www.akamai.com
Open in
urlscan Pro
2a02:26f0:480:d8a::b63
Public Scan
URL:
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Submission: On May 03 via manual from US — Scanned from DE
Submission: On May 03 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form role="combobox" aria-expanded="false" aria-haspopup="listbox" aria-labelledby="downshift-0-label">
<div class="sui-search-box">
<div class="sui-search-box__wrapper"><input aria-autocomplete="list" aria-labelledby="downshift-0-label" autocomplete="off" id="downshift-0-input" placeholder="Search" class="sui-search-box__text-input " aria-label="Search"
value=""><label></label></div>
</div>
</form><form role="combobox" aria-expanded="false" aria-haspopup="listbox" aria-labelledby="downshift-1-label">
<div class="sui-search-box">
<div class="sui-search-box__wrapper"><input aria-autocomplete="list" aria-labelledby="downshift-1-label" autocomplete="off" id="downshift-1-input" placeholder="Search" class="sui-search-box__text-input " aria-label="Search"
value=""><label></label></div>
</div>
</form>Text Content
Twitter LinkedIn Email
Close
X
Skip to main content
Need cloud computing? Get started now
Close Button
+49-8994006308
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources
en
* English
* Deutsch
* Español
* Français
* Italiano
* Português
* 中文
* 日本語
* 한국어
Try Akamai
Under Attack?
Back
1. Products
2. Solutions
3. Why Akamai
4. Resources
5. Partners
6. Contact Us
+49-8994006308
Back
PRODUCTS
Back
1. Cloud Computing
2. Security
3. Content Delivery
4. All Products and Trials
5. Global Services
+49-8994006308
Back
CLOUD COMPUTING
CLOUD COMPUTING
Learn more
Create a Cloud Account
COMPUTE
Build, release, and scale faster with VMs for every workload
See all
NETWORKING
Secure your network, balance traffic, control your infrastructure
See all
CONTAINERS
Efficiently orchestrate containerized applications
See all
DEVELOPER TOOLS
Get the most out of your applications with advanced management tools
See all
STORAGE
Deploy dependable, easily accessible storage and management
See all
DATABASES
Scale easily with simple and reliable managed databases
See all
Create a Cloud Account
SECURITY
SECURITY
Learn more
APP AND API SECURITY
API SECURITY
Discover and monitor API behavior to respond to threats and abuse
APP & API PROTECTOR
Protect web apps and APIs from DDoS, bots, and OWASP Top 10 exploits
CLIENT-SIDE PROTECTION & COMPLIANCE
Assist with PCI compliance and protect against client-side attacks
ZERO TRUST SECURITY
AKAMAI GUARDICORE SEGMENTATION
Mitigate risk in your network with granular, flexible segmentation
SECURE INTERNET ACCESS
Proactively protect against zero-day malware and phishing
HUNT
Stop the most evasive threats with proactive threat hunting
ENTERPRISE APPLICATION ACCESS
Granular application access based on identity and context
AKAMAI MFA
Harden against account takeovers and data breaches with phish-proof MFA
ABUSE AND FRAUD PROTECTION
ACCOUNT PROTECTOR
Mitigate account abuse and grow your digital business
CONTENT PROTECTOR
Stop scrapers, protect intellectual property, and increase conversion
BRAND PROTECTOR
Detect and mitigate fraudulent representations of your brand
BOT MANAGER
Welcome the bots you want and mitigate those you don’t
IDENTITY CLOUD
Add secure, cloud-based identity management to your websites or apps
INFRASTRUCTURE SECURITY
EDGE DNS
External authoritative solution for your DNS infrastructure
PROLEXIC
Protect your infrastructure from distributed denial-of-service attacks
CONTENT DELIVERY
CONTENT DELIVERY
