Amazon redirecting me to login/credit card page right away

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560
Hey all so I noticed the other day that when I went to Amazon it was immediately asking for me to log in. Then it was asking for my address and credit card info. I thought this was strange so I didn't proceed. I then tried to open it in Firefox and IE (Chrome is my main browser). The same thing happens. I never use these browsers so there are no add ins or extensions. When I Google search Amazon and try to go to their Books or any other links it says page cannot be found. Also my roommate says he noticed the same thing in Amazon and Facebook was saying the certificate could not be "authorized" (not exactly sure). Although I have yet to test this or see it for myself.

So far I have done the following:
-Changed wifi passwords and router passwords
-Ran Security Essentials quick (found nothing)
-Running Security Essentials Full scan
-Ran Malwarebytes (found a few entries nothing major)
-Ran Adwcleaner (found a few entries nothing major)
-Can't run Hitman Pro 3 since trial ran out (alternatives?)
-Kapersky Tdskiller (found nothing)

Does anyone have any ideas as to what this could be? I've done a little searching and found nothing. It seems it is effecting not only my machine but my roommates. I'll do more testing with his shortly. Thanks for any help!!
 

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560

Hi Entomber, no I don't have a Lenovo both PCs are custom built. So I checked my roommates and did confirm the Amazon redirect. However I just power cycled my router and modem and I can get to Amazon okay now. Do either of these keep some sort of cache or DNS entries that could have been messing with it? Thanks.
 

Entomber

Estimable
Apr 21, 2014
96
0
4,610
your connection should be using the DNS server of your ISP, if you are unsure just open up a command prompt and type in "ipconfig /all" to view what your DNS server's name is.

Make sure your DNS settings are set to "find a DNS server automatically"
 

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560


Okay so I'm set up to use my Router as a DNS server then Google 8.8.8.8. However my router is set up to use this IP: 143.95.95.66 and 8.8.8.8 as it's secondary. When I got to the first IP it goes to that Amazon link. I'm not sure if I ever set the Router DNS manually but if I did I would have set it for 8.8.8.8 and 8.8.4.4. So is that IP the reason why I was being redirected? Also when I looked up where the IP was from I found this: http://www.ip-tracker.org/locator/ip-lookup.php?ip=143.95.95.66 Thanks for all the help so far!
 

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560
I had a thought and I tried some fake name and password. I used a@a.com and 123pass for the password and it worked. So it's official it's fake. What should I do to report it?

Edit: IP is http://143.95.95.66/
 

Miky5983

Estimable
Mar 15, 2015
15
0
4,570


You can find the location of the IP adress and report it to the police
 

Sandy_3

Estimable
Aug 30, 2015
1
0
4,510
Just wanted to post a thanks for this thread. Had the exact same thing happen to me this week. It was especially nasty in its blocking of actual connections to amazon. It blocked all connections to the real site via multiple android apps in addition to browser connections. The only thing that tipped me off was the insistence on verifying credit card info in addition to login and address. They are after credit cards. Thanks to this thread we tracked immediately to the dns hijack.