Malware Code Injection on Airtel Broadband

[Deleted member 71633]

From past few days I'm facing strange issue on Airtel Broadband and this is happening in both my airtel connections in home & office. This is happening randomly and very frequently. Once I refresh the page, it's gone.

As of now I don't have much details about it but I'll post more details as I get. I'm attaching screenshot now.

Domain URL: http://one.m4dc.com/
Script URL: http://one.m4dc.com/u/c_min.js

Some times the domain doesn't work so here's the direct IP address mapping to that domain. I got this by searching A records for the domain.

Direct IP: http://203.145.160.162/u/c_min.js

As of now, I don't see any ads when this loads but this is driving me crazy because it's happening very randomly and frequently.

Update 1: This injection happens if you leave the connection idle for some time (not sure for how many seconds or minutes). Websites with HSTS Policy or websites in HTTPS Preload list aren't affected.

 

[Sushubh]

@Navjot Singh reported this few weeks ago.

 

[warpspeed]

Hi anon. If you got the Huawei modem you can block that ip using IP Filter in modem itself.

Advanced > Filter > IP Filter

After applying the above rule I no longer see any js injection in HTTP pages.

 

[Deleted member 71633]

@manojrk I've got Beetel 777VR1 router. I tried blocking that IP in Firewall > IP/Port Filter but that doesn't stop it. I reported it to airtel too but those guys are not able to understand the issue. Have you tried reporting it to the airtel?

And I'm laughing at "Block airtel Ad" in that image. 🤣

 

[cipher90]

Omg, @manojrk , I have to say more than post, it's the rule titled "Block Chorte L AD" that stole the show for me. 😆

 

[demberto]

Block decademical.com and mutualvehemence.com permanently in your router's URL Filter. Same problem here on BSNL BB.

 

---

[Sushubh]

Airtel is likely doing it differently.

 

[demberto]

I don't think so.