Learn more
APPLICATION PERFORMANCE
ION
Improve the performance and reliability of your website at scale
API ACCELERATION
Improve the performance and reliability of your APIs at scale
MEDIA DELIVERY
ADAPTIVE MEDIA DELIVERY
High-quality video delivery for any screen to global audiences
DOWNLOAD DELIVERY
Deliver large file downloads flawlessly, every time, at global scale
DEDICATED DELIVERY
Deliver broadcast-quality video while maximizing network efficiency
EDGE APPLICATIONS
EDGEWORKERS
Execute custom JavaScript at the edge, near users, to optimize UX
EDGEKV
Distributed key-value store database at the edge
IMAGE & VIDEO MANAGER
Automatically optimize images and video for every user, on any device
MEDIA SERVICES LIVE
Reliably ingest and deliver low-latency live video at global scale
CLOUDLETS
Predefined apps that run at the edge for specific business needs
CLOUD WRAPPER
Use an efficient caching layer to improve origin offload
GLOBAL TRAFFIC MANAGEMENT
Optimize performance with intelligent load balancing
MONITORING, REPORTING, AND TESTING
DATASTREAM
Low-latency data feed for visibility and ingest into third-party tools
MPULSE
Measure the business impact of real user experiences in real time
CLOUDTEST
Site and application load testing at global scale
SOLUTIONS
Back
1. Use Cases
2. Industry Solutions
+49-8994006308
Back
USE CASES
CLOUD COMPUTING
MEDIA
Deliver an engaging, interactive video experience
SAAS
Build with portability, performance, and efficiency from cloud to client
GAMING
Improve the gamer experience with low latency and high availability
SECURITY
APPS AND APIS
Protect your brand by securing apps and APIs from persistent threats
ZERO TRUST
Deploy one platform for comprehensive coverage and deep visibility
DDOS PROTECTION
Protect your infrastructure from DDoS and DNS attacks
ABUSE AND FRAUD PROTECTION
Stop account abuse, sophisticated bot attacks, and brand impersonation
CONTENT DELIVERY
APP AND API PERFORMANCE
Improve user engagement through app & API optimization
MEDIA DELIVERY
Deliver seamless streaming and download experiences to any device
EDGE COMPUTE
Build and deploy on the world’s most distributed edge platform
INDUSTRY SOLUTIONS
MEDIA AND ENTERTAINMENT
RETAIL, TRAVEL, AND HOSPITALITY
FINANCIAL SERVICES
HEALTHCARE AND LIFE SCIENCES
PUBLIC SECTOR
GAMING
IGAMING AND SPORTS BETTING
PUBLISHING
NETWORK OPERATOR
WHY AKAMAI
COMPANY
Discover how we power and protect life online
Learn more
OUR PLATFORM
Explore Akamai Connected Cloud
Learn more
RESOURCES
Back
1. Library
2. Learn
3. Security Research
4. Developer Resources
5. Blog
6. Events
+49-8994006308
Back
LIBRARY
LIBRARY
See all
PRODUCT BRIEFS
REFERENCE ARCHITECTURES
CUSTOMER STORIES
EBOOKS
WHITE PAPERS
WEBINARS
VIDEOS
LEARN
LEARNING HUB
Educational resources and training for Akamai products and services
GLOSSARY
Key concepts in security, cloud computing, and content delivery
SECURITY RESEARCH
AKAMAI SECURITY RESEARCH
Insights and intelligence from the Akamai Security Intelligence Group
STATE OF THE INTERNET REPORTS
In-depth analysis of the latest cybersecurity research and trends
PARTNERS
Back
1. Find a Partner
2. Become a Partner
3. Cloud Computing Marketplace
+49-8994006308
Back
FIND A PARTNER
WHY CHOOSE AN AKAMAI PARTNER
Learn about our industry-leading ecosystem of partners
BECOME A PARTNER
CHANNEL PARTNERS
Unlock more profit, focus on what matters, and deliver with confidence
TECHNOLOGY PARTNERS
Create more value for joint customers with seamless integrations
CONTACT US
CONTACT SALES
Have questions? We can help.
