PostePay website (Credit card)

[marzian 0]

As you can see in the attached file, whenever I try to reach my PostePay account (from the Italian Postal Service) while using AirVPN I receive a warning about the risk of phishing from Google Safe Browsing... But I don't see that message when browsing without the VPN. 

Can you help me understand why? Thank you.

[Staff 10023]

Hello,

 

the connection to that web site is hijacked. Notice that the connection is in HTTP, while it must be in HTTPS.

 

Please do not access the web site (VPN or not). From the screenshot we can infer that you were connected to Canis server, which of course does not hijack your connections (just tested integrity and access to that web site from Canis, to be 100% sure).

 

Hijack can occur in various ways. The most common ones, which you should check immediately are:

- a hosts file which has been maliciously modified

- a poisoned DNS server (make sure to use only VPN DNS when in the VPN)

- hijacked DNS queries (make sure to use only VPN DNS, so that your DNS queries can not be hijacked)

 

Kind regards

[Staff 10023]

Hello!

 

After internal, additional tests, we should consider different options pertaining to how Chrome handles Google Safe Browsing. Such options would rule out that your system is compromised.

 

Can you please test from different VPN servers in various locations? Also, if you test from the same VPN server Canis with a different browser (for example Firefox) you should not see any warning page: can you confirm (if not, do NOT proceed)?

 

In any case, we do confirm that no issue is occurring on Canis, of course.

 

Kind regards

[marzian 0]

As far as I know, there are around 10 million users of PostePay in Italy, but I can't find any news article on the issue, so I suppose I'm the only one with this problem... Now:

 

- I confirm that I don't see any warning from Firefox

 

- The same issue (in Chrome) happens with other servers. Right now I'm connected to Gienah.

 

- The DNS Servers list in the Settings of Eddie is empty, switch mode is "automatic" and "Check AirVPN DNS" checked.

[Staff 10023]

Thank you very much for the information which will help us clarify the matter. Your settings are just fine.

 

Kind regards

[marzian 0]

Any news? I still see the warning (I've updated to Eddie 2.13 and right now I'm on the Garnet server).

[Staff 10023]

Hello!

 

It depends on Google Safe Browsing. YOUR detected IP address (in this case that VPN server exit-IP address) is evaluated by Google which returns a warning considering our VPN server IP address as a source of malicious activity. Chrome does not proceed.

 

Google Safe Browsing listed even Google DNS as a dangerous source of malicious activity and malware before we spread this funny information a couple of weeks ago. We are observed.

 

Kind regards

[pr1v 36]

We are observed.

 

Kind regards

I read in another VPN company that they use socks5 to avoid many captchas, has you considered it as an option to add?. Thanks.