Jump to content

PayPalObjects.com Untrusted Certificate

johnpd

By johnpd
in ESET NOD32 Antivirus

 Share

Recommended Posts

johnpd

johnpd 0

Posted
Posted (edited)

This morning whenever I go to some web sites (especially PayPal), I am getting a popup from NOD32 indicating that a web site is trying to communicate with paypalobjects.com which has an untrusted certificate. Even if I allow it, the message continues until I allow it numerous times and the PayPal website ends up totally messed up. How can this be fixed?

JohnD

Edited by johnpd
Spelling error
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

I just tried the PayPal web site here in the U.S. in IE11 and had no issue with certificate errors. Of note is PayPall uses an EV certificate and appears to be trusted by Eset. As such, Eset's SSL protocol scanning is not being employed and is not the problem in regards to the PayPal cert. errors.

What I did notice was that the PayPal web site cert. chains to an intermediate Symantec root CA issued cert.. I believe that browsers that do not use the Windows root CA cert. store such as Firefox and Chrome are not longer trusting Symantec certificates. 

Try accessing PayPal in IE11. If you can w/o cert. errors, your problem is browser related.

As far as indirect access to PayPal via paypalobjects.com, I ran a check on it using QUALS SSL Server test. As far as these domains are concerned there are no issues:

paypal.co.nz 64.4.250.20

paypal.com.mx 64.4.250.19

paypal.cn 64.4.250.14

paypal.fi 64.4.250.13

Based on the above, I would suspect some type of man-in-the-middle activity.

Also a much more extensive listing of paypalobjects.com routing info. here: https://www.robtex.com/dns-lookup/paypalobjects.com

Edited by itman
Link to comment
Share on other sites
Arakasi

Arakasi 549

Posted
Posted

Hello Johnpd,

I am sorry for the bad experience you are having with the product at the moment. I hope we can provide some assistance here on the forums.

First, Thanks itman for your investigative work.

John a few things can be checked on your end to rectify this problem. Might i first suggest reading the following KB article : https://support.eset.com/kb3126/?locale=en_US&viewlocale=en_US . Sometimes the SSL scanning gets checked and that creates a real pain for the minimalist consumer who is not experienced with Information Technology as some of us nerds. Another quick thing you could check is your date and time! Ensure that is accurate or you will also receive similar errors.

Let us know if that KB article is of any help.

 

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

Personally, I don't recommend disabling Eset's SSL protocol scanning until it is verified Eset is the problem.

The domain,  paypalobjects.com, is PayPal's logon page and is not directly accessible. You will receive a HTTP 403 - Forbidden message when attempting to access it. Verifying the thumbprint for it at the Gibson Research site routed me to domain, paypay.co.uk, indicating that the actual domain you will land at is region dependent. Also that the cert. used in these regionally assigned domain names employ EV certificates further indicating Eset SSL protocol processing would not be involved.

There are literally thousands of fraudulent PayPal certificates floating around - ref.: https://www.securityweek.com/lets-encrypt-issues-15000-fraudulent-paypal-certificates-used-cybercrime . These all "chain" to the issuing CA, LetsEncrypt.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...