Author Topic: Avast alert on Paypal link  (Read 11812 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast alert on Paypal link
« on: June 20, 2017, 06:38:29 PM »
My customers are reporting issues when going to Paypal from a link on my site.

I'm able to see it on my own computer as well when using a pay button link, but if I go directly to Paypal there is no problem.

I have had my computer scanned twice and my website scanned by my hosting provider. All scans are clean.

error is https://www.palpal.com/webapps/hermes/token

Infection is: HTML:Paypal-B [Phish]

This is done using the Chrome browser.

Is this a false positive? What can I do about it?

I'm losing customers.

Any help appreciated.

Kerry




Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast alert on Paypal link
« Reply #1 on: June 20, 2017, 06:47:01 PM »
A good start would be fixing the certificate problems.
https://www.ssllabs.com/ssltest/analyze.html?d=www.palpal.com

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast alert on Paypal link
« Reply #2 on: June 20, 2017, 07:18:23 PM »
I don't get as far as an avast alert as Firefox blocks it and gives its own 'Your connection is not secure' message for that link.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast alert on Paypal link
« Reply #3 on: June 20, 2017, 07:37:06 PM »
Indeed, browsers already blocking it/giving a alert.

But there is more going on there that make the site not secure :
http://urlquery.net/report.php?id=1497977867329
https://www.virustotal.com/en/ip-address/66.96.149.17/information/

REDACTED

  • Guest
Re: Avast alert on Paypal link
« Reply #4 on: June 20, 2017, 07:44:32 PM »
I made a typo in the URL : should be:

https://www.paypal.com/webapps/hermes/token

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast alert on Paypal link
« Reply #5 on: June 20, 2017, 07:52:03 PM »
Quote
Cannot GET /webapps/hermes/token
gives a " Cannot GET /webapps/hermes/token"

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast alert on Paypal link
« Reply #6 on: June 20, 2017, 07:59:12 PM »
I made a typo in the URL : should be:

https://www.paypal.com/webapps/hermes/token

That URL if you had made the error on your site, would certainly look very like a phishing (typo squatting) attempt.
https://www.palpal.com/webapps/hermes/token

Using that palpal URL typo and the correct URL I now get a different firefox error - Cannot GET /webapps/hermes/token.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast alert on Paypal link
« Reply #7 on: June 20, 2017, 08:24:44 PM »
I made a typo in the URL : should be:

https://www.paypal.com/webapps/hermes/token

That URL if you had made the error on your site, would certainly look very like a phishing (typo squatting) attempt.
https://www.palpal.com/webapps/hermes/token

Using that palpal URL typo and the correct URL I now get a different firefox error - Cannot GET /webapps/hermes/token.
Get that same error using Chrome, etc.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
Re: Avast alert on Paypal link
« Reply #8 on: June 20, 2017, 09:45:18 PM »


The URL still isn't right. It's just all I can see from the error msg.

Here is a screen shot of the Avast error.

Kerry

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast alert on Paypal link
« Reply #9 on: June 20, 2017, 10:28:33 PM »
Have a look in the Web Shield log file, it should have the full path.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\WebShield.txt (XP location)
C:\ProgramData\AVAST Software\Avast\report\WebShield.txt (win7 & later location).

When you post the URL break it so it isn't active, drop the https and www element and post the rest.
e.g. palpal.com/webapps/hermes/token....rest of url....
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: Avast alert on Paypal link
« Reply #10 on: June 21, 2017, 02:39:18 AM »
paypal[.]com/webapps/hermes?token=7D872073KA021964G&useraction=commit&rm=2&mfid=1497894243890_4502ce827ce69

This error appears several times in that file. Each time it has a different token value:

token=9B334303VA4368538&useraction=commit&rm=2&mfid=1497966802638_75b6d21a2b854
token=75H33843LP067150L&useraction=commit&rm=2&mfid=1497971813778_97b2ced264393
token=3PB623340P818991F&useraction=commit&rm=2&mfid=1497971982973_36afdcc28c887

Kerry


Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 113
Re: Avast alert on Paypal link
« Reply #11 on: June 21, 2017, 09:15:56 AM »
Detection has been already fixed. Should be fine with new VPS update.

REDACTED

  • Guest
Re: Avast alert on Paypal link
« Reply #12 on: June 21, 2017, 01:16:54 PM »
I also have this issue with Avast / Paypal - and I am unable to pay important invoices that are due !!  Please help!

I updated Avast Virus definitions and program engine - but still not working.  What do you mean by "should be fine with the new vps update??  What do I need to update?

I get "threat blocked" when accessing a paynow button from a provider - it goes to

https://www.paypal.com/webapps/hermes?token=............

Then I get the same popup as mentioned in the above https://forum.avast.com/index.php?topic=204295.msg1402669#msg1402669


« Last Edit: June 21, 2017, 01:26:50 PM by claptrap2010 »

REDACTED

  • Guest
Re: Avast alert on Paypal link
« Reply #13 on: June 21, 2017, 03:04:55 PM »
I am running Virus definitions 170620-2 and Program v 17.4.2294

I am still getting the same error so I'm not sure what needs to be updated

Kerry

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast alert on Paypal link
« Reply #14 on: June 21, 2017, 03:12:14 PM »
As Savcin said, you need to update the VPS.

But as it looks avast still need to roll out the new VPS.
If I look at the time Savcin posted it should be something like 170521-0 but that isn't rolled out yet.