suspicious login popup from polyfill.io on https://parking.calypsotowerspcb.com/customer/login/
Posted by lolgengar@reddit | sysadmin | View on Reddit | 17 comments
Hi hoping someone can shed some light on the situation. For some reason one of our sites is having this polyfill.io popup when going to it. Not sure where this came from and it does not show up when incognito mode is on. Thanks for any help!
Acrobatic-Tomato-532@reddit
Anyone got an idea if I as a site visitor get a pop up asking for a log in, how screwed the visitor is? Keeping in mind they've not put any info on it and just closed the pop up?
ProblemSuspicious714@reddit
If nothing has changed since polyfill was making the rounds last time, it poses no risk, polyfill doesn't inject anything on the users device, it just fakes a log in and tries to steal credentials.
I've been messing around with some infected sites today and have discovered no further risks, but users should do a scan and clear browser history any time they've been exposed to a potential threat anyways.
Joshposh70@reddit
You're about two years behind here, Polyfill.io has been malware for about 24 months, the fact it's still on your sites is very concerning.
lolgengar@reddit (OP)
This was my suspicion....really unfortunate. Any way i can see if this is the case by inspecting source code that we can see or via inspector?
We just had some of our microsites rebuilt and tbh i feel like they should have addressed this then, seems like a big security risk. I have also noticed some posts referring to polyfill in the past 24 hrs. Seems like a wave may be going out.
disclosure5@reddit
Honestly the majority of web developers wouldn't fix a problem like this in the template they sell everyone unless you specifically told them you'd pay to have it done. The bar is extremely lwo.
lolgengar@reddit (OP)
unfortunate because from what iv'e researched its just removing a few lines of code.
lolgengar@reddit (OP)
Any idea it doesnt pop up when in incognito mode tho? Also doesnt pop up on my iphone.
cortouchka@reddit
Does it pop up for anyone else?
I mean, if it's only for you, in one specific browser where you have all your extensions loading, evidence suggests it's not your website...
lolgengar@reddit (OP)
yes pops up in multiple browsers across multiple different desktops in different states. Confirmed its not some weird extension issue.
lolgengar@reddit (OP)
actually this is done through netpark, i think it is them
sleemanj@reddit
406 error on that site
https://parking.calypsotowerspcb.com/customer/login/so can not examine.Open network inspector, reload page, look for what calls the polyfill domain.
lolgengar@reddit (OP)
Few entries:
"_priority": "High",
"_resourceType": "script",
"cache": {},
"request": {
"method": "GET",
"url": "https://polyfill.io/v3/polyfill.js?features=Symbol%
AND
"httpVersion": "",
"headers": [
{
"name": ":authority",
"value": "polyfill.io"
},
{
"name": ":method",
"value": "GET"
},
{
"name": ":path",
"value": "/v3/polyfill.js?features=Symbol%2CObject.getOwnPropertySymbols%
AND LAST ONE
\n\t\n\t<script src=\"https://polyfill.io/v3/polyfill.js?features=Symbol%
sleemanj@reddit
Yes exactly, none of those will work any more and havn't for years.
lolgengar@reddit (OP)
Hey! thanks for your help. Try this https://parking.calypsotowerspcb.com/customer/login/
sleemanj@reddit
406 error
lolgengar@reddit (OP)
Weird this is actually the same i just realized thought i had a typo. for some reason i get random 406 errors for like a minute then it's back to working
lolgengar@reddit (OP)
One more thing i noticed when inspecting elements on page. This appears in both regular browser and incognito:
So i assume that incognito is preventing this from running for whatever reason.. But code exists in both inspectors.