garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
 ·Callcentric
·Future Nine Corp..
1 edit | reply to ScamHelpPlease
Re: PayPal.com phish scam, help me! Yep, likely your hosts file got changed by the phish. You may have more malware, too.
Anyway, paypal's IP is »66.211.168.193 -- use that. It should redirect you to their https site.
ETA, from their website:
PayPal Customer Service:
1-402-935-2050
(a U.S. telephone number)
4:00 AM PST to 10:00 PM PST Monday through Friday
6:00 AM PST to 8:00 PM PST Saturday and Sunday |
|
| Thanks, I'm meticulously checking my system right now. I've checked my hosts file and as many places as I can to see DNS server settings, and they appear to be normal. The only way I could think that they could do this is by modifying DNS settings somewhere. I tried accessing the resolved name you gave, and it still seems to try www.paypal.com. The front page looks legit, but I can't be certain. It looks like their customer service just closed. Hopefully I can get in contact with someone tommorow. If anyone has any ideas, I'm open to them. Could they have hijacked something on the server end? |
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
·Callcentric
·Future Nine Corp..
1 edit | Their site looks fine on my end, and the address bar shows the green hilite that means it's cert. confirmed the address.
If you're using Firefox you can right-click on the page you get and select View Page Info, then confirm that the identity in the General tab. With IE, right click and select Properties, then check the Certificates button.
You may have been rootkit'd, start here for checking your machine out: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
ETA: Paypal's server doesn't answer pings. Don't worry about that, the IP is the main thing. |
|
|
|
| Any idea why the site is all in chinese after logging in?
Here is an image i took of the certificate check in firefox:
»i39.tinypic.com/2gw740i.png
 |
|
| reply to garys_2k
test, I can't seem to reply anymore |
|
