Paypal is NOT hacked, it was an error on my part, I am sorry. Let this thread die. Ok so today I was trying to log in to my account and I saw my browser window and when paypal.com loads it shows "loading from paypalobjects.com". Then when I looked at the page's source code I get this in the footer. <!-- SiteCatalyst Code Copyright 1997-2005 Omniture, Inc. More info available at http://www.omniture.com --> <script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/site_catalyst/pp_jscode_080706.js"></script> <script type="text/javascript"> <!-- /* SiteCatalyst Variables */ s.prop1="xpt/cps/homepage/MainHome"; s.prop7="Unknown"; s.prop8="Unknown"; s.prop9="Unknown"; s.prop10="US"; s.prop34="SRD User"; s.pageName="SRD: Main Home"; s.channel="SRD"; s.prop50="en_US"; s.prop18=""; /************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ var s_code=s.t();if(s_code)document.write(s_code)//--></script> <script type="text/javascript"><!-- if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-') //--> </script><noscript><img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" /></noscript> <!--/DO NOT REMOVE/--> <!-- End SiteCatalyst Code --> Code (markup): You can clearly see the paypalobjects.com website. I called the robots behind paypal and I talked to this girl who I could hardly understand the words she was saying (YAY FOR OUTSOURCING!) and then I finally talked to a guy who told me that the website was loading fine for him and no weird code was loading on his footer. I have scanned my computer, deleted internet files and it's still not working. I'm about to do a computer restore of about a week because I'm pretty pissed about this. Is anyone else getting the paypalobjects.com loading? I have not. -Opened any malicious e-mail -Opened any malicious websites So yeah I'm pretty much screwed. Anyone care to find out what paypalobjects.com is about? I'm pretty tired of dealing with this hackers especially when half of them don't know what they are doing but instead just use kiddie tools. I'm looking at the code from the whole website and basically everything is hosted on paypalobjects.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!-- Script info: script: , cmd: _login-submit, template: p/gen/login, date: Jun. 15, 2008 02:33:13 PDT; country: US, language: en_US, xslt server: installation: WEBSCR-525-20080614-1 web version: 52.5-608615 branch: AHOD_525_0614_int content version: - pexml version: 52.5-606587 page XSL: User/default/en_US/general/Login.xsl hostname : QDPn4hK68s1jOwZRyGyz6fYpJ9BgfbGi7yLMq5oH1fI --> <title>Login - PayPal</title> <!--googleoff: all--> <meta http-equiv="keywords" content="Send, money, payments, credit, credit card, instant, money, financial services, mobile, wireless, WAP, cell phones, two-way pagers, Windows CE"> <!--googleon: all--> <!--googleoff: all--> <meta http-equiv="description" content="PayPal lets you send money to anyone with email. PayPal is free for consumers and works seamlessly with your existing credit card and checking account. You can settle debts, borrow cash, divide bills or split expenses with friends all without going to an ATM or looking for your checkbook."> <!--googleon: all--> <link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/core/paypal.css"> <!--[if IE 6]><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/ie60win.css"><![endif]--> <!--[if IE 7]><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/ie70win.css"><![endif]--> <link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/flows/flowHFR.css"> <link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/core/core.css"> <link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/pages/pageLogin.css"> <link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/css/flows/flowHFR.css"> <link rel="shortcut icon" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/en_US/i/icon/pp_favicon_x.ico"> <link rel="apple-touch-icon" href="https://www.paypalobjects.com/WEBSCR-525-20080614-1/en_US/i/pui/apple-touch-icon.png"> <script type="text/javascript"> if (parent.frames.length > 0){ top.location.replace(document.location); }</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/lib/yui-0.12/yahoo-dom-event.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/lib/pui/pui-0.1/paypal.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/hostedpayments/hostedpayments.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/lib/yui/yahoo.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/lib/yui/event.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/rosettaLang.js"></script> </head> <body> <div class="srd" id="header"> <h1><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home"><img border="0" src="https://www.paypal.com/en_US/i/logo/paypal_logo.gif" alt="PayPal"></a></h1> <form method="post" id="searchForm" name="searchForm" action="https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search"> <fieldset> <legend>Search PayPal</legend> <label for="searchBox">Search </label><input type="text" id="searchBox" name="queryString" value=""> <input class="button" type="submit" id="search.x" name="search.x" value="Search"> </fieldset> <input name="form_charset" type="hidden" value="UTF-8"> </form> <div class="srd" id="navGlobal"><ul> <li class="first signup"><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_registration-run">Sign Up</a></li> <li class="login"><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run">Log In</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help">Help</a></li> <li