Jump to content
  • 0
BowhunterNJ

IE/Edge Popup for User/Password to Virteq.com

Question

Hey guys, I got a report on a popup being received from IE/Edge for Virteq.com asking for your username/password.

Do not enter your information, I need to review this in detail, as I'm not sure why it's occuring.

It appears to be limited to IE/Edge, I do not see it on Chrome or Firefox.

 

EDIT:  Adding that virteq.com is a site I know, it is the site where I got the skin for this site years ago.

 

If you see a popup like this, please just cancel it.

 

virteq.PNG

 

More to come as I know more...

Share this post


Link to post
Share on other sites

23 answers to this question

Recommended Posts

  • 0


whois://virteq.com@whois.dynadot.com
Domain Name: VIRTEQ.COM
Registry Domain ID: 1594261038_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
Updated Date: 2016-03-28T10:49:41.0Z
Creation Date: 2010-04-25T07:22:51.0Z
Registrar Registration Expiration Date: 2017-04-25T07:22:51.0Z
Registrar: DYNADOT LLC
Registrar IANA ID: 472
Registrar Abuse Contact Email: abuse@dynadot.com
Registrar Abuse Contact Phone: +1.6502620100
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Dustin Schriffert
Registrant Organization: Final Prestige, LLC
Registrant Street: 137 Ravencrest Drive
Registrant City: stratford
Registrant State/Province: connecticut
Registrant Postal Code: 06614
Registrant Country: US
Registrant Phone: +1.2033217901
Registrant Email: bitter@finalprestige.net
Registry Admin ID:
Admin Name: Dustin Schriffert
Admin Organization: Final Prestige, LLC
Admin Street: 137 Ravencrest Drive
Admin City: stratford
Admin State/Province: connecticut
Admin Postal Code: 06614
Admin Country: US
Admin Phone: +1.2033217901
Admin Email: bitter@finalprestige.net
Registry Tech ID:
Tech Name: Dustin Schriffert
Tech Organization: Final Prestige, LLC
Tech Street: 137 Ravencrest Drive
Tech City: stratford
Tech State/Province: connecticut
Tech Postal Code: 06614
Tech Country: US
Tech Phone: +1.2033217901
Tech Email: bitter@finalprestige.net
Name Server: ns1.speedydns.net
Name Server: ns2.speedydns.net
Name Server: ns3.speedydns.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-02-28 15:55:32 -0800
----------------[End of response]----------------

whois://virteq.com@whois.internic.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: VIRTEQ.COM
Registrar: DYNADOT, LLC
Sponsoring Registrar IANA ID: 472
Whois Server: whois.dynadot.com
Referral URL: http://www.dynadot.com
Name Server: NS1.SPEEDYDNS.NET
Name Server: NS2.SPEEDYDNS.NET
Name Server: NS3.SPEEDYDNS.NET
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date: 28-mar-2016
Creation Date: 25-apr-2010
Expiration Date: 25-apr-2017

>>> Last update of whois database: Tue, 28 Feb 2017 23:59:08 GMT
For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
----------------[End of response]----------------

 

Share this post


Link to post
Share on other sites
  • 0

Sorry I should have added virteq.com is the company that made the skin for this site, so I know the site, I just am uncertain as to why this popup started.

Either Microsoft upgraded Edge or the OS to have more stringent rules for their browser security, or there is a problem with that site.

Share this post


Link to post
Share on other sites
  • 0

If you go to their site, you'll get hit by the login dialog.  Just started on Safari.

 

Also, here is the server location:  81.19.189.130

inetnum:         81.19.189.128 - 81.19.189.159
netname:         UKD-HOSTNINE-07
descr:           A Small Orange LLC
country:         GB
admin-c:         UKD
tech-c:          UKD
status:          ASSIGNED PA
mnt-by:          MNT-AF2965
created:         2013-06-06T15:49:42Z
last-modified:   2013-06-06T15:49:42Z
source:          RIPE
Login to update 

role:            UKNOC Hostmaster
address:         UKDedicated Ltd
address:         3 Centro
address:         Boundary Way
address:         Hemel Hempstead
address:         HP2 7SU
address:         United Kingdom
phone:           +44 (0)845 004 3994
fax-no:          +44 (0)870 005 6933
e-mail:          hostmaster@uknoc.co.uk
remarks:         +-----------------------------------------
remarks:         | ALL abuse reports to this address ONLY: |
remarks:         | abuse@uknoc.co.uk |
remarks:         +-----------------------------------------
admin-c:         AF2965-RIPE
tech-c:          AF2965-RIPE
nic-hdl:         UKD
mnt-by:          MNT-AF2965
created:         2005-07-11T16:10:20Z
last-modified:   2010-02-09T13:10:43Z
source:          RIPE
abuse-mailbox:   abuse@uknoc.co.uk
Edited by Haskell_Hunter

Share this post


Link to post
Share on other sites
  • 0

The site skin has:

http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.

Share this post


Link to post
Share on other sites
  • 0

The site skin has:

http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.

That's what I was thinking.

Share this post


Link to post
Share on other sites
  • 0

I removed the offending code.  Tested on Edge and do not see the popup anymore.

The code was a Javascript for embedding the skin creator's logo and name (for credit).

If anyone see's similar popups anywhere, please respond to this topic and I'll remove it.

I'll be looking through the code to see if I can find it anywhere else, but I only found one place in a global template, which I removed.

 

I'm guessing their site got compromised or they implemented some new authorization scheme that extended to all external references.

Any site using their skins (not just this site, nor just this skin of theirs) will be impacted by whatever they did.

 

Again, just to repeat, the skin was a verified one to use for this software.  There was no hacking of this site.

 

If anyone did enter their user/password credentials, I would strongly recommend you change your password.  This would be your Windows credentials, not your site credentials here.

Share this post


Link to post
Share on other sites
  • 0

It may have been affected by the Amazon S3 service outage today - especially if it only just started happening several hours ago. I wouldn't be surprised if tomorrow its fine. You'd be amazed at all the places that are using Amazon AWS as part of their backend infrastructure (and are thus beholden to their services remaining available!)

Share this post


Link to post
Share on other sites
  • 0

Still getting it on my Mac

 

In Safari go to Preferences->Advanced.

 

At the bottom of that screen you'll see a checkbox for Show Develop menu in menu bar.  Check that box and close the Preferences window.

 

You'll see a new menu between Bookmarks and Window named Develop.  Select Empty Caches from that menu.  Restart Safari and see if the dialog shows up again.

  • Agree 1

Share this post


Link to post
Share on other sites
  • 0

You may have to clear out your cache.

 

  1. Launch the Settings app from the Home screen of your iPhone or iPad.
  2. Scroll down and tap on Safari.
  3. Now scroll all the way to the bottom and tap on Advanced.
  4. Tap on Website Data. Notice here you can see how much space on your iPhone or iPad website data is taking up

 

From here you can either clear out just njwoodsandwater.com 

  1. Click Edit and a red minus (-) sign will appear next to each website.
  2. Scroll to njwoodsandwater.com and click the red minus sign, then press Delete

 

Or all your website data as follows

  1. Scroll to the bottom again and tap on Remove All Website Data.
  2. Confirm one more time you'd like to delete all data.

Share this post


Link to post
Share on other sites
  • 0

Hey I am getting this crap when I use IE but not Google. Do I try the fix you mentioned above?

Edited by 3 Blade

Share this post


Link to post
Share on other sites
  • 0

Give the dumacrats a day or two two figure out how to blame it on Trump.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now