Jump to content

  • NJ Woods & Water Zazzle Storefront
  • NJ Woods & Water Cafepress Storefront


Welcome to NJ Woods & Water


Sign In  Log in with Facebook

Create Account
Welcome to NJ Woods & Water, like most online communities you must register to post in our community, but don't worry this is a simple free process that requires minimal information for you to signup.
Come be a part of NJ Woods & Water by signing in or creating an account today!
  • Enter contests and win prizes
  • Start new topics, ask, and answer questions
  • Subscribe to topics and forums you're interested in
  • Get your own profile page, blog, and photo/video galleries
  • Participate in live chat
  • Send personal messages to other members.
  • Share content with your social media such as Facebook, Twitter, and Google+
If you are experiencing trouble creating an account, please click here to submit a support ticket and we will help resolve any issues you may be having!
 

Photo

IE/Edge Popup for User/Password to Virteq.com


23 replies to this topic

#1 Male OFFLINE   BowhunterNJ

BowhunterNJ

    Owner

  • Administrators
  • 9,841 posts

Posted 02/28/17 - 06:53 PM

Hey guys, I got a report on a popup being received from IE/Edge for Virteq.com asking for your username/password.

Do not enter your information, I need to review this in detail, as I'm not sure why it's occuring.

It appears to be limited to IE/Edge, I do not see it on Chrome or Firefox.

 

EDIT:  Adding that virteq.com is a site I know, it is the site where I got the skin for this site years ago.

 

If you see a popup like this, please just cancel it.

 

virteq.PNG

 

More to come as I know more...



#2 OFFLINE   first light

first light

    Newbie

  • NJW&W Members
  • Pip
  • 3 posts

Posted 02/28/17 - 06:55 PM

keeps happening to me.



#3 Male OFFLINE   3 Blade

3 Blade

    10 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 1,212 posts

Posted 02/28/17 - 06:59 PM

I hope its not the Chinese hackers from the other site.


  • Funny x 1
  • List

#4 Male OFFLINE   Tarhunt

Tarhunt

    11 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 1,636 posts

Posted 02/28/17 - 07:00 PM

I keep seeing it. I just cancel it.


"The Nation Which Forgets Its Defenders, Will Itself Be Forgotten".


#5 Male OFFLINE   Haskell_Hunter

Haskell_Hunter

    14 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,912 posts

Posted 02/28/17 - 07:00 PM

whois://virteq.com@whois.dynadot.com
Domain Name: VIRTEQ.COM
Registry Domain ID: 1594261038_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
Updated Date: 2016-03-28T10:49:41.0Z
Creation Date: 2010-04-25T07:22:51.0Z
Registrar Registration Expiration Date: 2017-04-25T07:22:51.0Z
Registrar: DYNADOT LLC
Registrar IANA ID: 472
Registrar Abuse Contact Email: abuse@dynadot.com
Registrar Abuse Contact Phone: +1.6502620100
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Dustin Schriffert
Registrant Organization: Final Prestige, LLC
Registrant Street: 137 Ravencrest Drive
Registrant City: stratford
Registrant State/Province: connecticut
Registrant Postal Code: 06614
Registrant Country: US
Registrant Phone: +1.2033217901
Registrant Email: bitter@finalprestige.net
Registry Admin ID:
Admin Name: Dustin Schriffert
Admin Organization: Final Prestige, LLC
Admin Street: 137 Ravencrest Drive
Admin City: stratford
Admin State/Province: connecticut
Admin Postal Code: 06614
Admin Country: US
Admin Phone: +1.2033217901
Admin Email: bitter@finalprestige.net
Registry Tech ID:
Tech Name: Dustin Schriffert
Tech Organization: Final Prestige, LLC
Tech Street: 137 Ravencrest Drive
Tech City: stratford
Tech State/Province: connecticut
Tech Postal Code: 06614
Tech Country: US
Tech Phone: +1.2033217901
Tech Email: bitter@finalprestige.net
Name Server: ns1.speedydns.net
Name Server: ns2.speedydns.net
Name Server: ns3.speedydns.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-02-28 15:55:32 -0800 <<<

----------------[End of response]----------------

whois://virteq.com@whois.internic.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: VIRTEQ.COM
   Registrar: DYNADOT, LLC
   Sponsoring Registrar IANA ID: 472
   Whois Server: whois.dynadot.com
   Referral URL: http://www.dynadot.com
   Name Server: NS1.SPEEDYDNS.NET
   Name Server: NS2.SPEEDYDNS.NET
   Name Server: NS3.SPEEDYDNS.NET
   Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Updated Date: 28-mar-2016
   Creation Date: 25-apr-2010
   Expiration Date: 25-apr-2017

>>> Last update of whois database: Tue, 28 Feb 2017 23:59:08 GMT <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
----------------[End of response]----------------


US citizens have constitutionally protected rights - but they're only paper protections if they can't be freely exercised.

