So basically when I type a site in a browser casually (without "http://" or without "https://"), I got a script. That script was sent by (I guess) my MiFi whenever I wanted to go to sites without http or https. So I
- deleted all my browser histories, caches, etc from the beginning, yeah.
- disabled all of my extensions/add-ons
and then tried by first accessing some secure sites; http://[somesite].com and normally it should correct itself as https://www.[somesite].com or changed into my country domain (*.id) or something close. But it didn't happen. Instead I got redirected into some ads site (provided by my ISP) and in that ads site contains this script:
function go(w, u) {
xc = 1;
w.frames[0].location = u;
}
var flag_lte = 1;
var xu = 'http://192.168.185.20:8080/CustomerInfo/',
lxu = xu + 'Customer';
var xc = -1,
d = document,
w = window,
ip = '100.117.19.229',
vid = '348',
md = '6288801745015&md_w=1',
u = location.href,
hs = location.hostname;
gd = d.createElement("script");
gd.src = xu + "m.js";
d.documentElement.firstChild.appendChild(gd);
var s = 'http://192.168.185.20:8080/CustomerInfo/Customer?mdn=' + md + '&user-agent=Samsung&url=' + encodeURIComponent("http://www.pondokjeruk.com/2017/08/belajar-gitar-harus-pada-ahlinya.html") + '&lac=3015&ci=78234145';
if (hs.indexOf("www.") == 0) mp = 'yes';
else mp = 'no,initial-scale=1';
var mt = d.createElement('meta');
mt.id = "xwa";
mt.name = "viewport";
mt.content = "width=device-width,user-scalable=" + mp;
d.getElementsByTagName('head')[0].appendChild(mt);
var mt2 = d.createElement('meta');
mt2.charset = "utf-8";
d.getElementsByTagName('head')[0].appendChild(mt2);
So, I have
- Enabled my UblockOrigin extension and added the source of the script in the filter
- Disabled all javascript by default (except the white-listed sites) using uMatrix
- Changed the reqs http header given by this tutorial (written in Bahasa).
then try without "http://" or "https://" (again) and the result was blank html. It got resolved by a refresh instead. But it still annoys me af. The devide is locked.
So I the easiest way to solved this is using VPN, yeah. But I want some of your suggestions, guys. Like some script for Tampermonkey/GreaseMonkey to solve this iframe ads.
Thanks for the time.
