I started seeing browser pop-
ups that in turn redirects to speed [dash] open two [
dot] com (please NEVER visit it), that in turns redirects to malicious sites. Here's my observation on this pop-up...
- It happens only on BSNL broadband network (that's why I posted it here to see if there is anyone else with the similar experience)
- It happens only on non-secure sites such as speedtest.net (a popular site for testing speed of the connection), webpagetest.org (a popular site to test the speed of a website), etc. Of course, I started using the speedtest.net app (for mac) and started using the secure version of webpagetest.org.
- I am on a mac with all the latest updates applied. I don't use any illegal / pirated / malicious software. I don't visit malicious sites (intentionally), either. I tried a couple of anti-virus / anti-malware softwares (EtreCheck and Bitdefender). My mac is clean as per those softwares (both are trusted softwares and free too).
- I used to use a Belkin modem (bought about 8 years ago) until last week.
- My first impression was that my Belkin modem may have been affected by a malware. So, I bought a new modem (Netgear) that seems to offer better security updates than some popular Chinese brands.
- On both Belkin and Netgear modems, I changed the default passwords. Netgear is yet to be updated with the latest firmware, though. It will be done later this week.
- I tried changing the DNS provider to Google, Quad9, Cloudflare, and my own DNS (using pi-hole.net). It didn't help.
- It happens in both Firefox and Google Chrome browsers (both are regularly updated to the latest version). In both browsers, cookies and other data do not persist for sites except for a limited set of white-listed sites (related to my business).
Just checked with another friend who uses BSNL network (with BSNL provided modem). He experienced the same issue long ago, but it was rectified when the
router was reset to factory settings and the default password was changed.
Has anyone else experienced similar issue on BSNL broadband network?
Update on August 1, 2018:
PSA:
As a temporary workaround for those still face this issue (on a PC), please insert the following lines in your computer's hosts file...
0.0.0.0 cobalten.com
0.0.0.0 speed-open2.com
Here's the partial list of domains where we get redirects....
1bcde
cobalten
newsprofin
speed-open2
lp.easyziptab
decademical
For mobile devices, since, editing hosts file isn't practical and impossible in certain cases, I use my own DNS (using
pi-hole.net) where I blocklisted the above domains). Anyone in the BSNL network can use it for their DNS queries to safeguard themself from clicking these malicious domains by mistake. The IP of my pi-hole DNS server is
45.76.184.155. One caveat with this IP is that it also blocks most advertisements (that's the primary reason I started using pi-hole.net initially). It is made to work only on BSNL (using firewall rules) for now. If it doesn't work for you for some reason, please publish your BSNL IP here, I will unblock the whole range of BSNL IPs. Unfortunately, I can't allow non-BSNL users to use it, since it takes time, effort and money to run a DNS server. Currently, IPs starting with 59 and 117 are allowed for DNS queries!
Update on Oct 5, 2018: I no longer actively use BSNL broadband and use it only when I visit home (occasionally such as on weekends). My business required me to switch to another city and now I have Airtel broadband (among others). Thanks.
