form>Text Content
Powered by Cookiebot
* Consent
* Details
* [#IABV2SETTINGS#]
* About
THIS WEBSITE USES COOKIES
We use cookies to personalize content and ads, to provide social media features
and to analyse our traffic. We also share information about your use of our site
with our social media, advertising and analytics partners who may combine it
with other information that you’ve provided to them or that they’ve collected
from your use of their services. You consent to our cookies if you continue to
use our website.
Consent Selection
Necessary
Preferences
Statistics
Marketing
Settings
Necessary 188
Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot
function properly without these cookies.
Adobe Inc.
43
Learn more about this provider
at_check [x26]This cookie determines whether the browser accepts cookies.
Expiry: SessionType: HTTP
TEST_AMCV_COOKIE_WRITE [x17]Determines whether the user has accepted the cookie
consent box.
Expiry: SessionType: HTTP
Bitdefender
6
Learn more about this provider
bd112Pending
Expiry: 1 yearType: HTTP
pageReferrerPending
Expiry: SessionType: HTTP
checkout_sessionPending
Expiry: PersistentType: HTML
tsNecessary for the website security.
Expiry: SessionType: HTML
__cfruidThis cookie is a part of the services provided by Cloudflare - Including
load-balancing, deliverance of website content and serving DNS connection for
website operators.
Expiry: SessionType: HTTP
themeThis cookie is part of a bundle of cookies which serve the purpose of
content delivery and presentation. The cookies keep the correct state of font,
blog/picture sliders, color themes and other website settings.
Expiry: PersistentType: HTML
Google
1
Learn more about this provider
test_cookieUsed to check if the user's browser supports cookies.
Expiry: 1 dayType: HTTP
Hubspot
3
Learn more about this provider
embed/v3/counters.gif [x2]Used to implement forms on the website.
Expiry: SessionType: Pixel
rc::fThis cookie is used to distinguish between humans and bots.
Expiry: PersistentType: HTML
JazzHR
5
Learn more about this provider
AWSELB [x2]Used to distribute traffic to the website on several servers in order
to optimise response times.
Expiry: SessionType: HTTP
AWSELBCORS [x2]Registers which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Expiry: 1 dayType: HTTP
SF_PHPSESSIDNecessary for third-party recruitment app.
Expiry: SessionType: HTTP
LinkedIn
3
Learn more about this provider
bscookie [x2]This cookie is used to identify the visitor through an application.
This allows the visitor to login to a website through their LinkedIn application
for example.
Expiry: 1 yearType: HTTP
li_gcStores the user's cookie consent state for the current domain
Expiry: 180 daysType: HTTP
Merkle
1
Learn more about this provider
SESS#Preserves users states across page requests.
Expiry: 1 yearType: HTTP
Outgrow
1
Learn more about this provider
_OG_GDPR_COOKIE_This cookie determines whether the browser accepts cookies.
Expiry: SessionType: HTTP
assets.adobedtm.com
www.bitdefender.nl
13
s_fid [x13]Stores referral ID if third-party cookies are restricted by opt-out.
Expiry: 2 yearsType: HTTP
bitdefender.cloudflareaccess.com
1
CF_SessionThis cookie is a part of the services provided by Cloudflare -
Including load-balancing, deliverance of website content and serving DNS
connection for website operators.
Expiry: 1 dayType: HTTP
bitdefender.com
www.bitdefender.be
www.bitdefender.co.uk
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
14
AWSALBCORS [x14]Registers which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Expiry: 6 daysType: HTTP
businessresources.bitdefender.com
cointelegraph.com
hubspot.com
radar.cloudflare.com
4
__cf_bm [x4]This cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.
Expiry: 1 dayType: HTTP
cookiebot.com
checkout.bitdefender.com
www.bitdefender.be
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.se
20
CookieConsent [x20]Stores the user's cookie consent state for the current domain
Expiry: 1 yearType: HTTP
google.com
js.hsforms.net
4
rc::c [x2]Used in context with video-advertisement. The cookie limits the number
of times a visitor is shown the same advertisement-content. The cookie is also
used to ensure relevance of the video-advertisement to the specific visitor.
Expiry: SessionType: HTML
rc::d-15# [x2]This cookie is used to distinguish between humans and bots.
Expiry: PersistentType: HTML
js.hsforms.net
google.com
4
rc::a [x2]This cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.
Expiry: PersistentType: HTML
rc::b [x2]This cookie is used to distinguish between humans and bots.
Expiry: SessionType: HTML
play.google.com
www.youtube.com
3
CONSENT [x3]Used to detect if the visitor has accepted the marketing category in
the cookie banner. This cookie is necessary for GDPR-compliance of the website.
Expiry: 2 yearsType: HTTP
script.hotjar.com
assets.adobedtm.com
2
hjViewportId [x2]Saves the user's screen size in order to adjust the size of
images on the website.
Expiry: SessionType: HTML
static.scarabresearch.com
assets.adobedtm.com
3
_wp_storage_test [x3]Determines whether the user has accepted the cookie consent
box.
Expiry: PersistentType: HTML
www.bitdefender.com
qarea.com
www.bitdefender.be
www.bitdefender.co.uk
bitdefender.applytojob.com
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
15
PHPSESSID [x15]Preserves user session state across page requests.
Expiry: SessionType: HTTP
www.bitdefender.com
www.bitdefender.be
www.bitdefender.co.uk
bitdefender.applytojob.com
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
14
AWSALB [x14]Registers which server-cluster is serving the visitor. This is used
in context with load balancing, in order to optimize user experience.
Expiry: 7 daysType: HTTP
www.bitdefender.com
www.bitdefender.be
www.bitdefender.co.uk
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
28
affinity [x14]Registers which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Expiry: SessionType: HTTP
bitdefenderLoaded [x14]Pending
Expiry: SessionType: HTTP
Preferences 27
Preference cookies enable a website to remember information that changes the way
the website behaves or looks, like your preferred language or the region that
you are in.
Bitdefender
1
Learn more about this provider
i18nextLngDetermines the preferred language of the visitor. Allows the website
to set the preferred language upon the visitor's re-entry.
Expiry: PersistentType: HTML
Bizible
13
Learn more about this provider
_biz_flagsA [x13]This cookie serves multiple purposes; it determines whether the
user has submitted any forms, performed cross-domain migration or has made any
tracking opt-out choices.
Expiry: 1 yearType: HTTP
Cookiebot
2
Learn more about this provider
CookieConsentBulkSetting-# [x2]Enables cookie consent across multiple websites
Expiry: PersistentType: HTML
LinkedIn
1
Learn more about this provider
lidcRegisters which server-cluster is serving the visitor. This is used in
context with load balancing, in order to optimize user experience.
Expiry: 1 dayType: HTTP
LiveChat
3
Learn more about this provider
__lc_cidNecessary for the functionality of the website's chat-box function.
Expiry: 400 daysType: HTTP
__lc_cstNecessary for the functionality of the website's chat-box function.
Expiry: 400 daysType: HTTP
__oauth_redirect_detectorAllows the website to recoqnise the visitor, in order
to optimize the chat-box functionality.
Expiry: 1 dayType: HTTP
www.bitdefender.co.uk
www.bitdefender.com
www.bitdefender.com.au
www.bitdefender.ro
6
country_code [x6]This cookie is used to determine the preferred country setting
selected by the visitor.
Expiry: PersistentType: HTML
www.bitdefender.se
1
geolocationThis cookie is used to determine the preferred country setting
selected by the visitor.
Expiry: PersistentType: HTML
Statistics 259
Statistic cookies help website owners to understand how visitors interact with
websites by collecting and reporting information anonymously.
Adobe
1
Learn more about this provider
uCollects data on the user's visits to the website, such as the number of
visits, average time spent on the website and what pages have been loaded with
the purpose of generating reports for optimising the website content.
Expiry: SessionType: Pixel
Adobe Inc.
86
Learn more about this provider
AMCV_# [x13]Unique user ID that recognizes the user on returning visits
Expiry: 2 yearsType: HTTP
AMCVS_#AdobeOrg [x13]Pending
Expiry: SessionType: HTTP
s_cc [x16]Used to check if the user's browser supports cookies.