--BBC News

 

The right to revolt has sources deep in our history.

-- Supreme Court Justice William O. Douglas

 

Ideas are indeed the most dangerous weapons in the world. Our ideas of freedom are the most powerful political weapons man has ever forged.

-- Supreme Court Justice William O. Douglas


#6 Male OFFLINE   BowhunterNJ

BowhunterNJ

    Owner

  • Administrators
  • 9,841 posts

Posted 02/28/17 - 07:02 PM

Sorry I should have added virteq.com is the company that made the skin for this site, so I know the site, I just am uncertain as to why this popup started.

Either Microsoft upgraded Edge or the OS to have more stringent rules for their browser security, or there is a problem with that site.



#7 Male OFFLINE   Haskell_Hunter

Haskell_Hunter

    14 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,912 posts

Posted 02/28/17 - 07:05 PM

If you go to their site, you'll get hit by the login dialog.  Just started on Safari.

 

Also, here is the server location:  81.19.189.130

inetnum:         81.19.189.128 - 81.19.189.159
netname:         UKD-HOSTNINE-07
descr:           A Small Orange LLC
country:         GB
admin-c:         UKD
tech-c:          UKD
status:          ASSIGNED PA
mnt-by:          MNT-AF2965
created:         2013-06-06T15:49:42Z
last-modified:   2013-06-06T15:49:42Z
source:          RIPE
Login to update 

role:            UKNOC Hostmaster
address:         UKDedicated Ltd
address:         3 Centro
address:         Boundary Way
address:         Hemel Hempstead
address:         HP2 7SU
address:         United Kingdom
phone:           +44 (0)845 004 3994
fax-no:          +44 (0)870 005 6933
e-mail:          hostmaster@uknoc.co.uk
remarks:         +-----------------------------------------
remarks:         | ALL abuse reports to this address ONLY: |
remarks:         | abuse@uknoc.co.uk |
remarks:         +-----------------------------------------
admin-c:         AF2965-RIPE
tech-c:          AF2965-RIPE
nic-hdl:         UKD
mnt-by:          MNT-AF2965
created:         2005-07-11T16:10:20Z
last-modified:   2010-02-09T13:10:43Z
source:          RIPE
abuse-mailbox:   abuse@uknoc.co.uk

Edited by Haskell_Hunter, 02/28/17 - 07:05 PM.

US citizens have constitutionally protected rights - but they're only paper protections if they can't be freely exercised.

--BBC News

 

The right to revolt has sources deep in our history.

-- Supreme Court Justice William O. Douglas

 

Ideas are indeed the most dangerous weapons in the world. Our ideas of freedom are the most powerful political weapons man has ever forged.

-- Supreme Court Justice William O. Douglas


#8 Male OFFLINE   Haskell_Hunter

Haskell_Hunter

    14 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,912 posts

Posted 02/28/17 - 07:18 PM

The site skin has:

http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.


  • Optimistic x 1
  • List

US citizens have constitutionally protected rights - but they're only paper protections if they can't be freely exercised.

--BBC News

 

The right to revolt has sources deep in our history.

-- Supreme Court Justice William O. Douglas

 

Ideas are indeed the most dangerous weapons in the world. Our ideas of freedom are the most powerful political weapons man has ever forged.

-- Supreme Court Justice William O. Douglas


#9 Male OFFLINE   Tarhunt

Tarhunt

    11 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 1,636 posts

Posted 02/28/17 - 07:20 PM

The site skin has:

http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.

That's what I was thinking.


  • Winner x 1
  • List

"The Nation Which Forgets Its Defenders, Will Itself Be Forgotten".


#10 Male OFFLINE   BowhunterNJ

BowhunterNJ

    Owner

  • Administrators
  • 9,841 posts

Posted 02/28/17 - 07:22 PM

I removed the offending code.  Tested on Edge and do not see the popup anymore.

The code was a Javascript for embedding the skin creator's logo and name (for credit).