class="last"><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_security-center-outside">Security Center</a></li> </ul></div> </div> <div id="navPrimary" class="srd"><ul> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-general&nav=0" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:L5');">Home</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-customer&nav=1" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:L8');">Personal</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-merchant&nav=2" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:O3');">Business</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/general/ProductsandServices-outside&nav=3" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:S9');">Products & Services</a></li> </ul></div> <div id="xptContentOuter"><table align="center" border="0" cellpadding="0" cellspacing="0" id="xptContentInner"><tr valign="top"><td> <div id="xptTitle"><table align="center" border="0" cellpadding="0" cellspacing="0" class="contentTitle"> <tr> <td class="heading" width="100%"><h1>Member Log-In</h1></td> <td align="right" nowrap> <span class="small">Secure Log In</span> <img src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/en_US/i/icon/secure_lock_2.gif" border="0" alt=""> </td> </tr> <tr><td colspan="2"><img alt="" border="0" height="2" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/en_US/i/scr/pixel.gif" width="1"></td></tr> <tr><td colspan="2"><hr></td></tr> <tr><td><img alt="" border="0" height="4" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/en_US/i/scr/pixel.gif" width="1"></td></tr> </table></div> <div class="messageBox error"><p>The information you entered doesn't match our records. Please try again.</p></div> <div id="xptContentMain"> <div class="main"><div id="content"> <div class="box login"> <div class="header"><h2>Account login</h2></div> <div class="body"> <form method="post" name="login_form" action="https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-submit&dispatch=5885d80a13c0db1f1ff80d546411d7f84f1036d8f209d3d1d1a60b0b34578c41"> <input type="hidden" name="login_cmd" value=""><input type="hidden" name="login_params" value=""><fieldset> <legend>Member Log In</legend> <p><label for="login_email">Email address</label><input type="text" id="login_email" class="" name="login_email" value="thegermzsuckyaccount@hotmail.com"></p> <p><label for="login_password" class="">PayPal password</label><input autocomplete="off" type="password" id="login_password" name="login_password" value=""></p> <input type="submit" name="submit.x" value="Log In" class="button primary"> </fieldset> <p>Forgot your <a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_email-recovery">email address</a> or <a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_forgot-password&from=PayPal">password</a>?</p> <p>New to PayPal? <strong><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_registration-run">Sign up</a></strong></p> <input name="form_charset" type="hidden" value="UTF-8"> </form> <script type="text/javascript"> <!-- hide from JavaScript-challenged browsers if (document.login_form.login_email.value == '') { document.login_form.login_email.focus(); } else { document.login_form.login_password.focus(); } // done hiding --> </script> </div> </div> <div class="troubleshootingTips"> <h3>Troubleshooting Tips</h3> <ul><li> <strong>New email address?</strong><ul><li>- Log in using your old email address and go to your Profile to update your address.</li></ul> <li> <strong>Forgot your password?</strong><ul> <li>- Your password is at least eight (8) characters long.</li> <li>- Your password is case-sensitive, make sure your Caps Lock is off.</li> </ul> </li> <li> <strong>Trouble logging in?</strong><ul><li>- To log in to your account, your browser must be set up to accept cookies.</li></ul> </li> </li></ul> </div> </div></div> <script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/pageBlockingUnsafeBrowsers.js"></script> </div> </td></tr></table></div> <div id="footer" class="srd"> <h5 class="accessAid">More Information</h5> <ul> <li class="first"><a href="http://www.paypal-media.com/aboutus.cfm">About Us</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/helpscr?cmd=_help&t=escalateTab">Contact Us</a></li> <li><a href="http://www.paypal.com/us/cgi-bin/webscr?cmd=_display-fees-outside">Fees</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/jobs-outside">Jobs</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-merchant">Merchant Services</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_display-country-functionality-outside">Worldwide</a></li> <li class="last"> <!-- OnlineOpinionF3cS v3.0 The following code is Copyright 1998-2006 Opinionlab, Inc. All rights reserved. Unauthorized use is prohibited. This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. US 6606581, 6421724, 6785717 B1 and other patents pending. http://www.opinionlab.com--> <script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/opinionlab/oo_engine.js"></script><script type="text/javascript"> var feedback_link='Site Feedback'; O_GoT(feedback_link); custom_var='Unknown|Log In|US|en_US';var custom_var_temp=custom_var;// Paypal Custom URL class var PayPalURL = function(pagename) { this.language_country_code = "en_US"; this.dd = "US"; this.nn = "00";this.pagename = escape(pagename.replace(/\s|\//g, "_")); this.to_str = function() { return "https://"+this.dd+".paypal.com/"+this.language_country_code+"/"+this.nn+"/"+this.pagename+".page" } } var paypal_url = new PayPalURL("Log In"); // Below gives you the ability to change the other properties after the object is created //paypal_url.dd="ES"; //paypal_url.nn="01"; _ht = paypal_url.to_str(); </script> </li> </ul> <ul> <li class="first"><a href="http://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside">Privacy</a></li> <li><a href="http://www.thepaypalblog.com">Our Blog</a></li> <li><a href="http://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/ua-outside">Legal Agreements</a></li> <li class="last"><a href="http://www.ebay.com/">eBay</a></li> </ul> <p id="footerSecure"><a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/User/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a></p> <p id="legal">Copyright © 1999-2008 PayPal. All rights reserved.