Expiry: SessionType: HTTP
s_ips [x13]Registers statistical data on users' behaviour on the website. Used
for internal analytics by the website operator.
Expiry: SessionType: HTTP
s_ppv [x13]Saves information on what vertical percentage of a page has been
displayed to the user.
Expiry: SessionType: HTTP
s_tp [x13]Registers if the user has visited or interacted with pages containing
pictures or galleries rooting from third-party services. Used to improve website
content and make statistical reports for the website.
Expiry: SessionType: HTTP
TEST_AMCV_COOKIERegisters statistical data on users' behaviour on the website.
Used for internal analytics by the website operator.
Expiry: 2 yearsType: HTTP
cvp_evar12 [x2]Pending
Expiry: 5 yearsType: HTTP
dextpThis cookie is set by the audience manager of the website to determine the
time and frequencies of visitor data synchronization - cookie data
synchronization is used to synchronize and gather visitor data from several
websites.
Expiry: 180 daysType: HTTP
hjActiveViewportIdsThis cookie contains an ID string on the current session.
This contains non-personal information on what subpages the visitor enters –
this information is used to optimize the visitor's experience.
Expiry: PersistentType: HTML
Appnexus
1
Learn more about this provider
bounceDetermines if a user leaves the website straight away. This information is
used for internal statistics and analytics by the website operator.
Expiry: SessionType: Pixel
Bitdefender
1
Learn more about this provider
_gatUsed by Google Analytics to throttle request rate
Expiry: 1 dayType: HTTP
Bizible
1
Learn more about this provider
m/uCollects data on the user’s navigation and behavior on the website. This is
used to compile statistical reports and heatmaps for the website owner.
Expiry: SessionType: Pixel
Google
51
Learn more about this provider
_ga [x19]Registers a unique ID that is used to generate statistical data on how
the visitor uses the website.
Expiry: 2 yearsType: HTTP
_ga_# [x30]Used by Google Analytics to collect data on the number of times a
user has visited the website as well as dates for the first and most recent
visit.
Expiry: 2 yearsType: HTTP
_gidRegisters a unique ID that is used to generate statistical data on how the
visitor uses the website.
Expiry: 1 dayType: HTTP
tdRegisters statistical data on users' behaviour on the website. Used for
internal analytics by the website operator.
Expiry: SessionType: Pixel
Hotjar
20
Learn more about this provider
_hjAbsoluteSessionInProgress [x3]This cookie is used to count how many times a
website has been visited by different visitors - this is done by assigning the
visitor an ID, so the visitor does not get registered twice.
Expiry: 1 dayType: HTTP
_hjFirstSeen [x3]This cookie is used to determine if the visitor has visited the
website before, or if it is a new visitor on the website.
Expiry: 1 dayType: HTTP
_hjIncludedInSessionSample_# [x3]Collects statistics on the visitor's visits to
the website, such as the number of visits, average time spent on the website and
what pages have been read.
Expiry: 1 dayType: HTTP
_hjSession_# [x3]Collects statistics on the visitor's visits to the website,
such as the number of visits, average time spent on the website and what pages
have been read.
Expiry: 1 dayType: HTTP
_hjSessionUser_# [x3]Collects statistics on the visitor's visits to the website,
such as the number of visits, average time spent on the website and what pages
have been read.
Expiry: 1 yearType: HTTP
_hjTLDTest [x4]Registers statistical data on users' behaviour on the website.
Used for internal analytics by the website operator.
Expiry: SessionType: HTTP
_hjIncludedInPageviewSampleDetermines if the user's navigation should be
registered in a certain statistical place holder.
Expiry: 1 dayType: HTTP
Hubspot
52
Learn more about this provider
__hssc [x13]Identifies if the cookie data needs to be updated in the visitor's
browser.
Expiry: 1 dayType: HTTP
__hssrc [x13]Used to recognise the visitor's browser upon reentry on the
website.
Expiry: SessionType: HTTP
__hstc [x13]Sets a unique ID for the session. This allows the website to obtain
data on visitor behaviour for statistical purposes.
Expiry: 180 daysType: HTTP
hubspotutk [x13]Sets a unique ID for the session. This allows the website to
obtain data on visitor behaviour for statistical purposes.
Expiry: 180 daysType: HTTP
JazzHR
1
Learn more about this provider
NRBA_SESSIONCollects data on the user’s navigation and behavior on the website.
This is used to compile statistical reports and heatmaps for the website owner.
Expiry: PersistentType: HTML
LinkedIn
15
Learn more about this provider
ln_or [x14]Registers statistical data on users' behaviour on the website. Used
for internal analytics by the website operator.
Expiry: 1 dayType: HTTP
AnalyticsSyncHistoryUsed in connection with data-synchronization with
third-party analysis service.
Expiry: 30 daysType: HTTP
Livechat
1
Learn more about this provider
_livechat_has_visitedIdentifies the visitor across devices and visits, in order
to optimize the chat-box function on the website.
Expiry: PersistentType: HTML
Microsoft
7
Learn more about this provider
_clck [x2]Collects data on the user’s navigation and behavior on the website.
This is used to compile statistical reports and heatmaps for the website owner.
Expiry: 1 yearType: HTTP
_clsk [x2]Registers statistical data on users' behaviour on the website. Used
for internal analytics by the website operator.
Expiry: 1 dayType: HTTP
c.gifCollects data on the user’s navigation and behavior on the website. This is
used to compile statistical reports and heatmaps for the website owner.
Expiry: SessionType: Pixel
CLID [x2]Collects data on the user’s navigation and behavior on the website.
This is used to compile statistical reports and heatmaps for the website owner.
Expiry: 1 yearType: HTTP
Twitter Inc.
1
Learn more about this provider
personalization_idThis cookie is set by Twitter - The cookie allows the visitor
to share content from the website onto their Twitter profile.
Expiry: 400 daysType: HTTP
assets.adobedtm.com
bitdefender.com
6
tgt:tlm:# [x3]Pending
Expiry: PersistentType: HTML
tgt:tlm:upper [x3]Collects statistics on the user's visits to the website, such
as the number of visits, average time spent on the website and what pages have
been read.
Expiry: PersistentType: HTML
bitdefender.com
assets.adobedtm.com
2
tgt:tlm:lower [x2]Collects data on the user's visits to the website, such as the
number of visits, average time spent on the website and what pages have been
loaded with the purpose of generating reports for optimising the website
content.
Expiry: PersistentType: HTML
d37vlkgj6jn9t1.cloudfront.net
exactly-huge-arachnid.edgecompute.app
serverless-benchmarks-js.compute-pipe.com
serverless-benchmarks-js.flame.compute-pipe.com
serverless-benchmarks-rust.compute-pipe.com
uniquely-peaceful-hagfish.edgecompute.app
6
https://#.#/ [x6]Registers statistical data on users' behaviour on the website.
Used for internal analytics by the website operator.
Expiry: SessionType: Pixel
script.hotjar.com
assets.adobedtm.com
4
_hjRecordingEnabled [x2]Collects data on the user’s navigation and behavior on
the website. This is used to compile statistical reports and heatmaps for the
website owner.
Expiry: SessionType: HTML
_hjRecordingLastActivity [x2]Sets a unique ID for the session. This allows the
website to obtain data on visitor behaviour for statistical purposes.
Expiry: SessionType: HTML
www.clarity.ms
assets.adobedtm.com
3
_cltk [x3]Registers statistical data on users' behaviour on the website. Used
for internal analytics by the website operator.
Expiry: SessionType: HTML
Marketing 314
Marketing cookies are used to track visitors across websites. The intention is
to display ads that are relevant and engaging for the individual user and
thereby more valuable for publishers and third party advertisers.
Meta Platforms, Inc.
1
Learn more about this provider
fbssls_#Collects data on the visitor’s use of the comment system on the website,
and what blogs/articles the visitor has read. This can be used for marketing
purposes.