If anyone see's similar popups anywhere, please respond to this topic and I'll remove it.

I'll be looking through the code to see if I can find it anywhere else, but I only found one place in a global template, which I removed.

 

I'm guessing their site got compromised or they implemented some new authorization scheme that extended to all external references.

Any site using their skins (not just this site, nor just this skin of theirs) will be impacted by whatever they did.

 

Again, just to repeat, the skin was a verified one to use for this software.  There was no hacking of this site.

 

If anyone did enter their user/password credentials, I would strongly recommend you change your password.  This would be your Windows credentials, not your site credentials here.



#11 Male OFFLINE   rgw

rgw

    13 Pointer

  • Site Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 2,537 posts

Posted 02/28/17 - 07:37 PM

:nerd: you guys are on the ball



#12 Male OFFLINE   3 Blade

3 Blade

    10 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 1,212 posts

Posted 02/28/17 - 07:43 PM

Speak English please :rofl:



#13 OFFLINE   Hunter115522

Hunter115522

    Spike

  • NJW&W Members
  • PipPipPipPip
  • 232 posts

Posted 02/28/17 - 08:45 PM

Still getting it on my Mac



#14 Male OFFLINE   mazzgolf

mazzgolf

    6 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPip
  • 680 posts

Posted 02/28/17 - 09:23 PM

It may have been affected by the Amazon S3 service outage today - especially if it only just started happening several hours ago. I wouldn't be surprised if tomorrow its fine. You'd be amazed at all the places that are using Amazon AWS as part of their backend infrastructure (and are thus beholden to their services remaining available!)



#15 Male OFFLINE   Haskell_Hunter

Haskell_Hunter

    14 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,912 posts

Posted 02/28/17 - 09:32 PM

Still getting it on my Mac

 

In Safari go to Preferences->Advanced.

 

At the bottom of that screen you'll see a checkbox for Show Develop menu in menu bar.  Check that box and close the Preferences window.

 

You'll see a new menu between Bookmarks and Window named Develop.  Select Empty Caches from that menu.  Restart Safari and see if the dialog shows up again.


  • Like x 1
  • List

US citizens have constitutionally protected rights - but they're only paper protections if they can't be freely exercised.

--BBC News

 

The right to revolt has sources deep in our history.

-- Supreme Court Justice William O. Douglas

 

Ideas are indeed the most dangerous weapons in the world. Our ideas of freedom are the most powerful political weapons man has ever forged.

-- Supreme Court Justice William O. Douglas


#16 Male OFFLINE   JimmyScags

JimmyScags

    Button Buck

  • NJW&W Members
  • PipPipPip
  • 39 posts

Posted 02/28/17 - 10:05 PM

Happens on iOS too
I should be working ... there's always tomorrow

#17 Male OFFLINE   BowhunterNJ

BowhunterNJ

    Owner

  • Administrators
  • 9,841 posts

Posted 02/28/17 - 10:11 PM

Still getting the error? On the main front page?


Sent from my iPhone using Tapatalk

#18 Male OFFLINE   JimmyScags

JimmyScags

    Button Buck

  • NJW&W Members
  • PipPipPip
  • 39 posts

Posted 03/01/17 - 09:12 AM

Yes on my iPhone
I should be working ... there's always tomorrow

#19 Male OFFLINE   BowhunterNJ

BowhunterNJ

    Owner

  • Administrators
  • 9,841 posts

Posted 03/01/17 - 10:36 AM

You may have to clear out your cache.

 

  1. Launch the Settings app from the Home screen of your iPhone or iPad.
  2. Scroll down and tap on Safari.
  3. Now scroll all the way to the bottom and tap on Advanced.
  4. Tap on Website Data. Notice here you can see how much space on your iPhone or iPad website data is taking up

 

From here you can either clear out just njwoodsandwater.com 

  1. Click Edit and a red minus (-) sign will appear next to each website.
  2. Scroll to njwoodsandwater.com and click the red minus sign, then press Delete

 

Or all your website data as follows

  1. Scroll to the bottom again and tap on Remove All Website Data.
  2. Confirm one more time you'd like to delete all data.


#20 Male OFFLINE   3 Blade

3 Blade

    10 Pointer

  • NJW&W Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 1,212 posts

Posted 03/21/17 - 04:35 PM

Hey I am getting this crap when I use IE but not Google. Do I try the fix you mentioned above?


Edited by 3 Blade, 03/21/17 - 04:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users