Contact us
CUSTOMER SUPPORT
Need technical support? We are here 24/7.
Get support
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources
en
* English
* Deutsch
* Español
* Français
* Italiano
* Português
* 中文
* 日本語
* 한국어
1. Blog
2. Security Research
3. The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages
THE ART OF CONCEALMENT: A NEW MAGECART CAMPAIGN THAT’S ABUSING 404 PAGES
Written by
Roman Lvovsky
October 09, 2023
Written by
Roman Lvovsky
Roman Lvovsky is a Security Researcher with extensive experience in client-side
threats, browser internals, and JavaScript attack vectors. He is a member of
Akamai's In-Browser Protection Research Team and focuses his research on various
client-side threats, such as web skimming and Magecart attacks. He has a solid
background in software engineering, with a specialization in JavaScript and web
development.
Share
EXECUTIVE SUMMARY
* The Akamai Security Intelligence Group detected a Magecart web skimming
campaign that is targeting an extensive list of websites, including large
organizations in the food and retail industries.
* This campaign stands out because of its three advanced concealment
techniques, one of which we had never seen before — specifically,
manipulating the website’s default 404 error page to hide malicious code —
that poses unique challenges for detection and mitigation.
* The other two obfuscation techniques showcase the evolving tactics that
attackers are using to avoid detection and lengthen the attack chain.
* As web skimming attacks become increasingly sophisticated, organizations must
remain vigilant and explore advanced approaches to protect against these
evolving threats.
INTRODUCTION
A new, sophisticated, and covert Magecart web skimming campaign has been
targeting Magento and WooCommerce websites. Some of the victims of this campaign
are associated with large organizations in the food and retail industries.
According to the evidence we’ve uncovered, this campaign has been active for a
couple of weeks, and in some cases, even longer. This campaign managed to
surprise us with a high-level concealment technique that we had not previously
encountered.
THE NEW CAMPAIGN
Magecart attacks typically begin by exploiting the vulnerabilities in the
targeted websites or by infecting the third-party services that these websites
are using. In this campaign, all the victim websites we detected were directly
exploited, as the malicious code snippet was injected into one of their
first-party resources.
In some instances, the malicious code was inserted into the HTML pages; in other
cases, it was concealed within one of the first-party scripts that was loaded as
part of the website.
Like in many other Magecart campaigns, the attack infrastructure of this
campaign consists of three main parts: loader, malicious attack code, and data
exfiltration (Figure 1).
1. Loader — Short, obscure JavaScript code snippets responsible for loading the
full malicious code of the attack
2. Malicious attack code — The primary JavaScript code that executes the
attack; it detects sensitive inputs, reads the data, disrupts the checkout
process, and injects fake forms
3. Data exfiltration — The method used to transmit the stolen data to the
attacker's command and control (C2) server
Fig. 1: Magecart attack infrastructure
The purpose of separating the attack into three parts is to conceal the attack
in a way that makes it more challenging to detect. This allows for the
activation of the full flow of the attack only on the specifically targeted
pages; that is, because of the obfuscation measures used by the attacker, the
activation of the full attack flow can only occur where the attacker intended
for it to execute. This makes the attack more discreet and more difficult to
detect by security services and external scanning tools that might be in place
on the targeted website.
Although most Magecart campaigns share similarities in terms of their flow and
stages, what sets one campaign apart from another are the various concealment
techniques that attackers employ. These techniques are used to obscure the
attack’s infrastructure; conceal traces; complicate detection and reverse
engineering; and, ultimately, prolong the attack.
3 VARIATIONS OF THE CAMPAIGN
We found three different variations of this campaign, demonstrating the
evolution of the attack and the improvements the attackers made over time to
prevent detection and mitigation of this campaign:
* The first two variations are quite similar, with only minor differences in
the loader part.
* The third version is unique because the attackers used the website's default
404 error page to hide their malicious code; this is a creative concealment
technique that we hadn't ever seen before.