Expiry: SessionType: HTML
Adobe
1
Learn more about this provider
ibs:dpidThis cookie is set by the audience manager of the website to determine
the time and frequencies of visitor data synchronization - cookie data
synchronization is used to synchronize and gather visitor data from several
websites.
Expiry: SessionType: Pixel
Adobe Inc.
26
Learn more about this provider
s_vi_#Pending
Expiry: 399 daysType: HTTP
pxRegisters anonymised user data, such as IP address, geographical location,
visited websites, and what ads the user has clicked, with the purpose of
optimising ad display based on the user's movement on websites that use the same
ad network.
Expiry: SessionType: Pixel
tgt:-424784351:bPending
Expiry: PersistentType: HTML
tgt:-424784351:hPending
Expiry: PersistentType: HTML
mbox [x13]This cookie is used to collect non-personal information on the
visitor's behavior and non-personal visitor statistics, which can be used by a
third-party ad-targeting agency.
Expiry: 2 yearsType: HTTP
rumCollects data related to the user's visits to the website, such as the number
of visits, average time spent on the website and what pages have been loaded,
with the purpose of displaying targeted ads.
Expiry: SessionType: Pixel
_dpThis cookie is set by the audience manager of a website in order to determine
if any additional third-party cookies can be set in the visitor’s browser –
third-party cookies are used to gather information or track visitor behavior on
multiple websites. Third-party cookies are set by a third-party website or
company.
Expiry: SessionType: HTTP
demdexVia a unique ID that is used for semantic content analysis, the user's
navigation on the website is registered and linked to offline data from surveys
and similar registrations to display targeted ads.
Expiry: 180 daysType: HTTP
dpmSets a unique ID for the visitor, that allows third party advertisers to
target the visitor with relevant advertisement. This pairing service is provided
by third party advertisement hubs, which facilitates real-time bidding for
advertisers.
Expiry: 180 daysType: HTTP
ev_sync_ddStores visitors' navigation by registering landing pages - This allows
the website to present relevant products and/or measure their advertisement
efficiency on other websites.
Expiry: 1 monthType: HTTP
everest_g_v2Used for targeted ads and to document efficacy of each individual
ad.
Expiry: 1 yearType: HTTP
everest_session_v2Used for targeted ads and to document efficacy of each
individual ad.
Expiry: SessionType: HTTP
__ptq.gifSends data to the marketing platform Hubspot about the visitor's device
and behaviour. Tracks the visitor across devices and marketing channels.
Expiry: SessionType: Pixel
eng_mtTracks the conversion rate between the user and the advertisement banners
on the website - This serves to optimise the relevance of the advertisements on
the website.
Expiry: PersistentType: HTML
Amazon
4
Learn more about this provider
km_aiRegisters data on visitors' website-behaviour. This is used for internal
analysis and website optimization.
Expiry: 5 yearsType: HTTP
km_lvRegisters data on visitors' website-behaviour. This is used for internal
analysis and website optimization.
Expiry: 5 yearsType: HTTP
km_vsCollects data on visitors' behaviour and interaction - This is used to
optimize the website and make advertisement on the website more relevant.
Expiry: 1 dayType: HTTP
kvcdRegisters data on visitors' website-behaviour. This is used for internal
analysis and website optimization.
Expiry: SessionType: HTTP
AntVoice
3
Learn more about this provider
av-midPresents the user with relevant content and advertisement. The service is
provided by third-party advertisement hubs, which facilitate real-time bidding
for advertisers.
Expiry: 13 monthsType: HTTP
av-tp-bswPresents the user with relevant content and advertisement. The service
is provided by third-party advertisement hubs, which facilitate real-time
bidding for advertisers.
Expiry: 2 daysType: HTTP
av-tp-gadxSets a unique ID for the visitor, that allows third party advertisers
to target the visitor with relevant advertisement. This pairing service is
provided by third party advertisement hubs, which facilitates real-time bidding
for advertisers.
Expiry: 14 daysType: HTTP
Appnexus
2
Learn more about this provider
anjRegisters a unique ID that identifies a returning user's device. The ID is
used for targeted ads.
Expiry: 3 monthsType: HTTP
uuid2Registers a unique ID that identifies a returning user's device. The ID is
used for targeted ads.
Expiry: 3 monthsType: HTTP
Bidswitch
1
Learn more about this provider
syncCollects data on user behaviour and interaction in order to optimize the
website and make advertisement on the website more relevant.
Expiry: SessionType: Pixel
Bitdefender
2
Learn more about this provider
com.adobe.reactor.dataElements.DL_User_LoggedINPending
Expiry: SessionType: HTML
s_ecidSets a unique ID for the visitor, that allows third party advertisers to
target the visitor with relevant advertisement. This pairing service is provided
by third party advertisement hubs, which facilitates real-time bidding for
advertisers.
Expiry: 400 daysType: HTTP
Bizible
77
Learn more about this provider
_biz_dfsA [x12]Collects data on visitors' preferences and behaviour on the
website - This information is used make content and advertisement more relevant
to the specific visitor.
Expiry: SessionType: HTTP
_biz_kvpA [x12]Collects data on user visits to the website, such as what pages
have been accessed. The registered data is used to categorise the user's
interest and demographic profiles in terms of resales for targeted marketing.
Expiry: SessionType: HTTP
_biz_nA [x13]Collects data on visitors' preferences and behaviour on the website
- This information is used make content and advertisement more relevant to the
specific visitor.
Expiry: 1 yearType: HTTP
_biz_pendingA [x13]Collects data on visitors' preferences and behaviour on the
website - This information is used make content and advertisement more relevant
to the specific visitor.
Expiry: 1 yearType: HTTP
_biz_sid [x13]Collects data on visitors' preferences and behaviour on the
website - This information is used make content and advertisement more relevant
to the specific visitor.
Expiry: 1 dayType: HTTP
_biz_uid [x13]Collects data on visitors' preferences and behaviour on the
website - This information is used make content and advertisement more relevant
to the specific visitor.
Expiry: 1 yearType: HTTP
m/ipvRegisters user behaviour and navigation on the website, and any interaction
with active campaigns. This is used for optimizing advertisement and for
efficient retargeting.
Expiry: SessionType: Pixel
Casale Media
3
Learn more about this provider
CMIDCollects visitor data related to the user's visits to the website, such as
the number of visits, average time spent on the website and what pages have been
loaded, with the purpose of displaying targeted ads.
Expiry: 1 yearType: HTTP
CMPROCollects data on visitor behaviour from multiple websites, in order to
present more relevant advertisement - This also allows the website to limit the
number of times that they are shown the same advertisement.
Expiry: 3 monthsType: HTTP
CMPSCollects visitor data related to the user's visits to the website, such as
the number of visits, average time spent on the website and what pages have been
loaded, with the purpose of displaying targeted ads.
Expiry: 3 monthsType: HTTP
Criteo
3
Learn more about this provider
cto_tld_test [x2]Used to identify the visitor across visits and devices. This
allows the website to present the visitor with relevant advertisement - The
service is provided by third party advertisement hubs, which facilitate
real-time bidding for advertisers.
Expiry: 1 dayType: HTTP
criteo_write_testSets a unique ID for the visitor, that allows third party
advertisers to target the visitor with relevant advertisement. This pairing
service is provided by third party advertisement hubs, which facilitates
real-time bidding for advertisers.
Expiry: 1 dayType: HTTP
DemandBase
2
Learn more about this provider
tuuidCollects visitor data related to the user's visits to the website, such as
the number of visits, average time spent on the website and what pages have been
loaded, with the purpose of displaying targeted ads.
Expiry: 400 daysType: HTTP
tuuid_luContains a unique visitor ID, which allows Bidswitch.com to track the
visitor across multiple websites. This allows Bidswitch to optimize
advertisement relevance and ensure that the visitor does not see the same ads
multiple times.
Expiry: 400 daysType: HTTP
Google
27
Learn more about this provider
_gcl_au [x17]Used by Google AdSense for experimenting with advertisement
efficiency across websites using their services.
