Hm you're right about ssl.. didn't think of that. makes sense.
As for IP .. hm... surely I could add it to dnsmasq.conf and hosts file.. but would it work? hm.. perhaps it just may.... I know of 4 dns to be resolved in order to get this throu... paypal.com
www.paypal.com . paypalobjects.com and
www.paypalobjects.com ... it just might work if I ground them to single of their resolved ip... Nice thinking, thanks for the insight.. that's good idea...
Whish there is module for iptables to always check domain name when hit is made... not just at time you add rule to kernel...
perhaps there is something like that? Would be even better.