57+Domains Scanned
65%Completely Unreachable
17%WAF-Blocked
21%Live & Accessible
During active military operations (Operation Ghazab Lil Haq, Pakistan-Afghanistan war), Pakistan's government web infrastructure experienced massive degradation. Of 57+ domains scanned through Tor, 65% are completely unreachable, 17% are behind WAFs blocking Tor, and only 21% remain accessible and functional.
Completely Unreachable (35+ domains)
Core Government
| Domain | Organization | Status |
|---|
| pakistan.gov.pk | Federal Government Portal | DOWN |
| president.gov.pk | President's Office | DOWN |
| pmo.gov.pk | Prime Minister's Office | DOWN |
| senate.gov.pk | Senate of Pakistan | DOWN |
| na.gov.pk | National Assembly | DOWN |
| cabinet.gov.pk | Cabinet Division | DOWN |
Military / Nuclear
| Domain | Organization | Significance |
|---|
| paec.gov.pk | Pakistan Atomic Energy Commission | Nuclear program — offline during war |
| paf.gov.pk | Pakistan Air Force | Air force website |
| nescom.gov.pk | National Engineering & Scientific Commission | Nuclear/missile development |
| pof.gov.pk | Pakistan Ordnance Factories | Military manufacturing |
Financial Infrastructure
| Domain | Organization | Impact |
|---|
| sbp.org.pk | State Bank of Pakistan | Central bank |
| fbr.gov.pk | Federal Board of Revenue | Tax collection |
| iris.fbr.gov.pk | IRIS 2.0 Tax Portal | All online tax filing |
Administrative, IT & Provincial
| Domain | Organization |
|---|
| railways.gov.pk | Pakistan Railways |
| statistics.gov.pk | Statistics Division |
| passport.gov.pk / dgip.gov.pk | Passport & Immigration |
| cloud.gov.pk | NTC National Data Center |
| mail.ntc.net.pk | Federal Government Email (Zimbra) — all federal comms |
| punjab.gov.pk | Punjab Province |
| sindh.gov.pk | Sindh Province |
| cd.nitb.gov.pk / bit.nitb.gov.pk | NITB Dashboards |
| uop.edu.pk / uok.edu.pk | Peshawar & Karachi Universities |
NADRA Wartime Lockdown
NADRA operates Pakistan's national identity infrastructure for 220+ million citizens. During wartime, all public-facing services are locked down.
| Endpoint | Status | Response |
|---|
| nishan.nadra.gov.pk | BLOCKED | 403 "Access Denied" |
| nishan.nadra.gov.pk/api/ | DOWN | 404 "Site Under Maintenance" |
| esahulat.nadra.gov.pk | DOWN | No response |
| id.nadra.gov.pk | BLOCKED | 500 "URL blocked" |
| eservices.nadra.gov.pk | DOWN | No response |
This represents a complete shutdown of Pakistan's digital identity verification infrastructure. The Nishan API platform (Verisys, Biosys, Multi-biometric, Proof-of-Life, Batch Verification, SSO) is the highest-value post-war target — currently locked.
Behind WAF — Tor Blocked (10 domains)
| Domain | WAF | Status Code |
|---|
| ispr.gov.pk | Cloudflare | 403 |
| paknavy.gov.pk | Cloudflare | 403 |
| nust.edu.pk | Cloudflare | 403 |
| comsats.edu.pk | Cloudflare | 403 |
| iiu.edu.pk | Cloudflare | 403 |
| uet.edu.pk | Cloudflare | 307 |
| nha.gov.pk | Cloudflare | 403 |
| gcu.edu.pk | Sucuri/Cloudproxy | 403 |
Partially Functional (Errors)
| Domain | Status | Issue |
|---|
| supremecourt.gov.pk | 400 | AkamaiGHost — Bad Request |
| nadra.gov.pk | 404 | Server responding but no content |
| ecp.gov.pk | 500 | Internal Server Error on all paths |
| interior.gov.pk | 404 | "Site Under Maintenance" |
| data.gov.pk | 404 | nginx responding, empty |
| hec.gov.pk | 301 | Redirecting to www (partial) |
| ntc.pki.gov.pk | 503 | PKI service unavailable |
Live and Accessible (12+ domains)
| Domain | Server | Key Exposure |
|---|
| qau.edu.pk | nginx/1.14.1 | WordPress REST API fully exposed |
| pu.edu.pk | Apache | Admin accessible, 18,460+ URLs |
| balochistan.gov.pk | Cloudflare | WordPress REST API fully exposed |
| sit.balochistan.gov.pk | Cloudflare | WordPress REST API fully exposed |
| opendata.com.pk | nginx/1.12.2 | CKAN API fully exposed |
| lums.edu.pk | Apache/2.4.66 | phpinfo.php exposed |
| aiou.edu.pk | Apache/2.4.41 | Drupal /user/login |
| fsp.gov.pk | Apache | Admin login panel exposed |
| ep.gov.pk | IIS/10.0 | Admin login panel exposed |
| uos.edu.pk | Cloudflare | PleskLin, PHP/8.2.30 |
| suparco.gov.pk | Apache | Space Agency, HTTPS, no WAF |
| mofa.gov.pk | Apache | Foreign Affairs, no CDN/WAF (intermittent) |
Strategic Analysis
The infrastructure degradation pattern reveals Pakistan's wartime cybersecurity priorities and resource allocation:
- Protected (complete shutdown): Military/nuclear sites, financial systems, national identity databases
- Escalated (WAF deployment): Military PR (ISPR), premium universities (NUST, COMSATS)
- Neglected (no additional protection): Universities (QAU, PU, LUMS, AIOU), Balochistan province, Open Data Portal, minor federal admin panels
NTC's data center (cloud.gov.pk) going offline caused cascading failures across all hosted services. Federal email (mail.ntc.net.pk) outage means inter-agency communications were disrupted for the duration of hostilities. These are not just cybersecurity events — they are operational continuity failures at the national level.
The pattern is consistent: institutions deemed non-critical to wartime operations received no additional defensive measures. Those same institutions were left fully exposed to passive reconnaissance.