Expiry: 3 monthsType: HTTP
IDEPending
Expiry: 1 yearType: HTTP
pagead/landing [x2]Collects data on visitor behaviour from multiple websites, in
order to present more relevant advertisement - This also allows the website to
limit the number of times that they are shown the same advertisement.
Expiry: SessionType: Pixel
_GRECAPTCHAThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.
Expiry: 180 daysType: HTTP
ads/ga-audiencesUsed by Google AdWords to re-engage visitors that are likely to
convert to customers based on the visitor's online behaviour across websites.
Expiry: SessionType: Pixel
pagead/1p-conversion/#/Pending
Expiry: SessionType: Pixel
pagead/1p-user-list/#Tracks if the user has shown interest in specific products
or events across multiple websites and detects how the user navigates between
sites. This is used for measurement of advertisement efforts and facilitates
payment of referral-fees between websites.
Expiry: SessionType: Pixel
pagead/1p-user-list/1040562098/Pending
Expiry: SessionType: Pixel
pagead/1p-user-list/674268845/Pending
Expiry: SessionType: Pixel
pagead/1p-user-list/721494041/Pending
Expiry: SessionType: Pixel
JazzHR
3
Learn more about this provider
com.adobe.reactor.dataElements.Demandbase v101Pending
Expiry: SessionType: HTML
external_referrer_urlRegisters how the user has reached the website to enable
pay-out of referral commission fees to partners.
Expiry: 1 dayType: HTTP
NRBA_SESSION_IDCollects user data through quiz/survey-like content. This allows
the website to promote relevant products or services.
Expiry: SessionType: HTML
LinkedIn
3
Learn more about this provider
bcookieUsed by the social networking service, LinkedIn, for tracking the use of
embedded services.
Expiry: 1 yearType: HTTP
li_sugrCollects data on user behaviour and interaction in order to optimize the
website and make advertisement on the website more relevant.
Expiry: 3 monthsType: HTTP
UserMatchHistoryEnsures visitor browsing-security by preventing cross-site
request forgery. This cookie is essential for the security of the website and
visitor.
Expiry: 30 daysType: HTTP
Microsoft
51
Learn more about this provider
_uetsid [x3]Used to track visitors on multiple websites, in order to present
relevant advertisement based on the visitor's preferences.
Expiry: PersistentType: HTML
_uetsid_exp [x3]Contains the expiry-date for the cookie with corresponding name.
Expiry: PersistentType: HTML
_uetvid [x3]Used to track visitors on multiple websites, in order to present
relevant advertisement based on the visitor's preferences.
Expiry: PersistentType: HTML
_uetvid_exp [x3]Contains the expiry-date for the cookie with corresponding name.
Expiry: PersistentType: HTML
MR [x2]Pending
Expiry: 7 daysType: HTTP
MUID [x2]Pending
Expiry: 1 yearType: HTTP
SRM_BPending
Expiry: 1 yearType: HTTP
_uetsid [x16]Collects data on visitor behaviour from multiple websites, in order
to present more relevant advertisement - This also allows the website to limit
the number of times that they are shown the same advertisement.
Expiry: 1 dayType: HTTP
_uetvid [x16]Used to track visitors on multiple websites, in order to present
relevant advertisement based on the visitor's preferences.
Expiry: 1 yearType: HTTP
ANONCHKPending
Expiry: 1 dayType: HTTP
SMPending
Expiry: SessionType: HTTP
Outbrain
2
Learn more about this provider
outbrain_cid_fetch [x2]Collects data on the user’s navigation and behavior on
the website. This is used to compile statistical reports and heatmaps for the
website owner.
Expiry: 1 dayType: HTTP
Telaria
2
Learn more about this provider
tv_UIDMPending
Expiry: 400 daysType: HTTP
tvidPresents the user with relevant content and advertisement. The service is
provided by third-party advertisement hubs, which facilitate real-time bidding
for advertisers.
Expiry: 1 yearType: HTTP
Twitter Inc.
2
Learn more about this provider
muc_adsCollects data on user behaviour and interaction in order to optimize the
website and make advertisement on the website more relevant.
Expiry: 400 daysType: HTTP
i/jot/embedsSets a unique ID for the visitor, that allows third party
advertisers to target the visitor with relevant advertisement. This pairing
service is provided by third party advertisement hubs, which facilitates
real-time bidding for advertisers.
Expiry: SessionType: Pixel
YouTube
32
Learn more about this provider
__Secure-YECStores the user's video player preferences using embedded YouTube
video
Expiry: 13 monthsType: HTTP
LAST_RESULT_ENTRY_KEYUsed to track user’s interaction with embedded content.
Expiry: SessionType: HTTP
LogsDatabaseV2:V#||LogsRequestsStorePending
Expiry: PersistentType: IDB
nextIdUsed to track user’s interaction with embedded content.
Expiry: SessionType: HTTP
remote_sidNecessary for the implementation and functionality of YouTube
video-content on the website.
Expiry: SessionType: HTTP
requestsUsed to track user’s interaction with embedded content.
Expiry: SessionType: HTTP
ServiceWorkerLogsDatabase#SWHealthLogNecessary for the implementation and
functionality of YouTube video-content on the website.
Expiry: PersistentType: IDB
TESTCOOKIESENABLEDUsed to track user’s interaction with embedded content.
Expiry: 1 dayType: HTTP
VISITOR_INFO1_LIVETries to estimate the users' bandwidth on pages with
integrated YouTube videos.
Expiry: 180 daysType: HTTP
VISITOR_PRIVACY_METADATAPending
Expiry: 180 daysType: HTTP
YSCRegisters a unique ID to keep statistics of what videos from YouTube the user
has seen.
Expiry: SessionType: HTTP
yt.innertube::nextId [x2]Registers a unique ID to keep statistics of what videos
from YouTube the user has seen.
Expiry: PersistentType: HTML
yt.innertube::requests [x2]Registers a unique ID to keep statistics of what
videos from YouTube the user has seen.
Expiry: PersistentType: HTML
ytidb::LAST_RESULT_ENTRY_KEY [x2]Stores the user's video player preferences
using embedded YouTube video
Expiry: PersistentType: HTML
YtIdbMeta#databasesUsed to track user’s interaction with embedded content.
Expiry: PersistentType: IDB
yt-remote-cast-available [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: SessionType: HTML
yt-remote-cast-installed [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: SessionType: HTML
yt-remote-connected-devices [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: PersistentType: HTML
yt-remote-device-id [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: PersistentType: HTML
yt-remote-fast-check-period [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: SessionType: HTML
yt-remote-session-app [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: SessionType: HTML
yt-remote-session-name [x2]Stores the user's video player preferences using
embedded YouTube video
Expiry: SessionType: HTML
assets.adobedtm.com
www.bitdefender.com
24
Demandbase.AdobeLaunch.demandbaseDataElement1 [x4]Pending
Expiry: PersistentType: HTML
Demandbase.AdobeLaunch.demandbaseDataElement2 [x4]Pending
Expiry: PersistentType: HTML
Demandbase.AdobeLaunch.demandbaseDataElement3 [x4]Pending
Expiry: PersistentType: HTML
Demandbase.AdobeLaunch.demandbaseDataElement4 [x4]Pending
Expiry: PersistentType: HTML
Demandbase.AdobeLaunch.demandbaseDataElement5 [x4]Pending
Expiry: PersistentType: HTML
Demandbase.AdobeLaunch.raw [x4]Pending
Expiry: PersistentType: HTML
assets.adobedtm.com
www.bitdefender.nl
3
com.adobe.reactor.dataElements.DL_Page_TrackingCode (CID) [x3]Pending
Expiry: SessionType: HTML
bitdefender.applytojob.com
assets.adobedtm.com
3
com.adobe.reactor.dataElements.Demandbase v100 [x3]Pending
Expiry: SessionType: HTML
cdn.bizible.com
cdn.bizibly.com
2
_BUID [x2]Collects data on visitors' preferences and behaviour on the website -
This information is used make content and advertisement more relevant to the
specific visitor.
