Airtel seems to be injecting iframes like MTNL to send bill reminders

[Navjot Singh]

Airtel seems to have learnt a few lessons from MTNL and is trying to inject iframes into the browsing session to send bill reminders. Has it happened with anyone?

Here is the final HTML that was displayed when I tried to load Hotstar. Hotstar itself didn't load since Airtel tried to load it inside an iframe. It loaded 2 additional iframes one of which was used to display the banner. God knows what the other one does. Net result - Blank page and an annoying banner invading my privacy.

Source code shown in the browser:
Source

Source code courtsey view source in Browser:
Source

 

[Sushubh]

Hotstar doesn't operate on https? ?

 

[Navjot Singh]

Nope. Lol..you are expecting too much from Hotstar. 😛

 

[Sushubh]

Https is the bare minimum I expect these days ?

 

[Navjot Singh]

Hotstar se flash toh dump hua ni https kahan se use karenge.

 

[varkey]

Yeah, not sure why Hotstar doesn't use HTTPS for the public pages, the login and account pages go through HTTPS, but yeah its 2018 and should be 100% HTTPS.

 

---

[warpspeed]

Looks like the script is being injected from 202.56.215.243. Can you null route the ip by adding it your hosts file and see if its blocked?

 

[Navjot Singh]

Unlike MTNL whose iframes didn't work on HTTPS sites, Airtel's iframe will still work even if the site I am trying to open is Https. It just wraps the url I want to open in an iframe which never loads and loads its own banner on top of it. Same script as above.

Will contact customer support and see what they reply. This is insane.

 

[Sushubh]

So many reasons to dump my airtel Broadband connection now ?????

 

[igloo]

I think another resolution is to pay bill immediately! lol

 

[Sushubh]

the message say... ignore if paid. so not clear if that would help.

 

[varkey]

Looks like the script is being injected from 202.56.215.243. Can you null route the ip by adding it your hosts file and see if its blocked?

As the iframe is loaded from an IP address directly (not using a hostname), not sure how adding the IP to the hosts file would help. To null route an IP address in windows, you'd need to do something like this I believe -- How to add a Null route in windows - Beaming

 

[Sushubh]

windows firewall cannot block these ips? ?

 

[warpspeed]

As the iframe is loaded from an IP address directly (not using a hostname), not sure how adding the IP to the hosts file would help. To null route an IP address in windows, you'd need to do something like this I believe -- How to add a Null route in windows - Beaming

My bad! I really didn't think this through 😛

Anyway reverse dns lookup reveals the hostname to:

rasbtnldel-static-243.215.56.202.mantraonline.com

Edit: nslookup resolves it to nxdomain. need to block the ip is the only way i guess 🙄

 

[varkey]

^ That wouldn't work either, cause the name doesn't come into the picture anywhere. The iframe loads a resource from that IP address, there is no DNS lookup involved.

To null route you would need to do something similar to what I linked earlier, nothing on the hosts file will help.