Let’s take a closer look at the technical details of the three variations of
this novel campaign.
VARIATION ONE
Our research began when we noticed some suspicious code snippets, detected by
our threat intelligence monitoring tools, on a major company's website. Upon
analyzing these snippets, we found that they were maliciously encoded JavaScript
loaders, which were still present and active on the website. This discovery led
us to investigate further, revealing the entire campaign with its variations and
impact on numerous websites.
THE VARIATION ONE LOADER: THE TIP OF THE ICEBERG
The skimmer successfully injected a malformed HTML image tag with an onerror
attribute into the exploited website (Figure 2). This attribute contains an
obfuscated Base64-encoded malicious loader code snippet. The intentionally empty
src attribute of the image tag is designed to prevent network requests and
trigger the execution of an inline onerror callback containing the obfuscated
malicious JavaScript code snippet.
Using image tags for the purpose of executing JavaScript code is a less common
and more sophisticated technique. It can help the skimmer bypass security
measures such as external scanners that typically analyze network traffic, which
are not triggered in this specific case. The obfuscated code will execute within
the context of the page and run as if it were a native first-party script
initiated by the page itself.
Fig. 2: Variation one loader — an improperly formatted HTML image tag with an
onerror attribute containing malicious loader code
DECODED LOADER CODE — RUNTIME
Once the obfuscated Base64-encoded code is executed at runtime, it transforms
into plain JavaScript and becomes responsible for initiating a WebSocket channel
(Figure 3). This channel serves as a bidirectional communication link between
the browser and the attacker's C2 server.
The use of WebSockets in Magecart attacks has been observed in several recent
campaigns. WebSocket is considered to be a quieter and more flexible method of
communication, allowing the attacker to utilize a single network channel for
various purposes. This includes sending different parts of the attack from the
C2 server to the browser (and vice versa), as well as facilitating data
exfiltration activities in certain scenarios.
Another noteworthy aspect of the code is bot detection, which checks if the user
agent is under automation control. If this is the case, the code terminates its
execution. This is a clever anti-bot technique aimed at evading external
security scanners and sandboxes that could potentially detect the attack.
Fig. 3: The runtime-decoded JavaScript code of the variation one loader
WEBSOCKET COMMUNICATION FLOW
Once the WebSocket channel is established, the first message is sent from the
attacker's C2 server to the browser. This message is transmitted as a
Base64-encoded string, containing a one-line JavaScript command that instructs
the browser to send back the current URL of the page.
The purpose of this step is to enable the C2 server to determine whether the
current page is a checkout (sensitive) page or any other noncheckout page. This
way, the attacker can adjust the next steps accordingly.
This straightforward server-side validation enables the attacker to activate the
attack only on the relevant targeted pages, thereby avoiding potential exposure
on nonsensitive pages. This is yet another example that highlights the efforts
the skimmer takes to evade detection by security services and external scanners.
When the C2 server identifies a checkout page URL, the flow proceeds to the next
stage. In this step, another message is sent to the browser. It is a long
Base64-encoded string, which contains the entire attack code. Once decoded, a
lengthy and obfuscated JavaScript code is revealed (Figure 4).
This code is responsible for carrying out various malicious activities on the
targeted sensitive page, with the goals of reading the user's sensitive personal
and credit card data and transmitting it back to the skimmer's C2 server.
Subsequent obfuscated data exfiltration messages containing the sensitive stolen
data gathered by the malicious code are sent from the browser to the C2 server.
As mentioned earlier, using the same WebSocket channel for both loading the full
malicious code and exfiltrating stolen data makes the process quieter and
involves fewer network requests than more traditional communication methods like
XHR, fetch, or HTML resource requests.
Fig. 4: WebSocket flow on checkout pages
VARIATION TWO
THE VARIATION TWO LOADER: SAME LADY, NEW DRESS
The main difference between variation one and variation two is in the loader
component. In variation two, the skimmer inserts an inline script with a code
snippet that closely resembles the Meta Pixel code snippet, a well-known
Facebook visitor activity tracking service, with a few additional lines inside
it (Figure 5).