Expiry: 1 yearType: HTTP
connect.facebook.net
www.bitdefender.com
16
_fbp [x16]Used by Facebook to deliver a series of advertisement products such as
real time bidding from third party advertisers.
Expiry: 3 monthsType: HTTP
d.impactradius-event.com
6
IR_gbd [x6]Registers a unique ID that identifies the user's device during return
visits across websites that use the same ad network. The ID is used to allow
targeted ads.
Expiry: SessionType: HTTP
static.scarabresearch.com
assets.adobedtm.com
6
wps-1 [x3]Used to track visitors on multiple websites, in order to present
relevant advertisement based on the visitor's preferences.
Expiry: PersistentType: HTML
wpsStore [x3]Used to track visitors on multiple websites, in order to present
relevant advertisement based on the visitor's preferences.
Expiry: SessionType: HTML
t.co
assets.adobedtm.com
2
i/adsct [x2]The cookie is used by Twitter.com in order to determine the number
of visitors accessing the website through Twitter advertisement content.
Expiry: SessionType: Pixel
www.bitdefender.com.au
1
GOOGLE_ABUSE_EXEMPTIONPending
Expiry: 1 dayType: HTTP
www.bitdefender.se
www.bitdefender.nl
4
com.adobe.reactor.dataElements.DL_User_EmarsysID [x2]Pending
Expiry: SessionType: HTML
com.adobe.reactor.dataElements.DL_User_ID [x2]Pending
Expiry: PersistentType: HTML
Unclassified 115
Unclassified cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
Adobe Inc.
13
Learn more about this provider
at_geo [x12]Pending
Expiry: 7 daysType: HTTP
b/ss/#/1/#/s#Pending
Expiry: SessionType: Pixel
AntVoice
2
Learn more about this provider
av-sess-id-351Pending
Expiry: 1 dayType: HTTP
av-test-cookiePending
Expiry: 1 dayType: HTTP
Bitdefender
42
Learn more about this provider
de-historyPending
Expiry: PersistentType: HTML
de-history_hrefPending
Expiry: PersistentType: HTML
bd_force_countryPending
Expiry: SessionType: HTTP
bdselcidPending
Expiry: SessionType: HTTP
country_idPending
Expiry: SessionType: HTTP
iuasd236Pending
Expiry: 10 daysType: HTTP
ab_bannerPending
Expiry: 29 daysType: HTTP
hubspotutkPending
Expiry: PersistentType: HTML
nl-historyPending
Expiry: PersistentType: HTML
nl-history_hrefPending
Expiry: PersistentType: HTML
tagit_params [x13]Pending
Expiry: SessionType: HTTP
tagit_session [x13]Pending
Expiry: SessionType: HTTP
checkout-prodPending
Expiry: PersistentType: HTML
currentFlowPending
Expiry: PersistentType: HTML
loadingPending
Expiry: PersistentType: HTML
session-prodPending
Expiry: PersistentType: HTML
displayExitPopupPending
Expiry: SessionType: HTTP
camp_sfPending
Expiry: 3 monthsType: HTTP
JazzHR
4
Learn more about this provider
internal_navigation_countPending
Expiry: 1 dayType: HTTP
fsd2Pending
Expiry: SessionType: HTTP
oidfg4Pending
Expiry: SessionType: HTTP
rerew4Pending
Expiry: SessionType: HTTP
Livechat
4
Learn more about this provider
@@lc_auth_token:123a31c6-8937-471b-b835-374aa9d4f877Pending
Expiry: PersistentType: HTML
@@lc_idsPending
Expiry: PersistentType: HTML
6748731:statePending
Expiry: PersistentType: HTML
side_storage_123a31c6-8937-471b-b835-374aa9d4f877Pending
Expiry: PersistentType: HTML
d.impactradius-event.com
4
IR_4466 [x4]Pending
Expiry: SessionType: HTTP
www.bitdefender.be
www.bitdefender.co.uk
www.bitdefender.com
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
12
MCMIDSDID [x12]Pending
Expiry: SessionType: HTTP
www.bitdefender.co.uk
www.bitdefender.com
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
11
wp_ab_contact_support [x11]Pending
Expiry: PersistentType: HTML
www.bitdefender.co.uk
www.bitdefender.com
www.bitdefender.com.au
www.bitdefender.ro
6
bookmarks [x6]Pending
Expiry: PersistentType: HTML
www.bitdefender.com.au
1
abauPending
Expiry: 30 daysType: HTTP
www.bitdefender.com
assets.adobedtm.com
2
wps-user-session [x2]Pending
Expiry: PersistentType: HTML
www.bitdefender.com
www.bitdefender.be
www.bitdefender.co.uk
www.bitdefender.com.au
www.bitdefender.com.br
www.bitdefender.es
www.bitdefender.it
www.bitdefender.pt
www.bitdefender.ro
www.bitdefender.se
14
cf-ipcountry [x14]Pending
Expiry: 1 dayType: HTTP
Cross-domain consent18 Your consent applies to the following domains:
List of domains your consent applies to: checkout.bitdefender.com
pages.bitdefender.com msp.bitdefender.com store.bitdefender.com
myaccount.bitdefender.com www.bitdefender.se www.bitdefender.be
www.bitdefender.co.uk www.bitdefender.com www.bitdefender.com.au
www.bitdefender.com.br www.bitdefender.de www.bitdefender.es www.bitdefender.fr
www.bitdefender.it www.bitdefender.nl www.bitdefender.pt www.bitdefender.ro
Cookie declaration last updated on 26.08.23 by Cookiebot
[#IABV2_TITLE#]
[#IABV2_BODY_INTRO#]
[#IABV2_BODY_LEGITIMATE_INTEREST_INTRO#]
[#IABV2_BODY_PREFERENCE_INTRO#]
[#IABV2_LABEL_PURPOSES#]
[#IABV2_BODY_PURPOSES_INTRO#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_LABEL_FEATURES#]
[#IABV2_BODY_FEATURES_INTRO#]
[#IABV2_BODY_FEATURES#]
[#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PARTNERS_INTRO#]
[#IABV2_BODY_PARTNERS#]
Cookies are small text files that can be used by websites to make a user's
experience more efficient.
The law states that we can store cookies on your device if they are strictly
necessary for the operation of this site. For all other types of cookies we need
your permission.
This site uses different types of cookies. Some cookies are placed by third
party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration
on our website.
Learn more about who we are, how you can contact us and how we process personal
data in our Privacy Policy.
Do not sell or share my personal information
Use necessary cookies only Allow selection Customize
Allow all cookies
Powered by Cookiebot by Usercentrics
* Company
* Blog
For HomeFor BusinessFor Partners
Consumer Insights Labs Business Insights
Contact an expert
Enterprise Security Threat Research Endpoint Detection and Response
23 min read
DEEP DIVE INTO SUPPLY CHAIN COMPROMISE: HOSPITALITY'S HIDDEN RISKS
Martin Zugec
September 07, 2023
In today's hospitality industry, vacation rental software has shifted from a
luxury to a must-have for hotels, resorts, and smaller businesses, simplifying
booking, guest interactions, and property management. While vacation rental
software may seem focused on booking, it holds valuable data like credit card
info, guest preferences, and communications. This data is a prime target for
cybercriminals seeking financial gain or unauthorized access.
Especially attractive is credit card information, which draws the attention of
financially motivated hackers, accounting for 41% of hospitality breaches
(source: Verizon Data Breach Investigations Report). The combination of the
hospitality industry's substantial transaction volume and the integration of
payment gateways make it a lucrative target.
Another key characteristic of financially driven attacks targeting payment and
financial systems is the attackers' intimate familiarity with the internal
workings of the software. Often, these threat actors possess a deep
understanding of how systems function and connect, and they are motivated to
allocate effort and resources into developing specialized tools. Unsurprisingly,
cybercriminals find the idea of generating a steady, repeating income by
exploiting payment systems quite interesting.
While significant resources are at the disposal of large hotel networks and
travel search engines, enabling them to enforce robust security measures (though
recent breaches underscore that this isn't infallible), smaller hotels and
resorts face an even more formidable challenge. Custom software is costly and
time-consuming, so they opt for third-party solutions from trusted providers.
