system
June 20, 2017, 4:38pm
1
My customers are reporting issues when going to Paypal from a link on my site.
I’m able to see it on my own computer as well when using a pay button link, but if I go directly to Paypal there is no problem.
I have had my computer scanned twice and my website scanned by my hosting provider. All scans are clean.
error is https://www.palpal.com/webapps/hermes/token
Infection is: HTML:Paypal-B [Phish]
This is done using the Chrome browser.
Is this a false positive? What can I do about it?
I’m losing customers.
Any help appreciated.
Kerry
Eddy
June 20, 2017, 4:47pm
2
DavidR
June 20, 2017, 5:18pm
3
I don’t get as far as an avast alert as Firefox blocks it and gives its own ‘Your connection is not secure’ message for that link.
Eddy
June 20, 2017, 5:37pm
4
Indeed, browsers already blocking it/giving a alert.
But there is more going on there that make the site not secure :http://urlquery.net/report.php?id=1497977867329 https://www.virustotal.com/en/ip-address/66.96.149.17/information/
system
June 20, 2017, 5:44pm
5
Eddy
June 20, 2017, 5:52pm
6
Cannot GET /webapps/hermes/token gives a " Cannot GET /webapps/hermes/token"
DavidR
June 20, 2017, 5:59pm
7
That URL if you had made the error on your site, would certainly look very like a phishing (typo squatting) attempt.https://www.palpal.com/webapps/hermes/token
Using that palpal URL typo and the correct URL I now get a different firefox error - Cannot GET /webapps/hermes/token.
That URL if you had made the error on your site, would certainly look very like a phishing (typo squatting) attempt.https://www.palpal.com/webapps/hermes/token
Using that palpal URL typo and the correct URL I now get a different firefox error - Cannot GET /webapps/hermes/token.
Get that same error using Chrome, etc.
system
June 20, 2017, 7:45pm
9
http://allanstudios.ca/avast-error.jpg
The URL still isn’t right. It’s just all I can see from the error msg.
Here is a screen shot of the Avast error.
Kerry
DavidR
June 20, 2017, 8:28pm
10
Have a look in the Web Shield log file, it should have the full path.
When you post the URL break it so it isn’t active, drop the https and www element and post the rest.palpal.com/webapps/hermes/token....rest of url…
system
June 21, 2017, 12:39am
11
paypal[.]com/webapps/hermes?token=7D872073KA021964G&useraction=commit&rm=2&mfid=1497894243890_4502ce827ce69
This error appears several times in that file. Each time it has a different token value:
token=9B334303VA4368538&useraction=commit&rm=2&mfid=1497966802638_75b6d21a2b854
Kerry
savcin
June 21, 2017, 7:15am
12
Detection has been already fixed. Should be fine with new VPS update.
system
June 21, 2017, 11:16am
13
I also have this issue with Avast / Paypal - and I am unable to pay important invoices that are due !! Please help!
I updated Avast Virus definitions and program engine - but still not working. What do you mean by "should be fine with the new vps update?? What do I need to update?
I get “threat blocked” when accessing a paynow button from a provider - it goes to
https://www.paypal.com/webapps/hermes?token= …
Then I get the same popup as mentioned in the above https://forum.avast.com/index.php?topic=204295.msg1402669#msg1402669
system
June 21, 2017, 1:04pm
14
I am running Virus definitions 170620-2 and Program v 17.4.2294
I am still getting the same error so I’m not sure what needs to be updated
Kerry
Eddy
June 21, 2017, 1:12pm
15
As Savcin said, you need to update the VPS.
But as it looks avast still need to roll out the new VPS.
Yep
Some users don’t realise that 170620-2 means : ( year ) 17 (month ) 06 ( day ) 20 - ( update ) 2.
Greetz, Red.
DavidR
June 21, 2017, 4:10pm
17
I believe that the -2 at the end of the VPS version is actually the 3rd of the day, -0 being the first of the day. Slightly confusing but I believe correct.
Eddy
June 21, 2017, 4:14pm
18
Indeed, they start with -0
Strange though that the latest still is 170620-2
system
June 21, 2017, 5:03pm
19
Sorry to be dumb…but what is the VPS?
Kerry
