Redirected to True splash screen when accessing any site without https

[Millian]

For the past few days, any time I type an address in the browser bar, or click a link that doesn't start with https, I get redirected to this page:

https://services.trueinternet.co.th/noti/promotion/web/index.php?RTJFMTkyOEZFNEI5Q0E4RjY2REREMUU3QkIzM0U2NEFENzY4RTU0NjE1NEMwMTBD&Referer=http%3A%2F%2Fexample.com%2F

Any one else on true having this issue?

[tomazbodner]

I don't. Just tried from True Gigatex fiber.

[fdsa]

Truemove sucks, switching from DTAC to Truemove was a huge mistake, and I'm going back to DTAC after my 1 year contract with True finishes.

 

1) Truemove IP networks are "dirty" - used by spammers, hackers and whoever else, so I'm getting google captchas "choose all pictures with traffic lights" and cloudflare "checking your browser" VERY often, much more than I was getting on DTAC on the very same websites.

 

2) Truemove intercepts ALL OUTGOING EMAILS if sent in plain text. So if you do not use PGP encryption and/or do not check SSL fingerprints when sending emails from local mail client - the contents of your messages get saved on True servers.

You could check that by telnet-ing to any (even non-existant) IP address port 25 and writing anything:

 

$ telnet 1.2.3.4 25
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.

452 syntax error (connecting)     <<<<=== that's me pressing Enter many times
452 syntax error (connecting)
452 syntax error (connecting)
452 syntax error (connecting)
452 syntax error (connecting)
452 syntax error (connecting)
452 syntax error (connecting)
452 syntax error (connecting)
452 syntax error (connecting)
421 too many errors
Connection closed by foreign host.

these "errors" are replies from Truemove MITM server, not a real replies from IP 1.2.3.4.

 

this is what it must look like when using a normal internet provider:

$ telnet 1.2.3.4 25
Trying 1.2.3.4...

telnet: connect to address 1.2.3.4: Connection timed out

 

 

3) Truemove seems to intercept ALL plaintext traffic, because when I try to connect to any (even non-existant) IP address and any port the connection always succeeds - it must be Truemove MITM attacks.

 

$ telnet 10.20.30.40 1234
Trying 10.20.30.40...
Connected to 10.20.30.40.
Escape character is '^]'.
         <<<<<==== me pressing Enter many times

                
                
                





^]
telnet> Connection closed.

 

This is what it looks like when using a normal internet provider:

$ telnet 10.20.30.40 1234
Trying 10.20.30.40...

telnet: connect to address 10.20.30.40: Connection timed out

 

 

P.S. I've just checked a few HTTP sites - and no, I'm not getting any promotion. It could be some particular websites that are redirected to promotion page.

Edited April 28, 2021 by fdsa

[GrandPapillon]

I think all providers in Thailand go through some proxy and check your traffic, annoying

 

Thai government wants to know what you do with your Internet connection, perfectly normal ????

[fdsa]

I've never had the listed problems with DTAC.

If I try to connect to non-existant IP address on DTAC I get a normal "connection timed out" or "connection refused" instead of "successful" connection reading for my input.

You could check that yourself with IP from my example - 10.20.30.40

subnet 10.x.x.x is a "local" address space used in private networks such as VPN thus could not be connected to from the "outside" Internet. If you get

Connected to 10.20.30.40.

- then your internet provider is MITM-ing you.

 

Edited April 28, 2021 by fdsa

[Millian]

18 hours ago, fdsa said:

 

 

P.S. I've just checked a few HTTP sites - and no, I'm not getting any promotion. It could be some particular websites that are redirected to promotion page.

It's any website that I try to navigate to without https:// ,  such as http://bbc.com orbbc.com 

????

[Millian]

Quote

Truemove sucks, switching from DTAC to Truemove was a huge mistake, and I'm going back to DTAC after my 1 year contract with True finishes.

I have my TV, Internet and phones through a single True package, the phones get free calls between each other.  AFAIK, no other company offers such a package and it saves quite a bit of money.

Although generally im quite happy with True, I used to have 3bb and they were no better/worse really.

[bendejo]

3 hours ago, Millian said:

It's any website that I try to navigate to without https:// ,  such as http://bbc.com orbbc.com 

????

 

Oddly, your link looks like this

=======================================================================

=======================================================================

Could this be a browser settings thing?

I type in bbc.com and it corrects to https://bbc.com

I use an assortment of browsers, they all do this.

Or could it have to do with DNS?

 

 

[Millian]

Maybe Thai visa changes, it

lets test
 

Here I typed out http  : http://bbc.com

Also, most websites will have a redirect from http to https, but that's the issue I was having, it was not taking me to the site, but that offer page.

I noticed my bill was overdue 1 day, paid it, now the issue is gone.   And, if I recall in the past, when my bill is overdue, they sometimes show me a splash screen to remind me. Maybe this is what was supposed to be happening here, but sent me to some offer instead.

Edited April 29, 2021 by Millian

[fdsa]

1 minute ago, Millian said:

Maybe Thai visa changes, it

lets test

Here I typed out http  :  http://bbc.com

lol, thaivisa automatically changes the link to httpS indeed.

 

I've tested the HTTP link with Truemove and got redirected to httpS BBC website without any promotions. Try opening HTTP link in another browser.