But this reliance introduces a new issue: supply chain vulnerability.
This deep-dive article examines a recent breach targeting a small resort in the
United States. The business in question had adopted the IRM Next Generation
(“IRM-NG”) online booking engine, a product by Resort Data Processing, Inc.
During the investigation by Bitdefender Labs, we discovered a collection of
vulnerabilities in this software. In addition, the attack was supported by a
suite of tailor-made malware, designed by the threat actor to seamlessly
integrate with the software’s architecture. This underscores the threat actor’s
intricate understanding of the software’s internal workings and highlights their
capacity to exploit its functionalities for extracting sensitive information.
RESPONSIBLE DISCLOSURE
First and foremost, let’s address the elephant in the room. We have tried
reporting the vulnerabilities to Resort Data Processing since May 2023 right
after the first vulnerability in IRM-NG software was discovered, but we were
unsuccessful. Our initial attempt took the form of emails, but regrettably, our
endeavors remained unanswered. Over the ensuing months, we pursued communication
with the software vendor through various channels, which included the official
bug bounty program, Twitter, or contacts on LinkedIn associated with the
company.
Despite our repeated and varied attempts to establish contact, we received no
response. Given that the threat actor responsible for the attack demonstrated a
deep understanding of the software in use and the discovery of additional
compromised victims, we have taken the initiative to allocate CVEs to the
identified vulnerabilities. It’s important to clarify that we haven’t attempted
a comprehensive evaluation of the security of the IRM-NG engine; rather, we just
documented the vulnerabilities encountered during our analysis. This approach
leaves room for the possibility that additional vulnerabilities may exist within
the software.
Below is a list of CVEs assigned to identified vulnerabilities:
* CVE-2023-39420 - Use of Hard-coded Credentials in dll (CWE-798)
* CVE-2023-39421 - Use of Hard-coded Credentials in dll (CWE-798)
* CVE-2023-39422 - Use of Hard-coded Credentials in /irmdata/api/ endpoints
(CWE-798)
* CVE-2023-39423 - Improper Neutralization of Special Elements used in an SQL
Command in dll (CWE-89)
* CVE-2023-39424 - Improper Neutralization of Special Elements in Output Used
by a Downstream Component ('Injection') in dll (CWE-74)
ANATOMY OF AN ATTACK
Based on our analysis, this attack began during the summer of 2022. One of the
tools' PE headers further supports this timeline, indicating a compilation time
of 2022-07-11 12:49:31. As a defense evasion tactic, the threat actor employed
timestomping to seamlessly blend with other legitimate files within the same
folder. Timestomping is a technique that involves altering the timestamps of
files on a computer system to manipulate their creation, modification, or access
times. This is done to deceive investigators, obscure malicious activities, and
create confusion regarding the timeline of events. As an example of this
technique, the malicious file wow64log.dll matches the timestamps of the
legitimate file wow64win.dll (both in the C:\Windows\System32 folder).
While we cannot definitively pinpoint the specific threat actor group behind the
attack, we can confirm that the attack's primary objective revolves around
financial gain and the illicit acquisition of personal information. The IRM-NG
engine was implicated in a security breach in 2021; due to the limited
availability of publicly available information about this incident, we are
unable to ascertain any direct link to the attacks that we analyzed. During our
investigation, we identified similar webshell infections among several other
victims who were also utilizing the same booking engine. However, the
confirmation or negation of the XModule component's usage in these attacks
remains inconclusive.
INITIAL COMPROMISE
Although we were unable to confirm the precise initial attack vector, we hold a
strong conviction that it was connected to an undisclosed vulnerability within
the booking engine. The threat actor first uploaded a file index.css (containing
webshell code), exploiting that .css extension is allowed by the file-uploading
API. As the next step, the threat actor used an undisclosed vulnerability to
change the extension of this file to .aspx. This change in extension allowed the
file to be executed within the ASP.NET framework, enabling its functionality as
a webshell.
cmd.exe /c rename
c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\<SERVER>\\<RESORT>\\index.css
index.aspx
cmd.exe /c rename
c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\<SERVER>\\<RESORT>\\index.css
index2.aspx
This location further underscores the exploitation of a vulnerability within the
booking engine, as this is the default upload path for management users logged
onto a designated server.
An additional tool deployed by the threat actor on the compromised server was
ConsoleApplication5.exe. This custom-made tool was specifically crafted to run
PSQL queries on the database, utilizing Pervasive PSQL, which is the relational
database system used by the booking engine. Notably, this database is not
password protected.
This tool was initially used to remove traces of the initial login.
Significantly, this specialized tool was put into action within a mere 18
minutes after the initial breach. This strongly suggests that the threat actor
possessed previous knowledge of the system.
c:\\windows\\system32\\cmd.exe /c cd "C:\\Users\\<USERNAME>\\XRM\\Files\\" &&
dir && ConsoleApplication5.exe <SERVER> <DATABASE> "DELETE FROM Logins WHERE
Browser='Firefox94'"
The same tool was used to deploy malware to a secure path C:\Windows\System32.
To begin, the threat actor took advantage of an unknown vulnerability or content
management interface to upload the malicious code to a separate table named
UnitAdContent, storing it within a row marked by a PropertyName value of
'333333333333333333333333333333'. With the code now stored in this record, the
next step for the threat actors was to save this file in a protected path.
For this purpose, the threat actor used a vulnerability within an "RDPng File
Upload" service operating at the SYSTEM level. This service employs a table
named FileUploads to store instructions for file uploads. The threat actor
inserted a new record into this table, specifying their intention to create a
file named wow64log.dll. The content of this file was to be derived from the
value stored in the UnitAdContent table. Upon adding this instruction to the
database, the file upload service executed the directive, successfully
generating the requested file. This file was an installer for a custom version
of Micro Backdoor.
c:\\windows\\system32\\cmd.exe /c cd "C:\\Users\\<USERNAME>\\XRM\\Files\\" &&
dir && ConsoleApplication5.exe <SERVER> <DATABASE> "INSERT INTO FileUploads
(FileName,File,Action,Location,DateEntered) VALUES
('wow64log.dll','41',0,'c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\<SERVER>\\<RESORT>\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\system32\\',now());UPDATE
FileUploads SET File=(SELECT CAST(Description as char(5120)) FROM UnitAdContent
WHERE PropertyName='333333333333333333333333333333') Where
FileName='wow64log.dll'"
To enter the database or authenticate with APIs, we discovered a collection of
hardcoded credentials within different libraries. Some of these credentials
relied on passwords that are reset daily, yet these passwords can be readily
generated by analyzing one of the DLL libraries. Although we have chosen not to
disclose sensitive details within our research, it's important to highlight that
the threat actor was already aware of this.
The threat actor employed additional tools to escalate privileges. One of these
was the widely recognized PrintSpoofer (though packed with Themida to make
analysis and detection more challenging), and another was a proof-of-concept
tool for CVE-2020-0787 to copy files to a protection location. This POC was a
customized variant of the one available in this repository. Another tool that
the threat actor used for defense evasion was a process ghosting tool named
KingHamlet.
ESTABLISHING PERSISTENCE
For persistence, the attackers used a scheduled task named ChkUpd that runs as
SYSTEM. This task executes the following command line:
C:\Windows\system32\rundll32.exe batchd.dll,ResChkUpd. The very small DLL file
batchd.dll executes a batch file (C:\irmsetup\install.bat) that deploys
malicious components:
copy "C:\Users\All Users\XRM\Data\api.dll" C:\windows\system32\logapi64.dll
copy "C:\Users\All Users\XRM\Data\wow.dll" C:\windows\system32\wow64log.dll
copy "C:\Users\All Users\XRM\Data\x.config" C:\inetpub\wwwroot\web.config
copy "C:\Users\All Users\XRM\Data\i.dat"
C:\inetpub\wwwroot\rdprepository\irm\content\<SERVER>\<RESORT>\index.aspx
While the file index.aspx is just a regular webshell, the other three files
constitute the heart of this operation.
