Airtel seems to be injecting iframes like MTNL to send bill reminders

Sushubh · Jun 19, 2018

the message say... ignore if paid. so not clear if that would help.

varkey · Jun 19, 2018

manojrk said:
Looks like the script is being injected from 202.56.215.243. Can you null route the ip by adding it your hosts file and see if its blocked?

As the iframe is loaded from an IP address directly (not using a hostname), not sure how adding the IP to the hosts file would help. To null route an IP address in windows, you'd need to do something like this I believe -- How to add a Null route in windows - Beaming

Sushubh · Jun 19, 2018

windows firewall cannot block these ips? ?

warpspeed · Jun 19, 2018

varkey said:
As the iframe is loaded from an IP address directly (not using a hostname), not sure how adding the IP to the hosts file would help. To null route an IP address in windows, you'd need to do something like this I believe -- How to add a Null route in windows - Beaming

My bad! I really didn't think this through

Anyway reverse dns lookup reveals the hostname to:

Code:

rasbtnldel-static-243.215.56.202.mantraonline.com

Edit: nslookup resolves it to nxdomain. need to block the ip is the only way i guess

varkey · Jun 19, 2018

^ That wouldn't work either, cause the name doesn't come into the picture anywhere. The iframe loads a resource from that IP address, there is no DNS lookup involved.

To null route you would need to do something similar to what I linked earlier, nothing on the hosts file will help.

Airtel seems to be injecting iframes like MTNL to send bill reminders

Sushubh

Admin

varkey

Sushubh

Admin

warpspeed

To Infinity and Beyond!

varkey