Url Redirect

I've recently noticed that while surfing the urls are being channeled through an web address (I don't know if it's an ISP issue, but I'd like to find out if it's hijacking one before complaining), the address is :-


http://intad.pag2p.co


The pages open alright most of the time, but I'm a little bit baffled and suspicious! I've researched a bit and got this, although I don't understand fully what the report says - http://whois.domaintools.com/pag2p.co

Comments

  • rootkit
    rootkit ✭✭✭

    Hello :)


    In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:


    . A BDSYS log;


    [how to GENERATE A BDSYS LOG]


    . Save and extract the BDSYS tool to a location of your choice:


    http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe


    . Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall


    alert,select to Allow the application to connect;


    . Click the "Create log" button to start generating the


    log; A progress bar is indicating that the tool is creating the report;


    . When the small window appears with the message "Log


    saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;


    . Send me via PM the generated log file.


    . If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.


    http://www.sendspace.com


    http://www.mediafire.com


    IMPORTANT:


    .During this process the Real Time Protection in Bitdefender must be temporarily disabled;


    .If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;


    [how to DISABLE THE REAL-TIME PROTECTION on Bitdefender 2010]


    In order to disable the real-time protection please open Bitdefender, click the "Settings" button in the upper right side of the interface, Switch UI to "Advanced Mode", Click "OK"; Go to "Antivirus" > "Shield" and click on "Real-time protection is enabled", select the time interval that suites your troubleshooting needs and click "OK" (the message will change to "Real-time protection is disabled"). The real-time protection should be enabled after performing the troubleshooting procedure.


    [how to DISABLE THE REAL-TIME PROTECTION on Bitdefender 2011]


    In order to disable the real-time protection please open Bitdefender, click the "Options" button in the upper right side of the interface, Switch UI to "Expert View"; Go to "Antivirus" > "Shield" and click on "Real-time protection is enabled", select the time interval that suites your troubleshooting needs and click "OK" (the message will change to "Real-time protection is disabled"). The real-time protection should be enabled after performing the troubleshooting procedure.


    [how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012]


    In order to disable the antivirus protection,please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield"tab and click on "Turn off" under On-access scanning.Select the time interval that suites your troubleshooting needs and click "OK" . The On-access scanning should be enabled back after finishing the troubleshooting procedure.


    [How to create a screen shot]


    On Windows, press the Print Screen or Prnt Scrn key on your keyboard, found at the upper right of the keyboard. This key will capture the entire screen. Open up your paint program -click on "Start-> All Programs-> Accessories->


    Paint". In the paint program, select File/New, then Edit/Paste. Then save the file and attach it in your PM message.


    If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.


    We will get back to you as soon as the analysis is complete. Have a nice day.

  • Sent you the log url by PM

  • Any news?

  • rootkit
    rootkit ✭✭✭

    Hello :)


    The logs are at the labs for further analysis.


    Thank you for your patience.

  • Hello :)


    The logs are at the labs for further analysis.


    Thank you for your patience.


    Okay.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    The system is clean, we didn't find malware activity.


    Take care.

  • Thanks for the clarification Christian; it may then be an ISP issue?

  • rootkit
    rootkit ✭✭✭

    Hello :)


    You can send them an email and ask for more details, maybe they have something implemented.


    Let us know if you need further assistance.


    Take care.

  • Its done by the ISP.


    I've recently noticed that while surfing the urls are being channeled through an web address (I don't know if it's an ISP issue, but I'd like to find out if it's hijacking one before complaining), the address is :-


    http://intad.pag2p.co


    The pages open alright most of the time, but I'm a little bit baffled and suspicious! I've researched a bit and got this, although I don't understand fully what the report says - http://whois.domaintools.com/pag2p.co

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Welcome to the forums!


    Do you have the same ISP and is happening on your side?


    Have a great weekend!

  • Just for correction, the full redirection url is actually-


    http://intad.pag2p.co/dva1/int.php?s=7&c=8&u=(the actual url)

  • Hi,


    Which ISP are u using?


    Mine is Asianet, and they had been showing ads for the past three months.


    At first, they were inserting javascript code in every page we request.


    Now, they have started showing this interstitial ads also.


    I had posted it in my blog.


    See:


    Asianet(ISP) now showing Interstitial ads (intad.pag2p.co) along with their javascript injection.


    I had been trying to let the people know about these. Many people think that its a malware, and they do even reinstall there OS. <img class=" />

  • pozzo
    edited June 2012

    Thanks for the heads-up Dipin :)


    I'm using Alliance Broadband, they provided clean services up-to now...guess competition got the better of them <_<

  • rootkit
    rootkit ✭✭✭

    Hello :)


    We are currently checking the things out to see if it caused by the ISP.


    Take care.