First, the file web.config provides integration with the IIS. This file plays a
crucial role in configuring settings and behaviors of an IIS server, such as
authentication, security, URL rewriting, and caching, impacting how IIS modules
interact with the hosted application. Using this web.config file allowed the
threat actor to inject a malicious IIS module called XModule.
While a detailed description of this module will be provided in the subsequent
"Execution" section, we wanted to describe its connection to establishing
persistence. The XModule is automatically loaded by IIS, initiating the loading
of the wow64log.dll library. This installer, in turn, creates a service
responsible for loading the Micro Backdoor library logapi64.dll. This service
can be configured to utilize either network communication
(C:\\windows\\system32\\svchost.exe -k netsvcr) or named pipes
(C:\\windows\\system32\\svchost.exe -k netsvcp) as a communication channel
between XModule and Micro Backdoor.
At this moment, all essential components are present and operational. XModule is
loaded by IIS and can intercept requests directed at the booking engine, while
Micro Backdoor is up and running, prepared to handle instructions from XModule.
EXECUTION
The IIS module XModule is integrated into the flow of the booking engine,
actively monitoring all incoming and outgoing traffic to intercept valuable
information or receive commands from threat actor. This is achieved by
implementing a handler for OnSendResponse event with medium priority.
When an IIS module implements a handler for the OnSendResponse event, it means
that the module is designed to intercept the response generated by the web
server before it is sent back to the client's browser. This allows the module to
inject additional content, modify headers, or perform other actions on the
response data.
The second component is Micro Backdoor. Micro Backdoor is a minimalistic
backdoor for Windows operating systems, designed to be easily customizable. This
is exactly how the threat actor used this malware with a small footprint. The
customized version does not directly communicate with the command & control (C2)
server - instead, it uses a named pipe (\\\\.\\pipe\\xrpcxdsvc) to communicate
with XModule. Named pipes are a type of interprocess communication (IPC)
mechanism used for communication between processes or applications on a computer
system. XModule effectively acts as a proxy between the C2 server
telecomptd[.]org and Micro Backdoor, making it much harder to detect, since
there is no network traffic.
When the threat actor wants to collect extracted data or send commands to the
backdoor, they make a POST request with specific content to any legitimate page
on the compromised web server. The XModule intercepts this request, decrypts and
processes the embedded instructions, and reports results in the response body.
This is an almost undetectable method of communication.
For data extraction, XModule stores intercepted data in the location
C:\ProgramData\Actian\Cache\Logs, with a file prefix identifying the type of
exfiltrated data.
If the request is GET and the URL contains /irmng/polyfills-es2015 string (this
is a .js file used by IRM-NG booking engine), XModule will inject a malicious
JavaScript that will set a cookie named __gglmap. This cookie stores the
following information: firstname, lastname, address1, address2, city, state,
country, postal code, email, card holder, card number, CVV, expiration month &
year, billing zip and other data identified by elements with the following IDs
(that we couldn't identify): "tc91", "tc90", "tc92", "tc93", "tc94", "tc95". If
this cookie __gglmap later appears in the headers, the XModule will save its
value (encrypted using a simple XOR) in a file named
error_<year><month><day>_<crc32_of_cookie_value>.dmp.
If the request is POST, the action depends on the body of the request.
If the request body contains passwords (one of the strings "password", "pass",
"pwd" is present), the body is written (encrypted) into a file named
info_<year><month><day>_<crc32_of_body>.dmp.
If the request body contains credit card information (one of the strings "cvv",
"cvc", "cardnumber", "cardholder", "ccnum", "cc_num", "i4g0", "tenerum" is
present), the body is written (encrypted) in a file named
dump_<year><month><day>_<crc32_of_body>.dmp.
Finally, if the request body contains paramers Module=BookData&Booking_ID= and
&Booking_Info=, XModule will interpret the value of the Booking_Info as a
command. The command is base64 encoded and encrypted with a simple XOR. The
XModule (or Micro Backdoor) executes the command and returns the result in the
response body (encrypted).
This command can be one of the following:
* PIN - responds with "PONG”
* INF - responds with
<username>|<computer_name>|<user_is_admin>|<integrity_level>
* CMD - a command that is executed using exe /c (or %COMSPEC%)
* CMP - a command for the Micro Backdoor (using a named pipe)
* DMP - initiate data exfiltration, appends the content of all the files in
C:\ProgramData\Actian\Cache\Logs folder to the response body
CONCLUSION AND RECOMMENDATIONS
The investigation has revealed a series of security breaches within a booking
engine software that have been orchestrated by a sophisticated threat actor.
This incident appears to be part of a larger, coordinated effort, as the
attacker demonstrated an intimate knowledge of the software's architecture and
inner workings. The threat actor went beyond conventional attack methods by
developing custom malware designed to seamlessly integrate with legitimate
network traffic, facilitating the covert exfiltration of sensitive data. Threat
actors, like everyone else, aim to maximize their gains while minimizing effort.
They're willing to invest time and resources in crafting custom attacks if it
leads to a consistent income.
Larger companies have the capacity and responsibility to conduct routine
security audits and penetration testing, a luxury that might not be feasible for
smaller businesses – a demographic often served by third-party solutions. For
these smaller enterprises, focusing on the security maturity of their supply
chain becomes paramount. It's essential to recognize that opting for seemingly
more affordable solutions can sometimes lead to unforeseen, substantial expenses
due to security breaches or vulnerabilities.
The best protection that businesses can deploy against modern attacks remains
the defense-in-depth architecture. This approach involves employing multiple
layers of overlapping security measures that are designed to protect against a
variety of threats.
The first step in adopting a multi-layered strategy is mastering prevention
capabilities. Try to limit the exposed attack surface and minimize the number of
entry points that threat actors can use. Identify and correct weaknesses by
implementing patch and risk management solutions before threat actors can
exploit them.
Automated protection controls are deployed to all potential entry points exposed
to threat actors (including work-from-home laptops for roaming employees). This
includes next-generation antivirus, but also seamlessly integrated IP/URL/Domain
reputation, and protection against previously unknown threats. This gives you
the capability to detect and block most security incidents before they can do
any harm.
Despite your best efforts, it is still possible that modern threat actors will
make it past your prevention and protection controls. This is where your
detection and response capabilities come into play. Whether you get these
capabilities as-a-product (EDR/XDR) or as-a-service (MDR), the purpose is to
minimize the time when threat actors remain undetected. Bitdefender MDR team
conducts a proactive search through an environment to hunt malicious,
suspicious, or risky activities that have evaded detection by existing tools.
In conclusion, the investigation underscores the need for a multi-layered and
adaptive security strategy. By combining technological enhancements with
vigilant monitoring and proactive measures, organizations can better defend
against sophisticated threat actors targeting critical software systems.
We would like to thank Adrian Schipor, Victor Vrabie, Cristina Vatamanu,
Alexandru Maximciuc and Bogdan “Bob” Botezatu for help with putting this
advisory report together.
The full research paper, published by Bitdefender Labs, contains additional
details and technical insights.
INDICATORS OF COMPROMISE
An up-to-date and complete list of indicators of compromise is available to
Bitdefender Advanced Threat Intelligence users. The currently known indicators
of compromise can be found in the table below.