</p> </div> <div id="navFull"><ul> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-general&nav=0" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:L5');">Home</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-customer&nav=1" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:L8');">Personal</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_home-merchant&nav=2" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:O3');">Business</a></li> <li><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/general/ProductsandServices-outside&nav=3" onClick="s=s_gi('paypalglobal'); s.tl(this,'o','SRD:Nav:S9');">Products & Services</a></li> </ul></div> <script type="text/javascript"> // This is an ugly hack until there is a reliable ondomready function if(typeof PAYPAL != 'undefined'){ PAYPAL.core.Navigation.init(); }</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/pp_naturalsearch.js"></script><script type="text/javascript"> <!-- var ppns = new PayPalNaturalSearch('https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/login','3484-30830-12422-0',this.document); ppns.addEngines(new Array( "A9.com", ".altavista.com", "clusty.com", "google.co.jp", "google.co.kr", "google.ru", "www.google.com", "icerocket.com", "infospace.com", "mooter.com", "search.msn.", "snap.com", "search.yahoo.com", "search.yahoo.co.jp" ,"www.overture.com/d/search/p/altavista/", "aolsearch.aol.com", "search.aol.com", "web.ask.com", "pictures.ask.com", "images.google.com", "groups.google.com", "www.google.com/search", "www.hotbot.com", "search.netscape.com", "s.teoma.com/", "www.wisenut.com" )); // End of aEngines array. ppns.init(); --> </script> <!-- SiteCatalyst Code Copyright 1997-2005 Omniture, Inc. More info available at http://www.omniture.com --> <script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-525-20080614-1/js/site_catalyst/pp_jscode_080706.js"></script> <script type="text/javascript"> <!-- /* SiteCatalyst Variables */ s.prop1="p/gen/login"; s.prop7="Unknown"; s.prop8="Unknown"; s.prop9="Unknown"; s.prop10="US"; s.prop14="The information you entered doesn't match our records. Please try again."; s.prop34="SRD User"; s.pageName="Log In"; s.channel="Log In"; s.prop50="en_US"; s.prop18=""; /************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ var s_code=s.t();if(s_code)document.write(s_code)//--></script> <script type="text/javascript"><!-- if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-') //--> </script><noscript><img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" /></noscript> <!--/DO NOT REMOVE/--> <!-- End SiteCatalyst Code --> </body> </html> Code (markup):
You got to be kidding me. I just called costumer service and they told me that everything was fine on their end. I also locked my account... so now I'll have to verify a ton of stuff just to unlock it. I also searched online and people said "paypalobjects.com" is not owned by paypal but rather a phishing site.
No, I believe that PayPalObjects.com is the PayPal resource website hosted on a different server so that source files and PayPal do not get mixed up. Also, SiteCatalyst is apparently an analytics system.
I would suggest next time you log onto paypal, make sure you are logging in with a secure connection (https), and not just http. Not sure if you already checked this, but there shouldn't be any unsecure connections if you are connected with a secure connection, and this includes "paypalobjects.com". I wouldn't worry about it though.
If Paypal is really hacked that would be big news and reported all around, I don't think it is from your description.
Well boy do I feel like a dumb****. I just called and my account was unlocked. Thank you all for letting me know that this is a paypal owned website. Let this thread die please thanks. I guess I spend too much time around hackers, and though an iframe was being used lmao.
Paypal is not hacked. Your computer might have. Reformat it to be sure. **PaypalObjects is a LEGIT domain, it is owned by Paypal/Ebay company! So it is not a phishing site, it is LEGIT(good). Don't worry about that.
Do not make the fonts so big it isn't pleasant, also the thread will not die, it will be indexed by Google within the hour. Google indexes DP threads very quickly. Maybe next time do doublecheck before posting.
Wisdom, I did I checked some forums and they said that the person was hacked. I even called paypal TOLD them about the site and they said that "I" was hacked. Does anyone even read my posts? Or do they just read the titles of a thread.
The one who was hacked is certainly not Paypal . It should be a hacking into your personal computers for all you know. These are very common. Sometimes the entire browser can be hijacked.