Have a look in the Web Shield log file, it should have the full path.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\WebShield.txt (XP location)
C:\ProgramData\AVAST Software\Avast\report\WebShield.txt (win7 & later location).
When you post the URL break it so it isn't active, drop the https and www element and post the rest.
e.g. palpal.com/webapps/hermes/token....rest of url....