XMODULE
File Path
MD5
%PROFILES%\\<PROFILE>\\desktop\\urlmodz.dll
cb911c01d89b3a35bb3a7f525021b609
c:\\temp\\test_regmodule.dll
504a54e53727d418003d7b71647f6230
c:\\temp\\test_regmodule.dll
87397cdbf0e62dd422dfcd0c54b39710
c:\\temp\\test_regmodule.dll
07c7dffc9237373eeca170cc332e5ee0
c:\\temp\\test_regmodule.dll
5955f14160bb8aacc63f620065317c2c
c:\\temp\\test_regmodule.dll
3411c97b2017c5a60bacbae722afa9e3
c:\\temp\\test_regmodule.dll
58e200a60c8329058bb7e63118e6ce3f
c:\\temp\\test_regmodule.dll
225fee186de514e1a24536a95bfa118d
c:\\temp\\test_regmodule.dll
1d6554842dc48fd87b83113318e9256d
c:\\temp\\test_regmodule.dll
f74271e58d20f42be4bf2a685c78217d
c:\\temp\\test_regmodule.dll
a1d80427445b6db77daa39dfb89d3c2f
c:\\temp\\test_regmodule.dll
d98ef3e72ed8cac642a51498ff67c3b0
c:\\temp\\test_regmodule.dll
ce7fde78cb3d3fa08e053d8a6ccdb931
c:\\temp\\test_regmodule.upx.dll
284e2bef6bec53942442a80daa3ab56d
c:\\temp\\test_regmodule.dll
91f0ba3999e7d368b294f8dd2b326865
c:\\temp\\test_regmodule.dll
3ee42bc3f765c8ac7e0708641fab4e9e
c:\\temp\\test_regmodule.dll
063588bfda9642c835b5a2bcfedaf1da
c:\\temp\\xmodule.dll
ac7cdd4d1d08f74a7f9c56b760aa991b
c:\\temp\\xmodule.dll
b487e7bfd88aa57ccbf47568055f47da
c:\\temp\\xmodule.dll
a92e0651bc8fef306ecbe992351d311f
c:\\temp\\xmodule.dll
adecf847a06fb12589e92c522f59473f
c:\\temp\\xmodule.dll
800294f84f61830b79577d241ef6c7df
c:\\temp\\xmodule.dll
8f39d5df4c38c2b90e5b9b091458eed7
c:\\temp\\xmodule.dll
61cac5c66aaba9f896da026bb2a7c899
c:\\temp\\xmodule.dll
c453f876e25c8a04d9cde58f9290c88f
c:\\temp\\xmodule.dll
b1703ed5441ac3fb5004a37722e14b22
c:\\temp\\xmodule.dll
89c283604857ea44ef8d0bc109d53a73
c:\\temp\\xm32.dll
3b15d7a3e9eea9c403ddc4e74fd329aa
c:\\temp\\xmodule.dll
450d4c982490350082ca3dc89a0e8ee2
c:\\temp\\xmodule.dll
05b0418263ac7ab3431f2329d0d3e2b0
c:\\temp\\xmodule.dll
bdbeb4dd064cc30a3c02cfb1ea0e5dc8
c:\\temp\\zxmod33.dll
366f6e5b7db3c0ef0eaa8776ae7ade24
c:\\temp\\xmodule.dll
953ccf89d1452a7142a1d3970219ed8a
c:\\temp\\xmodule.dll
c0ba71922ba520ad479f4b77d6e70688
c:\\temp\\xmodule32.dll
871de9bf5a4fdfa5e448f47a14259335
c:\\temp\\xmodule.dll
adcc2d68a2d7c5e830be550890efd42b
c:\\windows\\system32\\inetsrv\\issrpch64.dll
d5373e33861c09697af6c62987983321
c:\\windows\\system32\\inetsrv\\issrpch.dll
24d7baab665b51719aca24718e3d0115
c:\\windows\\syswow64\\inetsrv\\urlmodz.dll
cb911c01d89b3a35bb3a7f525021b609
MICRO BACKDOOR
File Path
MD5
c:\\windows\\syswow64\\logapi64.dll
e919e2ca19daa40904000a3222963b21
c:\\windows\\system32\\logapi64.dll
e919e2ca19daa40904000a3222963b21
MICRO BACKDOOR INSTALLER
File Path
MD5
C:\\Windows\\System32\\wow64logf.dll
6d85ea5b1d88aadd43fec8a53662c0ad
C:\\Windows\\System32\\wow64log.dll
6d85ea5b1d88aadd43fec8a53662c0ad
PERSISTENCE
File Path
MD5
c:\\windows\\system32\\batchd.dll
12f2a5faa01efcee7a0829133173da2b
c:\\irmsetup\\install.bat
fc45969de0677b995bfbc829906871f5
PRIVILEGE ESCALATION & DEFENSE EVASION
File Path
MD5
c:\\temp\\tmp\\uninstall_2.exe
bfea2b4a02a8044cb5f7fccc36172460
c:\\temp\\tmp\\procghost.exe
4912f690fc30bb2217d1b1f3029003fe
c:\\temp\\tmp\\bitsarbitraryfilemoveexploit.exe
582862be0c3bdda4f65376169c57af98
WEBSHELLS
File Path
MD5
c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\<SERVER>\\<RESORT>\\eval_full_fud.aspx
7efc7f94cbbc3e1d38873039996efe64
c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\<SERVER>\\<RESORT>\\eval_full_fud.aspx
714f7493b7eb384f3ef7a49b73f8c66f
c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\index.aspx
9cf1bbd0d83d5701aebdba6e05f7bb93
c:\\inetpub\\wwwroot\\irmcms\\custom\\31pip2pi.m3i
9cf1bbd0d83d5701aebdba6e05f7bb93
c:\\inetpub\\wwwroot\\irmcms\\custom\\pcnlgjs1.rcc
9cf1bbd0d83d5701aebdba6e05f7bb93
c:\\inetpub\\wwwroot\\rdprepository\\irm\\content\\<SERVER>\\<RESORT>\\index.aspx
45ff3ba7c1ebc1db28d4438691b13bea
c:\\programdata\\xrm\\data\\i.dat
45ff3ba7c1ebc1db28d4438691b13bea
CUSTOM PSQL TOOL
File Path
MD5
C:\\ProgramData\\xrm\\files\\consoleapplication5.exe
5db5a373b1395d9f6aeb87f99e8a801c
DOMAINS
telecomptd[.]org
CONTACT AN EXPERT
tags
Enterprise Security Threat Research Endpoint Detection and Response
--------------------------------------------------------------------------------
AUTHOR
--------------------------------------------------------------------------------
MARTIN ZUGEC
Martin is technical solutions director at Bitdefender. He is a passionate
blogger and speaker, focusing on enterprise IT for over two decades. He loves
travel, lived in Europe, Middle East and now residing in Florida.
View all posts
--------------------------------------------------------------------------------
RIGHT NOW TOP POSTS
Enterprise Security Threat Research Endpoint Detection and Response
DEEP DIVE INTO SUPPLY CHAIN COMPROMISE: HOSPITALITY'S HIDDEN RISKS
September 07, 2023
Enterprise Security Endpoint Detection and Response Managed Detection and
Response
UNLOCKING EUROPE’S MDR INSIGHTS: BITDEFENDER’S TOP 3 REVELATIONS FROM
FORRESTER’S REPORT
September 06, 2023
Enterprise Security Managed Service Providers Threat Intelligence
THE DIFFERENCES BETWEEN STATIC AND DYNAMIC MALWARE ANALYSIS
August 29, 2023
Enterprise Security Ransomware Threat Research
BITDEFENDER THREAT DEBRIEF | AUGUST 2023
August 24, 2023
FOLLOW US ON SOCIAL MEDIA
--------------------------------------------------------------------------------
SUBSCRIBE TO OUR NEWSLETTER
Don’t miss out on exclusive content and exciting announcements!
Notification FrequencyHow often should we send you e-mail notifications?
Lifecycle Stage
YOU MIGHT ALSO LIKE
Enterprise Security Threat Research Endpoint Detection and Response
DEEP DIVE INTO SUPPLY CHAIN COMPROMISE: HOSPITALITY'S HIDDEN RISKS
Martin Zugec
September 07, 2023
Enterprise Security Endpoint Detection and Response Managed Detection and
Response
UNLOCKING EUROPE’S MDR INSIGHTS: BITDEFENDER’S TOP 3 REVELATIONS FROM
FORRESTER’S REPORT
Bitdefender Enterprise
September 06, 2023
Enterprise Security Managed Service Providers Threat Intelligence
THE DIFFERENCES BETWEEN STATIC AND DYNAMIC MALWARE ANALYSIS
Bitdefender Enterprise
August 29, 2023
BOOKMARKS
--------------------------------------------------------------------------------
You have no bookmarks yet. Tap to read it later.
© 2023 Bitdefender. All Rights Reserved
Privacy Settings