These added lines are the actual loader part, while the Meta Pixel code
surrounding is a misleading cover to make it appear as if it’s a legitimate and
unsuspicious code snippet.
This concealment technique, which makes the malicious code snippets appear to be
well-known services like Google Tag Manager or Facebook, has gained popularity
in recent Magecart campaigns. It allows skimmers to evade static analysis by
external scanners and researchers.
Fig. 5: Variation two loader — inline script disguised as Meta PIxel code
snippet with a malicious loader inside it
REQUEST FOR AN IMAGE
When we carefully inspected the suspicious lines within the fake Meta Pixel code
snippet, it seemed to fetch a PNG image from the website's own directory. The
network request appeared to be a typical request for an innocent image hosted on
the website. However, when we examined the actual content of this image, it
became clear that it was not as innocuous as it seemed (Figure 6).
Fig. 6: Network image request for an image that has been tampered with by the
attacker and contains malicious code
MALICIOUS JAVASCRIPT CODE SNIPPET WITHIN AN IMAGE BINARY
The binary data of the PNG image contains a Base64-encoded string appended to
the end of the image binary file (Figure 7). This string is then extracted,
decoded, and executed by the loader code snippet (Figure 8). The decoded string
represents a JavaScript code snippet that is identical to the one found inside
the onerror attribute of the loader in variation one.
The subsequent steps of the flow remain unchanged. This code snippet transforms
into plain JavaScript code at runtime, the code initiates the WebSocket channel
to the attacker's C2 server, and the rest of the sequence follows as previously
described.
Fig. 7: The binary data of the image that contains the concealed malicious code
Fig. 8: The malicious code, which was initially encoded in Base64 and concealed
within the image, becomes apparent after decoding
VARIATION THREE
Now, let's talk about the best part. Although we've seen similar attacks, this
one is unique and really surprised us.
THE VARIATION THREE LOADER: SAME, SAME, BUT TOTALLY DIFFERENT
At first glance, this loader appears similar to the loader in variation two, but
you'll see (as we did) that it's an entirely different scenario. In some
instances, this loader is disguised as Meta Pixel code snippet, as seen in
variation two (Figure 9). But in other cases, it is injected within random
inline scripts on the page (Figure 10).
The first notable aspect of this loader is a fetch request to a relative path
called 'icons'.
Fig. 9: Variation three loader — a malicious code snippet concealed within a
code snippet that mimics the appearance of Meta Pixel
Fig. 10: Variation three loader —- a malicious code snippet concealed within an
arbitrary inline script
A 404 ERROR? REALLY?
After the loader is executed, the attack sends a fetch request to /icons, which
is a relative path that doesn't actually exist. This request led to a "404 Not
Found" error (Figure 11). Upon analysis of the HTML returned in the response, it
seemed like the default 404 page of the website (Figure 12). This was confusing
and made us wonder if the skimmer was no longer active on the victim websites we
found.
Fig. 11: Request initiated by the loader to a nonexistent path that returns 404
error
Fig. 12: Default error page HTML
NEVER UNDERESTIMATE THE LOADER
We took a step back and reanalyzed the loader, and we found the missing piece of
the puzzle. The loader contained a regex match for the string "COOKIE_ANNOT",
which was supposed to be performed on the 404 error page returned as part of the
icons request.
So, we searched for this string within the returned 404 HTML, and voilà! We
discovered a comment hidden toward the end of the page that contained the
"COOKIE_ANNOT" string (Figure 14). Next to this string, a long Base64-encoded
string was concatenated. This encoded string represents the entire obfuscated
JavaScript attack code. The loader extracts this string from the comment,
decodes it, and executes the attack, which is designed to steal the personal
information entered by users.
