Malware Code Injection on Airtel Broadband

Messages
32
Location
Chennai, India
From past few days I'm facing strange issue on Airtel Broadband and this is happening in both my airtel connections in home & office. This is happening randomly and very frequently. Once I refresh the page, it's gone.

As of now I don't have much details about it but I'll post more details as I get. I'm attaching screenshot now.



Domain URL: http://one.m4dc.com/
Script URL: http://one.m4dc.com/u/c_min.js

Some times the domain doesn't work so here's the direct IP address mapping to that domain. I got this by searching A records for the domain.

Direct IP: http://203.145.160.162/u/c_min.js

As of now, I don't see any ads when this loads but this is driving me crazy because it's happening very randomly and frequently.

Update 1: This injection happens if you leave the connection idle for some time (not sure for how many seconds or minutes). Websites with HSTS Policy or websites in HTTPS Preload list aren't affected.
 
Last edited:

manojrk

Newbie
Messages
636
Location
Chennai
Hi anon. If you got the Huawei modem you can block that ip using IP Filter in modem itself.

Advanced > Filter > IP Filter



After applying the above rule I no longer see any js injection in HTTP pages.
 


Messages
32
Location
Chennai, India
@manojrk I've got Beetel 777VR1 router. I tried blocking that IP in Firewall > IP/Port Filter but that doesn't stop it. I reported it to airtel too but those guys are not able to understand the issue. Have you tried reporting it to the airtel?

And I'm laughing at "Block Airtel Ad" in that image. :ROFLMAO:
 

demberto

Member
Messages
11
Block decademical.com and mutualvehemence.com permanently in your router's URL Filter. Same problem here on BSNL BB.
 



Top