We simulated additional requests to nonexistent paths, and all of them returned
the same 404 error page containing the comment with the encoded malicious code.
These checks confirm that the attacker successfully altered the default error
page for the entire website and concealed the malicious code within it!
Fig. 13: Loader variation 3 - regex match for the string "COOKIE_ANNOT".
Fig. 14: The malicious encoded comment that was hidden within the error page
HTML
DATA EXFILTRATION
FAKE FORM
In contrast to variations one and two, the attackers employed a different common
data exfiltration technique in variation three — injection of fake form (Figure
15). This technique is typically utilized when the skimmer lacks access to
sensitive inputs.
This can occur when a website uses a third-party payment service that implements
the payment form within a third-party iframe or an external page. To bypass such
scenarios, the attacker creates a fake form that closely resembles the original
payment form and overlays it — a technique that is gaining more popularity. This
is exactly how stolen data is exfiltrated in variation three.
Fig. 15: The fake form injected by the malicious code
When the user submits data into the attacker's fake form, an error is presented,
the fake form is hidden, the original payment form is displayed, and the user is
prompted to re-enter their payment details (Figure 16).
Fig. 16: The fake form is hidden and the user is prompted to re-enter their
information
IMAGE REQUEST WITH STOLEN DATA
Submitting the fake form initiates an image network request to the attacker's C2
server, carrying all the stolen personal and credit card information as a
Base64-encoded string in the query parameter (Figure 17). When decoded, this
string reveals the true intent of the request and the entire flow of the attack
becomes clear.
Fig. 17: Image network request with the stolen data included as a Base64-encoded
string query parameter
LESSONS LEARNED FROM VARIATION THREE: THE 404 CASE
This concealment technique is highly innovative and something we haven't seen in
previous Magecart campaigns. The idea of manipulating the default 404 error page
of a targeted website can offer Magecart actors various creative options for
improved hiding and evasion.
In some of the cases we've identified, the malicious loader had already been
removed from the affected websites' pages at the time of writing. However, the
malicious comment in the default 404 page remained, potentially allowing the
skimmer to easily reactivate the attack. This highlights the complexity of
detecting, and the importance of mitigating, this approach.
The request to the first-party path leading to the 404 page is another evasion
technique that can bypass Content Security Policy headers and other security
measures that may be actively analyzing network requests on the page. This
undoubtedly ranks as one of the more sophisticated Magecart strategies we've
encountered recently.
AKAMAI CLIENT-SIDE PROTECTION & COMPLIANCE VERSUS THE SKIMMER
As part of our research into this campaign, we conducted a simulation of this
skimmer against Akamai Client-Side Protection & Compliance, our solution that
analyzes runtime JavaScript execution behavior to defend against JavaScript
threats and mitigate client-side attacks.
The solution successfully detected the sophisticated skimmer and triggered a
high-severity event for immediate mitigation. In a real-world scenario in which
Client-Side Protection & Compliance is enabled on a particular web page, Figure
18 illustrates the alert the website owner would receive so they could rapidly
investigate the threat and respond in real time with various mitigation options.
Fig. 18: Client-Side Protection & Compliance simulation alert after detecting
the skimmer
CONCLUSION
This campaign reinforces the fact that web skimming techniques are constantly
evolving. They are becoming more sophisticated, which makes detection and
mitigation by static analysis and external scanning increasingly challenging.
Threat actors in this domain consistently find better methods with which to
conceal their attacks within victim websites and evade various security measures
that could expose them.
The level of complexity highlighted in this research should remind organizations
to remain vigilant and attentive to web skimming attack vectors and actively
seek new and advanced approaches to deal with these types of attacks.
IOCS
* Pmdresearch[.]com
* secures-tool[.]com
* adsometric[.]com
* cngresearch[.]com
Learn more
--------------------------------------------------------------------------------
* Cyber Security
* Research
* Threat Intelligence
* Security Research
* Client-Side Protection & Compliance
Share
--------------------------------------------------------------------------------
Written by
Roman Lvovsky
October 09, 2023
Written by
Roman Lvovsky
Roman Lvovsky is a Security Researcher with extensive experience in client-side
threats, browser internals, and JavaScript attack vectors. He is a member of
Akamai's In-Browser Protection Research Team and focuses his research on various
client-side threats, such as web skimming and Magecart attacks. He has a solid
background in software engineering, with a specialization in JavaScript and web
development.
RELATED BLOG POSTS
Akamai researchers uncovered that during some weeks, combosquatted domain names
are getting more queries than USPS itself.
PHISHING CAMPAIGNS TARGETING USPS SEE AS MUCH WEB TRAFFIC AS THE USPS ITSELF
April 25, 2024
A USPS smishing attempt prompts the Akamai SIG to unearth shocking statistics:
Illegitimate USPS domains see as much traffic as the legitimate USPS domain.
by Stijn Tilborghs and Connor Faulkner
Read more
Akamai researcher Ben Barnea found a critical vulnerability in Microsoft
Windows, which was assigned CVE-2023-35628.
CREATERCE — YET ANOTHER VULNERABILITY IN CREATEURI
April 12, 2024
Akamai researchers explore a new Windows vulnerability that could lead to remote
code execution against Outlook clients.
by Ben Barnea
Read more
Microsoft doesn’t take a holiday. April 2024’s Patch Tuesday has 147 total CVEs,
with three critical vulnerabilities in Microsoft Defender for IoT.
AKAMAI’S PERSPECTIVE ON APRIL’S PATCH TUESDAY 2024
April 12, 2024
Microsoft doesn’t take a holiday. April 2024’s Patch Tuesday has 147 total CVEs,
with three critical vulnerabilities in Microsoft Defender for IoT.
by Akamai Security Intelligence Group
Read more
Rate the helpfulness of this page
PRODUCTS
* Cloud Computing
* Security
* Content Delivery
* All products and trials
* Global Services
COMPANY
* About Us
* History
* Leadership
* Facts and Figures
* Awards
* Board of Directors
* Investor Relations
* Environmental, Social, and Governance
* Ethics
* Locations
CAREERS
* Careers
* Working at Akamai
* Students and Recent Grads
* Workplace Diversity
* Search Jobs
* Culture Blog
NEWSROOM
* Newsroom
* Press Releases
* In the News
* Media Resources
LEGAL & COMPLIANCE
* Legal
* Information Security Compliance
* Privacy Trust Center
* Cookie Settings
GLOSSARY
* What Is Zero Trust?
* What Is a CDN?
* What Is Cloud Computing?
* What Is Cybersecurity?
* What Is a DDoS attack?
* See all
Twitter Facebook Youtube Linkedin
* EMEA Legal Notice
* Service Status
* Contact Us
--------------------------------------------------------------------------------
* EMEA Legal Notice
* Service Status
* Contact Us
* en
* English
* Deutsch
* Español
* Français
* Italiano
* Português
* 中文
* 日本語
* 한국어
©2024 Akamai Technologies
YOUR COOKIE CHOICES FOR THIS WEBSITE
We use cookies to ensure the fast reliable and secure operation of this website,
to improve your website experience, to enable certain social media interactions
and to manage your cookie choices. Some cookies process personal data. By
agreeing to the placement of the cookies you also agree to the related personal
data processing activities, where applicable. Click “Manage Preferences” to make
individual choices and get details on the cookies in use and the processing
activities in the Cookie Details section, click “Accept Cookies” to agree to the
storing of all cookies except for strictly necessary cookies and the data
processing activities or click “Reject Cookies” to reject all cookies except for
strictly necessary cookies. You can withdraw your consent at any time by
clicking on the Cookie Icon that appears at the lower left corner when scrolling
the website. For additional information relating to your privacy take a look at
ourPrivacy Statement.
Reject Cookies
Accept CookiesManage Preferences